Initialize for keyutils

.gitignore

@@ -0,0 +1 @@
+keyutils-1.6.3.tar.gz

.keyutils.metadata

@@ -0,0 +1 @@
+01ba938e53ba7e4b88342d0ff84f7d83f16043e4c72207e1af9f26b1874ebd9f keyutils-1.6.3.tar.gz

baselibs.conf

@@ -0,0 +1,4 @@
+libkeyutils1
+	obsoletes "keyutils-libs-<targettype> < <version>"
+	provides "keyutils-libs-<targettype> = <version>"
+keyutils-devel

keyutils-nodate.patch

@@ -0,0 +1,13 @@
+Index: keyutils-1.5.10/Makefile
+===================================================================
+--- keyutils-1.5.10.orig/Makefile
++++ keyutils-1.5.10/Makefile
+@@ -104,7 +104,7 @@ all: keyctl request-key key.dns_resolver
+ ###############################################################################
+ #RPATH = -Wl,-rpath,$(LIBDIR)
+ 
+-VCPPFLAGS	:= -DPKGBUILD="\"$(shell date -u +%F)\""
++VCPPFLAGS	:= -DPKGBUILD="\"no timestamp to avoid rebuilds\""
+ VCPPFLAGS	+= -DPKGVERSION="\"keyutils-$(VERSION)\""
+ VCPPFLAGS	+= -DAPIVERSION="\"libkeyutils-$(APIVERSION)\""
+ 

keyutils-usr-move.patch

@@ -0,0 +1,25 @@
+Index: keyutils-1.5.9/request-key.conf
+===================================================================
+--- keyutils-1.5.9.orig/request-key.conf
++++ keyutils-1.5.9/request-key.conf
+@@ -31,14 +31,14 @@
+ 
+ #OP	TYPE	DESCRIPTION	CALLOUT INFO	PROGRAM ARG1 ARG2 ARG3 ...
+ #======	=======	===============	===============	===============================
+-create  dns_resolver *		*               /sbin/key.dns_resolver %k
+-create	user	debug:*		negate		/bin/keyctl negate %k 30 %S
+-create  user    debug:*         rejected        /bin/keyctl reject %k 30 %c %S
+-create  user    debug:*         expired         /bin/keyctl reject %k 30 %c %S
+-create  user    debug:*         revoked         /bin/keyctl reject %k 30 %c %S
++create  dns_resolver *		*               /usr/sbin/key.dns_resolver %k
++create	user	debug:*		negate		/usr/bin/keyctl negate %k 30 %S
++create  user    debug:*         rejected        /usr/bin/keyctl reject %k 30 %c %S
++create  user    debug:*         expired         /usr/bin/keyctl reject %k 30 %c %S
++create  user    debug:*         revoked         /usr/bin/keyctl reject %k 30 %c %S
+ create	user	debug:loop:*	*		|/bin/cat
+ create	user	debug:*		*		/usr/share/keyutils/request-key-debug.sh %k %d %c %S
+ create	cifs.spnego	*	*		/usr/sbin/cifs.upcall %k
+-negate	*	*		*		/bin/keyctl negate %k 30 %S
++negate	*	*		*		/usr/bin/keyctl negate %k 30 %S
+ create  id_resolver    *	*		/usr/sbin/nfsidmap %k %d -t 600
+ 

