pool/openafs
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- update to latest git branch stable-1_8_x, includes security update 1.8.13

Browse Source 
- change version to openafs-1.8.13.g... since the new stable release is 1.8.13 
- remove patch handle_backports.diff, it is now included upstream 
- remove intermediate patches:
  * 03b280649f5e22ed74c217d7c98c3416a2fa9052: Linux-6.10: remove includes for asm/ia32_unistd.h
  * 0f6a3a402f4a66114da9231032bd68cdc4dee7bc: Linux-6.10: Use filemap_alloc_folio when avail
  * 658942f2791fad5e33ec7542158c16dfc66eed39: Linux-6.10: define a wrapper for vmalloc
  * d8b56f21994ce66d8daebb7d69e792f34c1a19ed: afs: avoid empty-body warning
  * 7097eec17bc01bcfc12c4d299136b2d3b94ec3d7: Linux 6.10: Move 'inline' before func return type

OBS-URL: https://build.opensuse.org/package/show/filesystems/openafs?expand=0&rev=129
This commit is contained in:
Christof Hanke 2024-11-26 08:10:26 +00:00 committed by Git OBS Bridge
commit d3db42d252
42 changed files with 3793 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

111
03b280649f5e22ed74c217d7c98c3416a2fa9052 Normal file
View File

@ -0,0 +1,111 @@
commit 03b280649f5e22ed74c217d7c98c3416a2fa9052
Author: Cheyenne Wills <cwills@sinenomine.net>
Date: Wed Jun 12 13:56:44 2024 -0600
Linux-6.10: remove includes for asm/ia32_unistd.h
The Linux 6.10 commit:
"x86/syscall/compat: Remove ia32_unistd.h" (e2d168328e)
Removed the header ia32_unistd.h since it was just a wrapper for the
unistd_32_ia32.h.
The commit:
"linux-afs-translator-xen-20060731" (29dd792381)
added an ia32_unistd.h include to several files; all were not needed
(as they didn't reference any of the contents from the header file, e.g
_NR_ia32_*).
The commit:
"amd64-hook-ia32-table-20030519" (831e172463)
added an include for ia32_unistd.h to osi_module.c.
A later commit:
"osi-probe-syscall-20050129" (f126dbdbe2)
removed many of the references to defines from ia32_unistd.h, but did
not remove the include for the header.
Currently the only remaining files (linux-kernel-syscall-probe.m4,
LINUX/osi_probe.c and LINUX/osi_syscall.c) continue to reference the
items from ia32_unistd.h, but only when building older kernels that
either don't have LINUX_KEYRING_SUPPORT or when
ENABLE_LINUX_SYSCALL_PROBING is enabled (in both cases, these are only
applicable for older kernels where the asm/ia32_unistd.h file would be
present).
For the files that don't have references (i.e. _NR_ia32_*), we can
simply remove the include for asm/ia32_unistd.h. For the remaining set
of files, we can leave the include for asm/ia32_unistd.h since the code
already has preprocessor conditionals so it's only included for older
Linux kernels where the header file will be present.
We noted above, the include for asm/ia32_unistd.h is already conditional
on the checks for LINUX_KEYRING_SUPPORT and ENABLE_LINUX_SYSCALL_PROBING
so we do not need to add any additional configure checks.
Change-Id: I901b5c0f0ff86272b02f898f3951325533d22f4f
Reviewed-on: https://gerrit.openafs.org/15763
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
diff --git a/src/afs/LINUX/osi_ioctl.c b/src/afs/LINUX/osi_ioctl.c
index 3e797745c..d964d8103 100644
--- a/src/afs/LINUX/osi_ioctl.c
+++ b/src/afs/LINUX/osi_ioctl.c
@@ -21,10 +21,6 @@
#include <linux/unistd.h> /* For syscall numbers. */
#include <linux/mm.h>
-#ifdef AFS_AMD64_LINUX_ENV
-#include <asm/ia32_unistd.h>
-#endif
-
#include <linux/slab.h>
#include <linux/init.h>
#include <linux/sched.h>
diff --git a/src/afs/LINUX/osi_module.c b/src/afs/LINUX/osi_module.c
index 8ace127f4..499810cc6 100644
--- a/src/afs/LINUX/osi_module.c
+++ b/src/afs/LINUX/osi_module.c
@@ -21,10 +21,6 @@
#include <linux/unistd.h> /* For syscall numbers. */
#include <linux/mm.h>
-#ifdef AFS_AMD64_LINUX_ENV
-#include <asm/ia32_unistd.h>
-#endif
-
#include <linux/proc_fs.h>
#include <linux/slab.h>
#include <linux/init.h>
diff --git a/src/afs/LINUX/osi_pag_module.c b/src/afs/LINUX/osi_pag_module.c
index ea3d1bd2c..346108489 100644
--- a/src/afs/LINUX/osi_pag_module.c
+++ b/src/afs/LINUX/osi_pag_module.c
@@ -20,10 +20,6 @@
#include <linux/unistd.h> /* For syscall numbers. */
#include <linux/mm.h>
-#ifdef AFS_AMD64_LINUX_ENV
-#include <asm/ia32_unistd.h>
-#endif
-
#include <linux/proc_fs.h>
#include <linux/slab.h>
#include <linux/init.h>
diff --git a/src/afs/LINUX/osi_proc.c b/src/afs/LINUX/osi_proc.c
index 9c5a080f0..ad7c695b9 100644
--- a/src/afs/LINUX/osi_proc.c
+++ b/src/afs/LINUX/osi_proc.c
@@ -25,10 +25,6 @@
#include <linux/unistd.h> /* For syscall numbers. */
#include <linux/mm.h>
-#ifdef AFS_AMD64_LINUX_ENV
-# include <asm/ia32_unistd.h>
-#endif
-
#include <linux/slab.h>
#include <linux/init.h>
#include <linux/sched.h>

96
0f6a3a402f4a66114da9231032bd68cdc4dee7bc Normal file
View File

@ -0,0 +1,96 @@
commit 0f6a3a402f4a66114da9231032bd68cdc4dee7bc
Author: Cheyenne Wills <cwills@sinenomine.net>
Date: Wed Jun 12 14:13:59 2024 -0600
Linux-6.10: Use filemap_alloc_folio when avail
The Linux 6.10 commit:
"mm: remove page_cache_alloc()" (3f2ae4ebd5)
removed the page_cache_alloc(), with a note that callers would be using
filemap_alloc_folio instead.
The function filemap_alloc_folio() was introduced in Linux 5.15 commit:
"mm/filemap: Add filemap_alloc_folio" (bb3c579e25)
Add a configure check for filemap_alloc_folio and update the function
afs_linux_read_cache() to use a wrapper that calls filemap_alloc_folio()
if available otherwise calls page_cache_alloc().
Minor whitespace/style cleanup
Note: The function filemap_alloc_folio() was introduced in Linux 5.15,
so this change affects builds using the Linux kernel 5.15 and later.
Change-Id: Ia17aefc38fe9787e54b315c864da726d610b8bb9
Reviewed-on: https://gerrit.openafs.org/15764
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c
index 511b0838f..18809c89f 100644
--- a/src/afs/LINUX/osi_vnodeops.c
+++ b/src/afs/LINUX/osi_vnodeops.c
@@ -2320,6 +2320,24 @@ mapping_read_page(struct address_space *mapping, struct page *page)
#endif
}
+/*
+ * small compat wrapper for filemap_alloc_folio/page_cache_alloc
+ */
+static struct page *
+afs_page_cache_alloc(struct address_space *cachemapping)
+{
+#if defined(HAVE_LINUX_FILEMAP_ALLOC_FOLIO)
+ struct folio *folio;
+ folio = filemap_alloc_folio(mapping_gfp_mask(cachemapping), 0);
+ if (folio == NULL) {
+ return NULL;
+ }
+ return &folio->page;
+#else
+ return page_cache_alloc(cachemapping);
+#endif
+}
+
/* Populate a page by filling it from the cache file pointed at by cachefp
* (which contains indicated chunk)
* If task is NULL, the page copy occurs syncronously, and the routine
@@ -2358,11 +2376,12 @@ afs_linux_read_cache(struct file *cachefp, struct page *page,
pageindex = (offset - AFS_CHUNKTOBASE(chunk)) >> PAGE_SHIFT;
while (cachepage == NULL) {
- cachepage = find_get_page(cachemapping, pageindex);
+ cachepage = find_get_page(cachemapping, pageindex);
if (!cachepage) {
- if (!newpage)
- newpage = page_cache_alloc(cachemapping);
- if (!newpage) {
+ if (newpage == NULL) {
+ newpage = afs_page_cache_alloc(cachemapping);
+ }
+ if (newpage == NULL) {
code = -ENOMEM;
goto out;
}
diff --git a/src/cf/linux-kernel-func.m4 b/src/cf/linux-kernel-func.m4
index 93f96f5ad..83ea354b0 100644
--- a/src/cf/linux-kernel-func.m4
+++ b/src/cf/linux-kernel-func.m4
@@ -253,6 +253,16 @@ AC_CHECK_LINUX_FUNC([no_strlcpy],
size_t s;
s = strlcpy(buff);]])
+dnl Linux 5.15 introduced filemap_alloc_folio() as a replacement for
+dnl page_cache_alloc(). page_cache_alloc() was updated to become just a
+dnl wrapper for filemap_alloc_folio().
+dnl Linux 6.10 removed page_cache_alloc().
+AC_CHECK_LINUX_FUNC([filemap_alloc_folio],
+ [#include <linux/kernel.h>
+ #include <linux/pagemap.h>],
+ [[static struct folio *folio;
+ folio = filemap_alloc_folio(0, 0);]])
+
dnl Consequences - things which get set as a result of the
dnl above tests
AS_IF([test "x$ac_cv_linux_func_d_alloc_anon" = "xno"],

66
658942f2791fad5e33ec7542158c16dfc66eed39 Normal file
View File

@ -0,0 +1,66 @@
commit 658942f2791fad5e33ec7542158c16dfc66eed39
Author: Cheyenne Wills <cwills@sinenomine.net>
Date: Wed Jun 12 14:16:43 2024 -0600
Linux-6.10: define a wrapper for vmalloc
The Linux 6.10 commit:
"mm: vmalloc: enable memory allocation profiling" (88ae5fb755)
changed vmalloc from a function to a wrapper macro.
This change results in build errors:
"error: implicit declaration of function vmalloc; did you mean
kmalloc? [-Werror=implicit-function-declaration]"
when vmalloc is passed as a parameter to the afs_atomlist_create() and
afs_lhash_create() functions.
Add a little wrapper function around vmalloc() to use for the parameter
to afs_atomlist_create() and afs_lhash_create().
Note: A configure test was not needed for this change since the name
and functionality of Linux's vmalloc did not change.
Change-Id: I69c1da9eea5d1de11c1628bbcef427f81f5c01e1
Reviewed-on: https://gerrit.openafs.org/15765
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
diff --git a/src/afs/LINUX/osi_alloc.c b/src/afs/LINUX/osi_alloc.c
index 86cd0e571..7c4b4a1ca 100644
--- a/src/afs/LINUX/osi_alloc.c
+++ b/src/afs/LINUX/osi_alloc.c
@@ -196,6 +196,15 @@ local_free(void *p, size_t n)
vfree(p);
}
+/*
+ * wrapper for vmalloc(), since vmalloc() may be a macro
+ */
+static void *
+local_vmalloc(size_t size)
+{
+ return vmalloc(size);
+}
+
/* linux_alloc_init(): Initializes the kernel memory allocator. As part
* of this process, it also initializes a pool of osi_linux_mem
* structures as well as the hash table itself.
@@ -209,14 +218,14 @@ linux_alloc_init(void)
/* initiate our pool of osi_linux_mem structs */
al_mem_pool =
afs_atomlist_create(sizeof(struct osi_linux_mem), sizeof(long) * 1024,
- (void *)vmalloc, local_free);
+ local_vmalloc, local_free);
if (!al_mem_pool) {
printf("afs_osi_Alloc: Error in initialization(atomlist_create)\n");
return 0;
}
/* initialize the hash table to hold references to alloc'ed chunks */
- lh_mem_htab = afs_lhash_create(hash_equal, (void *)vmalloc, local_free);
+ lh_mem_htab = afs_lhash_create(hash_equal, local_vmalloc, local_free);
if (!lh_mem_htab) {
printf("afs_osi_Alloc: Error in initialization(lhash_create)\n");
return 0;

51
7097eec17bc01bcfc12c4d299136b2d3b94ec3d7 Normal file
View File

@ -0,0 +1,51 @@
commit 7097eec17bc01bcfc12c4d299136b2d3b94ec3d7
Author: Cheyenne Wills <cwills@sinenomine.net>
Date: Thu Jun 6 10:42:57 2024 -0600
Linux 6.10: Move 'inline' before func return type
With Linux 6.10 commit:
"kbuild: turn on -Wextra by default" (f5982cceb3)
there are additional compiler warnings that can turn
into build errors when --enable-checking is used.
"error: inline is not at beginning of declaration
[-Werror=old-style-declaration]"
The error is due to the return type preceding the "inline" keyword
in function declarations.
Fix the declarations for file_can_read_pages() and
afs_linux_readpage_fastpath() to have the proper ordering of the
static/inline keywords attributes so they precede the return type.
Just a note that the `static` and `inline` keywords must precede a
function's return type.
Change-Id: I3ff9d45c119e70a90faf18fbf6d49fb6b9adcf33
Reviewed-on: https://gerrit.openafs.org/15768
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c
index 18809c89f..c6c3bfe39 100644
--- a/src/afs/LINUX/osi_vnodeops.c
+++ b/src/afs/LINUX/osi_vnodeops.c
@@ -2443,7 +2443,7 @@ afs_linux_read_cache(struct file *cachefp, struct page *page,
/*
* Return true if the file has a mapping that can read pages
*/
-static int inline
+static inline int
file_can_read_pages(struct file *fp)
{
#if defined(STRUCT_ADDRESS_SPACE_OPERATIONS_HAS_READ_FOLIO)
@@ -2456,7 +2456,7 @@ file_can_read_pages(struct file *fp)
return 0;
}
-static int inline
+static inline int
afs_linux_readpage_fastpath(struct file *fp, struct page *pp, int *codep)
{
loff_t offset = page_offset(pp);

