From d3db42d252d7b607beafb9ca713e83d43250bb7eda1781f61a271cf0d1b47d32 Mon Sep 17 00:00:00 2001 From: Christof Hanke Date: Tue, 26 Nov 2024 08:10:26 +0000 Subject: [PATCH] - update to latest git branch stable-1_8_x, includes security update 1.8.13 - change version to openafs-1.8.13.g... since the new stable release is 1.8.13 - remove patch handle_backports.diff, it is now included upstream - remove intermediate patches: * 03b280649f5e22ed74c217d7c98c3416a2fa9052: Linux-6.10: remove includes for asm/ia32_unistd.h * 0f6a3a402f4a66114da9231032bd68cdc4dee7bc: Linux-6.10: Use filemap_alloc_folio when avail * 658942f2791fad5e33ec7542158c16dfc66eed39: Linux-6.10: define a wrapper for vmalloc * d8b56f21994ce66d8daebb7d69e792f34c1a19ed: afs: avoid empty-body warning * 7097eec17bc01bcfc12c4d299136b2d3b94ec3d7: Linux 6.10: Move 'inline' before func return type OBS-URL: https://build.opensuse.org/package/show/filesystems/openafs?expand=0&rev=129 --- .gitattributes | 23 + .gitignore | 1 + 03b280649f5e22ed74c217d7c98c3416a2fa9052 | 111 +++ 0f6a3a402f4a66114da9231032bd68cdc4dee7bc | 96 +++ 658942f2791fad5e33ec7542158c16dfc66eed39 | 66 ++ 7097eec17bc01bcfc12c4d299136b2d3b94ec3d7 | 51 ++ ChangeLog | 956 ++++++++++++++++++++++ README.SUSE.openafs | 109 +++ RELNOTES-stable-1_8_x | 27 + afs3-bos.xml | 6 + afs3-callback.xml | 6 + afs3-fileserver.xml | 6 + afs3-prserver.xml | 6 + afs3-rmtsys.xml | 6 + afs3-update.xml | 6 + afs3-vlserver.xml | 6 + afs3-volser.xml | 6 + d8b56f21994ce66d8daebb7d69e792f34c1a19ed | 76 ++ handle_backports.diff | 11 + kernel-source.build-modules.sh | 64 ++ kmp_only.files | 99 +++ logrotate.openafs-server | 11 + openafs-client.service | 21 + openafs-client.service.allow_unsupported | 20 + openafs-fuse-client.service | 19 + openafs-server.service | 11 + openafs-stable-1_8_x-doc.tar.bz2 | 3 + openafs-stable-1_8_x-doc.tar.bz2.md5 | 1 + openafs-stable-1_8_x-doc.tar.bz2.sha256 | 1 + openafs-stable-1_8_x-src.tar.bz2 | 3 + openafs-stable-1_8_x-src.tar.bz2.md5 | 1 + openafs-stable-1_8_x-src.tar.bz2.sha256 | 1 + openafs.CellAlias | 1 + openafs.SuidCells | 0 openafs.ThisCell | 1 + openafs.cacheinfo | 1 + openafs.changes | 923 +++++++++++++++++++++ openafs.spec | 996 +++++++++++++++++++++++ preamble | 3 + sysconfig.openafs-client | 17 + sysconfig.openafs-fuse-client | 17 + sysconfig.openafs-server | 4 + 42 files changed, 3793 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 03b280649f5e22ed74c217d7c98c3416a2fa9052 create mode 100644 0f6a3a402f4a66114da9231032bd68cdc4dee7bc create mode 100644 658942f2791fad5e33ec7542158c16dfc66eed39 create mode 100644 7097eec17bc01bcfc12c4d299136b2d3b94ec3d7 create mode 100644 ChangeLog create mode 100644 README.SUSE.openafs create mode 100644 RELNOTES-stable-1_8_x create mode 100644 afs3-bos.xml create mode 100644 afs3-callback.xml create mode 100644 afs3-fileserver.xml create mode 100644 afs3-prserver.xml create mode 100644 afs3-rmtsys.xml create mode 100644 afs3-update.xml create mode 100644 afs3-vlserver.xml create mode 100644 afs3-volser.xml create mode 100644 d8b56f21994ce66d8daebb7d69e792f34c1a19ed create mode 100644 handle_backports.diff create mode 100644 kernel-source.build-modules.sh create mode 100644 kmp_only.files create mode 100644 logrotate.openafs-server create mode 100644 openafs-client.service create mode 100644 openafs-client.service.allow_unsupported create mode 100644 openafs-fuse-client.service create mode 100644 openafs-server.service create mode 100644 openafs-stable-1_8_x-doc.tar.bz2 create mode 100644 openafs-stable-1_8_x-doc.tar.bz2.md5 create mode 100644 openafs-stable-1_8_x-doc.tar.bz2.sha256 create mode 100644 openafs-stable-1_8_x-src.tar.bz2 create mode 100644 openafs-stable-1_8_x-src.tar.bz2.md5 create mode 100644 openafs-stable-1_8_x-src.tar.bz2.sha256 create mode 100644 openafs.CellAlias create mode 100644 openafs.SuidCells create mode 100644 openafs.ThisCell create mode 100644 openafs.cacheinfo create mode 100644 openafs.changes create mode 100644 openafs.spec create mode 100644 preamble create mode 100644 sysconfig.openafs-client create mode 100644 sysconfig.openafs-fuse-client create mode 100644 sysconfig.openafs-server diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/03b280649f5e22ed74c217d7c98c3416a2fa9052 b/03b280649f5e22ed74c217d7c98c3416a2fa9052 new file mode 100644 index 0000000..0ade45a --- /dev/null +++ b/03b280649f5e22ed74c217d7c98c3416a2fa9052 @@ -0,0 +1,111 @@ +commit 03b280649f5e22ed74c217d7c98c3416a2fa9052 +Author: Cheyenne Wills +Date: Wed Jun 12 13:56:44 2024 -0600 + + Linux-6.10: remove includes for asm/ia32_unistd.h + + The Linux 6.10 commit: + "x86/syscall/compat: Remove ia32_unistd.h" (e2d168328e) + + Removed the header ia32_unistd.h since it was just a wrapper for the + unistd_32_ia32.h. + + The commit: + "linux-afs-translator-xen-20060731" (29dd792381) + added an ia32_unistd.h include to several files; all were not needed + (as they didn't reference any of the contents from the header file, e.g + _NR_ia32_*). + + The commit: + "amd64-hook-ia32-table-20030519" (831e172463) + added an include for ia32_unistd.h to osi_module.c. + + A later commit: + "osi-probe-syscall-20050129" (f126dbdbe2) + removed many of the references to defines from ia32_unistd.h, but did + not remove the include for the header. + + Currently the only remaining files (linux-kernel-syscall-probe.m4, + LINUX/osi_probe.c and LINUX/osi_syscall.c) continue to reference the + items from ia32_unistd.h, but only when building older kernels that + either don't have LINUX_KEYRING_SUPPORT or when + ENABLE_LINUX_SYSCALL_PROBING is enabled (in both cases, these are only + applicable for older kernels where the asm/ia32_unistd.h file would be + present). + + For the files that don't have references (i.e. _NR_ia32_*), we can + simply remove the include for asm/ia32_unistd.h. For the remaining set + of files, we can leave the include for asm/ia32_unistd.h since the code + already has preprocessor conditionals so it's only included for older + Linux kernels where the header file will be present. + + We noted above, the include for asm/ia32_unistd.h is already conditional + on the checks for LINUX_KEYRING_SUPPORT and ENABLE_LINUX_SYSCALL_PROBING + so we do not need to add any additional configure checks. + + Change-Id: I901b5c0f0ff86272b02f898f3951325533d22f4f + Reviewed-on: https://gerrit.openafs.org/15763 + Reviewed-by: Michael Meffie + Tested-by: BuildBot + Reviewed-by: Andrew Deason + +diff --git a/src/afs/LINUX/osi_ioctl.c b/src/afs/LINUX/osi_ioctl.c +index 3e797745c..d964d8103 100644 +--- a/src/afs/LINUX/osi_ioctl.c ++++ b/src/afs/LINUX/osi_ioctl.c +@@ -21,10 +21,6 @@ + #include /* For syscall numbers. */ + #include + +-#ifdef AFS_AMD64_LINUX_ENV +-#include +-#endif +- + #include + #include + #include +diff --git a/src/afs/LINUX/osi_module.c b/src/afs/LINUX/osi_module.c +index 8ace127f4..499810cc6 100644 +--- a/src/afs/LINUX/osi_module.c ++++ b/src/afs/LINUX/osi_module.c +@@ -21,10 +21,6 @@ + #include /* For syscall numbers. */ + #include + +-#ifdef AFS_AMD64_LINUX_ENV +-#include +-#endif +- + #include + #include + #include +diff --git a/src/afs/LINUX/osi_pag_module.c b/src/afs/LINUX/osi_pag_module.c +index ea3d1bd2c..346108489 100644 +--- a/src/afs/LINUX/osi_pag_module.c ++++ b/src/afs/LINUX/osi_pag_module.c +@@ -20,10 +20,6 @@ + #include /* For syscall numbers. */ + #include + +-#ifdef AFS_AMD64_LINUX_ENV +-#include +-#endif +- + #include + #include + #include +diff --git a/src/afs/LINUX/osi_proc.c b/src/afs/LINUX/osi_proc.c +index 9c5a080f0..ad7c695b9 100644 +--- a/src/afs/LINUX/osi_proc.c ++++ b/src/afs/LINUX/osi_proc.c +@@ -25,10 +25,6 @@ + #include /* For syscall numbers. */ + #include + +-#ifdef AFS_AMD64_LINUX_ENV +-# include +-#endif +- + #include + #include + #include diff --git a/0f6a3a402f4a66114da9231032bd68cdc4dee7bc b/0f6a3a402f4a66114da9231032bd68cdc4dee7bc new file mode 100644 index 0000000..cf55c23 --- /dev/null +++ b/0f6a3a402f4a66114da9231032bd68cdc4dee7bc @@ -0,0 +1,96 @@ +commit 0f6a3a402f4a66114da9231032bd68cdc4dee7bc +Author: Cheyenne Wills +Date: Wed Jun 12 14:13:59 2024 -0600 + + Linux-6.10: Use filemap_alloc_folio when avail + + The Linux 6.10 commit: + "mm: remove page_cache_alloc()" (3f2ae4ebd5) + removed the page_cache_alloc(), with a note that callers would be using + filemap_alloc_folio instead. + + The function filemap_alloc_folio() was introduced in Linux 5.15 commit: + "mm/filemap: Add filemap_alloc_folio" (bb3c579e25) + + Add a configure check for filemap_alloc_folio and update the function + afs_linux_read_cache() to use a wrapper that calls filemap_alloc_folio() + if available otherwise calls page_cache_alloc(). + + Minor whitespace/style cleanup + + Note: The function filemap_alloc_folio() was introduced in Linux 5.15, + so this change affects builds using the Linux kernel 5.15 and later. + + Change-Id: Ia17aefc38fe9787e54b315c864da726d610b8bb9 + Reviewed-on: https://gerrit.openafs.org/15764 + Tested-by: BuildBot + Reviewed-by: Andrew Deason + Reviewed-by: Michael Meffie + +diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c +index 511b0838f..18809c89f 100644 +--- a/src/afs/LINUX/osi_vnodeops.c ++++ b/src/afs/LINUX/osi_vnodeops.c +@@ -2320,6 +2320,24 @@ mapping_read_page(struct address_space *mapping, struct page *page) + #endif + } + ++/* ++ * small compat wrapper for filemap_alloc_folio/page_cache_alloc ++ */ ++static struct page * ++afs_page_cache_alloc(struct address_space *cachemapping) ++{ ++#if defined(HAVE_LINUX_FILEMAP_ALLOC_FOLIO) ++ struct folio *folio; ++ folio = filemap_alloc_folio(mapping_gfp_mask(cachemapping), 0); ++ if (folio == NULL) { ++ return NULL; ++ } ++ return &folio->page; ++#else ++ return page_cache_alloc(cachemapping); ++#endif ++} ++ + /* Populate a page by filling it from the cache file pointed at by cachefp + * (which contains indicated chunk) + * If task is NULL, the page copy occurs syncronously, and the routine +@@ -2358,11 +2376,12 @@ afs_linux_read_cache(struct file *cachefp, struct page *page, + pageindex = (offset - AFS_CHUNKTOBASE(chunk)) >> PAGE_SHIFT; + + while (cachepage == NULL) { +- cachepage = find_get_page(cachemapping, pageindex); ++ cachepage = find_get_page(cachemapping, pageindex); + if (!cachepage) { +- if (!newpage) +- newpage = page_cache_alloc(cachemapping); +- if (!newpage) { ++ if (newpage == NULL) { ++ newpage = afs_page_cache_alloc(cachemapping); ++ } ++ if (newpage == NULL) { + code = -ENOMEM; + goto out; + } +diff --git a/src/cf/linux-kernel-func.m4 b/src/cf/linux-kernel-func.m4 +index 93f96f5ad..83ea354b0 100644 +--- a/src/cf/linux-kernel-func.m4 ++++ b/src/cf/linux-kernel-func.m4 +@@ -253,6 +253,16 @@ AC_CHECK_LINUX_FUNC([no_strlcpy], + size_t s; + s = strlcpy(buff);]]) + ++dnl Linux 5.15 introduced filemap_alloc_folio() as a replacement for ++dnl page_cache_alloc(). page_cache_alloc() was updated to become just a ++dnl wrapper for filemap_alloc_folio(). ++dnl Linux 6.10 removed page_cache_alloc(). ++AC_CHECK_LINUX_FUNC([filemap_alloc_folio], ++ [#include ++ #include ], ++ [[static struct folio *folio; ++ folio = filemap_alloc_folio(0, 0);]]) ++ + dnl Consequences - things which get set as a result of the + dnl above tests + AS_IF([test "x$ac_cv_linux_func_d_alloc_anon" = "xno"], diff --git a/658942f2791fad5e33ec7542158c16dfc66eed39 b/658942f2791fad5e33ec7542158c16dfc66eed39 new file mode 100644 index 0000000..0753ecc --- /dev/null +++ b/658942f2791fad5e33ec7542158c16dfc66eed39 @@ -0,0 +1,66 @@ +commit 658942f2791fad5e33ec7542158c16dfc66eed39 +Author: Cheyenne Wills +Date: Wed Jun 12 14:16:43 2024 -0600 + + Linux-6.10: define a wrapper for vmalloc + + The Linux 6.10 commit: + "mm: vmalloc: enable memory allocation profiling" (88ae5fb755) + changed vmalloc from a function to a wrapper macro. + + This change results in build errors: + "error: implicit declaration of function ‘vmalloc’; did you mean + ‘kmalloc’? [-Werror=implicit-function-declaration]" + + when vmalloc is passed as a parameter to the afs_atomlist_create() and + afs_lhash_create() functions. + + Add a little wrapper function around vmalloc() to use for the parameter + to afs_atomlist_create() and afs_lhash_create(). + + Note: A configure test was not needed for this change since the name + and functionality of Linux's vmalloc did not change. + + Change-Id: I69c1da9eea5d1de11c1628bbcef427f81f5c01e1 + Reviewed-on: https://gerrit.openafs.org/15765 + Tested-by: BuildBot + Reviewed-by: Andrew Deason + Reviewed-by: Michael Meffie + +diff --git a/src/afs/LINUX/osi_alloc.c b/src/afs/LINUX/osi_alloc.c +index 86cd0e571..7c4b4a1ca 100644 +--- a/src/afs/LINUX/osi_alloc.c ++++ b/src/afs/LINUX/osi_alloc.c +@@ -196,6 +196,15 @@ local_free(void *p, size_t n) + vfree(p); + } + ++/* ++ * wrapper for vmalloc(), since vmalloc() may be a macro ++ */ ++static void * ++local_vmalloc(size_t size) ++{ ++ return vmalloc(size); ++} ++ + /* linux_alloc_init(): Initializes the kernel memory allocator. As part + * of this process, it also initializes a pool of osi_linux_mem + * structures as well as the hash table itself. +@@ -209,14 +218,14 @@ linux_alloc_init(void) + /* initiate our pool of osi_linux_mem structs */ + al_mem_pool = + afs_atomlist_create(sizeof(struct osi_linux_mem), sizeof(long) * 1024, +- (void *)vmalloc, local_free); ++ local_vmalloc, local_free); + if (!al_mem_pool) { + printf("afs_osi_Alloc: Error in initialization(atomlist_create)\n"); + return 0; + } + + /* initialize the hash table to hold references to alloc'ed chunks */ +- lh_mem_htab = afs_lhash_create(hash_equal, (void *)vmalloc, local_free); ++ lh_mem_htab = afs_lhash_create(hash_equal, local_vmalloc, local_free); + if (!lh_mem_htab) { + printf("afs_osi_Alloc: Error in initialization(lhash_create)\n"); + return 0; diff --git a/7097eec17bc01bcfc12c4d299136b2d3b94ec3d7 b/7097eec17bc01bcfc12c4d299136b2d3b94ec3d7 new file mode 100644 index 0000000..85b61e0 --- /dev/null +++ b/7097eec17bc01bcfc12c4d299136b2d3b94ec3d7 @@ -0,0 +1,51 @@ +commit 7097eec17bc01bcfc12c4d299136b2d3b94ec3d7 +Author: Cheyenne Wills +Date: Thu Jun 6 10:42:57 2024 -0600 + + Linux 6.10: Move 'inline' before func return type + + With Linux 6.10 commit: + "kbuild: turn on -Wextra by default" (f5982cceb3) + there are additional compiler warnings that can turn + into build errors when --enable-checking is used. + + "error: ‘inline’ is not at beginning of declaration + [-Werror=old-style-declaration]" + + The error is due to the return type preceding the "inline" keyword + in function declarations. + + Fix the declarations for file_can_read_pages() and + afs_linux_readpage_fastpath() to have the proper ordering of the + static/inline keywords attributes so they precede the return type. + + Just a note that the `static` and `inline` keywords must precede a + function's return type. + + Change-Id: I3ff9d45c119e70a90faf18fbf6d49fb6b9adcf33 + Reviewed-on: https://gerrit.openafs.org/15768 + Reviewed-by: Andrew Deason + Tested-by: Andrew Deason + +diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c +index 18809c89f..c6c3bfe39 100644 +--- a/src/afs/LINUX/osi_vnodeops.c ++++ b/src/afs/LINUX/osi_vnodeops.c +@@ -2443,7 +2443,7 @@ afs_linux_read_cache(struct file *cachefp, struct page *page, + /* + * Return true if the file has a mapping that can read pages + */ +-static int inline ++static inline int + file_can_read_pages(struct file *fp) + { + #if defined(STRUCT_ADDRESS_SPACE_OPERATIONS_HAS_READ_FOLIO) +@@ -2456,7 +2456,7 @@ file_can_read_pages(struct file *fp) + return 0; + } + +-static int inline ++static inline int + afs_linux_readpage_fastpath(struct file *fp, struct page *pp, int *codep) + { + loff_t offset = page_offset(pp); diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..59dbb7d --- /dev/null +++ b/ChangeLog @@ -0,0 +1,956 @@ +commit b151451269ec41b5723484596e7dd40f9ab8824a (HEAD -> openafs-stable-1_8_x, origin/openafs-stable-1_8_x) +Author: Andrew Deason +Date: Tue Nov 12 20:29:24 2024 -0600 + + ptserver: Add xdr_namelist to liboafs_prot.la.sym + + Commit 1f5e1ef9e3 (OPENAFS-SA-2024-003: Run xdr_free for retried RPCs) + added a couple of references to xdr_namelist, which currently causes a + build failure on AIX: + + /bin/sh ../../libtool --quiet --mode=link --tag=CC xlc_r [...] -o pts pts.o ../../src/ptserver/liboafs_prot.la [...] + ld: 0711-317 ERROR: Undefined symbol: xdr_namelist + ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information. + make: 1254-004 The error code from the last command is 8. + + To avoid this, add xdr_namelist to liboafs_prot.la.sym. + + Reviewed-on: https://gerrit.openafs.org/15954 + Reviewed-by: Mark Vitale + Tested-by: BuildBot + Reviewed-by: Cheyenne Wills + Reviewed-by: Michael Meffie + (cherry picked from commit 4f82b5bd49a3c83c990d64d06cb6389969826208) + + Change-Id: I8a7272d1b94bd02295ef63b70a4247a4cf6e70f6 + Reviewed-on: https://gerrit.openafs.org/15955 + Tested-by: BuildBot + Reviewed-by: Andrew Deason + Reviewed-by: Cheyenne Wills + Reviewed-by: Mark Vitale + Reviewed-by: Michael Meffie + Reviewed-by: Benjamin Kaduk + +commit c1beae2622fe6fbdda2353a7da2090fc23595617 +Author: Benjamin Kaduk +Date: Fri Nov 8 14:03:53 2024 -0800 + + Make OpenAFS 1.8.13 + + Update version strings for the 1.8.13 release. + + Change-Id: Ic7f75226f3ba0f51f17c8e123c8cdbdab3ff6c7f + Reviewed-on: https://gerrit.openafs.org/15949 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 7ad61adb706bd53be287f8620ac67720434b3c24 +Author: Benjamin Kaduk +Date: Fri Nov 8 13:57:28 2024 -0800 + + Update NEWS for OpenAFS 1.8.13 + + Change-Id: I8e25f6d4719f403b07a8faad733d858a8872620f + Reviewed-on: https://gerrit.openafs.org/15948 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 37e585f0841803cdf3a1f99770034890ba162d7c +Author: Andrew Deason +Date: Thu Oct 15 21:07:17 2020 -0500 + + OPENAFS-SA-2024-003: xdr: Initialize memory for INOUT args + + CVE-2024-10397 + + Currently, there are a few callers of RPCs that specify some data for + an INOUT parameter, but do not initialize the memory for that data. + This can result in the uninitialized memory being sent to the peer + when the argument is processed as an IN argument. Simply clear the + relevant data before running the RPC to avoid this. + + The relevant RPCs and arguments are: + + - For RMTSYS_Pioctl, the 'OutData' argument. + + - For BUDB_GetVolumes, the 'volumes' argument. + -- via DBLookupByVolume -> bcdb_LookupVolume -> ubik_BUDB_GetVolumes + -- and via bc_Restorer -> bcdb_FindVolumes -> ubik_BUDB_GetVolumes + + - For KAA_Authenticate_old / KAA_Authenticate, this can happen with + the 'answer' argument in ka_Authenticate if KAA_AuthenticateV2 or + KAA_Authenticate return RXGEN_OPCODE, but the server manages to + populate oanswer.SeqLen with non-zero. + + For all of these, make sure the memory is blanked before running the + relevant RPC. For ka_Authenticate, reset oanswer.SeqLen to 0 to avoid + sending any data, but still blank 'answer' and 'answer_old' just to be + safe. + + FIXES 135043 + + Reviewed-on: https://gerrit.openafs.org/15925 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit c4e28c2afe743aa323be57ef3b0faec13027e678) + + Change-Id: If44320c1efde98c53eed88099cd978ef89f4c0d8 + Reviewed-on: https://gerrit.openafs.org/15947 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 4871f8ad2775e97bb85ff7efc33a4ad8d3f6d9d1 +Author: Andrew Deason +Date: Fri Oct 16 10:55:15 2020 -0500 + + OPENAFS-SA-2024-003: sys: Don't over-copy RMTSYS_Pioctl output data + + CVE-2024-10397 + + Here, 'OutData' only has OutData.rmtbulk_len bytes in it. We know that + OutData.rmtbulk_len is at most data->out_size, but it could be + smaller. So, only copy OutData.rmtbulk_len bytes, not data->out_size, + since data->out_size could be more than the number of bytes we have + allocated in OutData. + + FIXES 135043 + + Reviewed-on: https://gerrit.openafs.org/15924 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit f31a79d749abc8e64a8d9ac748bb2b5457875099) + + Change-Id: Ic05751d05c7c8862770188131110cc602c9b93b7 + Reviewed-on: https://gerrit.openafs.org/15946 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 25ad3931d5c03ead625a96e6b626febeb3e20453 +Author: Andrew Deason +Date: Fri Oct 16 10:52:03 2020 -0500 + + OPENAFS-SA-2024-003: Run xdr_free for retried RPCs + + CVE-2024-10397 + + A few areas of code retry the same RPC, like so: + + do { + code = VL_SomeRPC(rxconn, &array_out); + } while (some_condition); + xdr_free((xdrproc_t) xdr_foo, &array_out); + + Or try a different version/variant of an RPC (e.g. + VLDB_ListAttributesN2 -> VLDB_ListAttributes). + + If the first RPC call causes the output array to be allocated with + length N, then the subsequent RPC calls may fail if the server + responds with an array larger than N. + + Furthermore, if the subsequent call responds with an array smaller + than N, then when we xdr_free the array, our length will be smaller + than the actual number of allocated elements. That results in two + potential issues: + + - We'll fail to free the elements at the end of the array. This is + only a problem if each element in the array also uses + dynamically-allocated memory (e.g. each element contains a string or + another array). Fortunately, there are only a few such structures in + any of our RPC-L definitions: SysNameList and CredInfos. And neither + of those are used in such a retry loop, so this isn't a problem. + + - We'll give the wrong length to osi_free when freeing the array + itself. This only matters for KERNEL, and only on some platforms + (such as Solaris), since the length given to osi_free is ignored + everywhere else. + + To avoid these possible issues, change the relevant retry loops to + free our xdr-allocated arrays on every iteration of the loop, like + this: + + do { + xdr_free((xdrproc_t) xdr_foo, &array_out); + code = VL_SomeRPC(rxconn, &array_out); + } while (some_condition); + xdr_free((xdrproc_t) xdr_foo, &array_out); + + Or like this: + + do { + code = VL_SomeRPC(rxconn, &array_out); + xdr_free((xdrproc_t) xdr_foo, &array_out); + } while (some_condition); + + FIXES 135043 + + Reviewed-on: https://gerrit.openafs.org/15923 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 1f5e1ef9e35f6b5e8693c91199c976d5e030c0d0) + + Change-Id: I77ce3a904d502784cbf356e113972dfab838256e + Reviewed-on: https://gerrit.openafs.org/15945 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit a82212ab20f0635a40c52648a52a1e9eaccc4937 +Author: Andrew Deason +Date: Thu Oct 15 20:30:14 2020 -0500 + + OPENAFS-SA-2024-003: xdr: Ensure correct string length in xdr_string + + CVE-2024-10397 + + Currently, if a caller calls an RPC with a string output argument, + like so: + + { + char *str = NULL; + code = RXAFS_SomeCall(&str); + /* do something with 'str' */ + xdr_free((xdrproc_t) xdr_string, &str); + } + + Normally, xdr_free causes xdr_string to call osi_free, specifying the + same size that we allocated for the string. However, since we only + have a char*, the amount of space allocated for the string is not + recorded separately, and so xdr_string calculates the size of the + buffer to free by using strlen(). + + This works for well-formed strings, but if we fail to decode the + payload of the string, or if our peer gave us a string with a NUL byte + in the middle of it, then strlen() may be significantly less than the + actual allocated size. And so in this case, the size given to osi_free + will be wrong. + + The size given to osi_free is ignored in userspace, and for KERNEL on + many platforms like Linux and DARWIN. However, it is notably not + ignored for KERNEL on Solaris and some other less supported platforms + (HPUX, Irix, NetBSD). At least on Solaris, an incorrect size given to + osi_free can cause a system panic or possibly memory corruption. + + To avoid this, change xdr_string during XDR_DECODE to make sure that + strlen() of the string always reflects the allocated size. If we fail + to decode the string's payload, replace the payload with non-NUL bytes + (fill it with 'z', an arbitrary choice). And if we do successfully + decode the payload, check if the strlen() is wrong (that is, if the + payload contains NUL '\0' bytes), and fail if so, also filling the + payload with 'z'. This is only strictly needed in KERNEL on certain + platforms, but do it everywhere so our behavior is consistent. + + FIXES 135043 + + Reviewed-on: https://gerrit.openafs.org/15922 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 7d0675e6c6a2f3200a3884fbe46b3ef8ef9ffd24) + + Change-Id: Ieb8827474a7458ce80176b14ce87f3402aed7a86 + Reviewed-on: https://gerrit.openafs.org/15944 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 0ff2cd9e0f5656e8327c5fe47935998de3669678 +Author: Andrew Deason +Date: Thu Oct 15 23:18:53 2020 -0500 + + OPENAFS-SA-2024-003: Check sanity on lengths of RPC returned arrays + + CVE-2024-10397 + + Various RPCs return a variable-length array in an OUT argument, but + are only supposed to return specific sizes. A few instances of this + include the following (but this is not an exhaustive list): + + - AFSVolListOneVolume should only return a single volintInfo. + + - PR_NameToID should return the same number of IDs as names given. + + - VL_GetAddrsU should return the same number of addresses as the + 'nentries' OUT argument. + + Some callers of these RPCs just assume that the server has not + violated these rules. If the server responds with a nonsensical array + size, this could cause us to read beyond the end of the array, or + cause a NULL dereference or other errors. + + For example, some callers of VL_GetAddrsU will iterate over 'nentries' + addresses, even if the 'blkaddrs' OUT argument contains fewer entries. + Or with AFSVolListOneVolume, some callers assume that at least 1 + volintInfo has been returned; if 0 have been returned, we can try to + access a NULL array. + + To avoid all of this, add various sanity checks on the relevant + returned lengths of these RPCs. For most cases, if the lengths are not + sane, return an internal error from the appropriate subsystem (or + RXGEN_CC_UNMARSHAL if there isn't one). For VL_GetAddrsU, if + 'nentries' is too long, just set it to the length of the returned + array. + + FIXES 135043 + + Reviewed-on: https://gerrit.openafs.org/15921 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit c732715e4ee78ed1e2414c813ae5a4b3574107a0) + + Change-Id: I2cfc0723f4c3a2692238fa1e59145aceee17e0d6 + Reviewed-on: https://gerrit.openafs.org/15943 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit d253a52d3b59bd691eae8863ea2f06d99ad18550 +Author: Andrew Deason +Date: Sun Oct 4 23:04:06 2020 -0500 + + OPENAFS-SA-2024-003: xdr: Prevent XDR_DECODE buffer overruns + + CVE-2024-10397 + + When making an RPC call from a client, output arguments that use + arrays (or array-like objects like strings and opaques) can be + allocated by XDR, like so: + + { + struct idlist ids; + + ids.idlist_val = NULL; + ids.idlist_len = 0; + code = PR_NameToID(rxconn, names, &ids); + /* data inside ids.idlist_val[...] */ + xdr_free((xdrproc_t) xdr_idlist, &ids); + } + + With this approach, during XDR_DECODE, xdr_array() reads in the number + of array elements from the peer, then allocates enough memory to hold + that many elements, and then reads in the array elements. + + Alternatively, the caller can provide preallocated memory, like so: + + { + struct idlist ids; + afs_int32 ids_buf[30]; + + ids.idlist_val = ids_buf; + ids.idlist_len = 30; + code = PR_NameToID(rxconn, names, &ids); + /* data inside ids.idlist_val[...] */ + } + + With this approach, during XDR_DECODE, xdr_array() reads in the number + of array elements from the peer, and then reads in the array elements + into the supplied buffer. However, in this case, xdr_array() never + checks that the number of array elements will actually fit into the + supplied buffer; the _len field provided by the caller is just ignored. + In this example, if the ptserver responds with 50 elements for the 'ids' + output argument, xdr_array() will write 50 afs_int32's into + 'ids.idlist_val', going beyond the end of the 30 elements that are + actually allocated. + + It's also possible, and in fact very easy, to use xdr-allocated + buffers and then reuse them as a preallocated buffer, possibly + accidentally. For example: + + { + struct idlist ids; + + ids.idlist_val = NULL; + ids.idlist_len = 0; + while (some_condition) { + code = PR_NameToID(rxconn, names, &ids); + } + } + + In this case, the first call to PR_NameToID can cause the buffer for + 'ids' to be allocated by XDR, which will then be reused by the + subsequent calls to PR_NameToId. Note that this can happen even if the + first PR_NameToID call fails; the call can be aborted after the output + array is allocated. + + Retrying an RPC in this way is effectively what all ubik_Call* + codepaths do (including all ubik_* wrappers, e.g. ubik_PR_NameToID). + Or some callers retry effectively the same RPC when falling back to + earlier versions (e.g. VL_ListAttributesN2 -> VL_ListAttributesN). + + To prevent this for arrays and opaques, change xdr_array (and + xdr_bytes) to check if the _len field for preallocated buffers is + large enough, and return failure if it's not. + + Also perform the same check for the ka_CBS and ka_BBS structures. These + are mostly the same as opaques, but they have custom serialization + functions in src/kauth/kaaux.c. ka_BBS also has two lengths: the actual + length of bytes, and a 'max' length. ka_CBS isn't used for any RPC + output arguments, but fix it for consistency. + + For strings, the situation is complicated by the fact that callers + cannot pass in how much space was allocated for the string, since + callers only provide a char**. So for strings, just refuse to use a + preallocated buffer at all, and return failure if one is provided. + + Note that for some callers using preallocated arrays or strings, the + described buffer overruns are not possible, since the preallocated + buffers are larger than the max length specified in the relevant + RPC-L. For example, afs_DoBulkStat() allocates AFSCBMAX entries for + the output args for RXAFS_InlineBulkStatus, which is the max length + specified in the RPC-L, so a buffer overrun is impossible. But since + it is so easy to allow a buffer overrun, enforce the length checks for + everyone. + + FIXES 135043 + + Reviewed-on: https://gerrit.openafs.org/15920 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 13413eceed80d106cbed5ffb91c4dfbc8cccf55c) + + Change-Id: I1010d2fa309d4a441ebaf285168c2e7e887753b9 + Reviewed-on: https://gerrit.openafs.org/15942 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit c18640c6b98b10cd6f78c63195ff822689cb5348 +Author: Andrew Deason +Date: Thu Jun 13 15:30:50 2024 -0500 + + OPENAFS-SA-2024-003: xdr: Set _len for prealloc'd opaque/array OUT args + + CVE-2024-10397 + + Currently, a few RPCs with arrays or opaque OUT arguments are called + with preallocated memory for the arg, but also provide a _len of 0 (or + an uninitialized _len). This makes it impossible for the xdr routine to + tell whether we have allocated enough space to actually hold the + response from the server. + + To help this situation, either specify an appropriate _len for the + preallocated value (cm_IoctlGetACL, fsprobe_LWP), or don't provide a + preallocated buffer at all and let xdr allocate a buffer for us + (PGetAcl). + + Note that this commit doesn't change xdr to actually check the value of + the given _len; but now a future commit can do so without breaking + callers. + + FIXES 135043 + + Reviewed-on: https://gerrit.openafs.org/15919 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit b2b1110ddd9e19670dbc6a3217dc2a74af432f82) + + Change-Id: Ibdee49b79da1476c4e606bcad5fb3d08eb259ad7 + Reviewed-on: https://gerrit.openafs.org/15941 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 40440c3eb628ff1772588bdc99d7496292097bbd +Author: Andrew Deason +Date: Thu Jun 13 15:28:38 2024 -0500 + + OPENAFS-SA-2024-003: xdr: Avoid prealloc'd string OUT args + + CVE-2024-10397 + + Currently, several callers call RPCs with string OUT arguments, and + provide preallocated memory for those arguments. This can easily allow a + response from the server to overrun the allocated buffer, stomping over + stack or heap memory. + + We could simply make our preallocated buffers larger than the maximum + size that the RPC allows, but relying on that is error prone, and + there's no way for XDR to check if a string buffer is large enough. + + Instead, to make sure we don't overrun a given preallocated buffer, + avoid giving a preallocated buffer to such RPCs, and let XDR allocate + the memory for us. + + Specifically, this commit changes several callers to + RXAFS_GetVolumeStatus(), and one caller of BOZO_GetInstanceParm(), to + avoid passing in a preallocated string buffer. + + All other callers of RPCs with string OUT args already let XDR allocate + the buffers for them. + + FIXES 135043 + + Reviewed-on: https://gerrit.openafs.org/15918 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 00a1b266af51a828a022c23e7bb006a39740eaad) + + Change-Id: Ib174d008eaf1fd10d42702bcdb607e45b26acf58 + Reviewed-on: https://gerrit.openafs.org/15940 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit fec84e347768080e4370e5aeb05886bfe19ae54b +Author: Michael Meffie +Date: Fri Mar 10 17:51:17 2023 -0500 + + xdr: Avoid xdr_string maxsize check when freeing + + The maxsize argument in xdr_string() is garbage when called by + xdr_free(), since xdr_free() only passes the XDR handle and the xdr + string to be freed. Sometimes the size check fails and xdr_string() + returns early, without freeing the string and without setting the object + pointer to NULL. + + Usually this just results in leaking the string's memory. But since + commit 9ae5b599c7 (bos: Let xdr allocate rpc output strings), many + callers in bos.c rely on xdr_free(xdr_string) to set the given string + to NULL; if this doesn't happen, subsequent calls to BOZO_ RPCs can + corrupt memory, often causing the 'bos' process to segfault. + + We only need the maxsize check when encoding or decoding, so avoid + accessing the maxsize agument when the op mode is XDR_FREE. + + In general, xdr_free() can only safely be used on xdr 2-argument xdr + functions, so must be avoided when freeing xdr opaque, byte, and union + types. + + This change makes it safe to use xdr_free() to free xdr strings, but in + the future, we should provide a typesafe and less fragile function for + freeing xdr strings returned from RPCs. Currently, xdr_free(xdr_string) + is only called by the bos client and the tests. + + Reviewed-on: https://gerrit.openafs.org/15343 + Tested-by: BuildBot + Reviewed-by: Benjamin Kaduk + (cherry picked from commit bbb1e8adfed6804ac6fbae0a073dc6927096e16a) + + Change-Id: I1f190d28acab5fa1621919f283571fcacb495ce4 + Reviewed-on: https://gerrit.openafs.org/15939 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 21941c0ab2d28fa3a074f46e4d448d518a7c1b8a +Author: Andrew Deason +Date: Tue Nov 5 23:40:24 2024 -0600 + + OPENAFS-SA-2024-002: Avoid uninitialized memory when parsing ACLs + + CVE-2024-10396 + + Several places in the tree parse ACLs using sscanf() calls that look + similar to this: + + sscanf(str, "%d dfs:%d %s", &nplus, &dfs, cell); + sscanf(str, "%100s %d", tname, &trights); + + Some callers check whether the scanf() returns negative or 0, but some + callers do not check the return code at all. If only some of the fields + are present in the sscanf()'d string (because, for instance, the ACL is + malformed), some of the arguments are left alone, and may be set to + garbage if the relevant variable was never initialized. + + If the parsed ACL is copied to another ACL, this can result in the + copied ACL containing uninitialized memory. + + To avoid this, make sure all of the variables passed to sscanf() and + similar calls are initialized before parsing. This commit does not + guarantee that the results make sense, but at least the results do not + contain uninitialized memory. + + Reviewed-on: https://gerrit.openafs.org/15917 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit ac602a0a5624b0f0ab04df86f618d09f2a4ad063) + + Change-Id: I00245c12993683eb3b58d51cf77742f758bac120 + Reviewed-on: https://gerrit.openafs.org/15938 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit a9ede52673b8c8abbfc2577ac6987a8a5686206f +Author: Benjamin Kaduk +Date: Mon Nov 4 20:50:50 2024 -0800 + + OPENAFS-SA-2024-002: make VIOCGETAL consumers stay within string bounds + + CVE-2024-10396 + + After the preceding commits, the data returned by the VIOCGETAL + pioctl (a RXAFS_FetchAcl wrapper) will safely be NUL-terminated. + However, the callers that attempt to parse the ACL string make + assumptions that the returned data will be properly formatted, + and implement a "skip to next line" functionality (under various + names) that blindly increments a char* until it finds a newline + character, which can read past the end of even a properly + NUL-terminated string if there is not a newline where one is + expected. + + Adjust the various "skip to next line" functionality to keep + the current string pointer at the trailing NUL if the end of the + string is reached while searching for a newline. + + Reviewed-on: https://gerrit.openafs.org/15916 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit a4ecb050540528a1bff840ff08d21f99e6ef3fbf) + + Change-Id: Id2d8c0164cfaa7d03a9e37b29ff58b88cf815483 + Reviewed-on: https://gerrit.openafs.org/15937 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit a96a3160f5425125588f39f5ac612df3ef9b9a8a +Author: Benjamin Kaduk +Date: Mon Nov 4 20:50:50 2024 -0800 + + OPENAFS-SA-2024-002: verify FetchACL returned only a string + + CVE-2024-10396 + + Supplement the previous commit by additionally verifying that + the returned ACL string occupies the entire XDR opaque, rejecting + any values returned that have an internal NUL prior to the end + of the opaque. + + Reviewed-on: https://gerrit.openafs.org/15915 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 7e13414e8ea995d438cde3e60988225f3ab4cbcd) + + Change-Id: I107f89e3d8a5c3c5cd67f6296742bfca7cace0e1 + Reviewed-on: https://gerrit.openafs.org/15936 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 64068705b15661a8d4e0b9f9f2ad4aec34ed51a7 +Author: Benjamin Kaduk +Date: Mon Nov 4 20:33:16 2024 -0800 + + OPENAFS-SA-2024-002: verify FetchACL returned a valid string + + CVE-2024-10396 + + Analogously to how a call to RXAFS_StoreACL() with a malformed + ACL string can cause a fileserver to perform invalid memory operations, + a malformed ACL string returned in response to a call to RXAFS_FetchACL() + can cause a client to perform invalid memory operations. + + Modify all the in-tree callers of the RPC to verify that the ACL + data, which is conveyed as an XDR 'opaque' but whose contents + are actually expected to be a string, is a valid C string. If + a zero-length opaque or one without a trailing NUL is received, + treat that as an error response from the fileserver rather than + returning success. + + The Unix cache manager's pioctl handler already has logic to cope with a + zero-length reply by emitting a single NUL byte to userspace. This + special-casing seems to have been in place from the original IBM import, + though it does so by confusingly "skipping over" a NUL byte already put + in place. For historical compatibility, preserve that behavior rather + than treating the zero-length reply as an error as we do for the other + callers. It seems likely that this location should treat a zero-length + reply as an error just as the other call sites do, but that can be done + as a later change. + + Reviewed-on: https://gerrit.openafs.org/15914 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 0b1ccb0dbc3b7673558eceff3d672971f5bb0197) + + Change-Id: Ifbce762d76641f08b5fc5e79b4c8dad07c1a135a + Reviewed-on: https://gerrit.openafs.org/15935 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit bb01d76a2095baa65880bdc5d504e7a198958265 +Author: Andrew Deason +Date: Wed Aug 21 00:41:49 2024 -0500 + + OPENAFS-SA-2024-002: viced: Avoid unchecked ACL in StoreACL audit log + + CVE-2024-10396 + + Currently in SRXAFS_StoreACL, if CallPreamble() or check_acl() fail, we + will jump to Bad_StoreACL, which will pass the ACL string from the + client to osi_auditU. Since check_acl() hasn't yet checked if the given + ACL contains a NUL byte, the ACL may be an unterminated string. If + auditing is enabled, this can cause garbage to be logged to the audit + log, or cause the fileserver to crash. + + To avoid this, set 'rawACL' to NULL at first, only setting it to the + actual ACL string after check_acl() has succeeded. This ensures that all + code accessing 'rawACL' is guaranteed to be using a terminated string. + + This may mean that we pass a NULL AUD_ACL to osi_auditU. Our auditing + code explicitly checks for and handles handles NULL strings, so this is + fine. + + FIXES 135445 + + Reviewed-on: https://gerrit.openafs.org/15913 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit c9eae1e8b26144063e5d1db23d47ee82c4b9ef3a) + + Change-Id: Ieda6f910d875c4b5179011e5e93e5694d3f4ce47 + Reviewed-on: https://gerrit.openafs.org/15934 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit ee020f7cba7d82bc3d4b468210b5052af53c5db5 +Author: Andrew Deason +Date: Wed Aug 21 00:29:34 2024 -0500 + + OPENAFS-SA-2024-002: viced: Introduce 'rawACL' in StoreACL + + CVE-2024-10396 + + Change our StoreACL implementation to refer to the 'AccessList' argument + via a new local variable called 'rawACL'. This makes it clearer to + users that the data is a string, and makes it easier for future commits + to make sure we don't access the 'AccessList' argument in certain + situations. + + Update almost all users in StoreACL to refer to 'rawACL' instead of + 'AccessList'. Change the name of 'AccessList' to 'uncheckedACL' to make + sure we don't miss any users. Update our check_acl() call to use + 'uncheckedACL' (and not 'rawACL'), because it must use an AFSOpaque to + check the ACL. + + Change RXStore_AccessList() and printableACL() to accept a plain char* + instead of a struct AFSOpaque. + + This commit should not incur any noticeable behavior change. Technically + printableACL() is changed to run strlen() on the given string, but this + should not cause any noticeable change in behavior: + + This change could cause printableACL() to process less of the string + than before, if the string contains a NUL byte before the end of the + AFSOpaque buffer. But this doesn't matter, since the all of our code + after this treats the ACL as a plain string, and so doesn't look at any + data beyond the first NUL. It's not possible for printableACL() to + process more data than before, because check_acl() has already checked + that the ACL string contains a NUL byte, so we must process + AFSOpaque_len bytes or fewer. + + FIXES 135445 + + Reviewed-on: https://gerrit.openafs.org/15912 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit eb8b93a971c6293cdfbf8cd3d9a6351a8cb76f81) + + [1.8: printableACL() does not exist in this branch.] + + Change-Id: I65b518acab26be0bb1854c29e46c90e5fee52d41 + Reviewed-on: https://gerrit.openafs.org/15933 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit d66caf8c04878724001839317637445708edef2c +Author: Andrew Deason +Date: Tue Sep 19 15:55:42 2023 -0500 + + OPENAFS-SA-2024-002: acl: Error on missing newlines when parsing ACL + + CVE-2024-10396 + + In acl_Internalize_pr(), each line in an ACL granting rights (positive + or negative) is sscanf()'d with "%63s\t%d\n", and then we try to + advance 'nextc' beyond the next newline character. + + However, sscanf()'ing "%63s\t%d\n" does not guarantee that there is a + newline in the given string. Whitespace characters in sscanf() are not + matched exactly, and may match any amount of whitespace (including + none at all). For example, a string like "foo 4" may be parsed by + sscanf(), but does not contain any newlines. + + If this happens, strchr(nextc, '\n') will return NULL, and we'll + advance 'nextc' to 0x1, causing a segfault when we next try to + dereference 'nextc'. + + To avoid this, check if 'nextc' is NULL after the strchr() call, and + return an error if so. + + FIXES 135445 + + Reviewed-on: https://gerrit.openafs.org/15911 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 96ab2c6f8a614d597a523b45871c5f64a50a7040) + + Change-Id: I666dfb2c401410865c1f98d9db1b342b52c8f628 + Reviewed-on: https://gerrit.openafs.org/15932 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 1e6e813188ecce62eb7af19385d911f63469bdb6 +Author: Andrew Deason +Date: Tue Sep 19 15:44:08 2023 -0500 + + OPENAFS-SA-2024-002: acl: Do not parse beyond end of ACL + + CVE-2024-10396 + + The early parsing code in acl_Internalize_pr() tries to advance + 'nextc' to go beyond the first two newlines in the given ACL string. + But if the given ACL string has no newlines, or only 1 newline, then + 'nextc' will point beyond the end of the ACL string, potentially + pointing to garbage. + + Intuitively, it may look like the ACL string must contain at least 2 + newlines because we have sscanf()'d the string with "%d\n%\d". + However, whitespace characters in sscanf() are not matched exactly + like non-whitespace characters are; a sequence of whitespace + characters matches any amount of whitespace (including none). So, a + string like "1 2" will be parsed by "%d\n%d\n", but will not contain + any newline characters. + + Usually this should result in a parse error from acl_Internalize_pr(), + but if the garbage happens to parse successfully, this could result in + unrelated memory getting stored to the ACL. + + To fix this, don't advance 'nextc' if we're already at the end of the + ACL string. + + FIXES 135445 + + Reviewed-on: https://gerrit.openafs.org/15910 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 35d218c1d17973c1412ea5dff1e23d9aae50c4c7) + + Change-Id: I7a7d136676e548adba5fa8d0003b5f8342332a86 + Reviewed-on: https://gerrit.openafs.org/15931 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit a07e50726df09c49dfe7b953c3e49eb98f310c09 +Author: Andrew Deason +Date: Mon Sep 18 16:14:07 2023 -0500 + + OPENAFS-SA-2024-002: viced: Free ACL on acl_Internalize_pr error + + CVE-2024-10396 + + Currently, we don't free 'newACL' if acl_Internalize_pr() fails. If + acl_Internalize_pr() has already allocated 'newACL', then the memory + associated with newACL will be leaked. This can happen if parsing the + given ACL fails at any point after successfully parsing the first + couple of lines in the ACL. + + Change acl_FreeACL() to make freeing a NULL acl a no-op, to make it + easier to make sure the acl has been freed. + + FIXES 135445 + + Reviewed-on: https://gerrit.openafs.org/15909 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit f4dfc2d7183f126bc4a45b5cabc78c3de020925f) + + Change-Id: If1554aa899542761ec6e6611394f2ee4f9379f22 + Reviewed-on: https://gerrit.openafs.org/15930 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit f74f960a18f559e683d6a1f5104e43c3ca93ecb8 +Author: Andrew Deason +Date: Mon Sep 18 16:13:57 2023 -0500 + + OPENAFS-SA-2024-002: viced: Refuse ACLs without '\0' in SRXAFS_StoreACL + + CVE-2024-10396 + + Currently, the fileserver treats the ACL given in RXAFS_StoreACL as a + string, even though it is technically an AFSOpaque and could be not + NUL-terminated. + + We give the ACL opaque/string to acl_Internalize_pr() to parse, which + will run off the end of the allocated buffer if the given ACL does not + contain a '\0' character. Usually this will result in a parse error + since we'll encounter garbage, but if the partially-garbage ACL + happens to parse successfully, some uninitialized data could make it + into the stored ACL. + + In addition, if the given ACL is an opaque of length 0, we'll still + give the opaque pointer to acl_Internalize_pr(). In this case, the + pointer will point to &memZero, which happens to contain a NUL byte, + and so is treated like an empty string (which is not a valid ACL). But + the fact that this causes no problems is somewhat a coincidence, and + so should also be avoided. + + To avoid both of these situations, just check if the given ACL string + contains a NUL byte. If it doesn't, or if it has length 0, refuse to + look at it and abort the call with EINVAL. + + FIXES 135445 + + Reviewed-on: https://gerrit.openafs.org/15908 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit e15decb318797f1d471588dc669c3e3b26f1b8b3) + + Change-Id: I0f447310db5a988b21e19bb5158bb564d4ea3d94 + Reviewed-on: https://gerrit.openafs.org/15929 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 57b655e4837d8660ebcc25d95efb09118adaff07 +Author: Andrew Deason +Date: Fri Jan 10 12:40:15 2020 -0600 + + OPENAFS-SA-2024-001: afs: Throttle PAG creation in afs_genpag() + + CVE-2024-10394 + + Currently, we only throttle PAG creation in afs_setpag(). But there + are several callers that call setpag() directly, not via afs_setpag; + notably _settok_setParentPag in afs_pioctl.c. When setpag() is called + with a PAG value of -1, it generates a new PAG internally without any + throttling. So, those callers effectively bypass the PAG throttling + mechanism, which allows a calling user to create PAGs without any + delay. + + To avoid this, move our afs_pag_wait call from afs_setpag() to + afs_genpag(), which all code uses to generate a new PAG value. This + ensures that PAG creation is always throttled for unprivileged users. + + FIXES 135062 + + Reviewed-on: https://gerrit.openafs.org/15907 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 0358648dbed7656e7bda30f6f0ea6e8e01bf6527) + + Change-Id: I7f8f475a913c6f62ca2c7a6fb00239e51a8a8c62 + Reviewed-on: https://gerrit.openafs.org/15928 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 20c22347b41eea2ebbdc0ab15f16c822af44df51 +Author: Andrew Deason +Date: Fri Jan 10 12:01:50 2020 -0600 + + OPENAFS-SA-2024-001: afs: Introduce afs_genpag() + + CVE-2024-10394 + + Currently, several areas in the code call genpag() to generate a new + PAG id, but the signature of genpag() is very limited. To allow for + the code in genpag() to return errors and to examine the calling + user's credentials, introduce a new function, afs_genpag(), that does + the same thing as genpag(), but accepts creds and allows errors to be + returned. + + Convert all existing callers to use afs_genpag() and to handle any + errors, though no errors are ever returned in this commit on its own. + + To ensure there are no old callers of genpag() left around, change the + existing genpag() to be called genpagval(), and declare it static. + + FIXES 135062 + + Reviewed-on: https://gerrit.openafs.org/14090 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit f701f704c7bc93cf5fd7cffaaa043cef6a99e77f) + + Change-Id: I675d6cb111ca74638a3b856a3c989dcb2fe6d534 + Reviewed-on: https://gerrit.openafs.org/15927 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk diff --git a/README.SUSE.openafs b/README.SUSE.openafs new file mode 100644 index 0000000..7a9e58b --- /dev/null +++ b/README.SUSE.openafs @@ -0,0 +1,109 @@ +Here is described installation of openafs server and client on SUSE linux. + +This text is based on AFS Quick Start Guide. The differences are: + - paths are adapted to SUSE installation + - uses Kerberos 5 authentization + +Complete OpenAFS documentation is at http://openafs.org + +SERVER SETUP +============ + +# choose an AFS cell name and a Kerberos realm name, the simplest setup is: +# - AFS cell name equal to DNS domain name +# - Kerberos realm name equal to uppercase AFS cell name + +# create a partition for AFS filesystem and mount it under /vicepa + +# start bosserver +/usr/sbin/bosserver -noauth & + +# setup basic cell information +bos setcellname your.afs.server your.cell.name -noauth + +# setup database servers processes +bos create your.afs.server ptserver simple /usr/lib/openafs/ptserver -cell your.cell.name -noauth +bos create your.afs.server buserver simple /usr/lib/openafs/buserver -cell your.cell.name -noauth +bos create your.afs.server vlserver simple /usr/lib/openafs/vlserver -cell your.cell.name -noauth + +# If you want to use the old afs authentization (not recommended): +# bos addkey your.afs.server -kvno 0 -cell your.cell.name -noauth + +# Authentication against heimdal krb5 server + +# Here you can set up kerberos realm if you dont have any, +# see documentation in package krb5-doc + +# restart kdc +rckrb5kdc restart +rckrb524d restart + +# create afs principal in kerberos database +kadmin.local + add_principal afs@YOUR.KERBEROS.REALM # create afs key, use random password + ktremove -k /etc/krb5.keytab afs all # delete old afs key if any + + # export the afs key to external keytab + # note the key version number (kvno), you will need it later for asetkey + ktadd -e des-cbc-crc:v4 afs@YOUR.KERBEROS.REALM + + add_principal admin@YOUR.KERBEROS.REALM # create admin principal + + quit # end kadmin.local + +rm /etc/openafs/server/KeyFile # delete the old afs key file if any + +# convert the afs key from /etc/krb5.keytab to /etc/openafs/server/KeyFile +# use displayed by ktadd +asetkey add /etc/krb5.keytab afs + +# give admin the permissions to control bosserver +bos adduser your.afs.server admin -cell your.cell.name -noauth + +# add admin to group system:administrators +pts createuser -name admin -id -cell your.cell.name -noauth +pts adduser admin system:administrators -cell your.cell.name -noauth + +# restart bos server +bos restart your.afs.server -all -cell your.cell.name -noauth + +# create fileserver processes +bos create your.afs.server fs fs /usr/lib/openafs/fileserver /usr/lib/openafs/volserver /usr/lib/openafs/salvager -cell your.cell.name -noauth + +# create root volume +vos create your.afs.server /vicepa root.afs -cell your.cell.name -noauth + +# restart bosserver with security enabled +rcopenafs-fileserver restart + + +CLIENT SETUP +============ + +IMPORTANT: Unfortunately, openafs client for linux kernel 2.6 has not reached +stable state yet. There may be problems. + +edit /etc/sysconfig/openafs-client, set at least + REGENERATE_CELL_INFO="yes" + THIS_CELL="your.cell.name" + THIS_CELL_SERVER="your.afs.server" + + If you are configuring first afs server and the volume root.cell does not + exist yet, you have to set also DYNROOT=no. After finishing the server + installaton it is better to change DYNROOT back to 'yes' as the client + behaves better on startup with network outage. + +# start afs client +rcopenafs-client start + +# login as admin +kinit admin +aklog -d # convert Kerberos 5 ticket to AFS token + +To enable transparent login via pam, install package pam_krb5 +and add 'call_modules=krb5afs' to /etc/security/pam_unix2.conf +For details look at pam_krb5afs(5), pam_krb5afs(8) and pam_unix2(8) manpages. + +Now you have working afs server and client. You can continue with chapter +"Configuring the Top Levels of the AFS Filespace" of AFS Quick Start Guide. + diff --git a/RELNOTES-stable-1_8_x b/RELNOTES-stable-1_8_x new file mode 100644 index 0000000..b3792f3 --- /dev/null +++ b/RELNOTES-stable-1_8_x @@ -0,0 +1,27 @@ + + + + + + + +OpenAFS + + + + + + + + + + + + diff --git a/afs3-bos.xml b/afs3-bos.xml new file mode 100644 index 0000000..7e7ea53 --- /dev/null +++ b/afs3-bos.xml @@ -0,0 +1,6 @@ + + + afs3-bos + OpenAFS basic overseer process (bosserver) + + diff --git a/afs3-callback.xml b/afs3-callback.xml new file mode 100644 index 0000000..05ae5a2 --- /dev/null +++ b/afs3-callback.xml @@ -0,0 +1,6 @@ + + + afs3-callback + OpenAFS callbacks to cache managers (clients) + + diff --git a/afs3-fileserver.xml b/afs3-fileserver.xml new file mode 100644 index 0000000..46178d9 --- /dev/null +++ b/afs3-fileserver.xml @@ -0,0 +1,6 @@ + + + afs3-fileserver + OpenAFS file server + + diff --git a/afs3-prserver.xml b/afs3-prserver.xml new file mode 100644 index 0000000..8c1de04 --- /dev/null +++ b/afs3-prserver.xml @@ -0,0 +1,6 @@ + + + afs3-prserver + OpenAFS users and groups database + + diff --git a/afs3-rmtsys.xml b/afs3-rmtsys.xml new file mode 100644 index 0000000..2e9fb94 --- /dev/null +++ b/afs3-rmtsys.xml @@ -0,0 +1,6 @@ + + + afs3-rmtsys + OpenAFS remote cache manager service + + diff --git a/afs3-update.xml b/afs3-update.xml new file mode 100644 index 0000000..98bcf6e --- /dev/null +++ b/afs3-update.xml @@ -0,0 +1,6 @@ + + + afs3-update + OpenAFS server-to-server updater + + diff --git a/afs3-vlserver.xml b/afs3-vlserver.xml new file mode 100644 index 0000000..cf7c181 --- /dev/null +++ b/afs3-vlserver.xml @@ -0,0 +1,6 @@ + + + afs3-vlserver + OpenAFS volume location database (VLDB) + + diff --git a/afs3-volser.xml b/afs3-volser.xml new file mode 100644 index 0000000..467d031 --- /dev/null +++ b/afs3-volser.xml @@ -0,0 +1,6 @@ + + + afs3-volser + OpenAFS volume managment server (volserver) + + diff --git a/d8b56f21994ce66d8daebb7d69e792f34c1a19ed b/d8b56f21994ce66d8daebb7d69e792f34c1a19ed new file mode 100644 index 0000000..11fc868 --- /dev/null +++ b/d8b56f21994ce66d8daebb7d69e792f34c1a19ed @@ -0,0 +1,76 @@ +commit d8b56f21994ce66d8daebb7d69e792f34c1a19ed +Author: Cheyenne Wills +Date: Wed Jun 12 14:24:01 2024 -0600 + + afs: avoid empty-body warning + + With Linux 6.10 commit: + "kbuild: turn on -Wextra by default" (f5982cceb3) + there are additional compiler warnings that can turn + into build errors when --enable-checking is used. + + "error: suggest braces around empty body in an ‘if’ + statement [-Werror=empty-body]" + + when there is an empty body, e.g. + if (foo) + ; + + Most cases are due to the macros afs_PutCell and afs_PutServer which are + "empty" macros. + + Update the afs_PutCell and afs_PutServer macros so they expand to + do {} while(0) + + Add a comment at the definitions for afs_PutCell and afs_PutServer to + document the reason for keeping them. + + Add braces to conditionals that have an empty body. + + There are no functional changes with this commit. + + Change-Id: I359723eb6a19d1c78449902b4f477da131b0fa18 + Reviewed-on: https://gerrit.openafs.org/15766 + Reviewed-by: Michael Meffie + Tested-by: BuildBot + Reviewed-by: Andrew Deason + +diff --git a/src/afs/afs.h b/src/afs/afs.h +index 4bde047e8..621a8a517 100644 +--- a/src/afs/afs.h ++++ b/src/afs/afs.h +@@ -349,7 +349,8 @@ struct cell_alias { + char *cell; + }; + +-#define afs_PutCell(cellp, locktype) ++/* In case someday a counterpart for afs_GetCell is needed */ ++#define afs_PutCell(cellp, locktype) do {} while(0) + + /* the unixuser flag bit definitions */ + #define UHasTokens 1 /* are the st and ct fields valid (ever set)? */ +@@ -537,7 +538,8 @@ struct server { + afs_int32 capabilities; + }; + +-#define afs_PutServer(servp, locktype) ++/* In case someday a counterpart for afs_GetServer is needed */ ++#define afs_PutServer(servp, locktype) do {} while(0) + + /* structs for some pioctls - these are (or should be) + * also in venus.h +diff --git a/src/afs/afs_cbqueue.c b/src/afs/afs_cbqueue.c +index 2dd633588..11e3aa3f1 100644 +--- a/src/afs/afs_cbqueue.c ++++ b/src/afs/afs_cbqueue.c +@@ -139,7 +139,9 @@ afs_DequeueCallback(struct vcache *avc) + debugvc = avc; + if (avc->callsort.prev) { + QRemove(&(avc->callsort)); +- } else; /* must have got dequeued in a race */ ++ } else { ++ /* must have got dequeued in a race */ ++ } + + return; + } /* afs_DequeueCallback */ diff --git a/handle_backports.diff b/handle_backports.diff new file mode 100644 index 0000000..dfe4155 --- /dev/null +++ b/handle_backports.diff @@ -0,0 +1,11 @@ +--- a/src/afs/LINUX/osi_vnodeops.c ++++ b/src/afs/LINUX/osi_vnodeops.c +@@ -971,7 +971,7 @@ + # else + .splice_write = generic_file_splice_write, + # endif +-# if LINUX_VERSION_CODE >= KERNEL_VERSION(6,5,0) ++# if LINUX_VERSION_CODE >= KERNEL_VERSION(6,4,0) + .splice_read = filemap_splice_read, + # else + .splice_read = generic_file_splice_read, diff --git a/kernel-source.build-modules.sh b/kernel-source.build-modules.sh new file mode 100644 index 0000000..55a308c --- /dev/null +++ b/kernel-source.build-modules.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +if [ $# != 1 ]; then + echo building a openafs-kernel module for the running kernel + echo Need one of: build build_debug install + exit 1 +fi + +rootdir=`cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd` + +if [ -z "$rootdir" ]; then + echo "failed to determine the dirname of this script" + exit 1 +fi + +cd "$rootdir" + +LOGFILE=libafs_tree/build.log +kernel_flavour=`uname -r | awk -F- '{print $NF}'` +kernel_version=`uname -r | sed "s/-$kernel_flavour//"` +arch=`uname -m` + +suse_flavour=`cat /etc/os-release | grep PRETTY_NAME | awk -F '=' '{print $2}'` +suse_version=`cat /etc/os-release | grep VERSION_ID | awk -F '=' '{print $2}'` + +echo This SUSE is version $suse_version of flavour $suse_flavour +echo you are running the kernel \"$kernel_version\" of flavour \"$kernel_flavour\" on \"$arch\" +echo all output is saved into $LOGFILE + +if [ $1 == "build_debug" ]; then + DEBUG_OPT="--enable-debug-kernel" +fi + +if [ $1 == "build" -o $1 == "build_debug" ]; then + cd libafs_tree + echo calling configure... + ./configure --with-linux-kernel-headers=/usr/src/linux/ --with-linux-kernel-build=/usr/src/linux-obj/$arch/$kernel_flavour $DEBUG_OPT > build.log 2>&1 + if [ $? != 0 ]; then + echo configure failed! See $LOGFILE for details + exit $? + fi + echo calling make + make >> build.log 2>&1 + if [ $? != 0 ]; then + echo make failed! See $LOGFILE for details + exit $? + fi + echo + echo build sucessfull! + echo Now run $0 install to install the kernel-modules + exit 0 +fi + + +if [ $1 == "install" ]; then + module_files="afspag.ko libafs.ko" + build_dir=libafs_tree/src/libafs/MODLOAD-$kernel_version-$kernel_flavour-MP/ + install_dir=/lib/modules/$kernel_version-$kernel_flavour + echo installing kernel-modules into + for mod in $module_files; do + cp -v $build_dir/$mod $install_dir/$mod + done + /sbin/depmod -a +fi diff --git a/kmp_only.files b/kmp_only.files new file mode 100644 index 0000000..105656b --- /dev/null +++ b/kmp_only.files @@ -0,0 +1,99 @@ +/usr/bin/aklog +/usr/bin/fs +/usr/bin/klog.krb5 +/usr/bin/pagsh +/usr/bin/pagsh.krb +/usr/bin/tokens +/usr/bin/tokens.krb +/usr/bin/unlog +/usr/bin/up +/usr/lib/firewalld/services/afs3-callback.xml +/usr/lib/firewalld/services/afs3-rmtsys.xml +/usr/sbin/afsd +/usr/sbin/fstrace +/usr/share/man/man1/aklog.1 +/usr/share/man/man1/copyauth.1 +/usr/share/man/man1/fs.1 +/usr/share/man/man1/fs_apropos.1 +/usr/share/man/man1/fs_bypassthreshold.1 +/usr/share/man/man1/fs_checkservers.1 +/usr/share/man/man1/fs_checkvolumes.1 +/usr/share/man/man1/fs_chgrp.1 +/usr/share/man/man1/fs_chown.1 +/usr/share/man/man1/fs_cleanacl.1 +/usr/share/man/man1/fs_copyacl.1 +/usr/share/man/man1/fs_cscpolicy.1 +/usr/share/man/man1/fs_discon.1 +/usr/share/man/man1/fs_diskfree.1 +/usr/share/man/man1/fs_examine.1 +/usr/share/man/man1/fs_exportafs.1 +/usr/share/man/man1/fs_flush.1 +/usr/share/man/man1/fs_flushall.1 +/usr/share/man/man1/fs_flushmount.1 +/usr/share/man/man1/fs_flushvolume.1 +/usr/share/man/man1/fs_getcacheparms.1 +/usr/share/man/man1/fs_getcalleraccess.1 +/usr/share/man/man1/fs_getcellstatus.1 +/usr/share/man/man1/fs_getclientaddrs.1 +/usr/share/man/man1/fs_getcrypt.1 +/usr/share/man/man1/fs_getfid.1 +/usr/share/man/man1/fs_getserverprefs.1 +/usr/share/man/man1/fs_getverify.1 +/usr/share/man/man1/fs_help.1 +/usr/share/man/man1/fs_listacl.1 +/usr/share/man/man1/fs_listaliases.1 +/usr/share/man/man1/fs_listcells.1 +/usr/share/man/man1/fs_listquota.1 +/usr/share/man/man1/fs_lsmount.1 +/usr/share/man/man1/fs_memdump.1 +/usr/share/man/man1/fs_messages.1 +/usr/share/man/man1/fs_minidump.1 +/usr/share/man/man1/fs_mkmount.1 +/usr/share/man/man1/fs_monitor.1 +/usr/share/man/man1/fs_newalias.1 +/usr/share/man/man1/fs_newcell.1 +/usr/share/man/man1/fs_nukenfscreds.1 +/usr/share/man/man1/fs_precache.1 +/usr/share/man/man1/fs_quota.1 +/usr/share/man/man1/fs_rmmount.1 +/usr/share/man/man1/fs_rxstatpeer.1 +/usr/share/man/man1/fs_rxstatproc.1 +/usr/share/man/man1/fs_setacl.1 +/usr/share/man/man1/fs_setcachesize.1 +/usr/share/man/man1/fs_setcbaddr.1 +/usr/share/man/man1/fs_setcell.1 +/usr/share/man/man1/fs_setclientaddrs.1 +/usr/share/man/man1/fs_setcrypt.1 +/usr/share/man/man1/fs_setquota.1 +/usr/share/man/man1/fs_setserverprefs.1 +/usr/share/man/man1/fs_setverify.1 +/usr/share/man/man1/fs_setvol.1 +/usr/share/man/man1/fs_storebehind.1 +/usr/share/man/man1/fs_sysname.1 +/usr/share/man/man1/fs_trace.1 +/usr/share/man/man1/fs_uuid.1 +/usr/share/man/man1/fs_whereis.1 +/usr/share/man/man1/fs_whichcell.1 +/usr/share/man/man1/fs_wscell.1 +/usr/share/man/man1/klog.krb5.1 +/usr/share/man/man1/pagsh.1 +/usr/share/man/man1/pagsh.krb.1 +/usr/share/man/man1/tokens.1 +/usr/share/man/man1/tokens.krb.1 +/usr/share/man/man1/unlog.1 +/usr/share/man/man1/up.1 +/usr/share/man/man5/afs_cache.5 +/usr/share/man/man5/afszcm.cat.5 +/usr/share/man/man5/cacheinfo.5 +/usr/share/man/man8/afsd.8 +/usr/share/man/man8/fstrace.8 +/usr/share/man/man8/fstrace_apropos.8 +/usr/share/man/man8/fstrace_clear.8 +/usr/share/man/man8/fstrace_dump.8 +/usr/share/man/man8/fstrace_help.8 +/usr/share/man/man8/fstrace_lslog.8 +/usr/share/man/man8/fstrace_lsset.8 +/usr/share/man/man8/fstrace_setlog.8 +/usr/share/man/man8/fstrace_setset.8 +/usr/share/openafs/C/afszcm.cat + diff --git a/logrotate.openafs-server b/logrotate.openafs-server new file mode 100644 index 0000000..cdae1f0 --- /dev/null +++ b/logrotate.openafs-server @@ -0,0 +1,11 @@ +/var/log/openafs/*Log { + daily + compress + dateext + rotate 7 + olddir /var/log/openafs/old + missingok + notifempty + create 640 root root + copytruncate +} diff --git a/openafs-client.service b/openafs-client.service new file mode 100644 index 0000000..30afaef --- /dev/null +++ b/openafs-client.service @@ -0,0 +1,21 @@ +[Unit] +Description=OpenAFS Client +Wants=network-online.target +After=syslog.target network-online.target +Before=remote-fs.target + +[Service] +Type=forking +RemainAfterExit=true +EnvironmentFile=/etc/sysconfig/openafs-client +ExecStartPre=/sbin/modprobe libafs +ExecStart=/usr/sbin/afsd $AFSD_ARGS +ExecStartPost=/usr/bin/fs sysname $SYSNAME +ExecStartPost=/usr/bin/fs setcrypt $CRYPT +ExecStop=/usr/bin/umount /afs +ExecStop=/usr/sbin/afsd -shutdown +ExecStop=/sbin/rmmod libafs +KillMode=none + +[Install] +WantedBy=multi-user.target remote-fs.target diff --git a/openafs-client.service.allow_unsupported b/openafs-client.service.allow_unsupported new file mode 100644 index 0000000..f68bdab --- /dev/null +++ b/openafs-client.service.allow_unsupported @@ -0,0 +1,20 @@ +[Unit] +Description=OpenAFS Client +Wants=network-online.target +After=syslog.target network-online.target +Before=remote-fs.target + +[Service] +Type=forking +RemainAfterExit=true +EnvironmentFile=/etc/sysconfig/openafs-client +ExecStartPre=/sbin/modprobe libafs --allow-unsupported +ExecStart=/usr/sbin/afsd $AFSD_ARGS +ExecStartPost=/usr/bin/fs sysname $SYSNAME +ExecStartPost=/usr/bin/fs setcrypt $CRYPT +ExecStop=/usr/bin/umount /afs +ExecStop=/usr/sbin/afsd -shutdown +ExecStop=/sbin/rmmod libafs + +[Install] +WantedBy=multi-user.target remote-fs.target diff --git a/openafs-fuse-client.service b/openafs-fuse-client.service new file mode 100644 index 0000000..3a339e4 --- /dev/null +++ b/openafs-fuse-client.service @@ -0,0 +1,19 @@ +[Unit] +Description=OpenAFS Client Service +Wants=network-online.target +After=syslog.target network-online.target +Before=remote-fs.target + +[Service] +Type=forking +RemainAfterExit=true +EnvironmentFile=/etc/sysconfig/openafs-fuse-client +ExecStart=/usr/sbin/afsd.fuse $AFSD_ARGS +ExecStartPost=/usr/bin/fs sysname $SYSNAME +ExecStartPost=/usr/bin/fs setcrypt $CRYPT +ExecStop=/usr/bin/umount /afs +ExecStop=/usr/sbin/afsd.fuse -shutdown +KillMode=none + +[Install] +WantedBy=multi-user.target remote-fs.target diff --git a/openafs-server.service b/openafs-server.service new file mode 100644 index 0000000..c33728f --- /dev/null +++ b/openafs-server.service @@ -0,0 +1,11 @@ +[Unit] +Description=OpenAFS Server +After=syslog.target network.target + +[Service] +EnvironmentFile=-/etc/sysconfig/openafs-server +ExecStart=/usr/sbin/bosserver -nofork $BOSSERVER_ARGS +ExecStop=/usr/sbin/bos shutdown localhost -wait -localauth + +[Install] +WantedBy=multi-user.target diff --git a/openafs-stable-1_8_x-doc.tar.bz2 b/openafs-stable-1_8_x-doc.tar.bz2 new file mode 100644 index 0000000..578c707 --- /dev/null +++ b/openafs-stable-1_8_x-doc.