keyutils.changes

@@ -0,0 +1,157 @@
+* Thu Jun 24 2021 aplanas@suse.com
+- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
+* Wed Jan  6 2021 meissner@suse.com
+- adjust the library license to be LPGL-2.1+ only (the tools are GPL2+,
+  the library is just LGPL-2.1+) (bsc#1180603)
+* Mon Jan  4 2021 dmueller@suse.com
+- update to 1.6.3:
+  * Revert the change notifications that were using /dev/watch_queue.
+  * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
+  * Allow "keyctl supports" to retrieve raw capability data.
+  * Allow "keyctl id" to turn a symbolic key ID into a numeric ID.
+  * Allow "keyctl new_session" to name the keyring.
+  * Allow "keyctl add/padd/etc." to take hex-encoded data.
+  * Add "keyctl watch*" to expose kernel change notifications on keys.
+  * Add caps for namespacing and notifications.
+  * Set a default TTL on keys that upcall for name resolution.
+  * Explicitly clear memory after it's held sensitive information.
+  * Various manual page fixes.
+  * Fix C++-related errors.
+  * Add support for keyctl_move().
+  * Add support for keyctl_capabilities().
+  * Make key=val list optional for various public-key ops.
+  * Fix system call signature for KEYCTL_PKEY_QUERY.
+  * Fix 'keyctl pkey_query' argument passing.
+  * Use keyctl_read_alloc() in dump_key_tree_aux().
+  * Various manual page fixes.
+- spec-cleaner run (fixup failing homepage url)
+* Fri Oct 16 2020 lnussel@suse.de
+- prepare usrmerge (boo#1029961)
+* Mon Jul  1 2019 wolfgang.frisch@suse.com
+- updated to 1.6
+  - Apply various specfile cleanups from Fedora.
+  - request-key: Provide a command line option to suppress helper execution.
+  - request-key: Find least-wildcard match rather than first match.
+  - Remove the dependency on MIT Kerberos.
+  - Fix some error messages
+  - keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
+  - Fix doc and comment typos.
+  - Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
+  - Add pkg-config support for finding libkeyutils.
+- upstream isn't offering PGP signatures for the source tarballs anymore
+* Mon Mar  4 2019 dimstar@opensuse.org
+- Replace krb5-devel BuildRequires with pkgconfig(krb5): Allow OBS
+  to shortcut the ring0 bootstrap cycle by also using krb5-mini.
+* Mon Oct 29 2018 astieger@suse.com
+- add upstream signing key and verify source signature
+* Mon Oct 29 2018 meissner@suse.com
+- updated to 1.5.11 (bsc#1113013)
+  - Add keyring restriction support.
+  - Add KDF support to the Diffie-Helman function.
+  - DNS: Add support for AFS config files and SRV records
+* Thu Feb 22 2018 fvogt@suse.com
+- Use %%license (boo#1082318)
+* Mon Nov  6 2017 meissner@suse.com
+- add keyutils-devel for baselibs, to allow biarch LTP builds.
+  (bsc#1061591)
+* Fri May  5 2017 meissner@suse.com
+- updated to 1.5.10
+  - added "dh_compute" callback
+  - manpage improvements
+* Tue Mar 21 2017 meissner@suse.com
+- move binaries from /bin to /usr/bin (bsc#1029969)
+- keyutils-usr-move.patch: also adjust the request-key.conf file
+* Wed Feb  4 2015 meissner@suse.com
+- keyutils-nodate.patch: avoid including the timestamp. bsc#916180
+* Thu Jun  5 2014 meissner@suse.com
+- correct the obsoletes and provides in baselibs.conf to be correct.
+  bnc#881533
+* Wed May 14 2014 nfbrown@suse.com
+- New upstream release 1.5.9.
+  Particularly adds keyctl_invalidate, needed for latest nfs-utils.
