commit f555479f0c138829b9aa88ff8feea439a14d54ceb59f80f14004cadf5587f95e Author: Christof Hanke Date: Mon Dec 23 08:16:22 2024 +0000 - update to latest git branch stable-1_8_x, required to support kernel 6.12 OBS-URL: https://build.opensuse.org/package/show/filesystems/openafs?expand=0&rev=131 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/03b280649f5e22ed74c217d7c98c3416a2fa9052 b/03b280649f5e22ed74c217d7c98c3416a2fa9052 new file mode 100644 index 0000000..0ade45a --- /dev/null +++ b/03b280649f5e22ed74c217d7c98c3416a2fa9052 @@ -0,0 +1,111 @@ +commit 03b280649f5e22ed74c217d7c98c3416a2fa9052 +Author: Cheyenne Wills +Date: Wed Jun 12 13:56:44 2024 -0600 + + Linux-6.10: remove includes for asm/ia32_unistd.h + + The Linux 6.10 commit: + "x86/syscall/compat: Remove ia32_unistd.h" (e2d168328e) + + Removed the header ia32_unistd.h since it was just a wrapper for the + unistd_32_ia32.h. + + The commit: + "linux-afs-translator-xen-20060731" (29dd792381) + added an ia32_unistd.h include to several files; all were not needed + (as they didn't reference any of the contents from the header file, e.g + _NR_ia32_*). + + The commit: + "amd64-hook-ia32-table-20030519" (831e172463) + added an include for ia32_unistd.h to osi_module.c. + + A later commit: + "osi-probe-syscall-20050129" (f126dbdbe2) + removed many of the references to defines from ia32_unistd.h, but did + not remove the include for the header. + + Currently the only remaining files (linux-kernel-syscall-probe.m4, + LINUX/osi_probe.c and LINUX/osi_syscall.c) continue to reference the + items from ia32_unistd.h, but only when building older kernels that + either don't have LINUX_KEYRING_SUPPORT or when + ENABLE_LINUX_SYSCALL_PROBING is enabled (in both cases, these are only + applicable for older kernels where the asm/ia32_unistd.h file would be + present). + + For the files that don't have references (i.e. _NR_ia32_*), we can + simply remove the include for asm/ia32_unistd.h. For the remaining set + of files, we can leave the include for asm/ia32_unistd.h since the code + already has preprocessor conditionals so it's only included for older + Linux kernels where the header file will be present. + + We noted above, the include for asm/ia32_unistd.h is already conditional + on the checks for LINUX_KEYRING_SUPPORT and ENABLE_LINUX_SYSCALL_PROBING + so we do not need to add any additional configure checks. + + Change-Id: I901b5c0f0ff86272b02f898f3951325533d22f4f + Reviewed-on: https://gerrit.openafs.org/15763 + Reviewed-by: Michael Meffie + Tested-by: BuildBot + Reviewed-by: Andrew Deason + +diff --git a/src/afs/LINUX/osi_ioctl.c b/src/afs/LINUX/osi_ioctl.c +index 3e797745c..d964d8103 100644 +--- a/src/afs/LINUX/osi_ioctl.c ++++ b/src/afs/LINUX/osi_ioctl.c +@@ -21,10 +21,6 @@ + #include /* For syscall numbers. */ + #include + +-#ifdef AFS_AMD64_LINUX_ENV +-#include +-#endif +- + #include + #include + #include +diff --git a/src/afs/LINUX/osi_module.c b/src/afs/LINUX/osi_module.c +index 8ace127f4..499810cc6 100644 +--- a/src/afs/LINUX/osi_module.c ++++ b/src/afs/LINUX/osi_module.c +@@ -21,10 +21,6 @@ + #include /* For syscall numbers. */ + #include + +-#ifdef AFS_AMD64_LINUX_ENV +-#include +-#endif +- + #include + #include + #include +diff --git a/src/afs/LINUX/osi_pag_module.c b/src/afs/LINUX/osi_pag_module.c +index ea3d1bd2c..346108489 100644 +--- a/src/afs/LINUX/osi_pag_module.c ++++ b/src/afs/LINUX/osi_pag_module.c +@@ -20,10 +20,6 @@ + #include /* For syscall numbers. */ + #include + +-#ifdef AFS_AMD64_LINUX_ENV +-#include +-#endif +- + #include + #include + #include +diff --git a/src/afs/LINUX/osi_proc.c b/src/afs/LINUX/osi_proc.c +index 9c5a080f0..ad7c695b9 100644 +--- a/src/afs/LINUX/osi_proc.c ++++ b/src/afs/LINUX/osi_proc.c +@@ -25,10 +25,6 @@ + #include /* For syscall numbers. */ + #include + +-#ifdef AFS_AMD64_LINUX_ENV +-# include +-#endif +- + #include + #include + #include diff --git a/0f6a3a402f4a66114da9231032bd68cdc4dee7bc b/0f6a3a402f4a66114da9231032bd68cdc4dee7bc new file mode 100644 index 0000000..cf55c23 --- /dev/null +++ b/0f6a3a402f4a66114da9231032bd68cdc4dee7bc @@ -0,0 +1,96 @@ +commit 0f6a3a402f4a66114da9231032bd68cdc4dee7bc +Author: Cheyenne Wills +Date: Wed Jun 12 14:13:59 2024 -0600 + + Linux-6.10: Use filemap_alloc_folio when avail + + The Linux 6.10 commit: + "mm: remove page_cache_alloc()" (3f2ae4ebd5) + removed the page_cache_alloc(), with a note that callers would be using + filemap_alloc_folio instead. + + The function filemap_alloc_folio() was introduced in Linux 5.15 commit: + "mm/filemap: Add filemap_alloc_folio" (bb3c579e25) + + Add a configure check for filemap_alloc_folio and update the function + afs_linux_read_cache() to use a wrapper that calls filemap_alloc_folio() + if available otherwise calls page_cache_alloc(). + + Minor whitespace/style cleanup + + Note: The function filemap_alloc_folio() was introduced in Linux 5.15, + so this change affects builds using the Linux kernel 5.15 and later. + + Change-Id: Ia17aefc38fe9787e54b315c864da726d610b8bb9 + Reviewed-on: https://gerrit.openafs.org/15764 + Tested-by: BuildBot + Reviewed-by: Andrew Deason + Reviewed-by: Michael Meffie + +diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c +index 511b0838f..18809c89f 100644 +--- a/src/afs/LINUX/osi_vnodeops.c ++++ b/src/afs/LINUX/osi_vnodeops.c +@@ -2320,6 +2320,24 @@ mapping_read_page(struct address_space *mapping, struct page *page) + #endif + } + ++/* ++ * small compat wrapper for filemap_alloc_folio/page_cache_alloc ++ */ ++static struct page * ++afs_page_cache_alloc(struct address_space *cachemapping) ++{ ++#if defined(HAVE_LINUX_FILEMAP_ALLOC_FOLIO) ++ struct folio *folio; ++ folio = filemap_alloc_folio(mapping_gfp_mask(cachemapping), 0); ++ if (folio == NULL) { ++ return NULL; ++ } ++ return &folio->page; ++#else ++ return page_cache_alloc(cachemapping); ++#endif ++} ++ + /* Populate a page by filling it from the cache file pointed at by cachefp + * (which contains indicated chunk) + * If task is NULL, the page copy occurs syncronously, and the routine +@@ -2358,11 +2376,12 @@ afs_linux_read_cache(struct file *cachefp, struct page *page, + pageindex = (offset - AFS_CHUNKTOBASE(chunk)) >> PAGE_SHIFT; + + while (cachepage == NULL) { +- cachepage = find_get_page(cachemapping, pageindex); ++ cachepage = find_get_page(cachemapping, pageindex); + if (!cachepage) { +- if (!newpage) +- newpage = page_cache_alloc(cachemapping); +- if (!newpage) { ++ if (newpage == NULL) { ++ newpage = afs_page_cache_alloc(cachemapping); ++ } ++ if (newpage == NULL) { + code = -ENOMEM; + goto out; + } +diff --git a/src/cf/linux-kernel-func.m4 b/src/cf/linux-kernel-func.m4 +index 93f96f5ad..83ea354b0 100644 +--- a/src/cf/linux-kernel-func.m4 ++++ b/src/cf/linux-kernel-func.m4 +@@ -253,6 +253,16 @@ AC_CHECK_LINUX_FUNC([no_strlcpy], + size_t s; + s = strlcpy(buff);]]) + ++dnl Linux 5.15 introduced filemap_alloc_folio() as a replacement for ++dnl page_cache_alloc(). page_cache_alloc() was updated to become just a ++dnl wrapper for filemap_alloc_folio(). ++dnl Linux 6.10 removed page_cache_alloc(). ++AC_CHECK_LINUX_FUNC([filemap_alloc_folio], ++ [#include ++ #include ], ++ [[static struct folio *folio; ++ folio = filemap_alloc_folio(0, 0);]]) ++ + dnl Consequences - things which get set as a result of the + dnl above tests + AS_IF([test "x$ac_cv_linux_func_d_alloc_anon" = "xno"], diff --git a/658942f2791fad5e33ec7542158c16dfc66eed39 