956
ChangeLog Normal file
View File

@ -0,0 +1,956 @@
commit b151451269ec41b5723484596e7dd40f9ab8824a (HEAD -> openafs-stable-1_8_x, origin/openafs-stable-1_8_x)
Author: Andrew Deason <adeason@sinenomine.net>
Date: Tue Nov 12 20:29:24 2024 -0600
ptserver: Add xdr_namelist to liboafs_prot.la.sym
Commit 1f5e1ef9e3 (OPENAFS-SA-2024-003: Run xdr_free for retried RPCs)
added a couple of references to xdr_namelist, which currently causes a
build failure on AIX:
/bin/sh ../../libtool --quiet --mode=link --tag=CC xlc_r [...] -o pts pts.o ../../src/ptserver/liboafs_prot.la [...]
ld: 0711-317 ERROR: Undefined symbol: xdr_namelist
ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information.
make: 1254-004 The error code from the last command is 8.
To avoid this, add xdr_namelist to liboafs_prot.la.sym.
Reviewed-on: https://gerrit.openafs.org/15954
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
(cherry picked from commit 4f82b5bd49a3c83c990d64d06cb6389969826208)
Change-Id: I8a7272d1b94bd02295ef63b70a4247a4cf6e70f6
Reviewed-on: https://gerrit.openafs.org/15955
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
commit c1beae2622fe6fbdda2353a7da2090fc23595617
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Fri Nov 8 14:03:53 2024 -0800
Make OpenAFS 1.8.13
Update version strings for the 1.8.13 release.
Change-Id: Ic7f75226f3ba0f51f17c8e123c8cdbdab3ff6c7f
Reviewed-on: https://gerrit.openafs.org/15949
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit 7ad61adb706bd53be287f8620ac67720434b3c24
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Fri Nov 8 13:57:28 2024 -0800
Update NEWS for OpenAFS 1.8.13
Change-Id: I8e25f6d4719f403b07a8faad733d858a8872620f
Reviewed-on: https://gerrit.openafs.org/15948
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit 37e585f0841803cdf3a1f99770034890ba162d7c
Author: Andrew Deason <adeason@sinenomine.net>
Date: Thu Oct 15 21:07:17 2020 -0500
OPENAFS-SA-2024-003: xdr: Initialize memory for INOUT args
CVE-2024-10397
Currently, there are a few callers of RPCs that specify some data for
an INOUT parameter, but do not initialize the memory for that data.
This can result in the uninitialized memory being sent to the peer
when the argument is processed as an IN argument. Simply clear the
relevant data before running the RPC to avoid this.
The relevant RPCs and arguments are:
- For RMTSYS_Pioctl, the 'OutData' argument.
- For BUDB_GetVolumes, the 'volumes' argument.
-- via DBLookupByVolume -> bcdb_LookupVolume -> ubik_BUDB_GetVolumes
-- and via bc_Restorer -> bcdb_FindVolumes -> ubik_BUDB_GetVolumes
- For KAA_Authenticate_old / KAA_Authenticate, this can happen with
the 'answer' argument in ka_Authenticate if KAA_AuthenticateV2 or
KAA_Authenticate return RXGEN_OPCODE, but the server manages to
populate oanswer.SeqLen with non-zero.
For all of these, make sure the memory is blanked before running the
relevant RPC. For ka_Authenticate, reset oanswer.SeqLen to 0 to avoid
sending any data, but still blank 'answer' and 'answer_old' just to be
safe.
FIXES 135043
Reviewed-on: https://gerrit.openafs.org/15925
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit c4e28c2afe743aa323be57ef3b0faec13027e678)
Change-Id: If44320c1efde98c53eed88099cd978ef89f4c0d8
Reviewed-on: https://gerrit.openafs.org/15947
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit 4871f8ad2775e97bb85ff7efc33a4ad8d3f6d9d1
Author: Andrew Deason <adeason@sinenomine.net>
Date: Fri Oct 16 10:55:15 2020 -0500
OPENAFS-SA-2024-003: sys: Don't over-copy RMTSYS_Pioctl output data
CVE-2024-10397
Here, 'OutData' only has OutData.rmtbulk_len bytes in it. We know that
OutData.rmtbulk_len is at most data->out_size, but it could be
smaller. So, only copy OutData.rmtbulk_len bytes, not data->out_size,
since data->out_size could be more than the number of bytes we have
allocated in OutData.
FIXES 135043
Reviewed-on: https://gerrit.openafs.org/15924
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit f31a79d749abc8e64a8d9ac748bb2b5457875099)
Change-Id: Ic05751d05c7c8862770188131110cc602c9b93b7
Reviewed-on: https://gerrit.openafs.org/15946
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit 25ad3931d5c03ead625a96e6b626febeb3e20453
Author: Andrew Deason <adeason@sinenomine.net>
Date: Fri Oct 16 10:52:03 2020 -0500
OPENAFS-SA-2024-003: Run xdr_free for retried RPCs
CVE-2024-10397
A few areas of code retry the same RPC, like so:
do {
code = VL_SomeRPC(rxconn, &array_out);
} while (some_condition);
xdr_free((xdrproc_t) xdr_foo, &array_out);
Or try a different version/variant of an RPC (e.g.
VLDB_ListAttributesN2 -> VLDB_ListAttributes).
If the first RPC call causes the output array to be allocated with
length N, then the subsequent RPC calls may fail if the server
responds with an array larger than N.
Furthermore, if the subsequent call responds with an array smaller
than N, then when we xdr_free the array, our length will be smaller
than the actual number of allocated elements. That results in two
potential issues:
- We'll fail to free the elements at the end of the array. This is
only a problem if each element in the array also uses
dynamically-allocated memory (e.g. each element contains a string or
another array). Fortunately, there are only a few such structures in
any of our RPC-L definitions: SysNameList and CredInfos. And neither
of those are used in such a retry loop, so this isn't a problem.
- We'll give the wrong length to osi_free when freeing the array
itself. This only matters for KERNEL, and only on some platforms
(such as Solaris), since the length given to osi_free is ignored
everywhere else.
To avoid these possible issues, change the relevant retry loops to
free our xdr-allocated arrays on every iteration of the loop, like
this:
do {
xdr_free((xdrproc_t) xdr_foo, &array_out);
code = VL_SomeRPC(rxconn, &array_out);
} while (some_condition);
xdr_free((xdrproc_t) xdr_foo, &array_out);
Or like this:
do {
code = VL_SomeRPC(rxconn, &array_out);
xdr_free((xdrproc_t) xdr_foo, &array_out);
} while (some_condition);
FIXES 135043
Reviewed-on: https://gerrit.openafs.org/15923
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 1f5e1ef9e35f6b5e8693c91199c976d5e030c0d0)
Change-Id: I77ce3a904d502784cbf356e113972dfab838256e
Reviewed-on: https://gerrit.openafs.org/15945
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit a82212ab20f0635a40c52648a52a1e9eaccc4937
Author: Andrew Deason <adeason@sinenomine.net>
Date: Thu Oct 15 20:30:14 2020 -0500
OPENAFS-SA-2024-003: xdr: Ensure correct string length in xdr_string
CVE-2024-10397
Currently, if a caller calls an RPC with a string output argument,
like so:
{
char *str = NULL;
code = RXAFS_SomeCall(&str);
/* do something with 'str' */
xdr_free((xdrproc_t) xdr_string, &str);
}
Normally, xdr_free causes xdr_string to call osi_free, specifying the
same size that we allocated for the string. However, since we only
have a char*, the amount of space allocated for the string is not
recorded separately, and so xdr_string calculates the size of the
buffer to free by using strlen().
This works for well-formed strings, but if we fail to decode the
payload of the string, or if our peer gave us a string with a NUL byte
in the middle of it, then strlen() may be significantly less than the
actual allocated size. And so in this case, the size given to osi_free
will be wrong.
The size given to osi_free is ignored in userspace, and for KERNEL on
many platforms like Linux and DARWIN. However, it is notably not
ignored for KERNEL on Solaris and some other less supported platforms
(HPUX, Irix, NetBSD). At least on Solaris, an incorrect size given to
osi_free can cause a system panic or possibly memory corruption.
To avoid this, change xdr_string during XDR_DECODE to make sure that
strlen() of the string always reflects the allocated size. If we fail
to decode the string's payload, replace the payload with non-NUL bytes
(fill it with 'z', an arbitrary choice). And if we do successfully
decode the payload, check if the strlen() is wrong (that is, if the
payload contains NUL '\0' bytes), and fail if so, also filling the
payload with 'z'. This is only strictly needed in KERNEL on certain
platforms, but do it everywhere so our behavior is consistent.
FIXES 135043
Reviewed-on: https://gerrit.openafs.org/15922
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 7d0675e6c6a2f3200a3884fbe46b3ef8ef9ffd24)
Change-Id: Ieb8827474a7458ce80176b14ce87f3402aed7a86
Reviewed-on: https://gerrit.openafs.org/15944
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit 0ff2cd9e0f5656e8327c5fe47935998de3669678
Author: Andrew Deason <adeason@sinenomine.net>
Date: Thu Oct 15 23:18:53 2020 -0500
OPENAFS-SA-2024-003: Check sanity on lengths of RPC returned arrays
CVE-2024-10397
Various RPCs return a variable-length array in an OUT argument, but
are only supposed to return specific sizes. A few instances of this
include the following (but this is not an exhaustive list):
- AFSVolListOneVolume should only return a single volintInfo.
- PR_NameToID should return the same number of IDs as names given.
- VL_GetAddrsU should return the same number of addresses as the
'nentries' OUT argument.
Some callers of these RPCs just assume that the server has not
violated these rules. If the server responds with a nonsensical array
size, this could cause us to read beyond the end of the array, or
cause a NULL dereference or other errors.
For example, some callers of VL_GetAddrsU will iterate over 'nentries'
addresses, even if the 'blkaddrs' OUT argument contains fewer entries.
Or with AFSVolListOneVolume, some callers assume that at least 1
volintInfo has been returned; if 0 have been returned, we can try to
access a NULL array.
To avoid all of this, add various sanity checks on the relevant
returned lengths of these RPCs. For most cases, if the lengths are not
sane, return an internal error from the appropriate subsystem (or
RXGEN_CC_UNMARSHAL if there isn't one). For VL_GetAddrsU, if
'nentries' is too long, just set it to the length of the returned
array.
FIXES 135043
Reviewed-on: https://gerrit.openafs.org/15921
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit c732715e4ee78ed1e2414c813ae5a4b3574107a0)
Change-Id: I2cfc0723f4c3a2692238fa1e59145aceee17e0d6
Reviewed-on: https://gerrit.openafs.org/15943
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit d253a52d3b59bd691eae8863ea2f06d99ad18550
Author: Andrew Deason <adeason@sinenomine.net>
Date: Sun Oct 4 23:04:06 2020 -0500
OPENAFS-SA-2024-003: xdr: Prevent XDR_DECODE buffer overruns
CVE-2024-10397
When making an RPC call from a client, output arguments that use
arrays (or array-like objects like strings and opaques) can be
allocated by XDR, like so:
{
struct idlist ids;
ids.idlist_val = NULL;
ids.idlist_len = 0;
code = PR_NameToID(rxconn, names, &ids);
/* data inside ids.idlist_val[...] */
xdr_free((xdrproc_t) xdr_idlist, &ids);
}
With this approach, during XDR_DECODE, xdr_array() reads in the number
of array elements from the peer, then allocates enough memory to hold
that many elements, and then reads in the array elements.
Alternatively, the caller can provide preallocated memory, like so:
{
struct idlist ids;
afs_int32 ids_buf[30];
ids.idlist_val = ids_buf;
ids.idlist_len = 30;
code = PR_NameToID(rxconn, names, &ids);
/* data inside ids.idlist_val[...] */
}
With this approach, during XDR_DECODE, xdr_array() reads in the number
of array elements from the peer, and then reads in the array elements
into the supplied buffer. However, in this case, xdr_array() never
checks that the number of array elements will actually fit into the
supplied buffer; the _len field provided by the caller is just ignored.
In this example, if the ptserver responds with 50 elements for the 'ids'
output argument, xdr_array() will write 50 afs_int32's into
'ids.idlist_val', going beyond the end of the 30 elements that are
actually allocated.
It's also possible, and in fact very easy, to use xdr-allocated
buffers and then reuse them as a preallocated buffer, possibly
accidentally. For example:
{
struct idlist ids;
ids.idlist_val = NULL;
ids.idlist_len = 0;
while (some_condition) {
code = PR_NameToID(rxconn, names, &ids);
}
}
In this case, the first call to PR_NameToID can cause the buffer for
'ids' to be allocated by XDR, which will then be reused by the
subsequent calls to PR_NameToId. Note that this can happen even if the
first PR_NameToID call fails; the call can be aborted after the output
array is allocated.
Retrying an RPC in this way is effectively what all ubik_Call*
codepaths do (including all ubik_* wrappers, e.g. ubik_PR_NameToID).
Or some callers retry effectively the same RPC when falling back to
earlier versions (e.g. VL_ListAttributesN2 -> VL_ListAttributesN).
To prevent this for arrays and opaques, change xdr_array (and
xdr_bytes) to check if the _len field for preallocated buffers is
large enough, and return failure if it's not.
Also perform the same check for the ka_CBS and ka_BBS structures. These
are mostly the same as opaques, but they have custom serialization
functions in src/kauth/kaaux.c. ka_BBS also has two lengths: the actual
length of bytes, and a 'max' length. ka_CBS isn't used for any RPC
output arguments, but fix it for consistency.
For strings, the situation is complicated by the fact that callers
cannot pass in how much space was allocated for the string, since
callers only provide a char**. So for strings, just refuse to use a
preallocated buffer at all, and return failure if one is provided.
Note that for some callers using preallocated arrays or strings, the
described buffer overruns are not possible, since the preallocated
buffers are larger than the max length specified in the relevant
RPC-L. For example, afs_DoBulkStat() allocates AFSCBMAX entries for
the output args for RXAFS_InlineBulkStatus, which is the max length
specified in the RPC-L, so a buffer overrun is impossible. But since
it is so easy to allow a buffer overrun, enforce the length checks for
everyone.
FIXES 135043
Reviewed-on: https://gerrit.openafs.org/15920
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 13413eceed80d106cbed5ffb91c4dfbc8cccf55c)
Change-Id: I1010d2fa309d4a441ebaf285168c2e7e887753b9
Reviewed-on: https://gerrit.openafs.org/15942
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit c18640c6b98b10cd6f78c63195ff822689cb5348
Author: Andrew Deason <adeason@sinenomine.net>
Date: Thu Jun 13 15:30:50 2024 -0500
OPENAFS-SA-2024-003: xdr: Set _len for prealloc'd opaque/array OUT args
CVE-2024-10397
Currently, a few RPCs with arrays or opaque OUT arguments are called
with preallocated memory for the arg, but also provide a _len of 0 (or
an uninitialized _len). This makes it impossible for the xdr routine to
tell whether we have allocated enough space to actually hold the
response from the server.
To help this situation, either specify an appropriate _len for the
preallocated value (cm_IoctlGetACL, fsprobe_LWP), or don't provide a
preallocated buffer at all and let xdr allocate a buffer for us
(PGetAcl).
Note that this commit doesn't change xdr to actually check the value of
the given _len; but now a future commit can do so without breaking
callers.
FIXES 135043
Reviewed-on: https://gerrit.openafs.org/15919
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit b2b1110ddd9e19670dbc6a3217dc2a74af432f82)
Change-Id: Ibdee49b79da1476c4e606bcad5fb3d08eb259ad7
Reviewed-on: https://gerrit.openafs.org/15941
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit 40440c3eb628ff1772588bdc99d7496292097bbd
Author: Andrew Deason <adeason@sinenomine.net>
Date: Thu Jun 13 15:28:38 2024 -0500
OPENAFS-SA-2024-003: xdr: Avoid prealloc'd string OUT args
CVE-2024-10397
Currently, several callers call RPCs with string OUT arguments, and
provide preallocated memory for those arguments. This can easily allow a
response from the server to overrun the allocated buffer, stomping over
stack or heap memory.
We could simply make our preallocated buffers larger than the maximum
size that the RPC allows, but relying on that is error prone, and
there's no way for XDR to check if a string buffer is large enough.
Instead, to make sure we don't overrun a given preallocated buffer,
avoid giving a preallocated buffer to such RPCs, and let XDR allocate
the memory for us.
Specifically, this commit changes several callers to
RXAFS_GetVolumeStatus(), and one caller of BOZO_GetInstanceParm(), to
avoid passing in a preallocated string buffer.
All other callers of RPCs with string OUT args already let XDR allocate
the buffers for them.
FIXES 135043
Reviewed-on: https://gerrit.openafs.org/15918
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 00a1b266af51a828a022c23e7bb006a39740eaad)
Change-Id: Ib174d008eaf1fd10d42702bcdb607e45b26acf58
Reviewed-on: https://gerrit.openafs.org/15940
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit fec84e347768080e4370e5aeb05886bfe19ae54b
Author: Michael Meffie <mmeffie@sinenomine.net>
Date: Fri Mar 10 17:51:17 2023 -0500
xdr: Avoid xdr_string maxsize check when freeing
The maxsize argument in xdr_string() is garbage when called by