+  A few minor bugfixes and usability improvements.
+* Mon Jul 29 2013 tchvatal@suse.com
+- Use macros bit more and fix noreplace on folder, which is not
+  good.
+* Sun Jun 16 2013 lmuelle@suse.com
+- Remove deprecated -c arg while calling cifs.upcall from request-key.conf.
+* Fri Feb  1 2013 coolo@suse.com
+- update license to new format
+* Wed Jun 20 2012 meissner@suse.com
+- various small improvements
+- added a /etc/request-key.d/ snippet drop directory
+* Mon Jun  4 2012 jeffm@suse.com
+- Update nfs4 idmap support, nfs-client 1.2.6 changed parameters.
+* Wed Apr 11 2012 jeffm@suse.com
+- Add nfs4 idmap support
+* Wed Oct  5 2011 uli@suse.com
+- cross-build fix: use %%__cc macro
+* Thu Sep 22 2011 meissner@suse.de
+- Updated to 1.5.3
+  - Fix unread variables.
+  - Licence file update.
+- Updated to 1.5
+  - Disable RPATH setting in Makefile.
+  - Add -I. to build to get this keyutils.h.
+  - Make CFLAGS override on make command line work right.
+  - Make specfile UTF-8.
+  - Support KEYCTL_REJECT.
+  - Support KEYCTL_INSTANTIATE_IOV.
+  - Add AFSDB DNS lookup program from Wang Lei.
+  - Generalise DNS lookup program.
+  - Add recursive scan utility function.
+  - Add bad key reap command to keyctl.
+  - Add multi-unlink variant to keyctl unlink command.
+  - Add multi key purger command to keyctl.
+  - Handle multi-line commands in keyctl command table.
+  - Move the package to version to 1.5.
+- Update to 1.4-4
+  - Make build guess at default libdirs and word size.
+  - Make program build depend on library in Makefile.
+  - Don't include $(DESTDIR) in MAN* macros.
+  - Remove NO_GLIBC_KEYSYS as it is obsolete.
+  - Have Makefile extract version info from specfile and version script.
+  - Provide RPM build rule in Makefile.
+  - Provide distclean rule in Makefile.
+  - Fix local linking and RPATH.
+  - Fix prototypes in manual pages (some char* should be void*).
+  - Rename the keyctl_security.3 manpage to keyctl_get_security.3.
+* Thu Sep 22 2011 jengelh@medozas.de
+- Implement shlib package (libkeyutils1)
+- Cleanup per Specfile Guidelines
+* Tue Apr 19 2011 meissner@suse.de
+- Upgraded to 1.4
+  - Fix the library naming wrt the version.
+  - Move the package to version to 1.4.
+  - Fix spelling mistakes in manpages.
+  - Add an index manpage for all the keyctl functions.
+  - Fix rpmlint warnings.
+- fixed parallel make
+- do not include empty rpaths
+* Thu Mar 18 2010 meissner@suse.de
+- Upgraded to 1.3
+  - Expose the kernel function to get a key's security context.
+  - Expose the kernel function to set a processes keyring onto its parent.
+  - Move libkeyutils library version to 1.3.
+* Mon Dec 14 2009 jengelh@medozas.de
+- add baselibs.conf as a source
+- enable parallel building
+* Mon Nov 24 2008 meissner@suse.de
+- added 2 cifs helpers to request-key.conf (for CIFS DFS support)
+  bnc#432494, FATE#303758
+* Wed Nov 12 2008 crrodriguez@suse.de
+- build request-key.c with -fno-strict-aliasing to avoid
+  possible breakages
+* Thu Apr 10 2008 ro@suse.de
+- added baselibs.conf file to build xxbit packages
+  for multilib support
+* Thu Dec 14 2006 meissner@suse.de
+- Upgraded to 1.2.
+  - call ldconfig
+  - removed manpages (now in global man-pages)
+* Wed Jul 19 2006 meissner@suse.de
+- Upgraded to 1.1.
+  - cleanups, new manpage.
+- no static lib anymore (like upstream).
+* Fri Apr 21 2006 meissner@suse.de
+- initial import of version 1.0.