b/658942f2791fad5e33ec7542158c16dfc66eed39 new file mode 100644 index 0000000..0753ecc --- /dev/null +++ b/658942f2791fad5e33ec7542158c16dfc66eed39 @@ -0,0 +1,66 @@ +commit 658942f2791fad5e33ec7542158c16dfc66eed39 +Author: Cheyenne Wills +Date: Wed Jun 12 14:16:43 2024 -0600 + + Linux-6.10: define a wrapper for vmalloc + + The Linux 6.10 commit: + "mm: vmalloc: enable memory allocation profiling" (88ae5fb755) + changed vmalloc from a function to a wrapper macro. + + This change results in build errors: + "error: implicit declaration of function ‘vmalloc’; did you mean + ‘kmalloc’? [-Werror=implicit-function-declaration]" + + when vmalloc is passed as a parameter to the afs_atomlist_create() and + afs_lhash_create() functions. + + Add a little wrapper function around vmalloc() to use for the parameter + to afs_atomlist_create() and afs_lhash_create(). + + Note: A configure test was not needed for this change since the name + and functionality of Linux's vmalloc did not change. + + Change-Id: I69c1da9eea5d1de11c1628bbcef427f81f5c01e1 + Reviewed-on: https://gerrit.openafs.org/15765 + Tested-by: BuildBot + Reviewed-by: Andrew Deason + Reviewed-by: Michael Meffie + +diff --git a/src/afs/LINUX/osi_alloc.c b/src/afs/LINUX/osi_alloc.c +index 86cd0e571..7c4b4a1ca 100644 +--- a/src/afs/LINUX/osi_alloc.c ++++ b/src/afs/LINUX/osi_alloc.c +@@ -196,6 +196,15 @@ local_free(void *p, size_t n) + vfree(p); + } + ++/* ++ * wrapper for vmalloc(), since vmalloc() may be a macro ++ */ ++static void * ++local_vmalloc(size_t size) ++{ ++ return vmalloc(size); ++} ++ + /* linux_alloc_init(): Initializes the kernel memory allocator. As part + * of this process, it also initializes a pool of osi_linux_mem + * structures as well as the hash table itself. +@@ -209,14 +218,14 @@ linux_alloc_init(void) + /* initiate our pool of osi_linux_mem structs */ + al_mem_pool = + afs_atomlist_create(sizeof(struct osi_linux_mem), sizeof(long) * 1024, +- (void *)vmalloc, local_free); ++ local_vmalloc, local_free); + if (!al_mem_pool) { + printf("afs_osi_Alloc: Error in initialization(atomlist_create)\n"); + return 0; + } + + /* initialize the hash table to hold references to alloc'ed chunks */ +- lh_mem_htab = afs_lhash_create(hash_equal, (void *)vmalloc, local_free); ++ lh_mem_htab = afs_lhash_create(hash_equal, local_vmalloc, local_free); + if (!lh_mem_htab) { + printf("afs_osi_Alloc: Error in initialization(lhash_create)\n"); + return 0; diff --git a/7097eec17bc01bcfc12c4d299136b2d3b94ec3d7 b/7097eec17bc01bcfc12c4d299136b2d3b94ec3d7 new file mode 100644 index 0000000..85b61e0 --- /dev/null +++ b/7097eec17bc01bcfc12c4d299136b2d3b94ec3d7 @@ -0,0 +1,51 @@ +commit 7097eec17bc01bcfc12c4d299136b2d3b94ec3d7 +Author: Cheyenne Wills +Date: Thu Jun 6 10:42:57 2024 -0600 + + Linux 6.10: Move 'inline' before func return type + + With Linux 6.10 commit: + "kbuild: turn on -Wextra by default" (f5982cceb3) + there are additional compiler warnings that can turn + into build errors when --enable-checking is used. + + "error: ‘inline’ is not at beginning of declaration + [-Werror=old-style-declaration]" + + The error is due to the return type preceding the "inline" keyword + in function declarations. + + Fix the declarations for file_can_read_pages() and + afs_linux_readpage_fastpath() to have the proper ordering of the + static/inline keywords attributes so they precede the return type. + + Just a note that the `static` and `inline` keywords must precede a + function's return type. + + Change-Id: I3ff9d45c119e70a90faf18fbf6d49fb6b9adcf33 + Reviewed-on: https://gerrit.openafs.org/15768 + Reviewed-by: Andrew Deason + Tested-by: Andrew Deason + +diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c +index 18809c89f..c6c3bfe39 100644 +--- a/src/afs/LINUX/osi_vnodeops.c ++++ b/src/afs/LINUX/osi_vnodeops.c +@@ -2443,7 +2443,7 @@ afs_linux_read_cache(struct file *cachefp, struct page *page, + /* + * Return true if the file has a mapping that can read pages + */ +-static int inline ++static inline int + file_can_read_pages(struct file *fp) + { + #if defined(STRUCT_ADDRESS_SPACE_OPERATIONS_HAS_READ_FOLIO) +@@ -2456,7 +2456,7 @@ file_can_read_pages(struct file *fp) + return 0; + } + +-static int inline ++static inline int + afs_linux_readpage_fastpath(struct file *fp, struct page *pp, int *codep) + { + loff_t offset = page_offset(pp); diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..59dbb7d --- /dev/null +++ b/ChangeLog @@ -0,0 +1,956 @@ +commit b151451269ec41b5723484596e7dd40f9ab8824a (HEAD -> openafs-stable-1_8_x, origin/openafs-stable-1_8_x) +Author: Andrew Deason +Date: Tue Nov 12 20:29:24 2024 -0600 + + ptserver: Add xdr_namelist to liboafs_prot.la.sym + + Commit 1f5e1ef9e3 (OPENAFS-SA-2024-003: Run xdr_free for retried RPCs) + added a couple of references to xdr_namelist, which currently causes a + build failure on AIX: + + /bin/sh ../../libtool --quiet --mode=link --tag=CC xlc_r [...] -o pts pts.o ../../src/ptserver/liboafs_prot.la [...] + ld: 0711-317 ERROR: Undefined symbol: xdr_namelist + ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information. + make: 1254-004 The error code from the last command is 8. + + To avoid this, add xdr_namelist to liboafs_prot.la.sym. + + Reviewed-on: https://gerrit.openafs.org/15954 + Reviewed-by: Mark Vitale + Tested-by: BuildBot + Reviewed-by: Cheyenne Wills + Reviewed-by: Michael Meffie + (cherry picked from commit 4f82b5bd49a3c83c990d64d06cb6389969826208) + + Change-Id: I8a7272d1b94bd02295ef63b70a4247a4cf6e70f6 + Reviewed-on: https://gerrit.openafs.org/15955 + Tested-by: BuildBot + Reviewed-by: Andrew Deason + Reviewed-by: Cheyenne Wills + Reviewed-by: Mark Vitale + Reviewed-by: Michael Meffie + Reviewed-by: Benjamin Kaduk + +commit c1beae2622fe6fbdda2353a7da2090fc23595617 +Author: Benjamin Kaduk +Date: Fri Nov 8 14:03:53 2024 -0800 + + Make OpenAFS 1.8.13 + + Update version strings for the 1.8.13 release. + + Change-Id: Ic7f75226f3ba0f51f17c8e123c8cdbdab3ff6c7f + Reviewed-on: https://gerrit.openafs.org/15949 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 7ad61adb706bd53be287f8620ac67720434b3c24 +Author: Benjamin Kaduk +Date: Fri Nov 8 13:57:28 2024 -0800 + + Update NEWS for OpenAFS 1.8.13 + + Change-Id: I8e25f6d4719f403b07a8faad733d858a8872620f + Reviewed-on: https://gerrit.openafs.org/15948 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 37e585f0841803cdf3a1f99770034890ba162d7c +Author: Andrew Deason +Date: Thu Oct 15 21:07:17 2020 -0500 + + OPENAFS-SA-2024-003: xdr: Initialize memory for INOUT args + + CVE-2024-10397 + + Currently, there are a few callers of RPCs that specify some data for + an INOUT parameter, but do not initialize the memory for that data. + This can result in the uninitialized memory being sent to the peer + when the argument is processed as an IN argument. Simply clear the + relevant data before running the RPC to avoid this. + + The relevant RPCs and arguments are: + + - For RMTSYS_Pioctl, the 'OutData' argument. + + - For BUDB_GetVolumes, the 'volumes' argument. + -- via DBLookupByVolume -> bcdb_LookupVolume -> ubik_BUDB_GetVolumes + -- and via bc_Restorer -> bcdb_FindVolumes -> ubik_BUDB_GetVolumes + + - For KAA_Authenticate_old / KAA_Authenticate, this can happen with + the 'answer' argument in ka_Authenticate if KAA_AuthenticateV2 or + KAA_Authenticate return RXGEN_OPCODE, but the server manages to + populate oanswer.SeqLen with non-zero. + + For all of these, make sure the