xdr_free(), since xdr_free() only passes the XDR handle and the xdr
string to be freed. Sometimes the size check fails and xdr_string()
returns early, without freeing the string and without setting the object
pointer to NULL.
Usually this just results in leaking the string's memory. But since
commit 9ae5b599c7 (bos: Let xdr allocate rpc output strings), many
callers in bos.c rely on xdr_free(xdr_string) to set the given string
to NULL; if this doesn't happen, subsequent calls to BOZO_ RPCs can
corrupt memory, often causing the 'bos' process to segfault.
We only need the maxsize check when encoding or decoding, so avoid
accessing the maxsize agument when the op mode is XDR_FREE.
In general, xdr_free() can only safely be used on xdr 2-argument xdr
functions, so must be avoided when freeing xdr opaque, byte, and union
types.
This change makes it safe to use xdr_free() to free xdr strings, but in
the future, we should provide a typesafe and less fragile function for
freeing xdr strings returned from RPCs. Currently, xdr_free(xdr_string)
is only called by the bos client and the tests.
Reviewed-on: https://gerrit.openafs.org/15343
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit bbb1e8adfed6804ac6fbae0a073dc6927096e16a)
Change-Id: I1f190d28acab5fa1621919f283571fcacb495ce4
Reviewed-on: https://gerrit.openafs.org/15939
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit 21941c0ab2d28fa3a074f46e4d448d518a7c1b8a
Author: Andrew Deason <adeason@sinenomine.net>
Date: Tue Nov 5 23:40:24 2024 -0600
OPENAFS-SA-2024-002: Avoid uninitialized memory when parsing ACLs
CVE-2024-10396
Several places in the tree parse ACLs using sscanf() calls that look
similar to this:
sscanf(str, "%d dfs:%d %s", &nplus, &dfs, cell);
sscanf(str, "%100s %d", tname, &trights);
Some callers check whether the scanf() returns negative or 0, but some
callers do not check the return code at all. If only some of the fields
are present in the sscanf()'d string (because, for instance, the ACL is
malformed), some of the arguments are left alone, and may be set to
garbage if the relevant variable was never initialized.
If the parsed ACL is copied to another ACL, this can result in the
copied ACL containing uninitialized memory.
To avoid this, make sure all of the variables passed to sscanf() and
similar calls are initialized before parsing. This commit does not
guarantee that the results make sense, but at least the results do not
contain uninitialized memory.
Reviewed-on: https://gerrit.openafs.org/15917
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit ac602a0a5624b0f0ab04df86f618d09f2a4ad063)
Change-Id: I00245c12993683eb3b58d51cf77742f758bac120
Reviewed-on: https://gerrit.openafs.org/15938
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit a9ede52673b8c8abbfc2577ac6987a8a5686206f
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Mon Nov 4 20:50:50 2024 -0800
OPENAFS-SA-2024-002: make VIOCGETAL consumers stay within string bounds
CVE-2024-10396
After the preceding commits, the data returned by the VIOCGETAL
pioctl (a RXAFS_FetchAcl wrapper) will safely be NUL-terminated.
However, the callers that attempt to parse the ACL string make
assumptions that the returned data will be properly formatted,
and implement a "skip to next line" functionality (under various
names) that blindly increments a char* until it finds a newline
character, which can read past the end of even a properly
NUL-terminated string if there is not a newline where one is
expected.
Adjust the various "skip to next line" functionality to keep
the current string pointer at the trailing NUL if the end of the
string is reached while searching for a newline.
Reviewed-on: https://gerrit.openafs.org/15916
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit a4ecb050540528a1bff840ff08d21f99e6ef3fbf)
Change-Id: Id2d8c0164cfaa7d03a9e37b29ff58b88cf815483
Reviewed-on: https://gerrit.openafs.org/15937
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit a96a3160f5425125588f39f5ac612df3ef9b9a8a
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Mon Nov 4 20:50:50 2024 -0800
OPENAFS-SA-2024-002: verify FetchACL returned only a string
CVE-2024-10396
Supplement the previous commit by additionally verifying that
the returned ACL string occupies the entire XDR opaque, rejecting
any values returned that have an internal NUL prior to the end
of the opaque.
Reviewed-on: https://gerrit.openafs.org/15915
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 7e13414e8ea995d438cde3e60988225f3ab4cbcd)
Change-Id: I107f89e3d8a5c3c5cd67f6296742bfca7cace0e1
Reviewed-on: https://gerrit.openafs.org/15936
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit 64068705b15661a8d4e0b9f9f2ad4aec34ed51a7
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Mon Nov 4 20:33:16 2024 -0800
OPENAFS-SA-2024-002: verify FetchACL returned a valid string
CVE-2024-10396
Analogously to how a call to RXAFS_StoreACL() with a malformed
ACL string can cause a fileserver to perform invalid memory operations,
a malformed ACL string returned in response to a call to RXAFS_FetchACL()
can cause a client to perform invalid memory operations.
Modify all the in-tree callers of the RPC to verify that the ACL
data, which is conveyed as an XDR 'opaque' but whose contents
are actually expected to be a string, is a valid C string. If
a zero-length opaque or one without a trailing NUL is received,
treat that as an error response from the fileserver rather than
returning success.
The Unix cache manager's pioctl handler already has logic to cope with a
zero-length reply by emitting a single NUL byte to userspace. This
special-casing seems to have been in place from the original IBM import,
though it does so by confusingly "skipping over" a NUL byte already put
in place. For historical compatibility, preserve that behavior rather
than treating the zero-length reply as an error as we do for the other
callers. It seems likely that this location should treat a zero-length
reply as an error just as the other call sites do, but that can be done
as a later change.
Reviewed-on: https://gerrit.openafs.org/15914
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 0b1ccb0dbc3b7673558eceff3d672971f5bb0197)
Change-Id: Ifbce762d76641f08b5fc5e79b4c8dad07c1a135a
Reviewed-on: https://gerrit.openafs.org/15935
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit bb01d76a2095baa65880bdc5d504e7a198958265
Author: Andrew Deason <adeason@sinenomine.net>
Date: Wed Aug 21 00:41:49 2024 -0500
OPENAFS-SA-2024-002: viced: Avoid unchecked ACL in StoreACL audit log
CVE-2024-10396
Currently in SRXAFS_StoreACL, if CallPreamble() or check_acl() fail, we
will jump to Bad_StoreACL, which will pass the ACL string from the
client to osi_auditU. Since check_acl() hasn't yet checked if the given
ACL contains a NUL byte, the ACL may be an unterminated string. If
auditing is enabled, this can cause garbage to be logged to the audit
log, or cause the fileserver to crash.
To avoid this, set 'rawACL' to NULL at first, only setting it to the
actual ACL string after check_acl() has succeeded. This ensures that all
code accessing 'rawACL' is guaranteed to be using a terminated string.
This may mean that we pass a NULL AUD_ACL to osi_auditU. Our auditing
code explicitly checks for and handles handles NULL strings, so this is
fine.
FIXES 135445
Reviewed-on: https://gerrit.openafs.org/15913
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit c9eae1e8b26144063e5d1db23d47ee82c4b9ef3a)
Change-Id: Ieda6f910d875c4b5179011e5e93e5694d3f4ce47
Reviewed-on: https://gerrit.openafs.org/15934
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit ee020f7cba7d82bc3d4b468210b5052af53c5db5
Author: Andrew Deason <adeason@sinenomine.net>
Date: Wed Aug 21 00:29:34 2024 -0500
OPENAFS-SA-2024-002: viced: Introduce 'rawACL' in StoreACL
CVE-2024-10396
Change our StoreACL implementation to refer to the 'AccessList' argument
via a new local variable called 'rawACL'. This makes it clearer to
users that the data is a string, and makes it easier for future commits
to make sure we don't access the 'AccessList' argument in certain
situations.
Update almost all users in StoreACL to refer to 'rawACL' instead of
'AccessList'. Change the name of 'AccessList' to 'uncheckedACL' to make
sure we don't miss any users. Update our check_acl() call to use
'uncheckedACL' (and not 'rawACL'), because it must use an AFSOpaque to
check the ACL.
Change RXStore_AccessList() and printableACL() to accept a plain char*
instead of a struct AFSOpaque.
This commit should not incur any noticeable behavior change. Technically
printableACL() is changed to run strlen() on the given string, but this
should not cause any noticeable change in behavior:
This change could cause printableACL() to process less of the string
than before, if the string contains a NUL byte before the end of the
AFSOpaque buffer. But this doesn't matter, since the all of our code
after this treats the ACL as a plain string, and so doesn't look at any
data beyond the first NUL. It's not possible for printableACL() to
process more data than before, because check_acl() has already checked
that the ACL string contains a NUL byte, so we must process
AFSOpaque_len bytes or fewer.
FIXES 135445
Reviewed-on: https://gerrit.openafs.org/15912
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit eb8b93a971c6293cdfbf8cd3d9a6351a8cb76f81)
[1.8: printableACL() does not exist in this branch.]
Change-Id: I65b518acab26be0bb1854c29e46c90e5fee52d41
Reviewed-on: https://gerrit.openafs.org/15933
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit d66caf8c04878724001839317637445708edef2c
Author: Andrew Deason <adeason@sinenomine.net>
Date: Tue Sep 19 15:55:42 2023 -0500
OPENAFS-SA-2024-002: acl: Error on missing newlines when parsing ACL
CVE-2024-10396
In acl_Internalize_pr(), each line in an ACL granting rights (positive
or negative) is sscanf()'d with "%63s\t%d\n", and then we try to
advance 'nextc' beyond the next newline character.
However, sscanf()'ing "%63s\t%d\n" does not guarantee that there is a
newline in the given string. Whitespace characters in sscanf() are not
matched exactly, and may match any amount of whitespace (including
none at all). For example, a string like "foo 4" may be parsed by
sscanf(), but does not contain any newlines.
If this happens, strchr(nextc, '\n') will return NULL, and we'll
advance 'nextc' to 0x1, causing a segfault when we next try to
dereference 'nextc'.
To avoid this, check if 'nextc' is NULL after the strchr() call, and
return an error if so.
FIXES 135445
Reviewed-on: https://gerrit.openafs.org/15911
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 96ab2c6f8a614d597a523b45871c5f64a50a7040)
Change-Id: I666dfb2c401410865c1f98d9db1b342b52c8f628
Reviewed-on: https://gerrit.openafs.org/15932
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit 1e6e813188ecce62eb7af19385d911f63469bdb6
Author: Andrew Deason <adeason@sinenomine.net>
Date: Tue Sep 19 15:44:08 2023 -0500
OPENAFS-SA-2024-002: acl: Do not parse beyond end of ACL
CVE-2024-10396
The early parsing code in acl_Internalize_pr() tries to advance
'nextc' to go beyond the first two newlines in the given ACL string.
But if the given ACL string has no newlines, or only 1 newline, then
'nextc' will point beyond the end of the ACL string, potentially
pointing to garbage.
Intuitively, it may look like the ACL string must contain at least 2
newlines because we have sscanf()'d the string with "%d\n%\d".
However, whitespace characters in sscanf() are not matched exactly
like non-whitespace characters are; a sequence of whitespace
characters matches any amount of whitespace (including none). So, a
string like "1 2" will be parsed by "%d\n%d\n", but will not contain
any newline characters.
Usually this should result in a parse error from acl_Internalize_pr(),
but if the garbage happens to parse successfully, this could result in
unrelated memory getting stored to the ACL.
To fix this, don't advance 'nextc' if we're already at the end of the
ACL string.
FIXES 135445
Reviewed-on: https://gerrit.openafs.org/15910
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 35d218c1d17973c1412ea5dff1e23d9aae50c4c7)
Change-Id: I7a7d136676e548adba5fa8d0003b5f8342332a86
Reviewed-on: https://gerrit.openafs.org/15931
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit a07e50726df09c49dfe7b953c3e49eb98f310c09
Author: Andrew Deason <adeason@sinenomine.net>
Date: Mon Sep 18 16:14:07 2023 -0500
OPENAFS-SA-2024-002: viced: Free ACL on acl_Internalize_pr error
CVE-2024-10396
Currently, we don't free 'newACL' if acl_Internalize_pr() fails. If
acl_Internalize_pr() has already allocated 'newACL', then the memory
associated with newACL will be leaked. This can happen if parsing the
given ACL fails at any point after successfully parsing the first
couple of lines in the ACL.
Change acl_FreeACL() to make freeing a NULL acl a no-op, to make it
easier to make sure the acl has been freed.
FIXES 135445
Reviewed-on: https://gerrit.openafs.org/15909
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit f4dfc2d7183f126bc4a45b5cabc78c3de020925f)
Change-Id: If1554aa899542761ec6e6611394f2ee4f9379f22
Reviewed-on: https://gerrit.openafs.org/15930
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit f74f960a18f559e683d6a1f5104e43c3ca93ecb8
Author: Andrew Deason <adeason@sinenomine.net>
Date: Mon Sep 18 16:13:57 2023 -0500
OPENAFS-SA-2024-002: viced: Refuse ACLs without '\0' in SRXAFS_StoreACL
CVE-2024-10396
Currently, the fileserver treats the ACL given in RXAFS_StoreACL as a
string, even though it is technically an AFSOpaque and could be not
NUL-terminated.
We give the ACL opaque/string to acl_Internalize_pr() to parse, which
will run off the end of the allocated buffer if the given ACL does not
contain a '\0' character. Usually this will result in a parse error
since we'll encounter garbage, but if the partially-garbage ACL
happens to parse successfully, some uninitialized data could make it
into the stored ACL.
In addition, if the given ACL is an opaque of length 0, we'll still
give the opaque pointer to acl_Internalize_pr(). In this case, the
pointer will point to &memZero, which happens to contain a NUL byte,
and so is treated like an empty string (which is not a valid ACL). But
the fact that this causes no problems is somewhat a coincidence, and
so should also be avoided.
To avoid both of these situations, just check if the given ACL string
contains a NUL byte. If it doesn't, or if it has length 0, refuse to
look at it and abort the call with EINVAL.
FIXES 135445
Reviewed-on: https://gerrit.openafs.org/15908
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit e15decb318797f1d471588dc669c3e3b26f1b8b3)
Change-Id: I0f447310db5a988b21e19bb5158bb564d4ea3d94
Reviewed-on: https://gerrit.openafs.org/15929
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit 57b655e4837d8660ebcc25d95efb09118adaff07
Author: Andrew Deason <adeason@sinenomine.net>
Date: Fri Jan 10 12:40:15 2020 -0600
OPENAFS-SA-2024-001: afs: Throttle PAG creation in afs_genpag()
CVE-2024-10394
Currently, we only throttle PAG creation in afs_setpag(). But there
are several callers that call setpag() directly, not via afs_setpag;
notably _settok_setParentPag in afs_pioctl.c. When setpag() is called
with a PAG value of -1, it generates a new PAG internally without any
throttling. So, those callers effectively bypass the PAG throttling
mechanism, which allows a calling user to create PAGs without any
delay.
To avoid this, move our afs_pag_wait call from afs_setpag() to
afs_genpag(), which all code uses to generate a new PAG value. This
ensures that PAG creation is always throttled for unprivileged users.
FIXES 135062
Reviewed-on: https://gerrit.openafs.org/15907
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 0358648dbed7656e7bda30f6f0ea6e8e01bf6527)
Change-Id: I7f8f475a913c6f62ca2c7a6fb00239e51a8a8c62
Reviewed-on: https://gerrit.openafs.org/15928
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
commit 20c22347b41eea2ebbdc0ab15f16c822af44df51
Author: Andrew Deason <adeason@sinenomine.net>
Date: Fri Jan 10 12:01:50 2020 -0600
OPENAFS-SA-2024-001: afs: Introduce afs_genpag()
CVE-2024-10394
Currently, several areas in the code call genpag() to generate a new
PAG id, but the signature of genpag() is very limited. To allow for
the code in genpag() to return errors and to examine the calling
user's credentials, introduce a new function, afs_genpag(), that does
the same thing as genpag(), but accepts creds and allows errors to be
returned.
Convert all existing callers to use afs_genpag() and to handle any
errors, though no errors are ever returned in this commit on its own.
To ensure there are no old callers of genpag() left around, change the
existing genpag() to be called genpagval(), and declare it static.
FIXES 135062
Reviewed-on: https://gerrit.openafs.org/14090
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit f701f704c7bc93cf5fd7cffaaa043cef6a99e77f)
Change-Id: I675d6cb111ca74638a3b856a3c989dcb2fe6d534
Reviewed-on: https://gerrit.openafs.org/15927
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>