keyutils.keyring

@@ -0,0 +1,63 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBE6MQAUBEACh/QJTf+QLTHo5Vk7Bq/U7lMpzO+9iGuRJDFkS9HbT1NFMrJi6
+O/udOfGky1+9BOU7dGg5hB2qWzp/IMTHzIOtcRUBz7AkdQxCDkBPpdJkWQMG8AkA
+DK4xvHTtdHZ7TQnmtrSRFjkb0MuyQd31bBlXv3WzLAnzVpdsTyG8sevnjOojvrxu
+dQ1pYjlTSh5CX2cntOM72Zk8jWZ4X5q7hp1f7mu4sKVjzq8uoGAq/05JTRajZuyl
+Hn0aMP+WZlmFs7KAbqohgdzYy/8bo6kfyn0d5YOJn+a7G09wpxWK4G3iek6b4/l3
+3EQwd6mvm69DgdWMjHNs7+dhH3sNIHH6jlxtx+z96qAN6ntAirAIBV6xRob/OP9T
+2femC84lWJljNh6Bc0gRt3pDtrAiZaWqFGZ9e68qZ6K+LsWfcW4oapXTWp/ELErg
+a7FkrmfnPD9upt1yLEE2/nlzXJoIT5r+IMiNPoIddkciXJDGe4IBc3QOcl/sfz5h
+ET8n93XyNBifsgQHw/rqQGfzMiqgCP0WjScU0D/DlhT9bVcheCEWQ5Ghk3DpP8gD
+adlQEr/4YU+PrHLyFoj/65MkFRpYodcrzU7gyuboo3rAPrO4FcR2M7gkxyVFswg7
+AeTclTzxLdb1KxNfSsL7tK0AfhkrDBv5N2xmxRSNcK0SHRKz4Sc6Kq/rtwARAQAB
+tCNEYXZpZCBIb3dlbGxzIDxkaG93ZWxsc0ByZWRoYXQuY29tPokCOAQTAQIAIgUC
+TozmuAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ+7dXa6fLC2t6pg/+
+PCr5Ienbgwzv8Chc5CqnXCmSMkWCUTjQQuxICq9EpBopOAaAdTuAvVCFVICSBeoH
+nnDO/CjVmv72o3DcG0jxWcP40+oBGOXZChRshahyzLEOJ1JK34UAcYavN8r69tWJ
+7PQ+g/cwL/On0L4cYYqjhKGpmYlMRSjS7icjygAnTmGz8CnI6KG/0K0cDxNtoMsc
+rMX1UoDgkIgTJi0Jb2TlyBbi6QeZyrEExEp2RuepZDx8XLvnXy/rm/qniFZMeQcG
+eF4ercc9z6DXc9gJhOtehphkAk967VPYBzrXTzuF3rsXYB546ZvsvvKsi7w+Cc8C
+6JbLNbJ0pJsSCydZL44QOGuPM0dpTIHUZeo2DdPcUcUsoxvCOmmvXWbiWxSFlO1D
+MMGna2dJFrDvPedJudd8hXxWRyoPG1X5oxyHAvpYB7sRPuVW5udAbiDeKPXEY8jP
+0fT/BBM9+ihdblVofwzLI9Bch6xSq9g7VQo7t3wUI5+Wn3i5QNUGMEyz2L9rS4Cs
+vGCULdN5E+/4cQcuNt4rcPPusQl3RoOOsqXBSuDYTXBwOCHTJ6L9NVGQH7cGlVAD
+PmO9vMA8MGrt825RnLz/6w5kyA7BOGgZ8QOEAOGp8Way5H9gbMUmBebofBaxoWiH
+W8MEQf+/FtsY1A8noOU2U1VnGFDfhVAQO9jbUFMWhLS0JERhdmlkIEhvd2VsbHMg
+PGRob3dlbGxzNzRAZ21haWwuY29tPokCOAQTAQIAIgUCToxABQIbAwYLCQgHAwIG
+FQgCCQoLBBYCAwECHgECF4AACgkQ+7dXa6fLC2v3Pg//RiZQ1YdjmRbQThZAH5Kh
+WuhkN7cSfQHz7UlxQaW/pqUnTN/PgBADALXZeMALmUVCBpiY2Jc+UiX3ixzkc3PO
+MAWG61xxGy90xBVkYqDVNzMR+wiTUZUCzKdqXUzoWrXHkQnkRm2iDHR5JiUR/CjM
+KJf0lAegAxGw3Npdz9QKWoTZLJJnBf0WOD1Ld+rMaVixDc8bD1fSwNfGrFfiOFVe