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0bad0e50318ab238b67d7c28ef2a7bb4fb3f352a8f09d9d8e09ef8a11bed1d8a +size 3374462 diff --git a/openafs-stable-1_8_x-doc.tar.bz2.md5 b/openafs-stable-1_8_x-doc.tar.bz2.md5 new file mode 100644 index 0000000..dc23f8f --- /dev/null +++ b/openafs-stable-1_8_x-doc.tar.bz2.md5 @@ -0,0 +1 @@ +d4e455c3407696747aa54b456ecf5d56 /home/hanke/obs/home:hauky:branches:filesystems/openafs/openafs-stable-1_8_x-doc.tar.bz2 diff --git a/openafs-stable-1_8_x-doc.tar.bz2.sha256 b/openafs-stable-1_8_x-doc.tar.bz2.sha256 new file mode 100644 index 0000000..96d46ac --- /dev/null +++ b/openafs-stable-1_8_x-doc.tar.bz2.sha256 @@ -0,0 +1 @@ +0bad0e50318ab238b67d7c28ef2a7bb4fb3f352a8f09d9d8e09ef8a11bed1d8a /home/hanke/obs/home:hauky:branches:filesystems/openafs/openafs-stable-1_8_x-doc.tar.bz2 diff --git a/openafs-stable-1_8_x-src.tar.bz2 b/openafs-stable-1_8_x-src.tar.bz2 new file mode 100644 index 0000000..029507c --- /dev/null +++ b/openafs-stable-1_8_x-src.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bf943e44b3d01b15f59e963f0ff2a4e4164deed600b70b493871cf1ed430dc00 +size 14642822 diff --git a/openafs-stable-1_8_x-src.tar.bz2.md5 b/openafs-stable-1_8_x-src.tar.bz2.md5 new file mode 100644 index 0000000..687f531 --- /dev/null +++ b/openafs-stable-1_8_x-src.tar.bz2.md5 @@ -0,0 +1 @@ +e4c0e018b69d0768abcd7942af57015a /home/hanke/obs/home:hauky:branches:filesystems/openafs/openafs-stable-1_8_x-src.tar.bz2 diff --git a/openafs-stable-1_8_x-src.tar.bz2.sha256 b/openafs-stable-1_8_x-src.tar.bz2.sha256 new file mode 100644 index 0000000..a31db0c --- /dev/null +++ b/openafs-stable-1_8_x-src.tar.bz2.sha256 @@ -0,0 +1 @@ +bf943e44b3d01b15f59e963f0ff2a4e4164deed600b70b493871cf1ed430dc00 /home/hanke/obs/home:hauky:branches:filesystems/openafs/openafs-stable-1_8_x-src.tar.bz2 diff --git a/openafs.CellAlias b/openafs.CellAlias new file mode 100644 index 0000000..83d3c83 --- /dev/null +++ b/openafs.CellAlias @@ -0,0 +1 @@ +openafs.org openafs diff --git a/openafs.SuidCells b/openafs.SuidCells new file mode 100644 index 0000000..473a0f4 diff --git a/openafs.ThisCell b/openafs.ThisCell new file mode 100644 index 0000000..c87b55d --- /dev/null +++ b/openafs.ThisCell @@ -0,0 +1 @@ +openafs.org diff --git a/openafs.cacheinfo b/openafs.cacheinfo new file mode 100644 index 0000000..374bb61 --- /dev/null +++ b/openafs.cacheinfo @@ -0,0 +1 @@ +/afs:/var/cache/openafs:102400 diff --git a/openafs.changes b/openafs.changes new file mode 100644 index 0000000..c9dddf6 --- /dev/null +++ b/openafs.changes @@ -0,0 +1,923 @@ +------------------------------------------------------------------- +Mon Nov 25 10:54:35 UTC 2024 - Christof Hanke + +- update to latest git branch stable-1_8_x, includes security update 1.8.13 +- change version to openafs-1.8.13.g... since the new stable release is 1.8.13 +- remove patch handle_backports.diff, it is now included upstream +- remove intermediate patches: + * 03b280649f5e22ed74c217d7c98c3416a2fa9052: Linux-6.10: remove includes for asm/ia32_unistd.h + * 0f6a3a402f4a66114da9231032bd68cdc4dee7bc: Linux-6.10: Use filemap_alloc_folio when avail + * 658942f2791fad5e33ec7542158c16dfc66eed39: Linux-6.10: define a wrapper for vmalloc + * d8b56f21994ce66d8daebb7d69e792f34c1a19ed: afs: avoid empty-body warning + * 7097eec17bc01bcfc12c4d299136b2d3b94ec3d7: Linux 6.10: Move 'inline' before func return type + +------------------------------------------------------------------- +Wed Aug 14 06:46:15 UTC 2024 - Christof Hanke + +- update to latest git branch stable-1_8_x +- change version to openafs-1.8.12-g... since the new stable release is 1.8.12 +- apply intermediate patches for kernel 6.10 + * 03b280649f5e22ed74c217d7c98c3416a2fa9052: Linux-6.10: remove includes for asm/ia32_unistd.h + * 0f6a3a402f4a66114da9231032bd68cdc4dee7bc: Linux-6.10: Use filemap_alloc_folio when avail + * 658942f2791fad5e33ec7542158c16dfc66eed39: Linux-6.10: define a wrapper for vmalloc + * d8b56f21994ce66d8daebb7d69e792f34c1a19ed: afs: avoid empty-body warning + * 7097eec17bc01bcfc12c4d299136b2d3b94ec3d7: Linux 6.10: Move 'inline' before func return type + +------------------------------------------------------------------- +Fri Jun 14 05:47:03 UTC 2024 - Christof Hanke + +- change source-code base to git branch stable-1_8_x + * required for keeping up with Linux kernel development. +- new versioning scheme: openafs-$LAST_OFFICIAL_RELEASE.git$DATE_OF_NEWEST_COMMIT +- add note in RELNOTES about this change +- update ChangeLog from git + +------------------------------------------------------------------- +Mon Feb 26 12:45:02 UTC 2024 - Dominique Leuenberger + +- Use %patch -P N instead of deprecated %patchN. + +------------------------------------------------------------------- +Mon Jan 29 09:56:45 UTC 2024 - Christof Hanke + +- update to openafs-1.8.11~pre1 +- remove intermediate patches for newer Linux-kernels: + * fef2457.diff + * d15c7ab.diff + * 63801cf.diff + * 538f450.diff + * 6de0a64.diff + * 5b647bf.diff + * 6413fdb.diff + * 4f1d810.diff + +------------------------------------------------------------------- +Mon Dec 11 04:58:30 UTC 2023 - Christof Hanke + +- patch upstream patch fef2457.diff for 6.5 to handle backport by SUSE + * handle_backports.diff + +------------------------------------------------------------------- +Fri Nov 10 08:53:16 UTC 2023 - Christof Hanke + +- apply upstream-patches for kernel 6.6: + * 5b647bf.diff + * 6413fdb.diff + * 4f1d810.diff + +- replace upstream-patch for kernel 6.5 474750a.diff by correct commit + 6de0a64.diff for branch openafs-stable-1_8_x + + +------------------------------------------------------------------- +Mon Oct 2 07:29:50 UTC 2023 - Christof Hanke + +- apply upstream-patches for kernel 6.5: + * 63801cf.diff + * d15c7ab.diff + * fef2457.diff + * 538f450.diff + * 474750a.diff + +------------------------------------------------------------------- +Mon Jul 10 10:24:31 UTC 2023 - Christof Hanke + +- update to official openafs-1.8.10 +- remove obsolete patches: + * 7a3ad3bc.diff + * b885159.diff + * f6fbb85.diff + * 4cf7a9a.diff + +------------------------------------------------------------------- +Tue May 30 12:21:37 UTC 2023 - Christof Hanke + +- remove obsolete macro-call %{stop_on_removal} from spec-file + +------------------------------------------------------------------- +Mon May 15 06:48:21 UTC 2023 - Christof Hanke + +- apply upstream-patches for kernel 6.3: + * f6fbb85.diff + * 7a3ad3bc.diff + +------------------------------------------------------------------- +Thu Mar 2 14:01:53 UTC 2023 - Christof Hanke + +- apply patch from upstream for kernel 6.2: + * b885159.diff +- change BuildArch for subpackage kernel-source to noarch + +------------------------------------------------------------------- +Wed Jan 4 08:14:39 UTC 2023 - Christof Hanke + +- update to offical openafs-1.8.9 + * all changes as openafs-1.8.9pre2 + * fix possible DoS attack + +------------------------------------------------------------------- +Mon Dec 12 07:40:28 UTC 2022 - Christof Hanke + +- update to openafs-1.8.9pre2 + * Support mainline kernels up to 6.0 + * Support for building with more recent compilers + * some bugfixes, more see RELNOTES +- remove obsolete patches: + * 79f03c2.diff + +------------------------------------------------------------------- +Wed Oct 12 16:19:20 UTC 2022 - Christof Hanke + +- update to openafs-1.8.9pre1 +- remove obsolete patches: + * 05b722d.diff + * cc8edf7.diff + * 6348262.diff +- apply patch for kernel 6.0: + * 79f03c2.diff + + +------------------------------------------------------------------- +Tue Aug 16 09:54:58 UTC 2022 - Christof Hanke + +- update to current of upstream-branch openafs-stable-1_8_x +- apply patches for 15.9: + * 05b722d.diff 6348262.diff cc8edf7.diff +- remove patches now in openafs-stable-1_8_x + * fix_gcc_12_linux_5.18.diff + +------------------------------------------------------------------- +Wed Jun 22 16:13:18 UTC 2022 - Christof Hanke + +- apply patches adressing: + * Linux-5.17 and 5.18, gcc-11 and 12: fix_gcc_12_linux_5.18.diff +- remove patches from previous commit: + * a714e86.diff and 449d1fa.diff + * gcc-11.diff + +------------------------------------------------------------------- +Wed Apr 20 06:24:41 UTC 2022 - Christof Hanke + +- apply patches marked for upcoming release: + * kernel 5.17: a714e86.diff and 449d1fa.diff + * gcc-11: gcc-11.diff + +------------------------------------------------------------------- +Mon Mar 28 20:27:18 UTC 2022 - Christof Hanke + +- do not create client-package without KMP + +------------------------------------------------------------------- +Mon Feb 21 10:48:51 UTC 2022 - Christof Hanke + +- remove patch dir_layout.patch + this can be done via environment-variables +- replace openafs-1.8.x.ncurses6.patch with patch 4cf7a9a.diff. + 4cf7a9a.diff is coming from upstream and will be incorporated at some point. + +------------------------------------------------------------------- +Sun Jan 23 15:48:09 UTC 2022 - Christof Hanke + +- Update to new upstream release 1.8.8.1 + * Support mainline kernels 5.14, 5.15 and 5.16 +- remove local patch linux-kmp.patch: + * it supported mainline kernels only up to 5.15 + +------------------------------------------------------------------- +Mon Nov 29 15:08:46 UTC 2021 - Christof Hanke + +- re-add linux-kmp.patch. Required for 5.15 + +------------------------------------------------------------------- +Fri Oct 1 09:08:58 UTC 2021 - Guillaume GARDET + +- Fix %ifarch for 32-bit arm + +------------------------------------------------------------------- +Tue Aug 3 22:32:14 UTC 2021 - Christof Hanke + +- update to openafs version 1.8.8 +- remove linux-kmp.patch. Not required at the minute. + +------------------------------------------------------------------- +Thu Apr 29 07:01:26 UTC 2021 - Christof Hanke + +- add patches for kernel 5.12 to linux-kmp.patch + +------------------------------------------------------------------- +Thu Mar 4 14:57:26 UTC 2021 - Christof Hanke + +- add patches for kernel 5.11 to linux-kmp.patch + +------------------------------------------------------------------- +Mon Feb 22 16:38:07 UTC 2021 - Michael Meffie + +- fix building of perl module AFS::ukernel + +------------------------------------------------------------------- +Mon Feb 22 11:44:25 UTC 2021 - Matthias Gerstner + +- kernel-source.build-modules.sh: choose safe CWD while executing the build to + prevent files being created in unsafe locations. Use new SUSE naming + convention and rely on /etc/os-release, since /etc/SuSE-release no longer + exists. + +------------------------------------------------------------------- +Fri Feb 5 08:41:48 UTC 2021 - Christof Hanke + +- use stock 1.8.7 from openafs.org + * git-version might contain experimental code + * add linux-kmp.patch for newer kernels + +------------------------------------------------------------------- +Sat Jan 16 23:01:13 UTC 2021 - Christof Hanke + +- update to HEAD of git branch openafs-stable-1_8_x + * fix critical bug described in + https://lists.openafs.org/pipermail/openafs-info/2021-January/043026.html + * remove remove-get_ds-usage.patch + * remove add_arch_to_linux_kernel_make.patch + +------------------------------------------------------------------- +Mon Jan 11 10:01:15 UTC 2021 - Christof Hanke + +- cleanup spec-file + * do not include firewalld-stuff for SLE_12 + * use %ifarch instead of %if %{_arch} + * enable retpol line for TW x86_64 again + +------------------------------------------------------------------- +Mon Nov 2 09:20:37 UTC 2020 - Christof Hanke + +- update to HEAD of git branch openafs-stable-1_8_x + +------------------------------------------------------------------- +Mon Oct 12 15:15:08 UTC 2020 - Christof Hanke + +- add firewalld-configuration files +- enable loading of unsupported kernel-module on SLES15 + +------------------------------------------------------------------- +Mon Aug 17 12:49:33 UTC 2020 - Christof Hanke + +- update to HEAD of git branch openafs-stable-1_8_x + * kernel 5.8 not supported by 1.8.6 + and no official package-upates out yet. + +------------------------------------------------------------------- +Mon Aug 10 08:43:10 UTC 2020 - Christof Hanke + +- add patch remove-get_ds-usage.patch to fix building KMP on aarch64 + +------------------------------------------------------------------- +Wed Jul 1 08:53:44 UTC 2020 - Christof Hanke + +- update to official 1.8.6 + * remove patch 4c4bdde.diff + * remove patch d3c7f75.diff + * use source URLs again + +------------------------------------------------------------------- +Tue Jun 16 12:56:21 UTC 2020 - Christof Hanke + +- remove fix_timeval_i586.patch + +------------------------------------------------------------------- +Tue Jun 16 12:55:14 UTC 2020 - Christof Hanke + +- disable retpol line for TW x86_64. It does not compile. + +------------------------------------------------------------------- +Mon Jun 15 08:24:17 UTC 2020 - Christof Hanke + +- update to HEAD of git branch openafs-stable-1_8_x. + * 1.8.6pre3 is not out yet. + * disable source URLs, none are present +- Fix build with GCC-10 + * add patch 4c4bdde.diff + * add patch d3c7f75.diff +- create ld.so.conf-file dynamically + +------------------------------------------------------------------- +Sat Apr 18 07:07:48 UTC 2020 - Christof Hanke + +- update to 1.8.6pre2 +- disable fix_timeval_i586.patch + +------------------------------------------------------------------- +Fri Apr 10 06:36:58 UTC 2020 - Christof Hanke + +- update to HEAD of git branch openafs-stable-1_8_x. + * 1.8.6pre2 is not out yet. + * disable source URLs, none are present + * remove patch forward-to-1.8.6.pre1.patch +- fix build of i586 with fix_timeval_i586.patch + +------------------------------------------------------------------- +Thu Apr 2 06:08:09 UTC 2020 - Christof Hanke + +- update to pre-release 1.8.6pre1: forward-to-1.8.6.pre1.patch + +------------------------------------------------------------------- +Wed Oct 23 13:48:04 UTC 2019 - Christof Hanke + +- update to security-release 1.8.5, adresses: + * OPENAFS-SA-2019-001: Skip server OUT args on error + * OPENAFS-SA-2019-002: Zero all server RPC args + * OPENAFS-SA-2019-003: ubik: Avoid unlocked ubik_currentTrans deref + +------------------------------------------------------------------- +Thu Oct 10 09:10:27 UTC 2019 - Christof Hanke + +- update to official version 1.8.4 +- support Linux-kernel 5.3 +- Avoid non-dir ENOENT errors in afs_lookup +- fix parsing of fileservers with -vlruthresh, etc. +- other bugfixes + +------------------------------------------------------------------- +Thu Sep 26 20:56:05 UTC 