109
README.SUSE.openafs Normal file
View File

@ -0,0 +1,109 @@
Here is described installation of openafs server and client on SUSE linux.
This text is based on AFS Quick Start Guide. The differences are:
- paths are adapted to SUSE installation
- uses Kerberos 5 authentization
Complete OpenAFS documentation is at http://openafs.org
SERVER SETUP
============
# choose an AFS cell name and a Kerberos realm name, the simplest setup is:
# - AFS cell name equal to DNS domain name
# - Kerberos realm name equal to uppercase AFS cell name
# create a partition for AFS filesystem and mount it under /vicepa
# start bosserver
/usr/sbin/bosserver -noauth &
# setup basic cell information
bos setcellname your.afs.server your.cell.name -noauth
# setup database servers processes
bos create your.afs.server ptserver simple /usr/lib/openafs/ptserver -cell your.cell.name -noauth
bos create your.afs.server buserver simple /usr/lib/openafs/buserver -cell your.cell.name -noauth
bos create your.afs.server vlserver simple /usr/lib/openafs/vlserver -cell your.cell.name -noauth
# If you want to use the old afs authentization (not recommended):
# bos addkey your.afs.server -kvno 0 -cell your.cell.name -noauth
# Authentication against heimdal krb5 server
# Here you can set up kerberos realm if you dont have any,
# see documentation in package krb5-doc
# restart kdc
rckrb5kdc restart
rckrb524d restart
# create afs principal in kerberos database
kadmin.local
add_principal afs@YOUR.KERBEROS.REALM # create afs key, use random password
ktremove -k /etc/krb5.keytab afs all # delete old afs key if any
# export the afs key to external keytab
# note the key version number (kvno), you will need it later for asetkey
ktadd -e des-cbc-crc:v4 afs@YOUR.KERBEROS.REALM
add_principal admin@YOUR.KERBEROS.REALM # create admin principal
quit # end kadmin.local
rm /etc/openafs/server/KeyFile # delete the old afs key file if any
# convert the afs key from /etc/krb5.keytab to /etc/openafs/server/KeyFile
# use <kvno> displayed by ktadd
asetkey add <kvno> /etc/krb5.keytab afs
# give admin the permissions to control bosserver
bos adduser your.afs.server admin -cell your.cell.name -noauth
# add admin to group system:administrators
pts createuser -name admin -id <user id> -cell your.cell.name -noauth
pts adduser admin system:administrators -cell your.cell.name -noauth
# restart bos server
bos restart your.afs.server -all -cell your.cell.name -noauth
# create fileserver processes
bos create your.afs.server fs fs /usr/lib/openafs/fileserver /usr/lib/openafs/volserver /usr/lib/openafs/salvager -cell your.cell.name -noauth
# create root volume
vos create your.afs.server /vicepa root.afs -cell your.cell.name -noauth
# restart bosserver with security enabled
rcopenafs-fileserver restart
CLIENT SETUP
============
IMPORTANT: Unfortunately, openafs client for linux kernel 2.6 has not reached
stable state yet. There may be problems.
edit /etc/sysconfig/openafs-client, set at least
REGENERATE_CELL_INFO="yes"
THIS_CELL="your.cell.name"
THIS_CELL_SERVER="your.afs.server"
If you are configuring first afs server and the volume root.cell does not
exist yet, you have to set also DYNROOT=no. After finishing the server
installaton it is better to change DYNROOT back to 'yes' as the client
behaves better on startup with network outage.
# start afs client
rcopenafs-client start
# login as admin
kinit admin
aklog -d # convert Kerberos 5 ticket to AFS token
To enable transparent login via pam, install package pam_krb5
and add 'call_modules=krb5afs' to /etc/security/pam_unix2.conf
For details look at pam_krb5afs(5), pam_krb5afs(8) and pam_unix2(8) manpages.
Now you have working afs server and client. You can continue with chapter
"Configuring the Top Levels of the AFS Filespace" of AFS Quick Start Guide.