+xvugQagHw8peGg4EbQ0dll4P5/+SrJsYCCAYBLc+lKWG+G9qYC75MbWtg4R+RJWv
+fu2Gl64OJvVnGq70X9gW6W93MD/S+MskpI8Si8QsfWreVY3Q0t25nBY7jvoh+gaX
+Jyiih6Tei8LS2WLhedHCdMuh9ZM0TBaaJlBBhyG6X8wO1IzRFMmvlHKulTkfXqSP
+ILPkLBzhBIhNlZzVDI1Bzh3kjq48AfO+eK4ZZRALxnqffObJAydKRm+FGmLzrO5h
+Ww1MJoS3n3khnvqFSjQBI/xkC5qNqDMBU4hQgUPQBka8fIyvpbj2pIL7Iv1wuJR8
+E/0qO10G1+G4ZU2EeVakQgKgbL/+4NK29J8Xn2VaeAMpcr2I9eJIRHeKlGTK1I3D
+kCkxFBKVfdLngvVFa544OKW9lGCY1C2kenPBEH17pQdejLESR+iqnkYGGdf6zoWz
+aFGFKNC/yG5x2NVGdk724my5Ag0EToxABQEQAKl9mbsMzHOkAG0YBrJkl6UwkiNR
+AOYnHgVUfQ6ZnlT8PwnQc1FSKDdqO1e/GVaGsyo3VYQnkLp9KKW2El7srY+vFOMG
+hLtZR9nJrtX54YOyg85RY1q7jXam2AqW8y26QX7PqA+XZ2OpRZ9ohkUJTvStQ4Yq
+XgAn3f00YQ+eKhqoT79PPwW6fSUgjqApbhGkQX/IrSOLlI4LsfA1JuSd8PNsC5LZ
+ad0fKEKyvPRHMmw36wcG/4cspPi5gOyk04hFZ1EewT+lQ5cs+32ZANww88CDBOR9
+smUuWkkA9V0qWBP6P7i6bTHxTNZ3G6LutqahXnCm6xcfyRCBFYr5u62J3bFnEfFO
+tqoTzB3pLePuxBHxqcx7iI6EM66JM30euIb+5d61g9YNcJeY85EXCGTamNDsGcaJ
+xtiQwdRfK3PBBndABAswB/uRrB9ed07LMu9O0FPD+pqxhKp45tr00XFJB5dcqWKL
+1aa+F62kFEIrU0RXCEVYaQXUKY/9tvkABbGBcUJ8ASw7O4vgkPbiqQ1FgRlCf0Pq
+PBS28x9orV7YX+bMxUtiSlCsDXXos9G+vNp5aPDdGb24Jj0z9uIj3AhiNd89KwtA
+qPBYO3471IJmc5+y0hIF4NAwh5KT2Bq3BdjL3M6W957PObMYgJWQKGBoAxnbyWng
++lUV+MST6CYaSAizABEBAAGJAh8EGAECAAkFAk6MQAUCGwwACgkQ+7dXa6fLC2um
+RQ/6AqE32NIlfduy4Avc4Z1IPO6OZuDpwNYaopuHW0K9Hk5yZLk1Avk4COOK/w0E
+1TLYXRkDUBN0D5K3eW9efPvUvm/aRsPLeOhdUqwjAZrdbjJufqSikqr+0LVECA8j
+HsEntnvTGmY5sX+Ufuh+/cH8kCx2ascO6G6cT5RyqeJN71VDMajFq347+S5w7qIG
+/GbICLP2f678tiiRyYr7XocnJC95b8tyHxCrOc7/ZD2b8ZAmbOUi6GEP6hXVoAxB
+VRJJ4Y9cH7ZAbKfgWsopfHDTrQU9gOeyYHuZex4dQSB/e7nphCeAeyr/DnR5VNIx
+ypqXoFEJ5aDMXvh806qUykz/vDdJrT6T5ReI+V4n6e+dtyKj+7t5OJ9ibY+EcIQh
+wXWa73zBlt+42ZMaYccaZAadbRrvjqCivNlceq/0W76HWwV6EQ/Q8CcVggOwggrA
+T7WW5berTthwvloeSSHl+w8JPWfNMZXwDO/ItFesZQ532NpOGoF0AP3ID5Xry36W
+X/IKFhWtzjBY/j2JkcWjoBk+Md3vgcIOfityege/HvlmOeFnonp6kCBRqTkZwRlR
+KFkraSBgzdmMqC4xip7C+3WFIV+1ki/Dixwk6hh0jlPw53anPxyA1a3/Uc5vIOeA
+hohMBKGGIXz0cCaD64EQLY7Svd4AoIVM72pzkX7Y+ZvfrbM=
+=U2Rm
+-----END PGP PUBLIC KEY BLOCK-----