2019 - Christof Hanke + +- update to pre-release 1.8.4pre2 + * fix builds for Linux-kernels 5.3 + +------------------------------------------------------------------- +Sun Jul 28 18:34:40 UTC 2019 - Christof Hanke + +- disable compilation with LTO, does not work yet. + +------------------------------------------------------------------- +Tue Apr 30 10:17:44 UTC 2019 - Christof Hanke + +- update to 1.8.3 +- Require krb5-client for package openafs-client +- fix broken directory layout +- fix broken post-install script +- allow crypt to be set/unset on startup of client +- clean up source-filenames + +------------------------------------------------------------------- +Mon Mar 25 11:32:32 UTC 2019 - Jan Engelhardt + +- Use source URLs. + +------------------------------------------------------------------- +Thu Mar 14 08:37:04 UTC 2019 - Christof Hanke + +- update to pre-release 1.8.3pre1 + * fix builds for Linux-kernels 4.20 and 5.0 + * other fixes, see RELNOTES-1.8.3pre1 + * remove obsolete Linux-4.20.patch + +------------------------------------------------------------------- +Wed Jan 16 11:28:27 UTC 2019 - christof.hanke@mpcdf.mpg.de + +- Fix build for Lunux-4.20: Linux-4.20.patch +- use proper log-directory: dir_layout.patch + +------------------------------------------------------------------- +Fri Sep 28 12:47:02 UTC 2018 - Guillaume GARDET + +- Fix build for aarch64 + +------------------------------------------------------------------- +Wed Sep 12 12:37:15 UTC 2018 - Jan Engelhardt + +- Quote "*.c", and avoid unnecessary pass through xargs. + +------------------------------------------------------------------- +Wed Sep 12 10:41:43 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- update to security-release 1.8.2 + * fix CVE-2018-16947 (OPENAFS-SA-2018-001) + * fix CVE-2018-16948 (OPENAFS-SA-2018-002) + * fix CVE-2018-16949 (OPENAFS-SA-2018-003) + +------------------------------------------------------------------- +Wed Sep 12 05:46:01 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- add retpoline support + +------------------------------------------------------------------- +Sun Sep 9 08:14:26 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- update to version 1.8.1.1 +- Remove use_timespec64_for_kernel_4.18.patch. It is now integrated. + +------------------------------------------------------------------- +Thu Aug 16 14:02:44 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- Fix 32Bit build by adding + commit 554176bd236d772d670df9bdd2496facd5a4209a as + use_timespec64_for_kernel_4.18.patch + +------------------------------------------------------------------- +Thu Aug 16 07:53:42 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- Update to 1.8.1 +- Remove backporting patches for AArch64 build: + * add_support_fo_arm64_linux26.patch + * dont_require_AFS_SYSCALL.patch + * add_AFS_STRINGIZE_macro.patch + * avoid_double_param_in_arm64_kernel.patch + +------------------------------------------------------------------- +Wed Jun 27 19:09:41 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- adjust building of KMP to new kernels (see boo 1098050) + add patch add_arch_to_linux_kernel_make.patch for this +- add libtirpc-devel to BuildRequires: +- minor cleanups + +------------------------------------------------------------------- +Fri May 4 07:29:15 UTC 2018 - guillaume.gardet@opensuse.org + +- Update to 1.8.0 +- Fix AArch64 build by updating spec and backporting patches: + * add_support_fo_arm64_linux26.patch + * dont_require_AFS_SYSCALL.patch + * add_AFS_STRINGIZE_macro.patch + * avoid_double_param_in_arm64_kernel.patch + +------------------------------------------------------------------- +Thu Apr 19 16:53:21 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- remove package krb5-mit. It contained binaries for server and client. + Besides, client and server already had an implicit dependency on krb5. + Put the binaries to client and server-package respectively. +- Remove openafs-1.8.x.heimdal.patch and everything heimdal-related. + SUSE does not provide a proper heimdal and it's untested for a long + time. + +------------------------------------------------------------------- +Mon Apr 16 15:35:15 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- fdupes: use symlinks instead of hardlinks. Do not fdupe + /etc and /var + +------------------------------------------------------------------- +Fri Apr 6 10:53:13 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- fix dependencies between packages, so that fuse-client + can be installed. +- cleanup old sys-v sysconfig files and other minor fixes +- fix unit file for fuse-client + +------------------------------------------------------------------- +Mon Apr 2 20:59:53 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- build fuse-client unconditionally. +- do not build KMP on unsupported architectures so that overall + build succeeds. + +Wed Mar 28 05:39:53 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- rename binary backup to afs_backup. + - rename man pages and prefix "backup" in content +- prefix "scout" by "afs_" in man-page +- remove unnecessary macro indirection %ARCH +- replace hard-coded paths by macros +- make whitespace more consistent +- minor syntax and typo fixes + +------------------------------------------------------------------- +Sun Mar 18 23:34:56 UTC 2018 - jengelh@inai.de + +- Replace old $RPM_* vars (most of them) by macros. +- Replace unnecessary macro indirections like %bindir by %_bindir. + +------------------------------------------------------------------- +Thu Mar 15 08:28:10 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- cleanup last cleanup: also remove rc.* files + +------------------------------------------------------------------- +Tue Mar 6 10:03:44 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- cleanup package for Factory: + - rename package to openafs. + - remove sys-v init stuff. + - apply recommendations given in Request 581009 + +------------------------------------------------------------------- +Wed Feb 28 09:25:52 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- add compat macro for new _fillupdir macro introduced in Nov 2017 + +------------------------------------------------------------------- +Wed Feb 28 08:30:33 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- update to 1.8.0pre5 + +------------------------------------------------------------------- +Sun Jan 7 08:31:00 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- update to 1.8.0pre4 +- add patch for ncurses detection + +------------------------------------------------------------------- +Thu Dec 7 11:07:30 UTC 2017 - christof.hanke@mpcdf.mpg.de + +- update to 1.8.0pre3 +- add integrity check of tar-balls + +------------------------------------------------------------------- +Fri Sep 1 20:07:48 UTC 2017 - christof.hanke@mpcdf.mpg.de + +- do not strip binaries on install +- fix %postun server + +------------------------------------------------------------------- +Fri Sep 1 11:51:03 UTC 2017 - christof.hanke@mpcdf.mpg.de + +- update to 1.8.0pre2 +- use a preamble-file for KMP +- sort/cleanup/beautify spec-file + +------------------------------------------------------------------- +Fri Sep 1 07:05:21 UTC 2017 - christof.hanke@mpcdf.mpg.de + +- spec-file: + + use hardlinks for fdupes to provide correct header files in + kernel-source + + minor bugfixes, reorganization +- rename changes file to openafs18.changes + +------------------------------------------------------------------- +Thu Feb 9 14:41:57 UTC 2017 - christof.hanke@mpcdf.mpg.de + +- rename package to openafs18-* so they don't override + stable openafs-1.6 ones +- move ld.so to main package -- was in server-packages + +------------------------------------------------------------------- +Tue Feb 7 11:23:22 UTC 2017 - christof.hanke@mpcdf.mpg.de + +- enable building of KMP +- make openafs-krb5-mit package dependend on openafs-client package +- add ld.so - config to main package + +------------------------------------------------------------------- +Fri Jan 27 21:15:12 UTC 2017 - christof.hanke@rzg.mpg.de + +- remove pam, is not build on x86_64 and i596 + +------------------------------------------------------------------- +Mon Dec 26 18:59:09 UTC 2016 - christof.hanke@rzg.mpg.de + +- first version of 1.8 +- remove docs package, put man pages in induvidual packets +- remove layout-patch, deal with this in spec file directly + +------------------------------------------------------------------- +Sat Dec 3 14:56:56 UTC 2016 - christof.hanke@rzg.mpg.de + +- add new ChangeLog + +------------------------------------------------------------------- +Thu Dec 1 04:35:39 UTC 2016 - christof.hanke@rzg.mpg.de + +- update to version 1.6.20 + +------------------------------------------------------------------- +Wed Nov 16 09:21:52 UTC 2016 - christof.hanke@rzg.mpg.de + +- add missing RemainAfterExit=true to client-systemd unit. + +------------------------------------------------------------------- +Tue Nov 15 09:28:55 UTC 2016 - christof.hanke@rzg.mpg.de + +- update to version 1.6.19 + +------------------------------------------------------------------- +Tue Oct 4 11:19:50 UTC 2016 - aj@suse.com + +- Update README: Change SuSE to SUSE. + +------------------------------------------------------------------- +Thu Jul 21 07:52:14 UTC 2016 - christof.hanke@rzg.mpg.de + +- update to version 1.6.18.2 + +------------------------------------------------------------------- +Fri Jun 24 04:42:48 UTC 2016 - christof.hanke@rzg.mpg.de + +- update to version 1.6.18.1 + +------------------------------------------------------------------- +Tue May 10 15:19:28 UTC 2016 - christof.hanke@rzg.mpg.de + +- update to version 1.6.18 + +Thu Mar 17 06:35:21 UTC 2016 - christof.hanke@rzg.mpg.de + +- update to version 1.6.17 +- cleanup + +------------------------------------------------------------------- +Fri Dec 18 06:53:08 UTC 2015 - christof.hanke@rzg.mpg.de + +- update to version 1.6.16 +- remove fix for configure for new ncurses, now dealt with in + shipped package + +------------------------------------------------------------------- +Sat Nov 21 04:47:46 UTC 2015 - christof.hanke@rzg.mpg.de + +- start using change.log again +- fix configure test for new ncurses + +------------------------------------------------------------------- +Thu Jun 17 17:04:25 UTC 2010 - cseader@novell.com + +- update to version 1.4.12.1 + +------------------------------------------------------------------- +Wed Jan 25 21:39:00 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Mon Jan 23 15:58:43 CET 2006 - nadvornik@suse.cz + +- fixed kernel module to compile + +------------------------------------------------------------------- +Wed Jan 11 05:30:18 CET 2006 - mge@suse.de +- add openafs.SuidCells and openafs.CellServDB +- cleanup SPEC-file(s) +- finally adopt + sysconfig.transarcmode.openafs-client + rc.transarcmode.afs-server + rc.transarcmode.afs-client + to transarc mode; and fix a small typo in + rc.defaultmode.afs-client + +------------------------------------------------------------------- +Fri Jan 6 01:12:31 CET 2006 - mge@suse.de +- set "%defattr(-,root,root)" for transarcmode-file-lists +- fix lib64 build problem in transarcmode + +------------------------------------------------------------------- +Thu Jan 5 13:40:42 CET 2006 - mge@suse.de +- introduce transarc-mode and default-mode +- introduce "options" + +------------------------------------------------------------------- +Thu Dec 29 16:07:00 CET 2005 - mge@suse.de +- build for SLES 9 +- with heimdal krb5 support +- enable-largefile-fileserver + +------------------------------------------------------------------- +Wed Dec 21 16:09:26 CET 2005 - nadvornik@suse.cz + +- updated to 1.4.0 +- fixed dangerous compiler warnings + +------------------------------------------------------------------- +Mon Oct 31 12:37:05 CET 2005 - dmueller@suse.de + +- don't build as root + +------------------------------------------------------------------- +Fri Aug 26 12:51:02 CEST 2005 - nadvornik@suse.cz + +- fixed kernel module to build +- fixed sysconfig file name + +------------------------------------------------------------------- +Thu Jul 14 17:25:25 CEST 2005 - nadvornik@suse.cz + +- updated to 1.3.85 +- used LSB conforming init script names + +------------------------------------------------------------------- +Tue Jul 5 10:44:32 CEST 2005 - hare@suse.de + +- Update for linux 2.6.13. + +------------------------------------------------------------------- +Thu May 12 12:27:01 CEST 2005 - nadvornik@suse.cz + +- gcc4 fixes in kernel module + +------------------------------------------------------------------- +Tue Apr 12 17:02:34 CEST 2005 - nadvornik@suse.cz + +- fixed to compile with gcc4 + +------------------------------------------------------------------- +Wed Feb 23 12:08:07 CET 2005 - nadvornik@suse.cz + +- fixed memory leaks and 64bit fixes backported from 1.3.79 +- updated README.SUSE + +------------------------------------------------------------------- +Thu Feb 3 13:19:05 CET 2005 - nadvornik@suse.cz + +- updated to 1.3.78 + +------------------------------------------------------------------- +Mon Jan 31 15:58:33 CET 2005 - nadvornik@suse.cz + +- fixed afs.h to be usable from userspace [#50283] + +------------------------------------------------------------------- +Tue Jan 25 10:57:09 CET 2005 - nadvornik@suse.cz + +- updated to latest snapshot + +------------------------------------------------------------------- +Wed Sep 15 12:37:04 CEST 2004 - nadvornik@suse.cz + +- added requres: kernel-nongpl [#45167] +- fixed kernel module oops [#44618] + +------------------------------------------------------------------- +Wed Aug 11 15:51:03 CEST 2004 - nadvornik@suse.cz + +- use kernel module from openafs 1.3.70 to support kernel 2.6 + +------------------------------------------------------------------- +Mon Mar 08 17:18:49 CET 2004 - nadvornik@suse.cz + +- updated to 1.2.11 +- added note that client for kernel 2.6 is not available + +------------------------------------------------------------------- +Tue Jan 20 18:48:21 CET 2004 - ro@suse.de + +- added pam-devel to neededforbuild + +------------------------------------------------------------------- +Sat Dec 13 00:23:45 CET 2003 - meissner@suse.de + +- Added hack if no MTU came from userspace. +- Removed superflous ppc64 patch part. + +------------------------------------------------------------------- +Thu Dec 11 09:29:31 CET 2003 - meissner@suse.de + +- ppc64 port added (status: no longer crashes, talks to the network, + but not successfully). +- Change headerfiles to make it possible to do a ppc -> ppc64 crosscompile. + +------------------------------------------------------------------- +Mon Oct 6 17:30:17 CEST 2003 - olh@suse.de + +- build with -fPIC on ppc32 + +------------------------------------------------------------------- +Tue Sep 16 17:37:34 CEST 2003 - nadvornik@suse.cz + +- patch from cvs to use AllocLargeSpace for struct osi_file to prevent + oopses with some kernel configurations + +------------------------------------------------------------------- +Thu Sep 11 12:58:57 CEST 2003 - nadvornik@suse.cz + +- added option DYNROOT to sysconfig and enabled it by default [#27205] + +------------------------------------------------------------------- +Wed Sep 10 17:07:51 CEST 2003 - nadvornik@suse.cz + +- added cleanup before module build [#29649] + +------------------------------------------------------------------- +Tue Sep 09 18:33:38 CEST 2003 - nadvornik@suse.cz + +- fixed possible segfault + +------------------------------------------------------------------- +Thu Sep 04 12:30:00 CEST 2003 - nadvornik@suse.cz + +- set permissions of /var/lib/openafs to 700 +- README.SuSE fixes + +------------------------------------------------------------------- +Thu Aug 28 17:11:47 CEST 2003 - nadvornik@suse.cz + +- use ghost for /afs, the directory is created by init-script +- fixed README.SuSE + +------------------------------------------------------------------- +Thu Aug 21 14:32:58 CEST 2003 - nadvornik@suse.cz + +- moved all static libraries to /usr/lib/afs, fixes conflict with libdes +- used default value for THIS_CELL_SERVER_NAME +- removed old patches + +------------------------------------------------------------------- +Tue Aug 12 11:10:46 CEST 2003 - nadvornik@suse.cz + +- fixed a bug in init script + +------------------------------------------------------------------- +Mon Aug 11 18:26:28 CEST 2003 - nadvornik@suse.cz + +- updated to final 1.2.10 + +------------------------------------------------------------------- +Wed