27
RELNOTES-stable-1_8_x Normal file
View File

@ -0,0 +1,27 @@
<!--NO-FRAMELESS-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3c.org/TR/html4/frameset.dtd">
<html><head>
<meta name="verify-v1" content="I/X2Wfxkt50ZaXkdbfIow6iFQIZ71o0o2b6sPTOGmPE=" /><!-- shadow -->
<META name="verify-v1" content="THAFicQcPIBMrawRwzaJg3JK8FArpvoecAy5Zx7v9DM=" /><!-- cg2v -->
<META name="verify-v1" content="VMsthPusbXnedJuKjM0/lhH0uzVj79aQ/lPfk2FLXsA=" /><!-- jaltman -->
<META name="verify-v1" content="fijqhqC5PvhJOATNi4e6h2uSK0v1deFiKXL+yItw/5w=" /><!-- jhutz -->
<title>OpenAFS</title>
<link href="/openafs.css" rel="stylesheet" type="text/css">
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-5995928-1");
pageTracker._trackPageview();
</script>
</head>
<frameset cols="265,*" border=0>
<frame src="/navbar.html" name="navbar">
<frameset rows="170,*" border=0>
<frame src="/top.html" scrolling=no name="top">
<frame src="/dl/openafs/1.8.13/RELNOTES-1.8.13" name="openafs_main">
</frameset>
</frameset>
</html>

6
afs3-bos.xml Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>afs3-bos</short>
<description>OpenAFS basic overseer process (bosserver)</description>
<port protocol="udp" port="7007"/>
</service>

6
afs3-callback.xml Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>afs3-callback</short>
<description>OpenAFS callbacks to cache managers (clients)</description>
<port protocol="udp" port="7001"/>
</service>

6
afs3-fileserver.xml Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>afs3-fileserver</short>
<description>OpenAFS file server</description>
<port protocol="udp" port="7000"/>
</service>

6
afs3-prserver.xml Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>afs3-prserver</short>
<description>OpenAFS users and groups database</description>
<port protocol="udp" port="7002"/>
</service>

6
afs3-rmtsys.xml Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>afs3-rmtsys</short>
<description>OpenAFS remote cache manager service</description>
<port protocol="udp" port="7009"/>
</service>

6
afs3-update.xml Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>afs3-update</short>
<description>OpenAFS server-to-server updater</description>
<port protocol="udp" port="7008"/>
</service>

6
afs3-vlserver.xml Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>afs3-vlserver</short>
<description>OpenAFS volume location database (VLDB)</description>
<port protocol="udp" port="7003"/>
</service>

6
afs3-volser.xml Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>afs3-volser</short>
<description>OpenAFS volume managment server (volserver)</description>
<port protocol="udp" port="7005"/>
</service>

76
d8b56f21994ce66d8daebb7d69e792f34c1a19ed Normal file
View File

@ -0,0 +1,76 @@
commit d8b56f21994ce66d8daebb7d69e792f34c1a19ed
Author: Cheyenne Wills <cwills@sinenomine.net>
Date: Wed Jun 12 14:24:01 2024 -0600
afs: avoid empty-body warning
With Linux 6.10 commit:
"kbuild: turn on -Wextra by default" (f5982cceb3)
there are additional compiler warnings that can turn
into build errors when --enable-checking is used.
"error: suggest braces around empty body in an if
statement [-Werror=empty-body]"
when there is an empty body, e.g.
if (foo)
;
Most cases are due to the macros afs_PutCell and afs_PutServer which are
"empty" macros.
Update the afs_PutCell and afs_PutServer macros so they expand to
do {} while(0)
Add a comment at the definitions for afs_PutCell and afs_PutServer to
document the reason for keeping them.
Add braces to conditionals that have an empty body.
There are no functional changes with this commit.
Change-Id: I359723eb6a19d1c78449902b4f477da131b0fa18
Reviewed-on: https://gerrit.openafs.org/15766
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
diff --git a/src/afs/afs.h b/src/afs/afs.h
index 4bde047e8..621a8a517 100644
--- a/src/afs/afs.h
+++ b/src/afs/afs.h
@@ -349,7 +349,8 @@ struct cell_alias {
char *cell;
};
-#define afs_PutCell(cellp, locktype)
+/* In case someday a counterpart for afs_GetCell is needed */
+#define afs_PutCell(cellp, locktype) do {} while(0)
/* the unixuser flag bit definitions */
#define UHasTokens 1 /* are the st and ct fields valid (ever set)? */
@@ -537,7 +538,8 @@ struct server {
afs_int32 capabilities;
};
-#define afs_PutServer(servp, locktype)
+/* In case someday a counterpart for afs_GetServer is needed */
+#define afs_PutServer(servp, locktype) do {} while(0)
/* structs for some pioctls - these are (or should be)
* also in venus.h
diff --git a/src/afs/afs_cbqueue.c b/src/afs/afs_cbqueue.c
index 2dd633588..11e3aa3f1 100644
--- a/src/afs/afs_cbqueue.c
+++ b/src/afs/afs_cbqueue.c
@@ -139,7 +139,9 @@ afs_DequeueCallback(struct vcache *avc)
debugvc = avc;
if (avc->callsort.prev) {
QRemove(&(avc->callsort));
- } else; /* must have got dequeued in a race */
+ } else {
+ /* must have got dequeued in a race */
+ }
return;
} /* afs_DequeueCallback */

11
handle_backports.diff Normal file
View File

@ -0,0 +1,11 @@
--- a/src/afs/LINUX/osi_vnodeops.c
+++ b/src/afs/LINUX/osi_vnodeops.c
@@ -971,7 +971,7 @@
# else
.splice_write = generic_file_splice_write,
# endif
-# if LINUX_VERSION_CODE >= KERNEL_VERSION(6,5,0)
+# if LINUX_VERSION_CODE >= KERNEL_VERSION(6,4,0)
.splice_read = filemap_splice_read,
# else
.splice_read = generic_file_splice_read,

64
kernel-source.build-modules.sh Normal file
View File

@ -0,0 +1,64 @@
#!/bin/bash
if [ $# != 1 ]; then
echo building a openafs-kernel module for the running kernel
echo Need one of: build build_debug install
exit 1
fi
rootdir=`cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd`
if [ -z "$rootdir" ]; then
echo "failed to determine the dirname of this script"
exit 1
fi
cd "$rootdir"
LOGFILE=libafs_tree/build.log
kernel_flavour=`uname -r | awk -F- '{print $NF}'`
kernel_version=`uname -r | sed "s/-$kernel_flavour//"`
arch=`uname -m`
suse_flavour=`cat /etc/os-release | grep PRETTY_NAME | awk -F '=' '{print $2}'`
suse_version=`cat /etc/os-release | grep VERSION_ID | awk -F '=' '{print $2}'`
echo This SUSE is version $suse_version of flavour $suse_flavour
echo you are running the kernel \"$kernel_version\" of flavour \"$kernel_flavour\" on \"$arch\"
echo all output is saved into $LOGFILE
if [ $1 == "build_debug" ]; then
DEBUG_OPT="--enable-debug-kernel"
fi
if [ $1 == "build" -o $1 == "build_debug" ]; then
cd libafs_tree
echo calling configure...
./configure --with-linux-kernel-headers=/usr/src/linux/ --with-linux-kernel-build=/usr/src/linux-obj/$arch/$kernel_flavour $DEBUG_OPT > build.log 2>&1
if [ $? != 0 ]; then
echo configure failed! See $LOGFILE for details
exit $?
fi
echo calling make
make >> build.log 2>&1
if [ $? != 0 ]; then
echo make failed! See $LOGFILE for details
exit $?
fi
echo
echo build sucessfull!
echo Now run $0 install to install the kernel-modules
exit 0
fi
if [ $1 == "install" ]; then
module_files="afspag.ko libafs.ko"
build_dir=libafs_tree/src/libafs/MODLOAD-$kernel_version-$kernel_flavour-MP/
install_dir=/lib/modules/$kernel_version-$kernel_flavour
echo installing kernel-modules into
for mod in $module_files; do
cp -v $build_dir/$mod $install_dir/$mod
done
/sbin/depmod -a
fi

99
kmp_only.files Normal file
View File

@ -0,0 +1,99 @@
/usr/bin/aklog
/usr/bin/fs
/usr/bin/klog.krb5
/usr/bin/pagsh
/usr/bin/pagsh.krb
/usr/bin/tokens
/usr/bin/tokens.krb
/usr/bin/unlog
/usr/bin/up
/usr/lib/firewalld/services/afs3-callback.xml
/usr/lib/firewalld/services/afs3-rmtsys.xml
/usr/sbin/afsd
/usr/sbin/fstrace
/usr/share/man/man1/aklog.1
/usr/share/man/man1/copyauth.1
/usr/share/man/man1/fs.1
/usr/share/man/man1/fs_apropos.1
/usr/share/man/man1/fs_bypassthreshold.1
/usr/share/man/man1/fs_checkservers.1
/usr/share/man/man1/fs_checkvolumes.1
/usr/share/man/man1/fs_chgrp.1
/usr/share/man/man1/fs_chown.1
/usr/share/man/man1/fs_cleanacl.1
/usr/share/man/man1/fs_copyacl.1
/usr/share/man/man1/fs_cscpolicy.1
/usr/share/man/man1/fs_discon.1
/usr/share/man/man1/fs_diskfree.1
/usr/share/man/man1/fs_examine.1
/usr/share/man/man1/fs_exportafs.1
/usr/share/man/man1/fs_flush.1
/usr/share/man/man1/fs_flushall.1
/usr/share/man/man1/fs_flushmount.1
/usr/share/man/man1/fs_flushvolume.1
/usr/share/man/man1/fs_getcacheparms.1
/usr/share/man/man1/fs_getcalleraccess.1
/usr/share/man/man1/fs_getcellstatus.1
/usr/share/man/man1/fs_getclientaddrs.1
/usr/share/man/man1/fs_getcrypt.1
/usr/share/man/man1/fs_getfid.1
/usr/share/man/man1/fs_getserverprefs.1
/usr/share/man/man1/fs_getverify.1
/usr/share/man/man1/fs_help.1
/usr/share/man/man1/fs_listacl.1
/usr/share/man/man1/fs_listaliases.1
/usr/share/man/man1/fs_listcells.1
/usr/share/man/man1/fs_listquota.1
/usr/share/man/man1/fs_lsmount.1
/usr/share/man/man1/fs_memdump.1
/usr/share/man/man1/fs_messages.1
/usr/share/man/man1/fs_minidump.1
/usr/share/man/man1/fs_mkmount.1
/usr/share/man/man1/fs_monitor.1
/usr/share/man/man1/fs_newalias.1
/usr/share/man/man1/fs_newcell.1
/usr/share/man/man1/fs_nukenfscreds.1
/usr/share/man/man1/fs_precache.1
/usr/share/man/man1/fs_quota.1
/usr/share/man/man1/fs_rmmount.1
/usr/share/man/man1/fs_rxstatpeer.1
/usr/share/man/man1/fs_rxstatproc.1
/usr/share/man/man1/fs_setacl.1
/usr/share/man/man1/fs_setcachesize.1
/usr/share/man/man1/fs_setcbaddr.1
/usr/share/man/man1/fs_setcell.1
/usr/share/man/man1/fs_setclientaddrs.1
/usr/share/man/man1/fs_setcrypt.1
/usr/share/man/man1/fs_setquota.1
/usr/share/man/man1/fs_setserverprefs.1
/usr/share/man/man1/fs_setverify.1
/usr/share/man/man1/fs_setvol.1
/usr/share/man/man1/fs_storebehind.1
/usr/share/man/man1/fs_sysname.1
/usr/share/man/man1/fs_trace.1
/usr/share/man/man1/fs_uuid.1
/usr/share/man/man1/fs_whereis.1
/usr/share/man/man1/fs_whichcell.1
/usr/share/man/man1/fs_wscell.1
/usr/share/man/man1/klog.krb5.1
/usr/share/man/man1/pagsh.1
/usr/share/man/man1/pagsh.krb.1
/usr/share/man/man1/tokens.1
/usr/share/man/man1/tokens.krb.1
/usr/share/man/man1/unlog.1
/usr/share/man/man1/up.1
/usr/share/man/man5/afs_cache.5
/usr/share/man/man5/afszcm.cat.5
/usr/share/man/man5/cacheinfo.5
/usr/share/man/man8/afsd.8
/usr/share/man/man8/fstrace.8
/usr/share/man/man8/fstrace_apropos.8
/usr/share/man/man8/fstrace_clear.8
/usr/share/man/man8/fstrace_dump.8
/usr/share/man/man8/fstrace_help.8
/usr/share/man/man8/fstrace_lslog.8
/usr/share/man/man8/fstrace_lsset.8
/usr/share/man/man8/fstrace_setlog.8
/usr/share/man/man8/fstrace_setset.8
/usr/share/openafs/C/afszcm.cat

11
logrotate.openafs-server Normal file
View File

@ -0,0 +1,11 @@
/var/log/openafs/*Log {
daily
compress
dateext
rotate 7
olddir /var/log/openafs/old
missingok
notifempty
create 640 root root
copytruncate
}

21
openafs-client.service Normal file
View File

@ -0,0 +1,21 @@
[Unit]
Description=OpenAFS Client
Wants=network-online.target
After=syslog.target network-online.target
Before=remote-fs.target
[Service]
Type=forking
RemainAfterExit=true
EnvironmentFile=/etc/sysconfig/openafs-client
ExecStartPre=/sbin/modprobe libafs
ExecStart=/usr/sbin/afsd $AFSD_ARGS
ExecStartPost=/usr/bin/fs sysname $SYSNAME
ExecStartPost=/usr/bin/fs setcrypt $CRYPT
ExecStop=/usr/bin/umount /afs
ExecStop=/usr/sbin/afsd -shutdown
ExecStop=/sbin/rmmod libafs
KillMode=none
[Install]
WantedBy=multi-user.target remote-fs.target

20
openafs-client.service.allow_unsupported Normal file
View File

@ -0,0 +1,20 @@
[Unit]
Description=OpenAFS Client
Wants=network-online.target
After=syslog.target network-online.target
Before=remote-fs.target
[Service]
Type=forking
RemainAfterExit=true
EnvironmentFile=/etc/sysconfig/openafs-client
ExecStartPre=/sbin/modprobe libafs --allow-unsupported
ExecStart=/usr/sbin/afsd $AFSD_ARGS
ExecStartPost=/usr/bin/fs sysname $SYSNAME
ExecStartPost=/usr/bin/fs setcrypt $CRYPT
ExecStop=/usr/bin/umount /afs
ExecStop=/usr/sbin/afsd -shutdown
ExecStop=/sbin/rmmod libafs
[Install]
WantedBy=multi-user.target remote-fs.target

19
openafs-fuse-client.service Normal file
View File

@ -0,0 +1,19 @@
[Unit]
Description=OpenAFS Client Service
Wants=network-online.target
After=syslog.target network-online.target
Before=remote-fs.target
[Service]
Type=forking
RemainAfterExit=true
EnvironmentFile=/etc/sysconfig/openafs-fuse-client
ExecStart=/usr/sbin/afsd.fuse $AFSD_ARGS
ExecStartPost=/usr/bin/fs sysname $SYSNAME
ExecStartPost=/usr/bin/fs setcrypt $CRYPT
ExecStop=/usr/bin/umount /afs
ExecStop=/usr/sbin/afsd.fuse -shutdown
KillMode=none
[Install]
WantedBy=multi-user.target remote-fs.target

11
openafs-server.service Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=OpenAFS Server
After=syslog.target network.target
[Service]
EnvironmentFile=-/etc/sysconfig/openafs-server
ExecStart=/usr/sbin/bosserver -nofork $BOSSERVER_ARGS
ExecStop=/usr/sbin/bos shutdown localhost -wait -localauth
[Install]
WantedBy=multi-user.target

3
openafs-stable-1_8_x-doc.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0bad0e50318ab238b67d7c28ef2a7bb4fb3f352a8f09d9d8e09ef8a11bed1d8a
size 3374462

1
openafs-stable-1_8_x-doc.tar.bz2.md5 Normal file
View File

@ -0,0 +1 @@
d4e455c3407696747aa54b456ecf5d56 /home/hanke/obs/home:hauky:branches:filesystems/openafs/openafs-stable-1_8_x-doc.tar.bz2

1
openafs-stable-1_8_x-doc.tar.bz2.sha256 Normal file
View File

@ -0,0 +1 @@
0bad0e50318ab238b67d7c28ef2a7bb4fb3f352a8f09d9d8e09ef8a11bed1d8a /home/hanke/obs/home:hauky:branches:filesystems/openafs/openafs-stable-1_8_x-doc.tar.bz2