memory is blanked before running the + relevant RPC. For ka_Authenticate, reset oanswer.SeqLen to 0 to avoid + sending any data, but still blank 'answer' and 'answer_old' just to be + safe. + + FIXES 135043 + + Reviewed-on: https://gerrit.openafs.org/15925 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit c4e28c2afe743aa323be57ef3b0faec13027e678) + + Change-Id: If44320c1efde98c53eed88099cd978ef89f4c0d8 + Reviewed-on: https://gerrit.openafs.org/15947 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 4871f8ad2775e97bb85ff7efc33a4ad8d3f6d9d1 +Author: Andrew Deason +Date: Fri Oct 16 10:55:15 2020 -0500 + + OPENAFS-SA-2024-003: sys: Don't over-copy RMTSYS_Pioctl output data + + CVE-2024-10397 + + Here, 'OutData' only has OutData.rmtbulk_len bytes in it. We know that + OutData.rmtbulk_len is at most data->out_size, but it could be + smaller. So, only copy OutData.rmtbulk_len bytes, not data->out_size, + since data->out_size could be more than the number of bytes we have + allocated in OutData. + + FIXES 135043 + + Reviewed-on: https://gerrit.openafs.org/15924 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit f31a79d749abc8e64a8d9ac748bb2b5457875099) + + Change-Id: Ic05751d05c7c8862770188131110cc602c9b93b7 + Reviewed-on: https://gerrit.openafs.org/15946 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 25ad3931d5c03ead625a96e6b626febeb3e20453 +Author: Andrew Deason +Date: Fri Oct 16 10:52:03 2020 -0500 + + OPENAFS-SA-2024-003: Run xdr_free for retried RPCs + + CVE-2024-10397 + + A few areas of code retry the same RPC, like so: + + do { + code = VL_SomeRPC(rxconn, &array_out); + } while (some_condition); + xdr_free((xdrproc_t) xdr_foo, &array_out); + + Or try a different version/variant of an RPC (e.g. + VLDB_ListAttributesN2 -> VLDB_ListAttributes). + + If the first RPC call causes the output array to be allocated with + length N, then the subsequent RPC calls may fail if the server + responds with an array larger than N. + + Furthermore, if the subsequent call responds with an array smaller + than N, then when we xdr_free the array, our length will be smaller + than the actual number of allocated elements. That results in two + potential issues: + + - We'll fail to free the elements at the end of the array. This is + only a problem if each element in the array also uses + dynamically-allocated memory (e.g. each element contains a string or + another array). Fortunately, there are only a few such structures in + any of our RPC-L definitions: SysNameList and CredInfos. And neither + of those are used in such a retry loop, so this isn't a problem. + + - We'll give the wrong length to osi_free when freeing the array + itself. This only matters for KERNEL, and only on some platforms + (such as Solaris), since the length given to osi_free is ignored + everywhere else. + + To avoid these possible issues, change the relevant retry loops to + free our xdr-allocated arrays on every iteration of the loop, like + this: + + do { + xdr_free((xdrproc_t) xdr_foo, &array_out); + code = VL_SomeRPC(rxconn, &array_out); + } while (some_condition); + xdr_free((xdrproc_t) xdr_foo, &array_out); + + Or like this: + + do { + code = VL_SomeRPC(rxconn, &array_out); + xdr_free((xdrproc_t) xdr_foo, &array_out); + } while (some_condition); + + FIXES 135043 + + Reviewed-on: https://gerrit.openafs.org/15923 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 1f5e1ef9e35f6b5e8693c91199c976d5e030c0d0) + + Change-Id: I77ce3a904d502784cbf356e113972dfab838256e + Reviewed-on: https://gerrit.openafs.org/15945 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit a82212ab20f0635a40c52648a52a1e9eaccc4937 +Author: Andrew Deason +Date: Thu Oct 15 20:30:14 2020 -0500 + + OPENAFS-SA-2024-003: xdr: Ensure correct string length in xdr_string + + CVE-2024-10397 + + Currently, if a caller calls an RPC with a string output argument, + like so: + + { + char *str = NULL; + code = RXAFS_SomeCall(&str); + /* do something with 'str' */ + xdr_free((xdrproc_t) xdr_string, &str); + } + + Normally, xdr_free causes xdr_string to call osi_free, specifying the + same size that we allocated for the string. However, since we only + have a char*, the amount of space allocated for the string is not + recorded separately, and so xdr_string calculates the size of the + buffer to free by using strlen(). + + This works for well-formed strings, but if we fail to decode the + payload of the string, or if our peer gave us a string with a NUL byte + in the middle of it, then strlen() may be significantly less than the + actual allocated size. And so in this case, the size given to osi_free + will be wrong. + + The size given to osi_free is ignored in userspace, and for KERNEL on + many platforms like Linux and DARWIN. However, it is notably not + ignored for KERNEL on Solaris and some other less supported platforms + (HPUX, Irix, NetBSD). At least on Solaris, an incorrect size given to + osi_free can cause a system panic or possibly memory corruption. + + To avoid this, change xdr_string during XDR_DECODE to make sure that + strlen() of the string always reflects the allocated size. If we fail + to decode the string's payload, replace the payload with non-NUL bytes + (fill it with 'z', an arbitrary choice). And if we do successfully + decode the payload, check if the strlen() is wrong (that is, if the + payload contains NUL '\0' bytes), and fail if so, also filling the + payload with 'z'. This is only strictly needed in KERNEL on certain + platforms, but do it everywhere so our behavior is consistent. + + FIXES 135043 + + Reviewed-on: https://gerrit.openafs.org/15922 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 7d0675e6c6a2f3200a3884fbe46b3ef8ef9ffd24) + + Change-Id: Ieb8827474a7458ce80176b14ce87f3402aed7a86 + Reviewed-on: https://gerrit.openafs.org/15944 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 0ff2cd9e0f5656e8327c5fe47935998de3669678 +Author: Andrew Deason +Date: Thu Oct 15 23:18:53 2020 -0500 + + OPENAFS-SA-2024-003: Check sanity on lengths of RPC returned arrays + + CVE-2024-10397 + + Various RPCs return a variable-length array in an OUT argument, but + are only supposed to return specific sizes. A few instances of this + include the following (but this is not an exhaustive list): + + - AFSVolListOneVolume should only return a single volintInfo. + + - PR_NameToID should return the same number of IDs as names given. + + - VL_GetAddrsU should return the same number of addresses as the + 'nentries' OUT argument. + + Some callers of these RPCs just assume that the server has not + violated these rules. If the server responds with a nonsensical array + size, this could cause us to read beyond the end of the array, or + cause a NULL dereference or other errors. + + For example, some callers of VL_GetAddrsU will iterate over 'nentries' + addresses, even if the 'blkaddrs' OUT argument contains fewer entries. + Or with AFSVolListOneVolume, some callers assume that at least 1 + volintInfo has been returned; if 0 have been returned, we can try to + access a NULL array. + + To avoid all of this, add various sanity checks on the relevant + returned lengths of these RPCs. For most cases, if the lengths are not + sane, return an internal error from the appropriate subsystem (or + RXGEN_CC_UNMARSHAL if there isn't one). For VL_GetAddrsU, if + 'nentries' is too long, just set it to the length of the returned + array. + + FIXES 135043 + + Reviewed-on: https://gerrit.openafs.org/15921 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit c732715e4ee78ed1e2414c813ae5a4b3574107a0) + + Change-Id: I2cfc0723f4c3a2692238fa1e59145aceee17e0d6 + Reviewed-on: https://gerrit.openafs.org/15943 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit d253a52d3b59bd691eae8863ea2f06d99ad18550 +Author: Andrew Deason +Date: Sun Oct 4 23:04:06 2020 -0500 + + OPENAFS-SA-2024-003: xdr: Prevent XDR_DECODE buffer overruns + + CVE-2024-10397 + + When making an RPC call from a client, output arguments that use + arrays (or array-like objects like strings and opaques) can be + allocated by XDR, like so: + + { + struct idlist ids; + + ids.idlist_val = NULL; + ids.idlist_len = 0; + code = PR_NameToID(rxconn, names, &ids); + /* data inside ids.idlist_val[...] */ + xdr_free((xdrproc_t) xdr_idlist, &ids); + } + + With this approach, during XDR_DECODE, xdr_array() reads in the number + of array elements from the peer, then allocates enough memory to hold + that many elements, and then reads in the array elements. + + Alternatively, the caller can provide preallocated memory, like so: + + { + struct idlist ids; + afs_int32 ids_buf[30]; + + ids.idlist_val = ids_buf; + ids.idlist_len = 30; + code = PR_NameToID(rxconn, names, &ids); + /* data inside ids.idlist_val[...] */ + } + + With this approach, during XDR_DECODE, xdr_array() reads in the number + of array elements from the peer, and then reads in the array elements + into the supplied buffer. However, in this case, xdr_array() never + checks that the number of array elements will actually fit into the + supplied buffer; the _len field provided by the caller is just ignored. + In this example, if the ptserver responds with 50 elements for the 'ids' + output argument, xdr_array() will write 50 afs_int32's into + 'ids.idlist_val', going beyond the end of the 30 elements that are + actually allocated. + + It's also possible, and in fact very easy, to use xdr-allocated + buffers and then reuse them as a preallocated buffer, possibly + accidentally. For example: + + { + struct idlist ids; + + ids.idlist_val = NULL; + ids.idlist_len = 0; + while (some_condition) { + code = PR_NameToID(rxconn, names, &ids); + } + } + + In this case, the first call to PR_NameToID can cause the buffer for + 'ids' to be allocated by XDR, which will then be reused by the + subsequent calls to PR_NameToId. Note that this can happen even if the + first PR_NameToID call fails; the call can be aborted after the output + array is allocated. + + Retrying an RPC in this way is effectively what all ubik_Call* + codepaths do (including all ubik_* wrappers, e.g. ubik_PR_NameToID). + Or some callers retry effectively the same RPC when falling back to + earlier versions (e.g. VL_ListAttributesN2 -> VL_ListAttributesN). + + To prevent this for arrays and opaques, change xdr_array (and + xdr_bytes) to check if the _len field for preallocated buffers is + large enough, and return failure if it's not. + + Also perform the same check for the ka_CBS and ka_BBS structures. These + are mostly the same as opaques, but they have custom serialization + functions in src/kauth/kaaux.c. ka_BBS also has two lengths: the actual + length of bytes, and a 'max' length. ka_CBS isn't used for any RPC + output arguments, but fix it for consistency. + + For strings, the situation is complicated by the fact that callers + cannot pass in how much space was allocated for the string, since + callers only provide a char**. So for strings, just refuse to use a + preallocated buffer at all, and return failure if one is provided. + + Note that for some callers using preallocated arrays or strings, the + described buffer overruns are not possible, since the preallocated + buffers are larger than the max length specified in the relevant + RPC-L. For example, afs_DoBulkStat() allocates AFSCBMAX entries for + the output args for RXAFS_InlineBulkStatus, which is the max length + specified in the RPC-L, so a buffer overrun is impossible. But since + it is so easy to allow a buffer overrun, enforce the length checks for + everyone. + + FIXES 135043 + + Reviewed-on: https://gerrit.openafs.org/15920 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 13413eceed80d106cbed5ffb91c4dfbc8cccf55c) + + Change-Id: I1010d2fa309d4a441ebaf285168c2e7e887753b9 + Reviewed-on: https://gerrit.openafs.org/15942 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit c18640c6b98b10cd6f78c63195ff822689cb5348 +Author: Andrew Deason +Date: Thu Jun 13 15:30:50 2024 -0500 + + OPENAFS-SA-2024-003: xdr: Set _len for prealloc'd opaque/array OUT args + + CVE-2024-10397 + + Currently, a few RPCs with arrays or opaque OUT arguments are called + with preallocated memory for the arg, but also provide a _len of 0 (or + an uninitialized _len). This makes it impossible for the xdr routine to + tell whether we have allocated enough space to actually hold the + response from the server. + + To help this situation, either specify an appropriate _len for the + preallocated value (cm_IoctlGetACL, fsprobe_LWP), or don't provide a + preallocated buffer at all and let xdr allocate a buffer for us + (PGetAcl). + + Note that this commit doesn't change xdr to actually check the value of + the given _len; but now a future commit can do so without breaking + callers. + + FIXES 135043 + + Reviewed-on: https://gerrit.openafs.org/15919 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit b2b1110ddd9e19670dbc6a3217dc2a74af432f82) + + Change-Id: Ibdee49b79da1476c4e606bcad5fb3d08eb259ad7 + Reviewed-on: https://gerrit.openafs.org/15941 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 40440c3eb628ff1772588bdc99d7496292097bbd +Author: Andrew Deason +Date: Thu Jun 13 15:28:38 2024 -0500 + + OPENAFS-SA-2024-003: xdr: Avoid prealloc'd string OUT args + + CVE-2024-10397 + + Currently, several callers call RPCs with string OUT arguments, and + provide preallocated memory for those arguments. This can easily allow a + response from the server to overrun the allocated buffer, stomping over + stack or heap memory. + + We could simply make our preallocated buffers larger than the maximum + size that the RPC allows, but relying on that is error prone, and + there's no way for XDR to check if a string buffer is large enough. + + Instead, to make sure we don't overrun a given preallocated buffer, + avoid giving a preallocated buffer to such RPCs, and let XDR allocate + the memory for us. + + Specifically, this commit changes several callers to + RXAFS_GetVolumeStatus(), and one caller of BOZO_GetInstanceParm(), to + avoid passing in a preallocated string buffer. + + All other callers of RPCs with string OUT args already let XDR allocate + the buffers for them. + + FIXES 135043 + + Reviewed-on: https://gerrit.openafs.org/15918 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 00a1b266af51a828a022c23e7bb006a39740eaad) + + Change-Id: Ib174d008eaf1fd10d42702bcdb607e45b26acf58 + Reviewed-on: https://gerrit.openafs.org/15940 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit fec84e347768080e4370e5aeb05886bfe19ae54b +Author: Michael Meffie +Date: Fri Mar 10 17:51:17 2023 -0500 + + xdr: Avoid xdr_string maxsize check when freeing + + The maxsize argument in xdr_string() is garbage when called by + xdr_free(), since xdr_free() only passes the XDR handle and the xdr + string to be freed. Sometimes the size check fails and xdr_string() + returns early, without