Jul 30 19:34:34 CEST 2003 - nadvornik@suse.cz + +- updated to 1.2.10-rc4 +- do not destroy CellServDB even if REGENERATE_CELL_INFO=yes +- fixed to compile on x86_64 + +------------------------------------------------------------------- +Wed Jul 30 14:25:46 CEST 2003 - sf@suse.de + +- use %_lib where it was missing + +------------------------------------------------------------------- +Wed Jul 09 19:20:55 CEST 2003 - nadvornik@suse.cz + +- fixed conflicts in filelist + +------------------------------------------------------------------- +Fri Jun 20 14:59:23 CEST 2003 - nadvornik@suse.cz + +- improved init scripts + +------------------------------------------------------------------- +Thu Jun 19 14:40:52 CEST 2003 - nadvornik@suse.cz + +- added README.SuSE +- fixed init scripts [#27426] +- installed man pages + +------------------------------------------------------------------- +Thu Jun 12 17:45:39 CEST 2003 - poeml@suse.de + +- add /usr/src/kernel-modules to the file list + +------------------------------------------------------------------- +Wed Jun 4 21:26:09 CEST 2003 - schwab@suse.de + +- Fix SMP configuration detection. + +------------------------------------------------------------------- +Wed May 14 12:28:04 CEST 2003 - poeml@suse.de + +- rework filelists: + - package/remove unpackaged files + - move some files into the server & client subpackages + - use %defattr +- fix deprecated tail -1 syntax (fixes building the kernel module) + +------------------------------------------------------------------- +Mon May 12 14:50:05 CEST 2003 - nadvornik@suse.cz + +- updated to 1.2.9 +- added DATA_ENCRYPTION option to sysconfig + +------------------------------------------------------------------- +Mon Mar 10 18:43:26 CET 2003 - poeml@suse.de + +- x86_64: add -lresolv, -fPIC +- fix lib path on all 64 bit platforms + +------------------------------------------------------------------- +Thu Mar 06 10:39:27 CET 2003 - nadvornik@suse.cz + +- added sysconfig metadata + +------------------------------------------------------------------- +Mon Feb 24 17:28:44 CET 2003 - nadvornik@suse.cz + +- added dirs /afs, /etc/openafs, /var/lib/openafs to filelist + +------------------------------------------------------------------- +Sun Feb 16 18:28:44 CET 2003 - olh@suse.de + +- workaround broken -lresolv detection, lib64 fixes + +------------------------------------------------------------------- +Wed Feb 12 16:42:07 CET 2003 - nadvornik@suse.cz + +- fixed multiline strings in kernel module + +------------------------------------------------------------------- +Fri Jan 24 11:11:23 CET 2003 - nadvornik@suse.cz + +- updated to 1.2.8 +- improved init script + +------------------------------------------------------------------- +Fri Nov 29 10:21:04 CET 2002 - nadvornik@suse.cz + +- included errno.h +- fixed multiline strings + +------------------------------------------------------------------- +Fri Nov 22 16:47:51 CET 2002 - nadvornik@suse.cz + +- first version of init scripts + +------------------------------------------------------------------- +Wed Nov 20 19:20:53 CET 2002 - poeml@suse.de + +- initial draft of a package. Lots of stuff missing, like init + scripts, or the kerberos 5 migration toolkit. + diff --git a/openafs.spec b/openafs.spec new file mode 100644 index 0000000..4f14f25 --- /dev/null +++ b/openafs.spec @@ -0,0 +1,996 @@ +# +# spec file for package openafs +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# +# needssslcertforbuild + + +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} +%define _fillupdir /var/adm/fillup-templates +%endif +%define _lto_cflags %{nil} + +# +# TUNABLES +# + +# package-wide definitions here + +# build authlibs +%define build_authlibs 1 + +# build kernel modules +%define build_kernel_modules 1 + +# flag for firewalld, only required for SLE-12 +%if 0%{?sle_version} <= 120500 && !0%{?is_opensuse} +%define have_firewalld 0 +%else +%define have_firewalld 1 +%endif + +# +# package internal directories +# +%define afslogsdir /var/log/openafs +%define afsconfdir /etc/openafs/server +%define viceetcdir /etc/openafs +%define vicecachedir /var/cache/openafs +%define afslocaldir /var/lib/openafs + +%ifarch ppc64le ppc64 %{arm} +%define build_kernel_modules 0 +%endif + +# used for %setup only +# leave upstream tar-balls untouched for integrity checks. +%define upstream_version stable-1_8_x + +Name: openafs + +Version: 1.8.13.g20241112 +Release: 0 +Summary: OpenAFS Distributed File System +License: IPL-1.0 +Group: System/Filesystems +URL: http://www.openafs.org/ + +Source0: openafs-%{upstream_version}-src.tar.bz2 +Source1: openafs-%{upstream_version}-doc.tar.bz2 +Source2: openafs-%{upstream_version}-src.tar.bz2.md5 +Source3: openafs-%{upstream_version}-doc.tar.bz2.md5 +Source4: openafs-%{upstream_version}-src.tar.bz2.sha256 +Source5: openafs-%{upstream_version}-doc.tar.bz2.sha256 + +Source10: README.SUSE.openafs +Source15: logrotate.openafs-server +Source18: RELNOTES-%{upstream_version} +Source19: ChangeLog +Source20: kernel-source.build-modules.sh +Source23: openafs-client.service +Source24: openafs-client.service.allow_unsupported +Source25: openafs-server.service +Source26: openafs-fuse-client.service +Source27: sysconfig.openafs-client +Source28: sysconfig.openafs-server +Source29: sysconfig.openafs-fuse-client +Source30: preamble +Source40: afs3-bos.xml +Source41: afs3-callback.xml +Source42: afs3-fileserver.xml +Source43: afs3-prserver.xml +Source44: afs3-rmtsys.xml +Source45: afs3-update.xml +Source46: afs3-vlserver.xml +Source47: afs3-volser.xml +Source55: openafs.SuidCells +Source56: openafs.CellAlias +Source57: openafs.ThisCell +Source58: openafs.cacheinfo +Source98: kmp_only.files +Source99: openafs.changes + +# GENERAL BuildRequires and Requires +# + +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: bison +BuildRequires: coreutils +BuildRequires: fdupes +BuildRequires: hostname +%if %{have_firewalld} +BuildRequires: firewall-macros +%endif +BuildRequires: flex +BuildRequires: fuse-devel +BuildRequires: git +BuildRequires: krb5-devel +BuildRequires: libtirpc-devel +BuildRequires: libtool +BuildRequires: ncurses-devel +BuildRequires: pkg-config +BuildRequires: swig + +Requires(post): %fillup_prereq + +%if %{build_kernel_modules} +BuildRequires: %{kernel_module_package_buildreqs} +%endif + +%description +AFS is a cross-platform distributed file system product pioneered at +Carnegie Mellon University and supported and developed as a product by +Transarc Corporation (now IBM Pittsburgh Labs). It offers a +client-server architecture for file sharing, providing location +independence, scalability, and transparent migration capabilities for +data. + +In addition, among its features are authentication, encryption, +caching, disconnected operations, replication for higher availability +and load balancing, and ACLs. + +%package server +Summary: OpenAFS File System Server +Group: System/Filesystems +Requires: %{name} = %{version} + +%description server +AFS is a cross-platform distributed file system product pioneered at +Carnegie Mellon University and supported and developed as a product by +Transarc Corporation (now IBM Pittsburgh Labs). It offers a +client-server architecture for file sharing, providing location +independence, scalability, and transparent migration capabilities for +data. + +In addition, among its features are authentication, encryption, +caching, disconnected operations, replication for higher availability +and load balancing, and ACLs. This package contains the static +libraries and header files needed to develop applications for OpenAFS. + +%if %{build_authlibs} +%package authlibs +Summary: OpenAFS authentication shared libraries +Group: Development/Libraries/C and C++ + +%description authlibs +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package provides a shared version of libafsrpc and libafsauthent. +None of the programs included with OpenAFS currently use these shared +libraries; however, third-party software that wishes to perform AFS +authentication may link against them. + +%package authlibs-devel +Summary: OpenAFS shared library development +Group: Development/Libraries/C and C++ +Requires: %{name}-authlibs = %{version} +Requires: %{name}-devel = %{version} + +%description authlibs-devel +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package includes the static versions of libafsrpc and +libafsauthent, and symlinks required for building against the dynamic +libraries. + +%endif + +%package devel +Summary: OpenAFS Static Libraries and Header Files +Group: Development/Libraries/Other +Requires: %{name} = %{version} + +%description devel +AFS is a cross-platform distributed file system product pioneered at +Carnegie Mellon University and supported and developed as a product by +Transarc Corporation (now IBM Pittsburgh Labs). It offers a +client-server architecture for file sharing, providing location +independence, scalability, and transparent migration capabilities for +data. + +In addition, among its features are authentication, encryption, +caching, disconnected operations, replication for higher availability +and load balancing, and ACLs. This package contains the OpenAFS server. + +%package kernel-source +BuildArch: noarch +Summary: OpenAFS Kernel Module source tree +Group: System/Filesystems +Requires: bison +Requires: flex +Requires: gcc +Requires: kernel-devel +Provides: openafs-kernel = %{version} + +%description kernel-source +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package provides the source code to build your own AFS kernel +module. + +%if %{build_kernel_modules} +%package KMP +Summary: OpenAFS Distributed File System - kernel module +Group: System/Kernel + +%kernel_module_package -x lockdep um pae -p %{S:30} + +%description KMP +This package contains the kernel module for OpenAFS. For details see +the openafs package. + +%endif + +%package fuse_client +Summary: OpenAFS FUSE File System Client +Group: System/Filesystems +Conflicts: %{name}-client +Requires: %{name} = %{version} + +%description fuse_client +AFS is a cross-platform distributed file system product pioneered at +Carnegie Mellon University and supported and developed as a product by +Transarc Corporation (now IBM Pittsburgh Labs). It offers a +client-server architecture for file sharing, providing location +independence, scalability, and transparent migration capabilities for +data. + +This client is using the EXPERIMENTAL FUSE interface on LINUX. +It does not offer authentication etc. + +%if %{build_kernel_modules} +%package client +Summary: OpenAFS File System Client +Group: System/Filesystems +Requires: %{name} = %{version} +Requires: %{name}-kmp +Requires: krb5-client + +%description client +AFS is a cross-platform distributed file system product pioneered at +Carnegie Mellon University and supported and developed as a product by +Transarc Corporation (now IBM Pittsburgh Labs). It offers a +client-server architecture for file sharing, providing location +independence, scalability, and transparent migration capabilities for +data. + +In addition, among its features are authentication, encryption, +caching, disconnected operations, replication for higher availability +and load balancing, and ACLs. This package contains the OpenAFS client. +%endif + +%prep + +: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +: @@@ +: @@@ package-name: %{name} +: @@@ file-layout: fsh +: @@@ lib dir: %{_libdir} +: @@@ libexec dir: %{libexecdir} +: @@@ bin dir: %{_bindir} +: @@@ sbin dir: %{_sbindir} +: @@@ include dir: %{includedir} +: @@@ sysconf dir: %{_sysconfdir} +: @@@ man dir: %{_mandir} +: @@@ build modules: %{build_kernel_modules} +: @@@ architecture: %{_arch} +: @@@ target cpu: %{_target_cpu} +: @@@ +: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ + +for src_file in %{S:0} %{S:1}; do + if [ "`md5sum $src_file | awk '{print $1}'`" != "`cat $src_file.md5 | awk '{print $1}'`" ]; then + echo "ERROR: MD5-Integrity check for $src_file failed."; + exit 1 + fi + if [ "`sha256sum $src_file | awk '{print $1}'`" != "`cat $src_file.sha256 | awk '{print $1}'`" ]; then + echo "ERROR: SHA256-Integrity check for $src_file failed."; + exit 1 + fi +done + +%setup -q -n openafs-%{upstream_version} -T -b 0 -b 1 + +./regen.sh + +%build +# architecture specific settings +sysbase=%{_arch} + +%ifarch ppc +perl -pi -e 's,^(XCFLAGS.*),\1 -fPIC,' src/config/Makefile.ppc_linux24.in +%endif +%ifarch ppc64 ppc64le +sysbase=ppc64 +export LDFLAGS="$LDFLAGS -m64" +%endif +%ifarch %{arm} +sysbase=arm +%endif +%ifarch aarch64 +sysbase=arm64 +%define _arch arm64 +%endif +%ifarch s390x +sysbase=s390 +%endif +%ifarch x86_64 +sysbase=amd64 +perl -pi -e 's,^(XCFLAGS.*),\1 -fPIC,' src/config/Makefile.amd64_linux24.in +perl -pi -e 's,^(XLIBS.*),\1 -lresolv,' src/config/Makefile.amd64_linux24.in +%endif + +afs_sysname=${sysbase}_linux26 + +RPM_OPT_FLAGS=`echo ${RPM_OPT_FLAGS} | sed s/-D_FORTIFY_SOURCE=2//` +export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fPIC -fcommon" + +export KRB5LIBS='-lcom_err -lkrb5' +export PATH_KRB5_CONFIG=%{krb5_config} +export afsdbdir='/var/lib/openafs/db' +export afslocaldir='/var/lib/openafs' +export afslogsdir='/var/log/openafs' +export afsdbdir='/var/lib/openafs/db' +%configure \ + --disable-transarc-paths \ + --disable-strip-binaries \ + --includedir=%{_includedir}/openafs \ + --sysconfdir=%{_sysconfdir} \ + --mandir=%{_mandir} \ + --with-afs-sysname=$afs_sysname \ + --disable-kernel-module \ + --with-swig + +make CCFLAGS="$CFLAGS" XCFLAGS="$CFLAGS" PAM_CFLAGS="$CFLAGS" KOPTS="$CFLAGS" all_nolibafs +make CCFLAGS="$CFLAGS" XCFLAGS="$CFLAGS" PAM_CFLAGS="$CFLAGS" KOPTS="$CFLAGS" only_libafs_tree + +# the test suite need a configured KDC +#make -C src/tests all + +# Kernel-module + +%if %{build_kernel_modules} +mkdir obj + +for flavor in %flavors_to_build; do + rm -rf obj/$flavor + cp -a libafs_tree obj/$flavor + pushd obj/$flavor + find . -name "*.c" -exec sed -i '/MODULE_LICENSE(/a MODULE_INFO(retpoline, "Y");' "{}" "+" + ./configure --with-linux-kernel-build=/usr/src/linux-obj/%{_target_cpu}/$flavor --with-linux-kernel-headers=/usr/src/linux \ + --disable-transarc-paths --without-swig + export EXTRA_CFLAGS='-DVERSION=\"%version\"' + export LINUX_MAKE_ARCH="ARCH=%{_arch}" + make + popd +done +%endif +# build_kernel_modules + +%install + +# +# install build binaries using make + +make DESTDIR=%{buildroot} install_nolibafs + +# +# man-pages + +OLD_PWD=`pwd` +cd doc/man-pages +%make_install +cd $OLD_PWD + +# +# create directories +mkdir -p %{buildroot}/%_unitdir +mkdir -p %{buildroot}/%{afslogsdir}/old +mkdir -p %{buildroot}/%{_fillupdir} +mkdir -p %{buildroot}/%{vicecachedir} +mkdir -p %{buildroot}/%{viceetcdir} +mkdir -p %{buildroot}%{_datadir}/openafs/C +mkdir -p %{buildroot}/%{afsconfdir} +mkdir -p %{buildroot}/%{afslocaldir} +mkdir -p %{buildroot}/%{_sbindir} + +# +# client +# also used by others +cp -a %{S:56} %{buildroot}/%{viceetcdir}/CellAlias +cp -a %{S:57} %{buildroot}/%{viceetcdir}/ThisCell +cp -a src/afsd/CellServDB %{buildroot}/%{viceetcdir}/CellServDB +cp -a %{S:55} %{buildroot}/%{viceetcdir}/SuidCells +cp -a %{S:58} %{buildroot}/%{viceetcdir}/cacheinfo + +# kmp-only +%if %{build_kernel_modules} +cp -a src/afs/afszcm.cat %{buildroot}%{_datadir}/openafs/C +install -m 644 %{S:27} %{buildroot}/%{_fillupdir}/sysconfig.openafs-client +%if 0%{?sle_version} > 150000 +install -m 644 %{S:24} %{buildroot}/%_unitdir/openafs-client.service +%else +install -m 644 %{S:23} %{buildroot}/%_unitdir +%endif +ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcopenafs-client +%endif + +# +# fuse client package + +install -m 644 %{S:29} %{buildroot}/%{_fillupdir}/sysconfig.openafs-fuse-client +install -m 644 %{S:26} %{buildroot}/%_unitdir +ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcopenafs-fuse-client + +# +# server +install -m 644 %{S:28} %{buildroot}/%{_fillupdir}/sysconfig.openafs-server +install -m 644 %{S:25} %{buildroot}/%_unitdir +ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcopenafs-server + +# +# kernel-source +mkdir -p %{buildroot}/usr/src/kernel-modules/openafs +chmod -R o-w src/libafs +chmod -R o-w libafs_tree +cp -a libafs_tree %{buildroot}/usr/src/kernel-modules/openafs +install -m 755 %{S:20} %{buildroot}/usr/src/kernel-modules/openafs/build-modules.sh +install -m 644 LICENSE %{buildroot}/usr/src/kernel-modules/openafs/LICENSE + +# KMP +%if %{build_kernel_modules} +export INSTALL_MOD_PATH=%{buildroot} +export INSTALL_MOD_DIR=updates + +for flavor in %flavors_to_build; do + make -C /usr/src/linux-obj/%{_arch}/$flavor %{?linux_make_arch} modules_install \ + M=$PWD/`find obj/$flavor/ -name MODLOAD-\* -type d` +done +%endif + +# +# main package +cp -a %{S:10} README.SUSE +cp -a %{S:18} RELNOTES +cp -a %{S:19} ChangeLog + +mkdir -p %{buildroot}/etc/ld.so.conf.d +echo %{_libdir}/openafs > %{buildroot}/etc/ld.so.conf.d/openafs.conf + +# move some bin to sbin +mv %{buildroot}/%{_bindir}/asetkey %{buildroot}/%{_sbindir}/asetkey +mv %{buildroot}/%{_bindir}/bos %{buildroot}/%{_sbindir}/bos +mv %{buildroot}/%{_bindir}/akeyconvert %{buildroot}/%{_sbindir}/akeyconvert +mv %{buildroot}/%{_bindir}/udebug %{buildroot}/%{_sbindir}/udebug + +# avoid conflicts with other packages by adding the prefix afs_ to filenames +mv %{buildroot}%{_bindir}/scout %{buildroot}%{_bindir}/afs_scout +cat %{buildroot}/%{_mandir}/man1/scout.1 | sed 's/\/afs_scout/g' > %{buildroot}/%{_mandir}/man1/afs_scout.1 +rm %{buildroot}/%{_mandir}/man1/scout.1 +mv %{buildroot}%{_sbindir}/backup %{buildroot}%{_sbindir}/afs_backup +OLD_PWD=`pwd` +cd %{buildroot}/%{_mandir}/man8/ +for f in $(ls backup*); do + cat $f | sed 's/\/afs_backup/g' > afs_"$f" + rm $f +done +cd $OLD_PWD + +# create manpage for afsd.fuse as a real file +rm %{buildroot}/%{_mandir}/man8/afsd.fuse.8 +cp -p %{buildroot}/%{_mandir}/man8/afsd.8 %{buildroot}/%{_mandir}/man8/afsd.fuse.8 + +# move %%{_libdir}/afs-stuff to %%{_libdir}/openafs +mv %{buildroot}/%{_libdir}/afs/* %{buildroot}/%{_libdir}/openafs +mv %{buildroot}/%{_libdir}/*.