3
openafs-stable-1_8_x-src.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bf943e44b3d01b15f59e963f0ff2a4e4164deed600b70b493871cf1ed430dc00
size 14642822

1
openafs-stable-1_8_x-src.tar.bz2.md5 Normal file
View File

@ -0,0 +1 @@
e4c0e018b69d0768abcd7942af57015a /home/hanke/obs/home:hauky:branches:filesystems/openafs/openafs-stable-1_8_x-src.tar.bz2

1
openafs-stable-1_8_x-src.tar.bz2.sha256 Normal file
View File

@ -0,0 +1 @@
bf943e44b3d01b15f59e963f0ff2a4e4164deed600b70b493871cf1ed430dc00 /home/hanke/obs/home:hauky:branches:filesystems/openafs/openafs-stable-1_8_x-src.tar.bz2

1
openafs.CellAlias Normal file
View File

@ -0,0 +1 @@
openafs.org openafs

0
openafs.SuidCells Normal file
View File

1
openafs.ThisCell Normal file
View File

@ -0,0 +1 @@
openafs.org

1
openafs.cacheinfo Normal file
View File

@ -0,0 +1 @@
/afs:/var/cache/openafs:102400

923
openafs.changes Normal file
View File

@ -0,0 +1,923 @@
-------------------------------------------------------------------
Mon Nov 25 10:54:35 UTC 2024 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to latest git branch stable-1_8_x, includes security update 1.8.13
- change version to openafs-1.8.13.g... since the new stable release is 1.8.13
- remove patch handle_backports.diff, it is now included upstream
- remove intermediate patches:
* 03b280649f5e22ed74c217d7c98c3416a2fa9052: Linux-6.10: remove includes for asm/ia32_unistd.h
* 0f6a3a402f4a66114da9231032bd68cdc4dee7bc: Linux-6.10: Use filemap_alloc_folio when avail
* 658942f2791fad5e33ec7542158c16dfc66eed39: Linux-6.10: define a wrapper for vmalloc
* d8b56f21994ce66d8daebb7d69e792f34c1a19ed: afs: avoid empty-body warning
* 7097eec17bc01bcfc12c4d299136b2d3b94ec3d7: Linux 6.10: Move 'inline' before func return type
-------------------------------------------------------------------
Wed Aug 14 06:46:15 UTC 2024 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to latest git branch stable-1_8_x
- change version to openafs-1.8.12-g... since the new stable release is 1.8.12
- apply intermediate patches for kernel 6.10
* 03b280649f5e22ed74c217d7c98c3416a2fa9052: Linux-6.10: remove includes for asm/ia32_unistd.h
* 0f6a3a402f4a66114da9231032bd68cdc4dee7bc: Linux-6.10: Use filemap_alloc_folio when avail
* 658942f2791fad5e33ec7542158c16dfc66eed39: Linux-6.10: define a wrapper for vmalloc
* d8b56f21994ce66d8daebb7d69e792f34c1a19ed: afs: avoid empty-body warning
* 7097eec17bc01bcfc12c4d299136b2d3b94ec3d7: Linux 6.10: Move 'inline' before func return type
-------------------------------------------------------------------
Fri Jun 14 05:47:03 UTC 2024 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- change source-code base to git branch stable-1_8_x
* required for keeping up with Linux kernel development.
- new versioning scheme: openafs-$LAST_OFFICIAL_RELEASE.git$DATE_OF_NEWEST_COMMIT
- add note in RELNOTES about this change
- update ChangeLog from git
-------------------------------------------------------------------
Mon Feb 26 12:45:02 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Use %patch -P N instead of deprecated %patchN.
-------------------------------------------------------------------
Mon Jan 29 09:56:45 UTC 2024 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to openafs-1.8.11~pre1
- remove intermediate patches for newer Linux-kernels:
* fef2457.diff
* d15c7ab.diff
* 63801cf.diff
* 538f450.diff
* 6de0a64.diff
* 5b647bf.diff
* 6413fdb.diff
* 4f1d810.diff
-------------------------------------------------------------------
Mon Dec 11 04:58:30 UTC 2023 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- patch upstream patch fef2457.diff for 6.5 to handle backport by SUSE
* handle_backports.diff
-------------------------------------------------------------------
Fri Nov 10 08:53:16 UTC 2023 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- apply upstream-patches for kernel 6.6:
* 5b647bf.diff
* 6413fdb.diff
* 4f1d810.diff
- replace upstream-patch for kernel 6.5 474750a.diff by correct commit
6de0a64.diff for branch openafs-stable-1_8_x
-------------------------------------------------------------------
Mon Oct 2 07:29:50 UTC 2023 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- apply upstream-patches for kernel 6.5:
* 63801cf.diff
* d15c7ab.diff
* fef2457.diff
* 538f450.diff
* 474750a.diff
-------------------------------------------------------------------
Mon Jul 10 10:24:31 UTC 2023 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to official openafs-1.8.10
- remove obsolete patches:
* 7a3ad3bc.diff
* b885159.diff
* f6fbb85.diff
* 4cf7a9a.diff
-------------------------------------------------------------------
Tue May 30 12:21:37 UTC 2023 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- remove obsolete macro-call %{stop_on_removal} from spec-file
-------------------------------------------------------------------
Mon May 15 06:48:21 UTC 2023 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- apply upstream-patches for kernel 6.3:
* f6fbb85.diff
* 7a3ad3bc.diff
-------------------------------------------------------------------
Thu Mar 2 14:01:53 UTC 2023 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- apply patch from upstream for kernel 6.2:
* b885159.diff
- change BuildArch for subpackage kernel-source to noarch
-------------------------------------------------------------------
Wed Jan 4 08:14:39 UTC 2023 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to offical openafs-1.8.9
* all changes as openafs-1.8.9pre2
* fix possible DoS attack
-------------------------------------------------------------------
Mon Dec 12 07:40:28 UTC 2022 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to openafs-1.8.9pre2
* Support mainline kernels up to 6.0
* Support for building with more recent compilers
* some bugfixes, more see RELNOTES
- remove obsolete patches:
* 79f03c2.diff
-------------------------------------------------------------------
Wed Oct 12 16:19:20 UTC 2022 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to openafs-1.8.9pre1
- remove obsolete patches:
* 05b722d.diff
* cc8edf7.diff
* 6348262.diff
- apply patch for kernel 6.0:
* 79f03c2.diff
-------------------------------------------------------------------
Tue Aug 16 09:54:58 UTC 2022 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to current of upstream-branch openafs-stable-1_8_x
- apply patches for 15.9:
* 05b722d.diff 6348262.diff cc8edf7.diff
- remove patches now in openafs-stable-1_8_x
* fix_gcc_12_linux_5.18.diff
-------------------------------------------------------------------
Wed Jun 22 16:13:18 UTC 2022 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- apply patches adressing:
* Linux-5.17 and 5.18, gcc-11 and 12: fix_gcc_12_linux_5.18.diff
- remove patches from previous commit:
* a714e86.diff and 449d1fa.diff
* gcc-11.diff
-------------------------------------------------------------------
Wed Apr 20 06:24:41 UTC 2022 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- apply patches marked for upcoming release:
* kernel 5.17: a714e86.diff and 449d1fa.diff
* gcc-11: gcc-11.diff
-------------------------------------------------------------------
Mon Mar 28 20:27:18 UTC 2022 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- do not create client-package without KMP
-------------------------------------------------------------------
Mon Feb 21 10:48:51 UTC 2022 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- remove patch dir_layout.patch
this can be done via environment-variables
- replace openafs-1.8.x.ncurses6.patch with patch 4cf7a9a.diff.
4cf7a9a.diff is coming from upstream and will be incorporated at some point.
-------------------------------------------------------------------
Sun Jan 23 15:48:09 UTC 2022 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- Update to new upstream release 1.8.8.1
* Support mainline kernels 5.14, 5.15 and 5.16
- remove local patch linux-kmp.patch:
* it supported mainline kernels only up to 5.15
-------------------------------------------------------------------
Mon Nov 29 15:08:46 UTC 2021 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- re-add linux-kmp.patch. Required for 5.15
-------------------------------------------------------------------
Fri Oct 1 09:08:58 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Fix %ifarch for 32-bit arm
-------------------------------------------------------------------
Tue Aug 3 22:32:14 UTC 2021 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to openafs version 1.8.8
- remove linux-kmp.patch. Not required at the minute.
-------------------------------------------------------------------
Thu Apr 29 07:01:26 UTC 2021 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- add patches for kernel 5.12 to linux-kmp.patch
-------------------------------------------------------------------
Thu Mar 4 14:57:26 UTC 2021 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- add patches for kernel 5.11 to linux-kmp.patch
-------------------------------------------------------------------
Mon Feb 22 16:38:07 UTC 2021 - Michael Meffie <mmeffie@sinenomine.net>
- fix building of perl module AFS::ukernel
-------------------------------------------------------------------
Mon Feb 22 11:44:25 UTC 2021 - Matthias Gerstner <matthias.gerstner@suse.com>
- kernel-source.build-modules.sh: choose safe CWD while executing the build to
prevent files being created in unsafe locations. Use new SUSE naming
convention and rely on /etc/os-release, since /etc/SuSE-release no longer
exists.
-------------------------------------------------------------------
Fri Feb 5 08:41:48 UTC 2021 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- use stock 1.8.7 from openafs.org
* git-version might contain experimental code
* add linux-kmp.patch for newer kernels
-------------------------------------------------------------------
Sat Jan 16 23:01:13 UTC 2021 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to HEAD of git branch openafs-stable-1_8_x
* fix critical bug described in
https://lists.openafs.org/pipermail/openafs-info/2021-January/043026.html
* remove remove-get_ds-usage.patch
* remove add_arch_to_linux_kernel_make.patch
-------------------------------------------------------------------
Mon Jan 11 10:01:15 UTC 2021 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- cleanup spec-file
* do not include firewalld-stuff for SLE_12
* use %ifarch instead of %if %{_arch}
* enable retpol line for TW x86_64 again
-------------------------------------------------------------------
Mon Nov 2 09:20:37 UTC 2020 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to HEAD of git branch openafs-stable-1_8_x
-------------------------------------------------------------------
Mon Oct 12 15:15:08 UTC 2020 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- add firewalld-configuration files
- enable loading of unsupported kernel-module on SLES15
-------------------------------------------------------------------
Mon Aug 17 12:49:33 UTC 2020 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to HEAD of git branch openafs-stable-1_8_x
* kernel 5.8 not supported by 1.8.6
and no official package-upates out yet.
-------------------------------------------------------------------
Mon Aug 10 08:43:10 UTC 2020 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- add patch remove-get_ds-usage.patch to fix building KMP on aarch64
-------------------------------------------------------------------
Wed Jul 1 08:53:44 UTC 2020 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to official 1.8.6
* remove patch 4c4bdde.diff
* remove patch d3c7f75.diff
* use source URLs again
-------------------------------------------------------------------
Tue Jun 16 12:56:21 UTC 2020 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- remove fix_timeval_i586.patch
-------------------------------------------------------------------
Tue Jun 16 12:55:14 UTC 2020 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- disable retpol line for TW x86_64. It does not compile.
-------------------------------------------------------------------
Mon Jun 15 08:24:17 UTC 2020 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to HEAD of git branch openafs-stable-1_8_x.
* 1.8.6pre3 is not out yet.
* disable source URLs, none are present
- Fix build with GCC-10
* add patch 4c4bdde.diff
* add patch d3c7f75.diff
- create ld.so.conf-file dynamically
-------------------------------------------------------------------
Sat Apr 18 07:07:48 UTC 2020 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to 1.8.6pre2
- disable fix_timeval_i586.patch
-------------------------------------------------------------------
Fri Apr 10 06:36:58 UTC 2020 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to HEAD of git branch openafs-stable-1_8_x.
* 1.8.6pre2 is not out yet.
* disable source URLs, none are present
* remove patch forward-to-1.8.6.pre1.patch
- fix build of i586 with fix_timeval_i586.patch
-------------------------------------------------------------------
Thu Apr 2 06:08:09 UTC 2020 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to pre-release 1.8.6pre1: forward-to-1.8.6.pre1.patch
-------------------------------------------------------------------
Wed Oct 23 13:48:04 UTC 2019 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to security-release 1.8.5, adresses:
* OPENAFS-SA-2019-001: Skip server OUT args on error
* OPENAFS-SA-2019-002: Zero all server RPC args
* OPENAFS-SA-2019-003: ubik: Avoid unlocked ubik_currentTrans deref
-------------------------------------------------------------------
Thu Oct 10 09:10:27 UTC 2019 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to official version 1.8.4
- support Linux-kernel 5.3
- Avoid non-dir ENOENT errors in afs_lookup
- fix parsing of fileservers with -vlruthresh, etc.
- other bugfixes
-------------------------------------------------------------------
Thu Sep 26 20:56:05 UTC 2019 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to pre-release 1.8.4pre2
* fix builds for Linux-kernels 5.3
-------------------------------------------------------------------
Sun Jul 28 18:34:40 UTC 2019 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- disable compilation with LTO, does not work yet.
-------------------------------------------------------------------
Tue Apr 30 10:17:44 UTC 2019 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to 1.8.3
- Require krb5-client for package openafs-client
- fix broken directory layout
- fix broken post-install script
- allow crypt to be set/unset on startup of client
- clean up source-filenames
-------------------------------------------------------------------
Mon Mar 25 11:32:32 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Use source URLs.
-------------------------------------------------------------------
Thu Mar 14 08:37:04 UTC 2019 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to pre-release 1.8.3pre1
* fix builds for Linux-kernels 4.20 and 5.0
* other fixes, see RELNOTES-1.8.3pre1
* remove obsolete Linux-4.20.patch
-------------------------------------------------------------------
Wed Jan 16 11:28:27 UTC 2019 - christof.hanke@mpcdf.mpg.de
- Fix build for Lunux-4.20: Linux-4.20.patch
- use proper log-directory: dir_layout.patch
-------------------------------------------------------------------
Fri Sep 28 12:47:02 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Fix build for aarch64
-------------------------------------------------------------------
Wed Sep 12 12:37:15 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Quote "*.c", and avoid unnecessary pass through xargs.
-------------------------------------------------------------------
Wed Sep 12 10:41:43 UTC 2018 - christof.hanke@mpcdf.mpg.de
- update to security-release 1.8.2
* fix CVE-2018-16947 (OPENAFS-SA-2018-001)
* fix CVE-2018-16948 (OPENAFS-SA-2018-002)
* fix CVE-2018-16949 (OPENAFS-SA-2018-003)
-------------------------------------------------------------------
Wed Sep 12 05:46:01 UTC 2018 - christof.hanke@mpcdf.mpg.de
- add retpoline support
-------------------------------------------------------------------
Sun Sep 9 08:14:26 UTC 2018 - christof.hanke@mpcdf.mpg.de
- update to version 1.8.1.1
- Remove use_timespec64_for_kernel_4.18.patch. It is now integrated.
-------------------------------------------------------------------
Thu Aug 16 14:02:44 UTC 2018 - christof.hanke@mpcdf.mpg.de
- Fix 32Bit build by adding
commit 554176bd236d772d670df9bdd2496facd5a4209a as
use_timespec64_for_kernel_4.18.patch
-------------------------------------------------------------------
Thu Aug 16 07:53:42 UTC 2018 - christof.hanke@mpcdf.mpg.de
- Update to 1.8.1
- Remove backporting patches for AArch64 build:
* add_support_fo_arm64_linux26.patch
* dont_require_AFS_SYSCALL.patch
* add_AFS_STRINGIZE_macro.patch
* avoid_double_param_in_arm64_kernel.patch
-------------------------------------------------------------------
Wed Jun 27 19:09:41 UTC 2018 - christof.hanke@mpcdf.mpg.de
- adjust building of KMP to new kernels (see boo 1098050)
add patch add_arch_to_linux_kernel_make.patch for this
- add libtirpc-devel to BuildRequires:
- minor cleanups
-------------------------------------------------------------------
Fri May 4 07:29:15 UTC 2018 - guillaume.gardet@opensuse.org
- Update to 1.8.0
- Fix AArch64 build by updating spec and backporting patches:
* add_support_fo_arm64_linux26.patch
* dont_require_AFS_SYSCALL.patch
* add_AFS_STRINGIZE_macro.patch
* avoid_double_param_in_arm64_kernel.patch
-------------------------------------------------------------------
Thu Apr 19 16:53:21 UTC 2018 - christof.hanke@mpcdf.mpg.de
- remove package krb5-mit. It contained binaries for server and client.
Besides, client and server already had an implicit dependency on krb5.
Put the binaries to client and server-package respectively.
- Remove openafs-1.8.x.heimdal.patch and everything heimdal-related.
SUSE does not provide a proper heimdal and it's untested for a long
time.
-------------------------------------------------------------------
Mon Apr 16 15:35:15 UTC 2018 - christof.hanke@mpcdf.mpg.de
- fdupes: use symlinks instead of hardlinks. Do not fdupe
/etc and /var
-------------------------------------------------------------------
Fri Apr 6 10:53:13 UTC 2018 - christof.hanke@mpcdf.mpg.de
- fix dependencies between packages, so that fuse-client
can be installed.
- cleanup old sys-v sysconfig files and other minor fixes
- fix unit file for fuse-client
-------------------------------------------------------------------
Mon Apr 2 20:59:53 UTC 2018 - christof.hanke@mpcdf.mpg.de
- build fuse-client unconditionally.
- do not build KMP on unsupported architectures so that overall
build succeeds.
Wed Mar 28 05:39:53 UTC 2018 - christof.hanke@mpcdf.mpg.de
- rename binary backup to afs_backup.
- rename man pages and prefix "backup" in content
- prefix "scout" by "afs_" in man-page
- remove unnecessary macro indirection %ARCH
- replace hard-coded paths by macros
- make whitespace more consistent
- minor syntax and typo fixes
-------------------------------------------------------------------
Sun Mar 18 23:34:56 UTC 2018 - jengelh@inai.de
- Replace old $RPM_* vars (most of them) by macros.
- Replace unnecessary macro indirections like %bindir by %_bindir.
-------------------------------------------------------------------
Thu Mar 15 08:28:10 UTC 2018 - christof.hanke@mpcdf.mpg.de
- cleanup last cleanup: also remove rc.* files
-------------------------------------------------------------------
Tue Mar 6 10:03:44 UTC 2018 - christof.hanke@mpcdf.mpg.de
- cleanup package for Factory:
- rename package to openafs.
- remove sys-v init stuff.
- apply recommendations given in Request 581009
-------------------------------------------------------------------
Wed Feb 28 09:25:52 UTC 2018 - christof.hanke@mpcdf.mpg.de
- add compat macro for new _fillupdir macro introduced in Nov 2017
-------------------------------------------------------------------
Wed Feb 28 08:30:33 UTC 2018 - christof.hanke@mpcdf.mpg.de
- update to 1.8.0pre5
-------------------------------------------------------------------
Sun Jan 7 08:31:00 UTC 2018 - christof.hanke@mpcdf.mpg.de
- update to 1.8.0pre4
- add patch for ncurses detection
-------------------------------------------------------------------
Thu Dec 7 11:07:30 UTC 2017 - christof.hanke@mpcdf.mpg.de
- update to 1.8.0pre3
- add integrity check of tar-balls
-------------------------------------------------------------------
Fri Sep 1 20:07:48 UTC 2017 - christof.hanke@mpcdf.mpg.de
- do not strip binaries on install
- fix %postun server
-------------------------------------------------------------------
Fri Sep 1 11:51:03 UTC 2017 - christof.hanke@mpcdf.mpg.de
- update to 1.8.0pre2
- use a preamble-file for KMP
- sort/cleanup/beautify spec-file
-------------------------------------------------------------------
Fri Sep 1 07:05:21 UTC 2017 - christof.hanke@mpcdf.mpg.de
- spec-file:
+ use hardlinks for fdupes to provide correct header files in
kernel-source
+ minor bugfixes, reorganization
- rename changes file to openafs18.changes
-------------------------------------------------------------------
Thu Feb 9 14:41:57 UTC 2017 - christof.hanke@mpcdf.mpg.de
- rename package to openafs18-* so they don't override
stable openafs-1.6 ones
- move ld.so to main package -- was in server-packages
-------------------------------------------------------------------
Tue Feb 7 11:23:22 UTC 2017 - christof.hanke@mpcdf.mpg.de
- enable building of KMP
- make openafs-krb5-mit package dependend on openafs-client package
- add ld.so - config to main package
-------------------------------------------------------------------
Fri Jan 27 21:15:12 UTC 2017 - christof.hanke@rzg.mpg.de
- remove pam, is not build on x86_64 and i596
-------------------------------------------------------------------
Mon Dec 26 18:59:09 UTC 2016 - christof.hanke@rzg.mpg.de
- first version of 1.8
- remove docs package, put man pages in induvidual packets
- remove layout-patch, deal with this in spec file directly
-------------------------------------------------------------------
Sat Dec 3 14:56:56 UTC 2016 - christof.hanke@rzg.mpg.de
- add new ChangeLog
-------------------------------------------------------------------
Thu Dec 1 04:35:39 UTC 2016 - christof.hanke@rzg.mpg.de
- update to version 1.6.20
-------------------------------------------------------------------
Wed Nov 16 09:21:52 UTC 2016 - christof.hanke@rzg.mpg.de
- add missing RemainAfterExit=true to client-systemd unit.
-------------------------------------------------------------------
Tue Nov 15 09:28:55 UTC 2016 - christof.hanke@rzg.mpg.de
- update to version 1.6.19
-------------------------------------------------------------------
Tue Oct 4 11:19:50 UTC 2016 - aj@suse.com
- Update README: Change SuSE to SUSE.
-------------------------------------------------------------------
Thu Jul 21 07:52:14 UTC 2016 - christof.hanke@rzg.mpg.de
- update to version 1.6.18.2
-------------------------------------------------------------------
Fri Jun 24 04:42:48 UTC 2016 - christof.hanke@rzg.mpg.de
- update to version 1.6.18.1
-------------------------------------------------------------------
Tue May 10 15:19:28 UTC 2016 - christof.hanke@rzg.mpg.de
- update to version 1.6.18
Thu Mar 17 06:35:21 UTC 2016 - christof.hanke@rzg.mpg.de
- update to version 1.6.17
- cleanup
-------------------------------------------------------------------
Fri Dec 18 06:53:08 UTC 2015 - christof.hanke@rzg.mpg.de
- update to version 1.6.16
- remove fix for configure for new ncurses, now dealt with in
shipped package
-------------------------------------------------------------------
Sat Nov 21 04:47:46 UTC 2015 - christof.hanke@rzg.mpg.de
- start using change.log again
- fix configure test for new ncurses
-------------------------------------------------------------------
Thu Jun 17 17:04:25 UTC 2010 - cseader@novell.com
- update to version 1.4.12.1
-------------------------------------------------------------------
Wed Jan 25 21:39:00 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Mon Jan 23 15:58:43 CET 2006 - nadvornik@suse.cz
- fixed kernel module to compile
-------------------------------------------------------------------
Wed Jan 11 05:30:18 CET 2006 - mge@suse.de
- add openafs.SuidCells and openafs.CellServDB
- cleanup SPEC-file(s)
- finally adopt
sysconfig.transarcmode.openafs-client
rc.transarcmode.afs-server
rc.transarcmode.afs-client
to transarc mode; and fix a small typo in
rc.defaultmode.afs-client
-------------------------------------------------------------------
Fri Jan 6 01:12:31 CET 2006 - mge@suse.de
- set "%defattr(-,root,root)" for transarcmode-file-lists
- fix lib64 build problem in transarcmode
-------------------------------------------------------------------
Thu Jan 5 13:40:42 CET 2006 - mge@suse.de
- introduce transarc-mode and default-mode
- introduce "options"
-------------------------------------------------------------------
Thu Dec 29 16:07:00 CET 2005 - mge@suse.de
- build for SLES 9
- with heimdal krb5 support
- enable-largefile-fileserver
-------------------------------------------------------------------
Wed Dec 21 16:09:26 CET 2005 - nadvornik@suse.cz
- updated to 1.4.0
- fixed dangerous compiler warnings
-------------------------------------------------------------------
Mon Oct 31 12:37:05 CET 2005 - dmueller@suse.de
- don't build as root
-------------------------------------------------------------------
Fri Aug 26 12:51:02 CEST 2005 - nadvornik@suse.cz
- fixed kernel module to build
- fixed sysconfig file name
-------------------------------------------------------------------
Thu Jul 14 17:25:25 CEST 2005 - nadvornik@suse.cz
- updated to 1.3.85
- used LSB conforming init script names
-------------------------------------------------------------------
Tue Jul 5 10:44:32 CEST 2005 - hare@suse.de
- Update for linux 2.6.13.
-------------------------------------------------------------------
Thu May 12 12:27:01 CEST 2005 - nadvornik@suse.cz
- gcc4 fixes in kernel module
-------------------------------------------------------------------
Tue Apr 12 17:02:34 CEST 2005 - nadvornik@suse.cz
- fixed to compile with gcc4
-------------------------------------------------------------------
Wed Feb 23 12:08:07 CET 2005 - nadvornik@suse.cz
- fixed memory leaks and 64bit fixes backported from 1.3.79
- updated README.SUSE
-------------------------------------------------------------------
Thu Feb 3 13:19:05 CET 2005 - nadvornik@suse.cz
- updated to 1.3.78
-------------------------------------------------------------------
Mon Jan 31 15:58:33 CET 2005 - nadvornik@suse.cz
- fixed afs.h to be usable from userspace [#50283]
-------------------------------------------------------------------
Tue Jan 25 10:57:09 CET 2005 - nadvornik@suse.cz
- updated to latest snapshot
-------------------------------------------------------------------
Wed Sep 15 12:37:04 CEST 2004 - nadvornik@suse.cz
- added requres: kernel-nongpl [#45167]
- fixed kernel module oops [#44618]
-------------------------------------------------------------------
Wed Aug 11 15:51:03 CEST 2004 - nadvornik@suse.cz
- use kernel module from openafs 1.3.70 to support kernel 2.6
-------------------------------------------------------------------
Mon Mar 08 17:18:49 CET 2004 - nadvornik@suse.cz
- updated to 1.2.11
- added note that client for kernel 2.6 is not available
-------------------------------------------------------------------
Tue Jan 20 18:48:21 CET 2004 - ro@suse.de
- added pam-devel to neededforbuild
-------------------------------------------------------------------
Sat Dec 13 00:23:45 CET 2003 - meissner@suse.de
- Added hack if no MTU came from userspace.
- Removed superflous ppc64 patch part.
-------------------------------------------------------------------
Thu Dec 11 09:29:31 CET 2003 - meissner@suse.de
- ppc64 port added (status: no longer crashes, talks to the network,
but not successfully).
- Change headerfiles to make it possible to do a ppc -> ppc64 crosscompile.
-------------------------------------------------------------------
Mon Oct 6 17:30:17 CEST 2003 - olh@suse.de
- build with -fPIC on ppc32
-------------------------------------------------------------------
Tue Sep 16 17:37:34 CEST 2003 - nadvornik@suse.cz
- patch from cvs to use AllocLargeSpace for struct osi_file to prevent
oopses with some kernel configurations
-------------------------------------------------------------------
Thu Sep 11 12:58:57 CEST 2003 - nadvornik@suse.cz
- added option DYNROOT to sysconfig and enabled it by default [#27205]
-------------------------------------------------------------------
Wed Sep 10 17:07:51 CEST 2003 - nadvornik@suse.cz
- added cleanup before module build [#29649]
-------------------------------------------------------------------
Tue Sep 09 18:33:38 CEST 2003 - nadvornik@suse.cz
- fixed possible segfault
-------------------------------------------------------------------
Thu Sep 04 12:30:00 CEST 2003 - nadvornik@suse.cz
- set permissions of /var/lib/openafs to 700
- README.SuSE fixes
-------------------------------------------------------------------
Thu Aug 28 17:11:47 CEST 2003 - nadvornik@suse.cz
- use ghost for /afs, the directory is created by init-script
- fixed README.SuSE
-------------------------------------------------------------------
Thu Aug 21 14:32:58 CEST 2003 - nadvornik@suse.cz
- moved all static libraries to /usr/lib/afs, fixes conflict with libdes
- used default value for THIS_CELL_SERVER_NAME
- removed old patches
-------------------------------------------------------------------
Tue Aug 12 11:10:46 CEST 2003 - nadvornik@suse.cz
- fixed a bug in init script
-------------------------------------------------------------------
Mon Aug 11 18:26:28 CEST 2003 - nadvornik@suse.cz
- updated to final 1.2.10
-------------------------------------------------------------------
Wed Jul 30 19:34:34 CEST 2003 - nadvornik@suse.cz
- updated to 1.2.10-rc4
- do not destroy CellServDB even if REGENERATE_CELL_INFO=yes
- fixed to compile on x86_64
-------------------------------------------------------------------
Wed Jul 30 14:25:46 CEST 2003 - sf@suse.de
- use %_lib where it was missing
-------------------------------------------------------------------
Wed Jul 09 19:20:55 CEST 2003 - nadvornik@suse.cz
- fixed conflicts in filelist
-------------------------------------------------------------------
Fri Jun 20 14:59:23 CEST 2003 - nadvornik@suse.cz
- improved init scripts
-------------------------------------------------------------------
Thu Jun 19 14:40:52 CEST 2003 - nadvornik@suse.cz
- added README.SuSE
- fixed init scripts [#27426]
- installed man pages
-------------------------------------------------------------------
Thu Jun 12 17:45:39 CEST 2003 - poeml@suse.de
- add /usr/src/kernel-modules to the file list
-------------------------------------------------------------------
Wed Jun 4 21:26:09 CEST 2003 - schwab@suse.de
- Fix SMP configuration detection.
-------------------------------------------------------------------
Wed May 14 12:28:04 CEST 2003 - poeml@suse.de
- rework filelists:
- package/remove unpackaged files
- move some files into the server & client subpackages
- use %defattr
- fix deprecated tail -1 syntax (fixes building the kernel module)
-------------------------------------------------------------------
Mon May 12 14:50:05 CEST 2003 - nadvornik@suse.cz
- updated to 1.2.9
- added DATA_ENCRYPTION option to sysconfig
-------------------------------------------------------------------
Mon Mar 10 18:43:26 CET 2003 - poeml@suse.de
- x86_64: add -lresolv, -fPIC
- fix lib path on all 64 bit platforms
-------------------------------------------------------------------
Thu Mar 06 10:39:27 CET 2003 - nadvornik@suse.cz
- added sysconfig metadata
-------------------------------------------------------------------
Mon Feb 24 17:28:44 CET 2003 - nadvornik@suse.cz
- added dirs /afs, /etc/openafs, /var/lib/openafs to filelist
-------------------------------------------------------------------
Sun Feb 16 18:28:44 CET 2003 - olh@suse.de
- workaround broken -lresolv detection, lib64 fixes
-------------------------------------------------------------------
Wed Feb 12 16:42:07 CET 2003 - nadvornik@suse.cz
- fixed multiline strings in kernel module
-------------------------------------------------------------------
Fri Jan 24 11:11:23 CET 2003 - nadvornik@suse.cz
- updated to 1.2.8
- improved init script
-------------------------------------------------------------------
Fri Nov 29 10:21:04 CET 2002 - nadvornik@suse.cz
- included errno.h
- fixed multiline strings
-------------------------------------------------------------------
Fri Nov 22 16:47:51 CET 2002 - nadvornik@suse.cz
- first version of init scripts
-------------------------------------------------------------------
Wed Nov 20 19:20:53 CET 2002 - poeml@suse.de
- initial draft of a package. Lots of stuff missing, like init
scripts, or the kerberos 5 migration toolkit.