keyutils.spec

@@ -0,0 +1,116 @@
+#
+# spec file for package keyutils
+#
+# Copyright (c) 2022-2023 ZhuningOS
+#
+
+
+%if ! %{defined _distconfdir}
+%define _distconfdir %{_sysconfdir}
+%else
+%define use_usretc 1
+%endif
+
+%define lname	libkeyutils1
+Name:           keyutils
+Version:        1.6.3
+Release:        5.6.1
+Summary:        Linux Key Management Utilities
+License:        GPL-2.0-or-later AND LGPL-2.1-or-later
+Group:          System/Kernel
+URL:            https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/
+Source0:        https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/snapshot/keyutils-%{version}.tar.gz
+Source1:        baselibs.conf
+Source3:        %{name}.keyring
+Patch1:         request-key-cifs.patch
+Patch2:         request-key-nfs4.patch
+Patch3:         keyutils-nodate.patch
+Patch4:         keyutils-usr-move.patch
+BuildRequires:  gcc-c++
+BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig(krb5)
+
+%description
+Utilities to control the kernel key management facility and to provide
+a mechanism by which the kernel can call back to user space to get a
+key instantiated.
+
+%package -n %{lname}
+Summary:        Key utilities library
+License:        LGPL-2.1-or-later
+Group:          System/Kernel
+Obsoletes:      keyutils-libs < %{version}-%{release}
+Provides:       keyutils-libs = %{version}-%{release}
+
+%description -n %{lname}
+This package provides a wrapper library for the key management facility
+system calls.
+
+%package devel
+Summary:        Development package for building linux key management utilities
+License:        LGPL-2.1-or-later
+Group:          System/Kernel
+Requires:       %{lname} = %{version}
+Requires:       glibc-devel
+
+%description devel
+This package provides headers and libraries for building key utilities.
+
+%prep
+%setup -q
+%patch1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+
+%build
+%make_build NO_ARLIB=1 CFLAGS="%{optflags}" CC="gcc"
+
+%install
+make install NO_ARLIB=1 DESTDIR=%{buildroot} BINDIR=/%{_bindir} SBINDIR=/%{_sbindir} LIBDIR=/%{_libdir} USRLIBDIR=%{_libdir}
+%if !0%{?usrmerged}
+mkdir -p %{buildroot}/bin %{buildroot}/sbin
+ln -s /%{_bindir}/keyctl %{buildroot}/bin
+ln -s /%{_sbindir}/key.dns_resolver %{buildroot}/sbin
+ln -s /%{_sbindir}/request-key %{buildroot}/sbin
+%endif
+
+install -m 0750 -d \
+	%{buildroot}%{_sysconfdir}/keys \
+	%{buildroot}%{_sysconfdir}/keys/ima \
+	%{buildroot}%{_distconfdir}/keys \
+	%{buildroot}%{_distconfdir}/keys/ima
+
+%post -n %{lname} -p /sbin/ldconfig
+%postun -n %{lname} -p /sbin/ldconfig
+
+%files
+%license LICENCE.GPL
+%doc README
+%if !0%{?usrmerged}
+/sbin/*
+/bin/*
+%endif
+/%{_sbindir}/*
+/%{_bindir}/*
+%{_datadir}/keyutils
+%{_mandir}/*/*
+%config(noreplace) %{_sysconfdir}/request-key.conf
+%dir %{_sysconfdir}/request-key.d/
+%dir %{_sysconfdir}/keys/
+%dir %{_sysconfdir}/keys/ima/
+%if %{defined use_usretc}
+%dir %{_distconfdir}/keys/
+%dir %{_distconfdir}/keys/ima/
+%endif
+
+%files -n %{lname}
+%license LICENCE.LGPL
+/%{_libdir}/libkeyutils.so.*
+
+%files devel
+%{_libdir}/libkeyutils.so
+%{_includedir}/*
+%attr(0644, root, root) %{_libdir}/pkgconfig/libkeyutils.pc
+
+%changelog

request-key-cifs.patch

@@ -0,0 +1,10 @@
+Index: request-key.conf
+===================================================================
+--- request-key.conf.orig
++++ request-key.conf
+@@ -38,4 +38,5 @@ create  user    debug:*         expired
+ create  user    debug:*         revoked         /bin/keyctl reject %k 30 %c %S
+ create	user	debug:loop:*	*		|/bin/cat
+ create	user	debug:*		*		/usr/share/keyutils/request-key-debug.sh %k %d %c %S
++create	cifs.spnego	*	*		/usr/sbin/cifs.upcall %k
+ negate	*	*		*		/bin/keyctl negate %k 30 %S

request-key-nfs4.patch

@@ -0,0 +1,12 @@
+---
+ request-key.conf |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/request-key.conf
++++ b/request-key.conf
+@@ -40,3 +40,5 @@ create	user	debug:loop:*	*		|/bin/cat
+ create	user	debug:*		*		/usr/share/keyutils/request-key-debug.sh %k %d %c %S
+ create	cifs.spnego	*	*		/usr/sbin/cifs.upcall %k
+ negate	*	*		*		/bin/keyctl negate %k 30 %S
++create  id_resolver    *	*		/usr/sbin/nfsidmap %k %d -t 600
++