freeing the string and without setting the object + pointer to NULL. + + Usually this just results in leaking the string's memory. But since + commit 9ae5b599c7 (bos: Let xdr allocate rpc output strings), many + callers in bos.c rely on xdr_free(xdr_string) to set the given string + to NULL; if this doesn't happen, subsequent calls to BOZO_ RPCs can + corrupt memory, often causing the 'bos' process to segfault. + + We only need the maxsize check when encoding or decoding, so avoid + accessing the maxsize agument when the op mode is XDR_FREE. + + In general, xdr_free() can only safely be used on xdr 2-argument xdr + functions, so must be avoided when freeing xdr opaque, byte, and union + types. + + This change makes it safe to use xdr_free() to free xdr strings, but in + the future, we should provide a typesafe and less fragile function for + freeing xdr strings returned from RPCs. Currently, xdr_free(xdr_string) + is only called by the bos client and the tests. + + Reviewed-on: https://gerrit.openafs.org/15343 + Tested-by: BuildBot + Reviewed-by: Benjamin Kaduk + (cherry picked from commit bbb1e8adfed6804ac6fbae0a073dc6927096e16a) + + Change-Id: I1f190d28acab5fa1621919f283571fcacb495ce4 + Reviewed-on: https://gerrit.openafs.org/15939 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 21941c0ab2d28fa3a074f46e4d448d518a7c1b8a +Author: Andrew Deason +Date: Tue Nov 5 23:40:24 2024 -0600 + + OPENAFS-SA-2024-002: Avoid uninitialized memory when parsing ACLs + + CVE-2024-10396 + + Several places in the tree parse ACLs using sscanf() calls that look + similar to this: + + sscanf(str, "%d dfs:%d %s", &nplus, &dfs, cell); + sscanf(str, "%100s %d", tname, &trights); + + Some callers check whether the scanf() returns negative or 0, but some + callers do not check the return code at all. If only some of the fields + are present in the sscanf()'d string (because, for instance, the ACL is + malformed), some of the arguments are left alone, and may be set to + garbage if the relevant variable was never initialized. + + If the parsed ACL is copied to another ACL, this can result in the + copied ACL containing uninitialized memory. + + To avoid this, make sure all of the variables passed to sscanf() and + similar calls are initialized before parsing. This commit does not + guarantee that the results make sense, but at least the results do not + contain uninitialized memory. + + Reviewed-on: https://gerrit.openafs.org/15917 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit ac602a0a5624b0f0ab04df86f618d09f2a4ad063) + + Change-Id: I00245c12993683eb3b58d51cf77742f758bac120 + Reviewed-on: https://gerrit.openafs.org/15938 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit a9ede52673b8c8abbfc2577ac6987a8a5686206f +Author: Benjamin Kaduk +Date: Mon Nov 4 20:50:50 2024 -0800 + + OPENAFS-SA-2024-002: make VIOCGETAL consumers stay within string bounds + + CVE-2024-10396 + + After the preceding commits, the data returned by the VIOCGETAL + pioctl (a RXAFS_FetchAcl wrapper) will safely be NUL-terminated. + However, the callers that attempt to parse the ACL string make + assumptions that the returned data will be properly formatted, + and implement a "skip to next line" functionality (under various + names) that blindly increments a char* until it finds a newline + character, which can read past the end of even a properly + NUL-terminated string if there is not a newline where one is + expected. + + Adjust the various "skip to next line" functionality to keep + the current string pointer at the trailing NUL if the end of the + string is reached while searching for a newline. + + Reviewed-on: https://gerrit.openafs.org/15916 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit a4ecb050540528a1bff840ff08d21f99e6ef3fbf) + + Change-Id: Id2d8c0164cfaa7d03a9e37b29ff58b88cf815483 + Reviewed-on: https://gerrit.openafs.org/15937 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit a96a3160f5425125588f39f5ac612df3ef9b9a8a +Author: Benjamin Kaduk +Date: Mon Nov 4 20:50:50 2024 -0800 + + OPENAFS-SA-2024-002: verify FetchACL returned only a string + + CVE-2024-10396 + + Supplement the previous commit by additionally verifying that + the returned ACL string occupies the entire XDR opaque, rejecting + any values returned that have an internal NUL prior to the end + of the opaque. + + Reviewed-on: https://gerrit.openafs.org/15915 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 7e13414e8ea995d438cde3e60988225f3ab4cbcd) + + Change-Id: I107f89e3d8a5c3c5cd67f6296742bfca7cace0e1 + Reviewed-on: https://gerrit.openafs.org/15936 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 64068705b15661a8d4e0b9f9f2ad4aec34ed51a7 +Author: Benjamin Kaduk +Date: Mon Nov 4 20:33:16 2024 -0800 + + OPENAFS-SA-2024-002: verify FetchACL returned a valid string + + CVE-2024-10396 + + Analogously to how a call to RXAFS_StoreACL() with a malformed + ACL string can cause a fileserver to perform invalid memory operations, + a malformed ACL string returned in response to a call to RXAFS_FetchACL() + can cause a client to perform invalid memory operations. + + Modify all the in-tree callers of the RPC to verify that the ACL + data, which is conveyed as an XDR 'opaque' but whose contents + are actually expected to be a string, is a valid C string. If + a zero-length opaque or one without a trailing NUL is received, + treat that as an error response from the fileserver rather than + returning success. + + The Unix cache manager's pioctl handler already has logic to cope with a + zero-length reply by emitting a single NUL byte to userspace. This + special-casing seems to have been in place from the original IBM import, + though it does so by confusingly "skipping over" a NUL byte already put + in place. For historical compatibility, preserve that behavior rather + than treating the zero-length reply as an error as we do for the other + callers. It seems likely that this location should treat a zero-length + reply as an error just as the other call sites do, but that can be done + as a later change. + + Reviewed-on: https://gerrit.openafs.org/15914 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 0b1ccb0dbc3b7673558eceff3d672971f5bb0197) + + Change-Id: Ifbce762d76641f08b5fc5e79b4c8dad07c1a135a + Reviewed-on: https://gerrit.openafs.org/15935 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit bb01d76a2095baa65880bdc5d504e7a198958265 +Author: Andrew Deason +Date: Wed Aug 21 00:41:49 2024 -0500 + + OPENAFS-SA-2024-002: viced: Avoid unchecked ACL in StoreACL audit log + + CVE-2024-10396 + + Currently in SRXAFS_StoreACL, if CallPreamble() or check_acl() fail, we + will jump to Bad_StoreACL, which will pass the ACL string from the + client to osi_auditU. Since check_acl() hasn't yet checked if the given + ACL contains a NUL byte, the ACL may be an unterminated string. If + auditing is enabled, this can cause garbage to be logged to the audit + log, or cause the fileserver to crash. + + To avoid this, set 'rawACL' to NULL at first, only setting it to the + actual ACL string after check_acl() has succeeded. This ensures that all + code accessing 'rawACL' is guaranteed to be using a terminated string. + + This may mean that we pass a NULL AUD_ACL to osi_auditU. Our auditing + code explicitly checks for and handles handles NULL strings, so this is + fine. + + FIXES 135445 + + Reviewed-on: https://gerrit.openafs.org/15913 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit c9eae1e8b26144063e5d1db23d47ee82c4b9ef3a) + + Change-Id: Ieda6f910d875c4b5179011e5e93e5694d3f4ce47 + Reviewed-on: https://gerrit.openafs.org/15934 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit ee020f7cba7d82bc3d4b468210b5052af53c5db5 +Author: Andrew Deason +Date: Wed Aug 21 00:29:34 2024 -0500 + + OPENAFS-SA-2024-002: viced: Introduce 'rawACL' in StoreACL + + CVE-2024-10396 + + Change our StoreACL implementation to refer to the 'AccessList' argument + via a new local variable called 'rawACL'. This makes it clearer to + users that the data is a string, and makes it easier for future commits + to make sure we don't access the 'AccessList' argument in certain + situations. + + Update almost all users in StoreACL to refer to 'rawACL' instead of + 'AccessList'. Change the name of 'AccessList' to 'uncheckedACL' to make + sure we don't miss any users. Update our check_acl() call to use + 'uncheckedACL' (and not 'rawACL'), because it must use an AFSOpaque to + check the ACL. + + Change RXStore_AccessList() and printableACL() to accept a plain char* + instead of a struct AFSOpaque. + + This commit should not incur any noticeable behavior change. Technically + printableACL() is changed to run strlen() on the given string, but this + should not cause any noticeable change in behavior: + + This change could cause printableACL() to process less of the string + than before, if the string contains a NUL byte before the end of the + AFSOpaque buffer. But this doesn't matter, since the all of our code + after this treats the ACL as a plain string, and so doesn't look at any + data beyond the first NUL. It's not possible for printableACL() to + process more data than before, because check_acl() has already checked + that the ACL string contains a NUL byte, so we must process + AFSOpaque_len bytes or fewer. + + FIXES 135445 + + Reviewed-on: https://gerrit.openafs.org/15912 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit eb8b93a971c6293cdfbf8cd3d9a6351a8cb76f81) + + [1.8: printableACL() does not exist in this branch.] + + Change-Id: I65b518acab26be0bb1854c29e46c90e5fee52d41 + Reviewed-on: https://gerrit.openafs.org/15933 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit d66caf8c04878724001839317637445708edef2c +Author: Andrew Deason +Date: Tue Sep 19 15:55:42 2023 -0500 + + OPENAFS-SA-2024-002: acl: Error on missing newlines when parsing ACL + + CVE-2024-10396 + + In acl_Internalize_pr(), each line in an ACL granting rights (positive + or negative) is sscanf()'d with "%63s\t%d\n", and then we try to + advance 'nextc' beyond the next newline character. + + However, sscanf()'ing "%63s\t%d\n" does not guarantee that there is a + newline in the given string. Whitespace characters in sscanf() are not + matched exactly, and may match any amount of whitespace (including + none at all). For example, a string like "foo 4" may be parsed by + sscanf(), but does not contain any newlines. + + If this happens, strchr(nextc, '\n') will return NULL, and we'll + advance 'nextc' to 0x1, causing a segfault when we next try to + dereference 'nextc'. + + To avoid this, check if 'nextc' is NULL after the strchr() call, and + return an error if so. + + FIXES 135445 + + Reviewed-on: https://gerrit.openafs.org/15911 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 96ab2c6f8a614d597a523b45871c5f64a50a7040) + + Change-Id: I666dfb2c401410865c1f98d9db1b342b52c8f628 + Reviewed-on: https://gerrit.openafs.org/15932 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 1e6e813188ecce62eb7af19385d911f63469bdb6 +Author: Andrew Deason +Date: Tue Sep 19 15:44:08 2023 -0500 + + OPENAFS-SA-2024-002: acl: Do not parse beyond end of ACL + + CVE-2024-10396 + + The early parsing code in acl_Internalize_pr() tries to advance + 'nextc' to go beyond the first two newlines in the given ACL string. + But if the given ACL string has no newlines, or only 1 newline, then + 'nextc' will point beyond the end of the ACL string, potentially + pointing to garbage. + + Intuitively, it may look like the ACL string must contain at least 2 + newlines because we have sscanf()'d the string with "%d\n%\d". + However, whitespace characters in sscanf() are not matched exactly + like non-whitespace characters are; a sequence of whitespace + characters matches any amount of whitespace (including none). So, a + string like "1 2" will be parsed by "%d\n%d\n", but will not contain + any newline characters. + + Usually this should result in a parse error from acl_Internalize_pr(), + but if the garbage happens to parse successfully, this could result in + unrelated memory getting stored to the ACL. + + To fix this, don't advance 'nextc' if we're already at the end of the + ACL string. + + FIXES 135445 + + Reviewed-on: https://gerrit.openafs.org/15910 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 35d218c1d17973c1412ea5dff1e23d9aae50c4c7) + + Change-Id: I7a7d136676e548adba5fa8d0003b5f8342332a86 + Reviewed-on: https://gerrit.openafs.org/15931 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit a07e50726df09c49dfe7b953c3e49eb98f310c09 +Author: Andrew Deason +Date: Mon Sep 18 16:14:07 2023 -0500 + + OPENAFS-SA-2024-002: viced: Free ACL on acl_Internalize_pr error + + CVE-2024-10396 + + Currently, we don't free 'newACL' if acl_Internalize_pr() fails. If + acl_Internalize_pr() has already allocated 'newACL', then the memory + associated with newACL will be leaked. This can happen if parsing the + given ACL fails at any point after successfully parsing the first + couple of lines in the ACL. + + Change acl_FreeACL() to make freeing a NULL acl a no-op, to make it + easier to make sure the acl has been freed. + + FIXES 135445 + + Reviewed-on: https://gerrit.openafs.org/15909 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit f4dfc2d7183f126bc4a45b5cabc78c3de020925f) + + Change-Id: If1554aa899542761ec6e6611394f2ee4f9379f22 + Reviewed-on: https://gerrit.openafs.org/15930 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit f74f960a18f559e683d6a1f5104e43c3ca93ecb8 +Author: Andrew Deason +Date: Mon Sep 18 16:13:57 2023 -0500 + + OPENAFS-SA-2024-002: viced: Refuse ACLs without '\0' in SRXAFS_StoreACL + + CVE-2024-10396 + + Currently, the fileserver treats the ACL given in RXAFS_StoreACL as a + string, even though it is technically an AFSOpaque and could be not + NUL-terminated. + + We give the ACL opaque/string to acl_Internalize_pr() to parse, which + will run off the end of the allocated buffer if the given ACL does not + contain a '\0' character. Usually this will result in a parse error + since we'll encounter garbage, but if the partially-garbage ACL + happens to parse successfully, some uninitialized data could make it + into the stored ACL. + + In addition, if the given ACL is an opaque of length 0, we'll still + give the opaque pointer to acl_Internalize_pr(). In this case, the + pointer will point to &memZero, which happens to contain a NUL byte, + and so is treated like an empty string (which is not a valid ACL). But + the fact that this causes no problems is somewhat a coincidence, and + so should also be avoided. + + To avoid both of these situations, just check if the given ACL string + contains a NUL byte. If it doesn't, or if it has length 0, refuse to + look at it and abort the call with EINVAL. + + FIXES 135445 + + Reviewed-on: https://gerrit.openafs.org/15908 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit e15decb318797f1d471588dc669c3e3b26f1b8b3) + + Change-Id: I0f447310db5a988b21e19bb5158bb564d4ea3d94 + Reviewed-on: https://gerrit.openafs.org/15929 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 57b655e4837d8660ebcc25d95efb09118adaff07 +Author: Andrew Deason +Date: Fri Jan 10 12:40:15 2020 -0600 + + OPENAFS-SA-2024-001: afs: Throttle PAG creation in afs_genpag() + + CVE-2024-10394 + + Currently, we only throttle PAG creation in afs_setpag(). But there + are several callers that call setpag() directly, not via afs_setpag; + notably _settok_setParentPag in afs_pioctl.c. When setpag() is called + with a PAG value of -1, it generates a new PAG internally without any + throttling. So, those callers effectively bypass the PAG throttling + mechanism, which allows a calling user to create PAGs without any + delay. + + To avoid this, move our afs_pag_wait call from afs_setpag() to + afs_genpag(), which all code uses to generate a new PAG value. This + ensures that PAG creation is always throttled for unprivileged users. + + FIXES 135062 + + Reviewed-on: https://gerrit.openafs.org/15907 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit 0358648dbed7656e7bda30f6f0ea6e8e01bf6527) + + Change-Id: I7f8f475a913c6f62ca2c7a6fb00239e51a8a8c62 + Reviewed-on: https://gerrit.openafs.org/15928 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + +commit 20c22347b41eea2ebbdc0ab15f16c822af44df51 +Author: Andrew Deason +Date: Fri Jan 10 12:01:50 2020 -0600 + + OPENAFS-SA-2024-001: afs: Introduce afs_genpag() + + CVE-2024-10394 + + Currently, several areas in the code call genpag() to generate a new + PAG id, but the signature of genpag() is very limited. To allow for + the code in genpag() to return errors and to examine the calling + user's credentials, introduce a new function, afs_genpag(), that does + the same thing as genpag(), but accepts creds and allows errors to be + returned. + + Convert all existing callers to use afs_genpag() and to handle any + errors, though no errors are ever returned in this commit on its own. + + To ensure there are no old callers of genpag() left around, change the + existing genpag() to be called genpagval(), and declare it static. + + FIXES 135062 + + Reviewed-on: https://gerrit.openafs.org/14090 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk + (cherry picked from commit f701f704c7bc93cf5fd7cffaaa043cef6a99e77f) + + Change-Id: I675d6cb111ca74638a3b856a3c989dcb2fe6d534 + Reviewed-on: https://gerrit.openafs.org/15927 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk diff --git a/README.SUSE.openafs b/README.SUSE.openafs new file mode 100644 index 0000000..7a9e58b --- /dev/null +++ b/README.SUSE.openafs @@ -0,0 +1,109 @@ +Here is described installation of openafs server and client on SUSE linux. + +This text is based on AFS Quick Start Guide. The differences are: + - paths are adapted to SUSE installation + - uses Kerberos 5 authentization + +Complete OpenAFS documentation is at http://openafs.org + +SERVER SETUP +============ + +# choose an AFS cell name and a Kerberos realm name, the simplest setup is: +# - AFS cell name equal to DNS domain name +# - Kerberos realm name equal to uppercase AFS cell name + +# create a partition for AFS filesystem and mount it under /vicepa + +# start bosserver +/usr/sbin/bosserver -noauth & + +# setup basic cell information +bos setcellname your.afs.server your.cell.name -noauth + +# setup database servers processes +bos create your.afs.server ptserver simple /usr/lib/openafs/ptserver -cell your.cell.name -noauth +bos create your.afs.server buserver simple /usr/lib/openafs/buserver -cell your.cell.name -noauth +bos create your.afs.server vlserver simple /usr/lib/openafs/vlserver -cell your.cell.name -noauth + +# If you want to use the old afs authentization (not recommended): +# bos addkey your.afs.server -kvno 0 -cell your.cell.name -noauth + +# Authentication against heimdal krb5 server + +# Here you can set up kerberos realm if you dont have any, +# see documentation in package krb5-doc + +# restart kdc +rckrb5kdc restart +rckrb524d restart + +# create afs principal in kerberos database +kadmin.local + add_principal afs@YOUR.KERBEROS.REALM # create afs key, use random password + ktremove -k /etc/krb5.keytab afs all # delete old afs key if any + + # export the afs key to external keytab + # note the key version number (kvno), you will need it later for asetkey + ktadd -e des-cbc-crc:v4 afs@YOUR.KERBEROS.REALM + + add_principal admin@YOUR.KERBEROS.REALM # create admin principal + + quit # end kadmin.local + +rm /etc/openafs/server/KeyFile # delete the old afs key file if any + +# convert the afs key from /etc/krb5.keytab to /etc/openafs/server/KeyFile +# use displayed by ktadd +asetkey add /etc/krb5.keytab afs + +# give admin the permissions to control bosserver +bos adduser your.afs.server admin -cell your.cell.name -noauth + +# add admin to group system:administrators +pts createuser -name admin -id -cell your.cell.name -noauth +pts adduser admin system:administrators -cell your.cell.name -noauth + +# restart bos server +bos restart your.afs.server -all -cell your.cell.name -noauth + +# create fileserver processes +bos create your.afs.server fs fs /usr/lib/openafs/fileserver /usr/lib/openafs/volserver /usr/lib/openafs/salvager -cell your.cell.name -noauth + +# create root volume +vos create your.afs.server /vicepa root.afs -cell your.cell.name -noauth + +# restart bosserver with security enabled +rcopenafs-fileserver restart + + +CLIENT SETUP +============ + +IMPORTANT: Unfortunately, openafs client for linux kernel 2.6 has not reached +stable state yet. There may be problems. + +edit /etc/sysconfig/openafs-client, set at least + REGENERATE_CELL_INFO="yes" + THIS_CELL="your.cell.name" + THIS_CELL_SERVER="your.afs.server" + + If you are configuring first afs server and the volume root.cell does not + exist yet, you have to set also DYNROOT=no. After finishing the server + installaton it is better to change DYNROOT back to 'yes' as the client + behaves better on startup with network outage. + +# start afs client +rcopenafs-client start + +# login as admin +kinit admin +aklog -d # convert Kerberos 5 ticket to AFS token + +To enable transparent login via pam, install package pam_krb5 +and add 'call_modules=krb5afs' to /etc/security/pam_unix2.conf +For details look at pam_krb5afs(5), pam_krb5afs(8) and pam_unix2(8) manpages. + +Now you have working afs server and client. You can continue with chapter +"Configuring the Top Levels of the AFS Filespace" of AFS Quick Start Guide. + diff --git a/RELNOTES-stable-1_8_x b/RELNOTES-stable-1_8_x new file mode 100644 index 0000000..b3792f3 --- /dev/null +++ b/RELNOTES-stable-1_8_x @@ -0,0 +1,27 @@ + + + + + + + +OpenAFS + + + + + + + + + + + + diff --git a/afs3-bos.xml b/afs3-bos.xml new file mode 100644 index 0000000..7e7ea53 --- /dev/null +++ b/afs3-bos.xml @@ -0,0 +1,6 @@ + + + afs3-bos + OpenAFS basic overseer process (bosserver) + + diff --git a/afs3-callback.xml b/afs3-callback.xml new file mode 100644 index 0000000..05ae5a2 --- /dev/null +++ b/afs3-callback.xml @@ -0,0 +1,6 @@ + + + afs3-callback + OpenAFS callbacks to cache managers (clients) + + diff --git a/afs3-fileserver.xml b/afs3-fileserver.xml new file mode 100644 index 0000000..46178d9 --- /dev/null +++ b/afs3-fileserver.xml @@ -0,0 +1,6 @@ + + + afs3-fileserver + OpenAFS file server + + diff --git a/afs3-prserver.xml b/afs3-prserver.xml new