996
openafs.spec Normal file
View File

@ -0,0 +1,996 @@
#
# spec file for package openafs
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# needssslcertforbuild
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir /var/adm/fillup-templates
%endif
%define _lto_cflags %{nil}
#
# TUNABLES
#
# package-wide definitions here
# build authlibs
%define build_authlibs 1
# build kernel modules
%define build_kernel_modules 1
# flag for firewalld, only required for SLE-12
%if 0%{?sle_version} <= 120500 && !0%{?is_opensuse}
%define have_firewalld 0
%else
%define have_firewalld 1
%endif
#
# package internal directories
#
%define afslogsdir /var/log/openafs
%define afsconfdir /etc/openafs/server
%define viceetcdir /etc/openafs
%define vicecachedir /var/cache/openafs
%define afslocaldir /var/lib/openafs
%ifarch ppc64le ppc64 %{arm}
%define build_kernel_modules 0
%endif
# used for %setup only
# leave upstream tar-balls untouched for integrity checks.
%define upstream_version stable-1_8_x
Name: openafs
Version: 1.8.13.g20241112
Release: 0
Summary: OpenAFS Distributed File System
License: IPL-1.0
Group: System/Filesystems
URL: http://www.openafs.org/
Source0: openafs-%{upstream_version}-src.tar.bz2
Source1: openafs-%{upstream_version}-doc.tar.bz2
Source2: openafs-%{upstream_version}-src.tar.bz2.md5
Source3: openafs-%{upstream_version}-doc.tar.bz2.md5
Source4: openafs-%{upstream_version}-src.tar.bz2.sha256
Source5: openafs-%{upstream_version}-doc.tar.bz2.sha256
Source10: README.SUSE.openafs
Source15: logrotate.openafs-server
Source18: RELNOTES-%{upstream_version}
Source19: ChangeLog
Source20: kernel-source.build-modules.sh
Source23: openafs-client.service
Source24: openafs-client.service.allow_unsupported
Source25: openafs-server.service
Source26: openafs-fuse-client.service
Source27: sysconfig.openafs-client
Source28: sysconfig.openafs-server
Source29: sysconfig.openafs-fuse-client
Source30: preamble
Source40: afs3-bos.xml
Source41: afs3-callback.xml
Source42: afs3-fileserver.xml
Source43: afs3-prserver.xml
Source44: afs3-rmtsys.xml
Source45: afs3-update.xml
Source46: afs3-vlserver.xml
Source47: afs3-volser.xml
Source55: openafs.SuidCells
Source56: openafs.CellAlias
Source57: openafs.ThisCell
Source58: openafs.cacheinfo
Source98: kmp_only.files
Source99: openafs.changes
# GENERAL BuildRequires and Requires
#
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: bison
BuildRequires: coreutils
BuildRequires: fdupes
BuildRequires: hostname
%if %{have_firewalld}
BuildRequires: firewall-macros
%endif
BuildRequires: flex
BuildRequires: fuse-devel
BuildRequires: git
BuildRequires: krb5-devel
BuildRequires: libtirpc-devel
BuildRequires: libtool
BuildRequires: ncurses-devel
BuildRequires: pkg-config
BuildRequires: swig
Requires(post): %fillup_prereq
%if %{build_kernel_modules}
BuildRequires: %{kernel_module_package_buildreqs}
%endif
%description
AFS is a cross-platform distributed file system product pioneered at
Carnegie Mellon University and supported and developed as a product by
Transarc Corporation (now IBM Pittsburgh Labs). It offers a
client-server architecture for file sharing, providing location
independence, scalability, and transparent migration capabilities for
data.
In addition, among its features are authentication, encryption,
caching, disconnected operations, replication for higher availability
and load balancing, and ACLs.
%package server
Summary: OpenAFS File System Server
Group: System/Filesystems
Requires: %{name} = %{version}
%description server
AFS is a cross-platform distributed file system product pioneered at
Carnegie Mellon University and supported and developed as a product by
Transarc Corporation (now IBM Pittsburgh Labs). It offers a
client-server architecture for file sharing, providing location
independence, scalability, and transparent migration capabilities for
data.
In addition, among its features are authentication, encryption,
caching, disconnected operations, replication for higher availability
and load balancing, and ACLs. This package contains the static
libraries and header files needed to develop applications for OpenAFS.
%if %{build_authlibs}
%package authlibs
Summary: OpenAFS authentication shared libraries
Group: Development/Libraries/C and C++
%description authlibs
The AFS distributed filesystem. AFS is a distributed filesystem
allowing cross-platform sharing of files among multiple computers.
Facilities are provided for access control, authentication, backup and
administrative management.
This package provides a shared version of libafsrpc and libafsauthent.
None of the programs included with OpenAFS currently use these shared
libraries; however, third-party software that wishes to perform AFS
authentication may link against them.
%package authlibs-devel
Summary: OpenAFS shared library development
Group: Development/Libraries/C and C++
Requires: %{name}-authlibs = %{version}
Requires: %{name}-devel = %{version}
%description authlibs-devel
The AFS distributed filesystem. AFS is a distributed filesystem
allowing cross-platform sharing of files among multiple computers.
Facilities are provided for access control, authentication, backup and
administrative management.
This package includes the static versions of libafsrpc and
libafsauthent, and symlinks required for building against the dynamic
libraries.
%endif
%package devel
Summary: OpenAFS Static Libraries and Header Files
Group: Development/Libraries/Other
Requires: %{name} = %{version}
%description devel
AFS is a cross-platform distributed file system product pioneered at
Carnegie Mellon University and supported and developed as a product by
Transarc Corporation (now IBM Pittsburgh Labs). It offers a
client-server architecture for file sharing, providing location
independence, scalability, and transparent migration capabilities for
data.
In addition, among its features are authentication, encryption,
caching, disconnected operations, replication for higher availability
and load balancing, and ACLs. This package contains the OpenAFS server.
%package kernel-source
BuildArch: noarch
Summary: OpenAFS Kernel Module source tree
Group: System/Filesystems
Requires: bison
Requires: flex
Requires: gcc
Requires: kernel-devel
Provides: openafs-kernel = %{version}
%description kernel-source
The AFS distributed filesystem. AFS is a distributed filesystem
allowing cross-platform sharing of files among multiple computers.
Facilities are provided for access control, authentication, backup and
administrative management.
This package provides the source code to build your own AFS kernel
module.
%if %{build_kernel_modules}
%package KMP
Summary: OpenAFS Distributed File System - kernel module
Group: System/Kernel
%kernel_module_package -x lockdep um pae -p %{S:30}
%description KMP
This package contains the kernel module for OpenAFS. For details see
the openafs package.
%endif
%package fuse_client
Summary: OpenAFS FUSE File System Client
Group: System/Filesystems
Conflicts: %{name}-client
Requires: %{name} = %{version}
%description fuse_client
AFS is a cross-platform distributed file system product pioneered at
Carnegie Mellon University and supported and developed as a product by
Transarc Corporation (now IBM Pittsburgh Labs). It offers a
client-server architecture for file sharing, providing location
independence, scalability, and transparent migration capabilities for
data.
This client is using the EXPERIMENTAL FUSE interface on LINUX.
It does not offer authentication etc.
%if %{build_kernel_modules}
%package client
Summary: OpenAFS File System Client
Group: System/Filesystems
Requires: %{name} = %{version}
Requires: %{name}-kmp
Requires: krb5-client
%description client
AFS is a cross-platform distributed file system product pioneered at
Carnegie Mellon University and supported and developed as a product by
Transarc Corporation (now IBM Pittsburgh Labs). It offers a
client-server architecture for file sharing, providing location
independence, scalability, and transparent migration capabilities for
data.
In addition, among its features are authentication, encryption,
caching, disconnected operations, replication for higher availability
and load balancing, and ACLs. This package contains the OpenAFS client.
%endif
%prep
: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
: @@@
: @@@ package-name: %{name}
: @@@ file-layout: fsh
: @@@ lib dir: %{_libdir}
: @@@ libexec dir: %{libexecdir}
: @@@ bin dir: %{_bindir}
: @@@ sbin dir: %{_sbindir}
: @@@ include dir: %{includedir}
: @@@ sysconf dir: %{_sysconfdir}
: @@@ man dir: %{_mandir}
: @@@ build modules: %{build_kernel_modules}
: @@@ architecture: %{_arch}
: @@@ target cpu: %{_target_cpu}
: @@@
: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
for src_file in %{S:0} %{S:1}; do
if [ "`md5sum $src_file | awk '{print $1}'`" != "`cat $src_file.md5 | awk '{print $1}'`" ]; then
echo "ERROR: MD5-Integrity check for $src_file failed.";
exit 1
fi
if [ "`sha256sum $src_file | awk '{print $1}'`" != "`cat $src_file.sha256 | awk '{print $1}'`" ]; then
echo "ERROR: SHA256-Integrity check for $src_file failed.";
exit 1
fi
done
%setup -q -n openafs-%{upstream_version} -T -b 0 -b 1
./regen.sh
%build
# architecture specific settings
sysbase=%{_arch}
%ifarch ppc
perl -pi -e 's,^(XCFLAGS.*),\1 -fPIC,' src/config/Makefile.ppc_linux24.in
%endif
%ifarch ppc64 ppc64le
sysbase=ppc64
export LDFLAGS="$LDFLAGS -m64"
%endif
%ifarch %{arm}
sysbase=arm
%endif
%ifarch aarch64
sysbase=arm64
%define _arch arm64
%endif
%ifarch s390x
sysbase=s390
%endif
%ifarch x86_64
sysbase=amd64
perl -pi -e 's,^(XCFLAGS.*),\1 -fPIC,' src/config/Makefile.amd64_linux24.in
perl -pi -e 's,^(XLIBS.*),\1 -lresolv,' src/config/Makefile.amd64_linux24.in
%endif
afs_sysname=${sysbase}_linux26
RPM_OPT_FLAGS=`echo ${RPM_OPT_FLAGS} | sed s/-D_FORTIFY_SOURCE=2//`
export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fPIC -fcommon"
export KRB5LIBS='-lcom_err -lkrb5'
export PATH_KRB5_CONFIG=%{krb5_config}
export afsdbdir='/var/lib/openafs/db'
export afslocaldir='/var/lib/openafs'
export afslogsdir='/var/log/openafs'
export afsdbdir='/var/lib/openafs/db'
%configure \
--disable-transarc-paths \
--disable-strip-binaries \
--includedir=%{_includedir}/openafs \
--sysconfdir=%{_sysconfdir} \
--mandir=%{_mandir} \
--with-afs-sysname=$afs_sysname \
--disable-kernel-module \
--with-swig
make CCFLAGS="$CFLAGS" XCFLAGS="$CFLAGS" PAM_CFLAGS="$CFLAGS" KOPTS="$CFLAGS" all_nolibafs
make CCFLAGS="$CFLAGS" XCFLAGS="$CFLAGS" PAM_CFLAGS="$CFLAGS" KOPTS="$CFLAGS" only_libafs_tree
# the test suite need a configured KDC
#make -C src/tests all
# Kernel-module
%if %{build_kernel_modules}
mkdir obj
for flavor in %flavors_to_build; do
rm -rf obj/$flavor
cp -a libafs_tree obj/$flavor
pushd obj/$flavor
find . -name "*.c" -exec sed -i '/MODULE_LICENSE(/a MODULE_INFO(retpoline, "Y");' "{}" "+"
./configure --with-linux-kernel-build=/usr/src/linux-obj/%{_target_cpu}/$flavor --with-linux-kernel-headers=/usr/src/linux \
--disable-transarc-paths --without-swig
export EXTRA_CFLAGS='-DVERSION=\"%version\"'
export LINUX_MAKE_ARCH="ARCH=%{_arch}"
make
popd
done
%endif
# build_kernel_modules
%install
#
# install build binaries using make
make DESTDIR=%{buildroot} install_nolibafs
#
# man-pages
OLD_PWD=`pwd`
cd doc/man-pages
%make_install
cd $OLD_PWD
#
# create directories
mkdir -p %{buildroot}/%_unitdir
mkdir -p %{buildroot}/%{afslogsdir}/old
mkdir -p %{buildroot}/%{_fillupdir}
mkdir -p %{buildroot}/%{vicecachedir}
mkdir -p %{buildroot}/%{viceetcdir}
mkdir -p %{buildroot}%{_datadir}/openafs/C
mkdir -p %{buildroot}/%{afsconfdir}
mkdir -p %{buildroot}/%{afslocaldir}
mkdir -p %{buildroot}/%{_sbindir}
#
# client
# also used by others
cp -a %{S:56} %{buildroot}/%{viceetcdir}/CellAlias
cp -a %{S:57} %{buildroot}/%{viceetcdir}/ThisCell
cp -a src/afsd/CellServDB %{buildroot}/%{viceetcdir}/CellServDB
cp -a %{S:55} %{buildroot}/%{viceetcdir}/SuidCells
cp -a %{S:58} %{buildroot}/%{viceetcdir}/cacheinfo
# kmp-only
%if %{build_kernel_modules}
cp -a src/afs/afszcm.cat %{buildroot}%{_datadir}/openafs/C
install -m 644 %{S:27} %{buildroot}/%{_fillupdir}/sysconfig.openafs-client
%if 0%{?sle_version} > 150000
install -m 644 %{S:24} %{buildroot}/%_unitdir/openafs-client.service
%else
install -m 644 %{S:23} %{buildroot}/%_unitdir
%endif
ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcopenafs-client
%endif
#
# fuse client package
install -m 644 %{S:29} %{buildroot}/%{_fillupdir}/sysconfig.openafs-fuse-client
install -m 644 %{S:26} %{buildroot}/%_unitdir
ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcopenafs-fuse-client
#
# server
install -m 644 %{S:28} %{buildroot}/%{_fillupdir}/sysconfig.openafs-server
install -m 644 %{S:25} %{buildroot}/%_unitdir
ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcopenafs-server
#
# kernel-source
mkdir -p %{buildroot}/usr/src/kernel-modules/openafs
chmod -R o-w src/libafs
chmod -R o-w libafs_tree
cp -a libafs_tree %{buildroot}/usr/src/kernel-modules/openafs
install -m 755 %{S:20} %{buildroot}/usr/src/kernel-modules/openafs/build-modules.sh
install -m 644 LICENSE %{buildroot}/usr/src/kernel-modules/openafs/LICENSE
# KMP
%if %{build_kernel_modules}
export INSTALL_MOD_PATH=%{buildroot}
export INSTALL_MOD_DIR=updates
for flavor in %flavors_to_build; do
make -C /usr/src/linux-obj/%{_arch}/$flavor %{?linux_make_arch} modules_install \
M=$PWD/`find obj/$flavor/ -name MODLOAD-\* -type d`
done
%endif
#
# main package
cp -a %{S:10} README.SUSE
cp -a %{S:18} RELNOTES
cp -a %{S:19} ChangeLog
mkdir -p %{buildroot}/etc/ld.so.conf.d
echo %{_libdir}/openafs > %{buildroot}/etc/ld.so.conf.d/openafs.conf
# move some bin to sbin
mv %{buildroot}/%{_bindir}/asetkey %{buildroot}/%{_sbindir}/asetkey
mv %{buildroot}/%{_bindir}/bos %{buildroot}/%{_sbindir}/bos
mv %{buildroot}/%{_bindir}/akeyconvert %{buildroot}/%{_sbindir}/akeyconvert
mv %{buildroot}/%{_bindir}/udebug %{buildroot}/%{_sbindir}/udebug
# avoid conflicts with other packages by adding the prefix afs_ to filenames
mv %{buildroot}%{_bindir}/scout %{buildroot}%{_bindir}/afs_scout
cat %{buildroot}/%{_mandir}/man1/scout.1 | sed 's/\<scout\>/afs_scout/g' > %{buildroot}/%{_mandir}/man1/afs_scout.1
rm %{buildroot}/%{_mandir}/man1/scout.1
mv %{buildroot}%{_sbindir}/backup %{buildroot}%{_sbindir}/afs_backup
OLD_PWD=`pwd`
cd %{buildroot}/%{_mandir}/man8/
for f in $(ls backup*); do
cat $f | sed 's/\<backup\>/afs_backup/g' > afs_"$f"
rm $f
done
cd $OLD_PWD