* %{buildroot}/%{_libdir}/openafs +rm -rf %{buildroot}/%{_libdir}/afs + +# move perl module to perl vendor library path +mkdir -p %{buildroot}/%{perl_vendorlib}/AFS +mv %{buildroot}/%{_libdir}/perl/AFS/ukernel.pm %{buildroot}/%{perl_vendorlib}/AFS/ukernel.pm +mkdir -p %{buildroot}%{perl_vendorarch} +mv %{buildroot}/%{_libdir}/perl/ukernel.so %{buildroot}/%{perl_vendorarch}/ukernel.so + +# firewalld + +%if %{have_firewalld} +mkdir -p %{buildroot}%{_prefix}/lib/firewalld/services/ +install -D -m 644 %{S:40} %{buildroot}%{_prefix}/lib/firewalld/services/ +install -D -m 644 %{S:41} %{buildroot}%{_prefix}/lib/firewalld/services/ +install -D -m 644 %{S:42} %{buildroot}%{_prefix}/lib/firewalld/services/ +install -D -m 644 %{S:43} %{buildroot}%{_prefix}/lib/firewalld/services/ +install -D -m 644 %{S:44} %{buildroot}%{_prefix}/lib/firewalld/services/ +install -D -m 644 %{S:45} %{buildroot}%{_prefix}/lib/firewalld/services/ +install -D -m 644 %{S:46} %{buildroot}%{_prefix}/lib/firewalld/services/ +install -D -m 644 %{S:47} %{buildroot}%{_prefix}/lib/firewalld/services/ +%endif + +# +# general cleanup +# + +# we supposedly don't need this on linux +rm %{buildroot}/%{_sbindir}/rmtsysd + +%if ! %{build_authlibs} +rm %{buildroot}/%{_libdir}/libafsauthent.so.* +rm %{buildroot}/%{_libdir}/libafsrpc.so.* +rm %{buildroot}/%{_libdir}/libkopenafs.so.* +rm %{buildroot}/%{_libdir}/libafsauthent.so +rm %{buildroot}/%{_libdir}/libafsrpc.so +rm %{buildroot}/%{_libdir}/libkopenafs.so +%endif +%if ! %{build_kernel_modules} +for f in $(cat %{S:98}); do + rm -f %{buildroot}/$f +done +%endif + +# remove all static libraries +find %{buildroot} -type f -name "*.a" -delete + +# remove unused man pages +for x in dlog symlink symlink_list symlink_make symlink_remove; do + rm %{buildroot}/%{_mandir}/man1/${x}.1 +done +for x in rmtsysd xfs_size_check aklog_dynamic_auth; do + rm %{buildroot}/%{_mandir}/man8/${x}.8 +done + +# compress man pages +OLD_PWD=`pwd` +for d in %{buildroot}%{_mandir}/man*; do + cd $d + for f in *; do + if [ -h $f ]; then + mv $f $f.gz + elif [ -f $f ];then + gzip -9 $f + else + echo "Unknown thing to compress : $f" + fi + done +done +cd $OLD_PWD + +# replace duplicates by symlinks +%fdupes -s %{buildroot}/usr + +# +# main + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%post kernel-source +echo To install the kernel-module, do: +echo cd /usr/src/kernel-modules/openafs +echo sh ./build-modules.sh build +echo sh ./build-modules.sh install + +# +# fuse client + +%pre fuse_client +%service_add_pre openafs-fuse-client.service + +%preun fuse_client +%service_del_preun openafs-fuse-client.service + +%post fuse_client +if [ ! -d /afs ]; then + mkdir /afs +fi +%{fillup_only -n openafs-fuse-client} +%service_add_post openafs-fuse-client.service +/sbin/ldconfig + +if [ "x$1" = "x" ]; then + my_operation=0 +else + my_operation=$1 +fi + +if [ $my_operation -gt 1 ]; then + echo Not stopping the possibly running client. + echo You must restart the client to put the upgrade into effect. +else + echo This is the experimental FUSE implementation of the openafs-client + echo Please configure your cell like with the in-kernel openafs-client + echo authentication etc. is not implemented yet in this version. +fi + +%postun fuse_client +%service_del_postun openafs-fuse-client.service +if [ -d /afs ]; then + echo make sure to remove directory /afs if unwanted. +fi +/sbin/ldconfig + +# +# client + +%if %{build_kernel_modules} +%pre client +%service_add_pre openafs-client.service + +%post client +if [ ! -d /afs ]; then + mkdir /afs +fi +/sbin/ldconfig +%{fillup_only -n openafs-client} +%service_add_post openafs-client.service +%if %{have_firewalld} +%firewalld_reload +%endif + +if [ "x$1" = "x" ]; then + my_operation=0 +else + my_operation=$1 +fi +if [ $my_operation -gt 1 ]; then + echo Not stopping the possibly running client. + echo You must restart the client to put the upgrade into effect. +else + echo For configuring the client, please check /etc/sysconfig/openafs-client + echo and/or follow the instructions found on http://www.openafs.org how to install an openafs-client. +fi + +%preun client +%service_del_preun openafs-client.service + +%postun client +if [ -d /afs ]; then + echo make sure to remove directory /afs if unwanted. +fi +/sbin/ldconfig +%service_del_postun openafs-client.service +%endif + +# +# server + +%pre server +%service_add_pre openafs-server.service + +%post server +/sbin/ldconfig +%{fillup_only -n openafs-server} +%service_add_post openafs-server.service + +if [ "$FIRST_ARG" -gt 1 ]; then + # update no new install + echo Not stopping the possibly running services. + echo You must restart the service to put the upgrade into effect. + if [ -d /var/openafs ]; then + echo To upgrade, stop the server, copy the contents of /var/openafs to /var/lib/openafs, + echo remove the empty directory /var/openafs and then start the server again. + fi +else + echo For configuring the server, please check /etc/sysconfig/openafs-server + echo and/or follow the instructions found on http://www.openafs.org to install an openafs-client. +fi + +%preun server +%service_del_preun openafs-server.service + +%postun server +/sbin/ldconfig +%service_del_postun openafs-server.service + +# +# devel + +%post devel + +%postun devel + +# +# authlibs + +%if %{build_authlibs} +%post authlibs + +%postun authlibs +%endif + +# +# FILES +# + +%files +%defattr(-,root,root) +%config /etc/ld.so.conf.d/openafs.conf +%config(noreplace) %{viceetcdir}/CellAlias +%config(noreplace) %{viceetcdir}/CellServDB +%config(noreplace) %{viceetcdir}/ThisCell +%dir %{viceetcdir} +%doc %{_mandir}/man5/afsmonitor.5.gz +%doc %{_mandir}/man1/afs.1.gz +%doc %{_mandir}/man1/afs_compile_et.1.gz +%doc %{_mandir}/man1/afs_scout.1.gz +%doc %{_mandir}/man1/afsmonitor.1.gz +%doc %{_mandir}/man1/cmdebug.1.gz +%doc %{_mandir}/man1/pts.1.gz +%doc %{_mandir}/man1/pts_*.gz +%doc %{_mandir}/man1/restorevol.1.gz +%doc %{_mandir}/man1/rxdebug.1.gz +%doc %{_mandir}/man1/sys.1.gz +%doc %{_mandir}/man1/translate_et.1.gz +%doc %{_mandir}/man1/udebug.1.gz +%doc %{_mandir}/man1/vos.1.gz +%doc %{_mandir}/man1/vos_*gz +%doc %{_mandir}/man1/xstat_cm_test.1.gz +%doc %{_mandir}/man1/xstat_fs_test.1.gz +%doc %{_mandir}/man5/CellAlias.5.gz +%doc %{_mandir}/man5/CellServDB.5.gz +%doc %{_mandir}/man5/NetInfo.5.gz +%doc %{_mandir}/man5/NetRestrict.5.gz +%doc %{_mandir}/man5/ThisCell.5.gz +%doc %{_mandir}/man5/afs.5.gz +%doc %{_mandir}/man5/butc.5.gz +%doc %{_mandir}/man5/butc_logs.5.gz +%doc %{_mandir}/man5/fms.log.5.gz +%doc %{_mandir}/man5/sysid.5.gz +%doc %{_mandir}/man5/uss.5.gz +%doc %{_mandir}/man5/uss_*.5.gz +%doc %{_mandir}/man8/afs_backup.8.gz +%doc %{_mandir}/man8/afs_backup_*.8.gz +%doc %{_mandir}/man8/bos.8.gz +%doc %{_mandir}/man8/bos_[a-t]*.8.gz +%doc %{_mandir}/man8/bos_uninstall.8.gz +%doc %{_mandir}/man8/butc.8.gz +%doc %{_mandir}/man8/fms.8.gz +%doc %{_mandir}/man8/read_tape.8.gz +%doc %{_mandir}/man8/uss.8.gz +%doc %{_mandir}/man8/uss_*.8.gz +%doc %{_mandir}/man8/vsys.8.gz +%doc NEWS README* RELNOTES ChangeLog +%{_bindir}/afs_compile_et +%{_bindir}/afs_scout +%{_bindir}/afsio +%{_bindir}/afsmonitor +%{_bindir}/cmdebug +%{_bindir}/pts +%{_bindir}/restorevol +%{_bindir}/sys +%{_bindir}/translate_et +%{_bindir}/xstat_cm_test +%{_bindir}/xstat_fs_test +%{_libdir}/openafs/libafshcrypto.so.* +%{_libdir}/openafs/librokenafs.so.* +%{_sbindir}/afs_backup +%{_sbindir}/bos +%{_sbindir}/butc +%{_sbindir}/fms +%{_sbindir}/read_tape +%{_sbindir}/rxdebug +%{_sbindir}/udebug +%{_sbindir}/uss +%{_sbindir}/vos +%{_sbindir}/vsys + +%files fuse_client +%defattr(-,root,root) +%{_sbindir}/afsd.fuse +%{_sbindir}/rcopenafs-fuse-client +%config(noreplace) %{viceetcdir}/SuidCells +%config(noreplace) %{viceetcdir}/cacheinfo +%doc %{_mandir}/man8/afsd.fuse.8.gz +%_unitdir/openafs-fuse-client.service +%{_fillupdir}/sysconfig.openafs-fuse-client +%{vicecachedir} + +%if %{build_kernel_modules} +%files client +%defattr(-,root,root) + %{_bindir}/fs + %{_bindir}/aklog + %{_bindir}/klog.krb5 + %{_bindir}/pagsh + %{_bindir}/pagsh.krb + %{_bindir}/tokens + %{_bindir}/tokens.krb + %{_bindir}/unlog + %{_bindir}/up + %{_sbindir}/afsd + %{_sbindir}/fstrace +%doc %{_mandir}/man1/fs.1.gz +%doc %{_mandir}/man1/fs_*.1.gz +%doc %{_mandir}/man1/aklog.1.gz +%doc %{_mandir}/man1/klog.krb5.1.gz +%doc %{_mandir}/man1/pagsh.1.gz +%doc %{_mandir}/man1/pagsh.krb.1.gz +%doc %{_mandir}/man1/tokens.1.gz +%doc %{_mandir}/man1/tokens.krb.1.gz +%doc %{_mandir}/man1/unlog.1.gz +%doc %{_mandir}/man1/up.1.gz +%doc %{_mandir}/man8/afsd.8.gz +%doc %{_mandir}/man8/fstrace.8.gz +%doc %{_mandir}/man8/fstrace_*.8.gz +%_unitdir/openafs-client.service +%doc %{_mandir}/man1/copyauth.1.gz +%doc %{_mandir}/man5/cacheinfo.5.gz +%doc %{_mandir}/man5/afs_cache.5.gz +%dir %{_datadir}/openafs +%dir %{_datadir}/openafs/C +%{_datadir}/openafs/C/afszcm.cat +%doc %{_mandir}/man5/afszcm.cat.5.gz +%config(noreplace) %{viceetcdir}/SuidCells +%config(noreplace) %{viceetcdir}/cacheinfo +%{_sbindir}/rcopenafs-client +%{_fillupdir}/sysconfig.openafs-client +%{vicecachedir} +%if %{have_firewalld} +%dir %{_prefix}/lib/firewalld +%dir %{_prefix}/lib/firewalld/services +%{_prefix}/lib/firewalld/services/afs3-callback.xml +%{_prefix}/lib/firewalld/services/afs3-rmtsys.xml +%endif +%endif + +%files server +%defattr(-,root,root) +%attr(770,root,root) %dir %{afslocaldir} +%attr(775,root,root) %dir %{afslogsdir} +%config %{viceetcdir}/server +%doc %{_mandir}/man5/AuthLog.5.gz +%doc %{_mandir}/man5/AuthLog.dir.5.gz +%doc %{_mandir}/man5/BackupLog.5.gz +%doc %{_mandir}/man5/BosConfig.5.gz +%doc %{_mandir}/man5/BosLog.5.gz +%doc %{_mandir}/man5/FORCESALVAGE.5.gz +%doc %{_mandir}/man5/FileLog.5.gz +%doc %{_mandir}/man5/KeyFile.5.gz +%doc %{_mandir}/man5/KeyFileExt.5.gz +%doc %{_mandir}/man5/NoAuth.5.gz +%doc %{_mandir}/man5/PtLog.5.gz +%doc %{_mandir}/man5/SALVAGE.fs.5.gz +%doc %{_mandir}/man5/SalvageLog.5.gz +%doc %{_mandir}/man5/UserList.5.gz +%doc %{_mandir}/man5/VLLog.5.gz +%doc %{_mandir}/man5/VolserLog.5.gz +%doc %{_mandir}/man5/afs_volume_header.5.gz +%doc %{_mandir}/man5/bdb.DB0.5.gz +%doc %{_mandir}/man5/krb.conf.5.gz +%doc %{_mandir}/man5/krb.excl.5.gz +%doc %{_mandir}/man5/prdb.DB0.5.gz +%doc %{_mandir}/man5/salvage.lock.5.gz +%doc %{_mandir}/man5/tapeconfig.5.gz +%doc %{_mandir}/man5/vldb.DB0.5.gz +%doc %{_mandir}/man8/akeyconvert.8.gz +%doc %{_mandir}/man8/asetkey.8.gz +%doc %{_mandir}/man8/bos_util.8.gz +%doc %{_mandir}/man8/bosserver.8.gz +%doc %{_mandir}/man8/buserver.8.gz +%doc %{_mandir}/man8/dafileserver.8.gz +%doc %{_mandir}/man8/dafssync-debug.8.gz +%doc %{_mandir}/man8/dafssync-debug_*.8.gz +%doc %{_mandir}/man8/dasalvager.8.gz +%doc %{_mandir}/man8/davolserver.8.gz +%doc %{_mandir}/man8/fileserver.8.gz +%doc %{_mandir}/man8/fssync-debug.8.gz +%doc %{_mandir}/man8/fssync-debug_*.8.gz +%doc %{_mandir}/man8/prdb_check.8.gz +%doc %{_mandir}/man8/pt_util.8.gz +%doc %{_mandir}/man8/ptserver.8.gz +%doc %{_mandir}/man8/salvager.8.gz +%doc %{_mandir}/man8/salvageserver.8.gz +%doc %{_mandir}/man8/state_analyzer.8.gz +%doc %{_mandir}/man8/upclient.8.gz +%doc %{_mandir}/man8/upserver.8.gz +%doc %{_mandir}/man8/vldb_check.8.gz +%doc %{_mandir}/man8/vldb_convert.8.gz +%doc %{_mandir}/man8/vlserver.8.gz +%doc %{_mandir}/man8/voldump.8.gz +%doc %{_mandir}/man8/volinfo.8.gz +%doc %{_mandir}/man8/volscan.8.gz +%doc %{_mandir}/man8/volserver.8.gz +%dir %{_libexecdir}/openafs +%{_libexecdir}/openafs/buserver +%{_libexecdir}/openafs/dafileserver +%{_libexecdir}/openafs/dasalvager +%{_libexecdir}/openafs/davolserver +%{_libexecdir}/openafs/fileserver +%{_libexecdir}/openafs/ptserver +%{_libexecdir}/openafs/salvager +%{_libexecdir}/openafs/salvageserver +%{_libexecdir}/openafs/upclient +%{_libexecdir}/openafs/upserver +%{_libexecdir}/openafs/vlserver +%{_libexecdir}/openafs/volserver +%{_sbindir}/asetkey +%{_sbindir}/akeyconvert +%{_sbindir}/bos_util +%{_sbindir}/bosserver +%{_sbindir}/dafssync-debug +%{_sbindir}/fssync-debug +%{_sbindir}/prdb_check +%{_sbindir}/pt_util +%{_sbindir}/salvsync-debug +%{_sbindir}/state_analyzer +%{_sbindir}/vldb_check +%{_sbindir}/vldb_convert +%{_sbindir}/voldump +%{_sbindir}/volinfo +%{_sbindir}/volscan +%_unitdir/openafs-server.service +%{_sbindir}/rcopenafs-server +/%{_fillupdir}/sysconfig.openafs-server +%if %{have_firewalld} +%dir %{_prefix}/lib/firewalld +%dir %{_prefix}/lib/firewalld/services +%{_prefix}/lib/firewalld/services/afs3-bos.xml +%{_prefix}/lib/firewalld/services/afs3-fileserver.xml +%{_prefix}/lib/firewalld/services/afs3-prserver.xml +%{_prefix}/lib/firewalld/services/afs3-update.xml +%{_prefix}/lib/firewalld/services/afs3-vlserver.xml +%{_prefix}/lib/firewalld/services/afs3-volser.xml +%endif + +%files devel +%defattr(-,root,root) +%dir %{_libdir}/openafs +%doc %{_mandir}/man1/livesys.1.gz +%doc %{_mandir}/man1/rxgen.1.gz +%doc %{_mandir}/man3/AFS::ukernel.3.gz +%{_bindir}/livesys +%{_bindir}/rxgen +%{_includedir}/openafs/ +%{_libdir}/openafs/libafshcrypto.so +%{_libdir}/openafs/librokenafs.so +%{perl_vendorarch}/ukernel.so +%dir %{perl_vendorlib}/AFS +%{perl_vendorlib}/AFS/ukernel.pm + +%files kernel-source +%defattr(-,root,root) +%dir /usr/src/kernel-modules +%dir /usr/src/kernel-modules/openafs +/usr/src/kernel-modules/openafs/* + +%if %{build_authlibs} +%files authlibs +%defattr(-,root,root) +%{_libdir}/openafs/libafsauthent.so.* +%{_libdir}/openafs/libafsrpc.so.* +%{_libdir}/openafs/libkopenafs.so.* + +%files authlibs-devel +%defattr(-,root,root) +%{_libdir}/openafs/libafsauthent.so +%{_libdir}/openafs/libafsrpc.so +%{_libdir}/openafs/libkopenafs.so +%endif + +# +# CHANGELOG +# + +%changelog diff --git a/preamble b/preamble new file mode 100644 index 0000000..e9bfbf7 --- /dev/null +++ b/preamble @@ -0,0 +1,3 @@ +Requires: kernel-%1 +Requires: %{name}-client = %{version} +Conflicts: %{name}-fuse-client = %{version} diff --git a/sysconfig.openafs-client b/sysconfig.openafs-client new file mode 100644 index 0000000..06ff3d3 --- /dev/null +++ b/sysconfig.openafs-client @@ -0,0 +1,17 @@ +# +# startup options for the openAFS client. +# see man afsd for details + +AFSD_ARGS="-fakestat -memcache -blocks 102400 -dynroot -afsdb" + +# +# sysname to set after startup +# leave empty for default setting. + +SYSNAME="" + +# +# switch for encryption to be set after startup +# must be one of "on" or "off" + +CRYPT="on" diff --git a/sysconfig.openafs-fuse-client b/sysconfig.openafs-fuse-client new file mode 100644 index 0000000..761671b --- /dev/null +++ b/sysconfig.openafs-fuse-client @@ -0,0 +1,17 @@ +# +# startup options for the openAFS FUSE client. +# see man afsd for details + +AFSD_ARGS="-fakestat -memcache -blocks 102400 -dynroot -afsdb" + +# +# sysname to set after startup +# leave empty for default setting. + +SYSNAME="" + +# +# switch for encryption to be set after startup +# must be one of "on" or "off" + +CRYPT="on" diff --git a/sysconfig.openafs-server b/sysconfig.openafs-server new file mode 100644 index 0000000..025e6c8 --- /dev/null +++ b/sysconfig.openafs-server @@ -0,0 +1,4 @@ +## Path: Network/File systems/AFS server +## Description: AFS server configuration, default mode + +# all is set in /etc/openafs/BosConfig