# create manpage for afsd.fuse as a real file
rm %{buildroot}/%{_mandir}/man8/afsd.fuse.8
cp -p %{buildroot}/%{_mandir}/man8/afsd.8 %{buildroot}/%{_mandir}/man8/afsd.fuse.8
# move %%{_libdir}/afs-stuff to %%{_libdir}/openafs
mv %{buildroot}/%{_libdir}/afs/* %{buildroot}/%{_libdir}/openafs
mv %{buildroot}/%{_libdir}/*.* %{buildroot}/%{_libdir}/openafs
rm -rf %{buildroot}/%{_libdir}/afs
# move perl module to perl vendor library path
mkdir -p %{buildroot}/%{perl_vendorlib}/AFS
mv %{buildroot}/%{_libdir}/perl/AFS/ukernel.pm %{buildroot}/%{perl_vendorlib}/AFS/ukernel.pm
mkdir -p %{buildroot}%{perl_vendorarch}
mv %{buildroot}/%{_libdir}/perl/ukernel.so %{buildroot}/%{perl_vendorarch}/ukernel.so
# firewalld
%if %{have_firewalld}
mkdir -p %{buildroot}%{_prefix}/lib/firewalld/services/
install -D -m 644 %{S:40} %{buildroot}%{_prefix}/lib/firewalld/services/
install -D -m 644 %{S:41} %{buildroot}%{_prefix}/lib/firewalld/services/
install -D -m 644 %{S:42} %{buildroot}%{_prefix}/lib/firewalld/services/
install -D -m 644 %{S:43} %{buildroot}%{_prefix}/lib/firewalld/services/
install -D -m 644 %{S:44} %{buildroot}%{_prefix}/lib/firewalld/services/
install -D -m 644 %{S:45} %{buildroot}%{_prefix}/lib/firewalld/services/
install -D -m 644 %{S:46} %{buildroot}%{_prefix}/lib/firewalld/services/
install -D -m 644 %{S:47} %{buildroot}%{_prefix}/lib/firewalld/services/
%endif
#
# general cleanup
#
# we supposedly don't need this on linux
rm %{buildroot}/%{_sbindir}/rmtsysd
%if ! %{build_authlibs}
rm %{buildroot}/%{_libdir}/libafsauthent.so.*
rm %{buildroot}/%{_libdir}/libafsrpc.so.*
rm %{buildroot}/%{_libdir}/libkopenafs.so.*
rm %{buildroot}/%{_libdir}/libafsauthent.so
rm %{buildroot}/%{_libdir}/libafsrpc.so
rm %{buildroot}/%{_libdir}/libkopenafs.so
%endif
%if ! %{build_kernel_modules}
for f in $(cat %{S:98}); do
rm -f %{buildroot}/$f
done
%endif
# remove all static libraries
find %{buildroot} -type f -name "*.a" -delete
# remove unused man pages
for x in dlog symlink symlink_list symlink_make symlink_remove; do
rm %{buildroot}/%{_mandir}/man1/${x}.1
done
for x in rmtsysd xfs_size_check aklog_dynamic_auth; do
rm %{buildroot}/%{_mandir}/man8/${x}.8
done
# compress man pages
OLD_PWD=`pwd`
for d in %{buildroot}%{_mandir}/man*; do
cd $d
for f in *; do
if [ -h $f ]; then
mv $f $f.gz
elif [ -f $f ];then
gzip -9 $f
else
echo "Unknown thing to compress : $f"
fi
done
done
cd $OLD_PWD
# replace duplicates by symlinks
%fdupes -s %{buildroot}/usr
#
# main
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%post kernel-source
echo To install the kernel-module, do:
echo cd /usr/src/kernel-modules/openafs
echo sh ./build-modules.sh build
echo sh ./build-modules.sh install
#
# fuse client
%pre fuse_client
%service_add_pre openafs-fuse-client.service
%preun fuse_client
%service_del_preun openafs-fuse-client.service
%post fuse_client
if [ ! -d /afs ]; then
mkdir /afs
fi
%{fillup_only -n openafs-fuse-client}
%service_add_post openafs-fuse-client.service
/sbin/ldconfig
if [ "x$1" = "x" ]; then
my_operation=0
else
my_operation=$1
fi
if [ $my_operation -gt 1 ]; then
echo Not stopping the possibly running client.
echo You must restart the client to put the upgrade into effect.
else
echo This is the experimental FUSE implementation of the openafs-client
echo Please configure your cell like with the in-kernel openafs-client
echo authentication etc. is not implemented yet in this version.
fi
%postun fuse_client
%service_del_postun openafs-fuse-client.service
if [ -d /afs ]; then
echo make sure to remove directory /afs if unwanted.
fi
/sbin/ldconfig
#
# client
%if %{build_kernel_modules}
%pre client
%service_add_pre openafs-client.service
%post client
if [ ! -d /afs ]; then
mkdir /afs
fi
/sbin/ldconfig
%{fillup_only -n openafs-client}
%service_add_post openafs-client.service
%if %{have_firewalld}
%firewalld_reload
%endif
if [ "x$1" = "x" ]; then
my_operation=0
else
my_operation=$1
fi
if [ $my_operation -gt 1 ]; then
echo Not stopping the possibly running client.
echo You must restart the client to put the upgrade into effect.
else
echo For configuring the client, please check /etc/sysconfig/openafs-client
echo and/or follow the instructions found on http://www.openafs.org how to install an openafs-client.
fi
%preun client
%service_del_preun openafs-client.service
%postun client
if [ -d /afs ]; then
echo make sure to remove directory /afs if unwanted.
fi
/sbin/ldconfig
%service_del_postun openafs-client.service
%endif
#
# server
%pre server
%service_add_pre openafs-server.service
%post server
/sbin/ldconfig
%{fillup_only -n openafs-server}
%service_add_post openafs-server.service
if [ "$FIRST_ARG" -gt 1 ]; then
# update no new install
echo Not stopping the possibly running services.
echo You must restart the service to put the upgrade into effect.
if [ -d /var/openafs ]; then
echo To upgrade, stop the server, copy the contents of /var/openafs to /var/lib/openafs,
echo remove the empty directory /var/openafs and then start the server again.
fi
else
echo For configuring the server, please check /etc/sysconfig/openafs-server
echo and/or follow the instructions found on http://www.openafs.org to install an openafs-client.
fi
%preun server
%service_del_preun openafs-server.service
%postun server
/sbin/ldconfig
%service_del_postun openafs-server.service
#
# devel
%post devel
%postun devel
#
# authlibs
%if %{build_authlibs}
%post authlibs
%postun authlibs
%endif
#
# FILES
#
%files
%defattr(-,root,root)
%config /etc/ld.so.conf.d/openafs.conf
%config(noreplace) %{viceetcdir}/CellAlias
%config(noreplace) %{viceetcdir}/CellServDB
%config(noreplace) %{viceetcdir}/ThisCell
%dir %{viceetcdir}
%doc %{_mandir}/man5/afsmonitor.5.gz
%doc %{_mandir}/man1/afs.1.gz
%doc %{_mandir}/man1/afs_compile_et.1.gz
%doc %{_mandir}/man1/afs_scout.1.gz
%doc %{_mandir}/man1/afsmonitor.1.gz
%doc %{_mandir}/man1/cmdebug.1.gz
%doc %{_mandir}/man1/pts.1.gz
%doc %{_mandir}/man1/pts_*.gz
%doc %{_mandir}/man1/restorevol.1.gz
%doc %{_mandir}/man1/rxdebug.1.gz
%doc %{_mandir}/man1/sys.1.gz
%doc %{_mandir}/man1/translate_et.1.gz
%doc %{_mandir}/man1/udebug.1.gz
%doc %{_mandir}/man1/vos.1.gz
%doc %{_mandir}/man1/vos_*gz
%doc %{_mandir}/man1/xstat_cm_test.1.gz
%doc %{_mandir}/man1/xstat_fs_test.1.gz
%doc %{_mandir}/man5/CellAlias.5.gz
%doc %{_mandir}/man5/CellServDB.5.gz
%doc %{_mandir}/man5/NetInfo.5.gz
%doc %{_mandir}/man5/NetRestrict.5.gz
%doc %{_mandir}/man5/ThisCell.5.gz
%doc %{_mandir}/man5/afs.5.gz
%doc %{_mandir}/man5/butc.5.gz
%doc %{_mandir}/man5/butc_logs.5.gz
%doc %{_mandir}/man5/fms.log.5.gz
%doc %{_mandir}/man5/sysid.5.gz
%doc %{_mandir}/man5/uss.5.gz
%doc %{_mandir}/man5/uss_*.5.gz
%doc %{_mandir}/man8/afs_backup.8.gz
%doc %{_mandir}/man8/afs_backup_*.8.gz
%doc %{_mandir}/man8/bos.8.gz
%doc %{_mandir}/man8/bos_[a-t]*.8.gz
%doc %{_mandir}/man8/bos_uninstall.8.gz
%doc %{_mandir}/man8/butc.8.gz
%doc %{_mandir}/man8/fms.8.gz
%doc %{_mandir}/man8/read_tape.8.gz
%doc %{_mandir}/man8/uss.8.gz
%doc %{_mandir}/man8/uss_*.8.gz
%doc %{_mandir}/man8/vsys.8.gz
%doc NEWS README* RELNOTES ChangeLog
%{_bindir}/afs_compile_et
%{_bindir}/afs_scout
%{_bindir}/afsio
%{_bindir}/afsmonitor
%{_bindir}/cmdebug
%{_bindir}/pts
%{_bindir}/restorevol
%{_bindir}/sys
%{_bindir}/translate_et
%{_bindir}/xstat_cm_test
%{_bindir}/xstat_fs_test
%{_libdir}/openafs/libafshcrypto.so.*
%{_libdir}/openafs/librokenafs.so.*
%{_sbindir}/afs_backup
%{_sbindir}/bos
%{_sbindir}/butc
%{_sbindir}/fms
%{_sbindir}/read_tape
%{_sbindir}/rxdebug
%{_sbindir}/udebug
%{_sbindir}/uss
%{_sbindir}/vos
%{_sbindir}/vsys
%files fuse_client
%defattr(-,root,root)
%{_sbindir}/afsd.fuse
%{_sbindir}/rcopenafs-fuse-client
%config(noreplace) %{viceetcdir}/SuidCells
%config(noreplace) %{viceetcdir}/cacheinfo
%doc %{_mandir}/man8/afsd.fuse.8.gz
%_unitdir/openafs-fuse-client.service
%{_fillupdir}/sysconfig.openafs-fuse-client
%{vicecachedir}
%if %{build_kernel_modules}
%files client
%defattr(-,root,root)
%{_bindir}/fs
%{_bindir}/aklog
%{_bindir}/klog.krb5
%{_bindir}/pagsh
%{_bindir}/pagsh.krb
%{_bindir}/tokens
%{_bindir}/tokens.krb
%{_bindir}/unlog
%{_bindir}/up
%{_sbindir}/afsd
%{_sbindir}/fstrace
%doc %{_mandir}/man1/fs.1.gz
%doc %{_mandir}/man1/fs_*.1.gz
%doc %{_mandir}/man1/aklog.1.gz
%doc %{_mandir}/man1/klog.krb5.1.gz
%doc %{_mandir}/man1/pagsh.1.gz
%doc %{_mandir}/man1/pagsh.krb.1.gz
%doc %{_mandir}/man1/tokens.1.gz
%doc %{_mandir}/man1/tokens.krb.1.gz
%doc %{_mandir}/man1/unlog.1.gz
%doc %{_mandir}/man1/up.1.gz
%doc %{_mandir}/man8/afsd.8.gz
%doc %{_mandir}/man8/fstrace.8.gz
%doc %{_mandir}/man8/fstrace_*.8.gz
%_unitdir/openafs-client.service
%doc %{_mandir}/man1/copyauth.1.gz
%doc %{_mandir}/man5/cacheinfo.5.gz
%doc %{_mandir}/man5/afs_cache.5.gz
%dir %{_datadir}/openafs
%dir %{_datadir}/openafs/C
%{_datadir}/openafs/C/afszcm.cat
%doc %{_mandir}/man5/afszcm.cat.5.gz
%config(noreplace) %{viceetcdir}/SuidCells
%config(noreplace) %{viceetcdir}/cacheinfo
%{_sbindir}/rcopenafs-client
%{_fillupdir}/sysconfig.openafs-client
%{vicecachedir}
%if %{have_firewalld}
%dir %{_prefix}/lib/firewalld
%dir %{_prefix}/lib/firewalld/services
%{_prefix}/lib/firewalld/services/afs3-callback.xml
%{_prefix}/lib/firewalld/services/afs3-rmtsys.xml
%endif
%endif
%files server
%defattr(-,root,root)
%attr(770,root,root) %dir %{afslocaldir}
%attr(775,root,root) %dir %{afslogsdir}
%config %{viceetcdir}/server
%doc %{_mandir}/man5/AuthLog.5.gz
%doc %{_mandir}/man5/AuthLog.dir.5.gz
%doc %{_mandir}/man5/BackupLog.5.gz
%doc %{_mandir}/man5/BosConfig.5.gz
%doc %{_mandir}/man5/BosLog.5.gz
%doc %{_mandir}/man5/FORCESALVAGE.5.gz
%doc %{_mandir}/man5/FileLog.5.gz
%doc %{_mandir}/man5/KeyFile.5.gz
%doc %{_mandir}/man5/KeyFileExt.5.gz
%doc %{_mandir}/man5/NoAuth.5.gz
%doc %{_mandir}/man5/PtLog.5.gz
%doc %{_mandir}/man5/SALVAGE.fs.5.gz
%doc %{_mandir}/man5/SalvageLog.5.gz
%doc %{_mandir}/man5/UserList.5.gz
%doc %{_mandir}/man5/VLLog.5.gz
%doc %{_mandir}/man5/VolserLog.5.gz
%doc %{_mandir}/man5/afs_volume_header.5.gz
%doc %{_mandir}/man5/bdb.DB0.5.gz
%doc %{_mandir}/man5/krb.conf.5.gz
%doc %{_mandir}/man5/krb.excl.5.gz
%doc %{_mandir}/man5/prdb.DB0.5.gz
%doc %{_mandir}/man5/salvage.lock.5.gz
%doc %{_mandir}/man5/tapeconfig.5.gz
%doc %{_mandir}/man5/vldb.DB0.5.gz
%doc %{_mandir}/man8/akeyconvert.8.gz
%doc %{_mandir}/man8/asetkey.8.gz
%doc %{_mandir}/man8/bos_util.8.gz
%doc %{_mandir}/man8/bosserver.8.gz
%doc %{_mandir}/man8/buserver.8.gz
%doc %{_mandir}/man8/dafileserver.8.gz
%doc %{_mandir}/man8/dafssync-debug.8.gz
%doc %{_mandir}/man8/dafssync-debug_*.8.gz
%doc %{_mandir}/man8/dasalvager.8.gz
%doc %{_mandir}/man8/davolserver.8.gz
%doc %{_mandir}/man8/fileserver.8.gz
%doc %{_mandir}/man8/fssync-debug.8.gz
%doc %{_mandir}/man8/fssync-debug_*.8.gz
%doc %{_mandir}/man8/prdb_check.8.gz
%doc %{_mandir}/man8/pt_util.8.gz
%doc %{_mandir}/man8/ptserver.8.gz
%doc %{_mandir}/man8/salvager.8.gz
%doc %{_mandir}/man8/salvageserver.8.gz
%doc %{_mandir}/man8/state_analyzer.8.gz
%doc %{_mandir}/man8/upclient.8.gz
%doc %{_mandir}/man8/upserver.8.gz
%doc %{_mandir}/man8/vldb_check.8.gz
%doc %{_mandir}/man8/vldb_convert.8.gz
%doc %{_mandir}/man8/vlserver.8.gz
%doc %{_mandir}/man8/voldump.8.gz
%doc %{_mandir}/man8/volinfo.8.gz
%doc %{_mandir}/man8/volscan.8.gz
%doc %{_mandir}/man8/volserver.8.gz
%dir %{_libexecdir}/openafs
%{_libexecdir}/openafs/buserver
%{_libexecdir}/openafs/dafileserver
%{_libexecdir}/openafs/dasalvager
%{_libexecdir}/openafs/davolserver
%{_libexecdir}/openafs/fileserver
%{_libexecdir}/openafs/ptserver
%{_libexecdir}/openafs/salvager
%{_libexecdir}/openafs/salvageserver
%{_libexecdir}/openafs/upclient
%{_libexecdir}/openafs/upserver
%{_libexecdir}/openafs/vlserver
%{_libexecdir}/openafs/volserver
%{_sbindir}/asetkey
%{_sbindir}/akeyconvert
%{_sbindir}/bos_util
%{_sbindir}/bosserver
%{_sbindir}/dafssync-debug
%{_sbindir}/fssync-debug
%{_sbindir}/prdb_check
%{_sbindir}/pt_util
%{_sbindir}/salvsync-debug
%{_sbindir}/state_analyzer
%{_sbindir}/vldb_check
%{_sbindir}/vldb_convert
%{_sbindir}/voldump
%{_sbindir}/volinfo
%{_sbindir}/volscan
%_unitdir/openafs-server.service
%{_sbindir}/rcopenafs-server
/%{_fillupdir}/sysconfig.openafs-server
%if %{have_firewalld}
%dir %{_prefix}/lib/firewalld
%dir %{_prefix}/lib/firewalld/services
%{_prefix}/lib/firewalld/services/afs3-bos.xml
%{_prefix}/lib/firewalld/services/afs3-fileserver.xml
%{_prefix}/lib/firewalld/services/afs3-prserver.xml
%{_prefix}/lib/firewalld/services/afs3-update.xml
%{_prefix}/lib/firewalld/services/afs3-vlserver.xml
%{_prefix}/lib/firewalld/services/afs3-volser.xml
%endif
%files devel
%defattr(-,root,root)
%dir %{_libdir}/openafs
%doc %{_mandir}/man1/livesys.1.gz
%doc %{_mandir}/man1/rxgen.1.gz
%doc %{_mandir}/man3/AFS::ukernel.3.gz
%{_bindir}/livesys
%{_bindir}/rxgen
%{_includedir}/openafs/
%{_libdir}/openafs/libafshcrypto.so
%{_libdir}/openafs/librokenafs.so
%{perl_vendorarch}/ukernel.so
%dir %{perl_vendorlib}/AFS
%{perl_vendorlib}/AFS/ukernel.pm
%files kernel-source
%defattr(-,root,root)
%dir /usr/src/kernel-modules
%dir /usr/src/kernel-modules/openafs
/usr/src/kernel-modules/openafs/*
%if %{build_authlibs}
%files authlibs
%defattr(-,root,root)
%{_libdir}/openafs/libafsauthent.so.*
%{_libdir}/openafs/libafsrpc.so.*
%{_libdir}/openafs/libkopenafs.so.*
%files authlibs-devel
%defattr(-,root,root)
%{_libdir}/openafs/libafsauthent.so
%{_libdir}/openafs/libafsrpc.so
%{_libdir}/openafs/libkopenafs.so
%endif
#
# CHANGELOG
#
%changelog

3
preamble Normal file
View File

@ -0,0 +1,3 @@
Requires: kernel-%1
Requires: %{name}-client = %{version}
Conflicts: %{name}-fuse-client = %{version}

17
sysconfig.openafs-client Normal file
View File

@ -0,0 +1,17 @@
#
# startup options for the openAFS client.
# see man afsd for details
AFSD_ARGS="-fakestat -memcache -blocks 102400 -dynroot -afsdb"
#
# sysname to set after startup
# leave empty for default setting.
SYSNAME=""
#
# switch for encryption to be set after startup
# must be one of "on" or "off"
CRYPT="on"

17
sysconfig.openafs-fuse-client Normal file
View File

@ -0,0 +1,17 @@
#
# startup options for the openAFS FUSE client.
# see man afsd for details
AFSD_ARGS="-fakestat -memcache -blocks 102400 -dynroot -afsdb"
#
# sysname to set after startup
# leave empty for default setting.
SYSNAME=""
#
# switch for encryption to be set after startup
# must be one of "on" or "off"
CRYPT="on"

4
sysconfig.openafs-server Normal file
View File

@ -0,0 +1,4 @@
## Path: Network/File systems/AFS server
## Description: AFS server configuration, default mode
# all is set in /etc/openafs/BosConfig