file mode 100644 index 0000000..8c1de04 --- /dev/null +++ b/afs3-prserver.xml @@ -0,0 +1,6 @@ + + + afs3-prserver + OpenAFS users and groups database + + diff --git a/afs3-rmtsys.xml b/afs3-rmtsys.xml new file mode 100644 index 0000000..2e9fb94 --- /dev/null +++ b/afs3-rmtsys.xml @@ -0,0 +1,6 @@ + + + afs3-rmtsys + OpenAFS remote cache manager service + + diff --git a/afs3-update.xml b/afs3-update.xml new file mode 100644 index 0000000..98bcf6e --- /dev/null +++ b/afs3-update.xml @@ -0,0 +1,6 @@ + + + afs3-update + OpenAFS server-to-server updater + + diff --git a/afs3-vlserver.xml b/afs3-vlserver.xml new file mode 100644 index 0000000..cf7c181 --- /dev/null +++ b/afs3-vlserver.xml @@ -0,0 +1,6 @@ + + + afs3-vlserver + OpenAFS volume location database (VLDB) + + diff --git a/afs3-volser.xml b/afs3-volser.xml new file mode 100644 index 0000000..467d031 --- /dev/null +++ b/afs3-volser.xml @@ -0,0 +1,6 @@ + + + afs3-volser + OpenAFS volume managment server (volserver) + + diff --git a/d8b56f21994ce66d8daebb7d69e792f34c1a19ed b/d8b56f21994ce66d8daebb7d69e792f34c1a19ed new file mode 100644 index 0000000..11fc868 --- /dev/null +++ b/d8b56f21994ce66d8daebb7d69e792f34c1a19ed @@ -0,0 +1,76 @@ +commit d8b56f21994ce66d8daebb7d69e792f34c1a19ed +Author: Cheyenne Wills +Date: Wed Jun 12 14:24:01 2024 -0600 + + afs: avoid empty-body warning + + With Linux 6.10 commit: + "kbuild: turn on -Wextra by default" (f5982cceb3) + there are additional compiler warnings that can turn + into build errors when --enable-checking is used. + + "error: suggest braces around empty body in an ‘if’ + statement [-Werror=empty-body]" + + when there is an empty body, e.g. + if (foo) + ; + + Most cases are due to the macros afs_PutCell and afs_PutServer which are + "empty" macros. + + Update the afs_PutCell and afs_PutServer macros so they expand to + do {} while(0) + + Add a comment at the definitions for afs_PutCell and afs_PutServer to + document the reason for keeping them. + + Add braces to conditionals that have an empty body. + + There are no functional changes with this commit. + + Change-Id: I359723eb6a19d1c78449902b4f477da131b0fa18 + Reviewed-on: https://gerrit.openafs.org/15766 + Reviewed-by: Michael Meffie + Tested-by: BuildBot + Reviewed-by: Andrew Deason + +diff --git a/src/afs/afs.h b/src/afs/afs.h +index 4bde047e8..621a8a517 100644 +--- a/src/afs/afs.h ++++ b/src/afs/afs.h +@@ -349,7 +349,8 @@ struct cell_alias { + char *cell; + }; + +-#define afs_PutCell(cellp, locktype) ++/* In case someday a counterpart for afs_GetCell is needed */ ++#define afs_PutCell(cellp, locktype) do {} while(0) + + /* the unixuser flag bit definitions */ + #define UHasTokens 1 /* are the st and ct fields valid (ever set)? */ +@@ -537,7 +538,8 @@ struct server { + afs_int32 capabilities; + }; + +-#define afs_PutServer(servp, locktype) ++/* In case someday a counterpart for afs_GetServer is needed */ ++#define afs_PutServer(servp, locktype) do {} while(0) + + /* structs for some pioctls - these are (or should be) + * also in venus.h +diff --git a/src/afs/afs_cbqueue.c b/src/afs/afs_cbqueue.c +index 2dd633588..11e3aa3f1 100644 +--- a/src/afs/afs_cbqueue.c ++++ b/src/afs/afs_cbqueue.c +@@ -139,7 +139,9 @@ afs_DequeueCallback(struct vcache *avc) + debugvc = avc; + if (avc->callsort.prev) { + QRemove(&(avc->callsort)); +- } else; /* must have got dequeued in a race */ ++ } else { ++ /* must have got dequeued in a race */ ++ } + + return; + } /* afs_DequeueCallback */ diff --git a/handle_backports.diff b/handle_backports.diff new file mode 100644 index 0000000..dfe4155 --- /dev/null +++ b/handle_backports.diff @@ -0,0 +1,11 @@ +--- a/src/afs/LINUX/osi_vnodeops.c ++++ b/src/afs/LINUX/osi_vnodeops.c +@@ -971,7 +971,7 @@ + # else + .splice_write = generic_file_splice_write, + # endif +-# if LINUX_VERSION_CODE >= KERNEL_VERSION(6,5,0) ++# if LINUX_VERSION_CODE >= KERNEL_VERSION(6,4,0) + .splice_read = filemap_splice_read, + # else + .splice_read = generic_file_splice_read, diff --git a/kernel-source.build-modules.sh b/kernel-source.build-modules.sh new file mode 100644 index 0000000..55a308c --- /dev/null +++ b/kernel-source.build-modules.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +if [ $# != 1 ]; then + echo building a openafs-kernel module for the running kernel + echo Need one of: build build_debug install + exit 1 +fi + +rootdir=`cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd` + +if [ -z "$rootdir" ]; then + echo "failed to determine the dirname of this script" + exit 1 +fi + +cd "$rootdir" + +LOGFILE=libafs_tree/build.log +kernel_flavour=`uname -r | awk -F- '{print $NF}'` +kernel_version=`uname -r | sed "s/-$kernel_flavour//"` +arch=`uname -m` + +suse_flavour=`cat /etc/os-release | grep PRETTY_NAME | awk -F '=' '{print $2}'` +suse_version=`cat /etc/os-release | grep VERSION_ID | awk -F '=' '{print $2}'` + +echo This SUSE is version $suse_version of flavour $suse_flavour +echo you are running the kernel \"$kernel_version\" of flavour \"$kernel_flavour\" on \"$arch\" +echo all output is saved into $LOGFILE + +if [ $1 == "build_debug" ]; then + DEBUG_OPT="--enable-debug-kernel" +fi + +if [ $1 == "build" -o $1 == "build_debug" ]; then + cd libafs_tree + echo calling configure... + ./configure --with-linux-kernel-headers=/usr/src/linux/ --with-linux-kernel-build=/usr/src/linux-obj/$arch/$kernel_flavour $DEBUG_OPT > build.log 2>&1 + if [ $? != 0 ]; then + echo configure failed! See $LOGFILE for details + exit $? + fi + echo calling make + make >> build.log 2>&1 + if [ $? != 0 ]; then + echo make failed! See $LOGFILE for details + exit $? + fi + echo + echo build sucessfull! + echo Now run $0 install to install the kernel-modules + exit 0 +fi + + +if [ $1 == "install" ]; then + module_files="afspag.ko libafs.ko" + build_dir=libafs_tree/src/libafs/MODLOAD-$kernel_version-$kernel_flavour-MP/ + install_dir=/lib/modules/$kernel_version-$kernel_flavour + echo installing kernel-modules into + for mod in $module_files; do + cp -v $build_dir/$mod $install_dir/$mod + done + /sbin/depmod -a +fi diff --git a/kmp_only.files b/kmp_only.files new file mode 100644 index 0000000..105656b --- /dev/null +++ b/kmp_only.files @@ -0,0 +1,99 @@ +/usr/bin/aklog +/usr/bin/fs +/usr/bin/klog.krb5 +/usr/bin/pagsh +/usr/bin/pagsh.krb +/usr/bin/tokens +/usr/bin/tokens.krb +/usr/bin/unlog +/usr/bin/up +/usr/lib/firewalld/services/afs3-callback.xml +/usr/lib/firewalld/services/afs3-rmtsys.xml +/usr/sbin/afsd +/usr/sbin/fstrace +/usr/share/man/man1/aklog.1 +/usr/share/man/man1/copyauth.1 +/usr/share/man/man1/fs.1 +/usr/share/man/man1/fs_apropos.1 +/usr/share/man/man1/fs_bypassthreshold.1 +/usr/share/man/man1/fs_checkservers.1 +/usr/share/man/man1/fs_checkvolumes.1 +/usr/share/man/man1/fs_chgrp.1 +/usr/share/man/man1/fs_chown.1 +/usr/share/man/man1/fs_cleanacl.1 +/usr/share/man/man1/fs_copyacl.1 +/usr/share/man/man1/fs_cscpolicy.1 +/usr/share/man/man1/fs_discon.1 +/usr/share/man/man1/fs_diskfree.1 +/usr/share/man/man1/fs_examine.1 +/usr/share/man/man1/fs_exportafs.1 +/usr/share/man/man1/fs_flush.1 +/usr/share/man/man1/fs_flushall.1 +/usr/share/man/man1/fs_flushmount.1 +/usr/share/man/man1/fs_flushvolume.1 +/usr/share/man/man1/fs_getcacheparms.1 +/usr/share/man/man1/fs_getcalleraccess.1 +/usr/share/man/man1/fs_getcellstatus.1 +/usr/share/man/man1/fs_getclientaddrs.1 +/usr/share/man/man1/fs_getcrypt.1 +/usr/share/man/man1/fs_getfid.1 +/usr/share/man/man1/fs_getserverprefs.1 +/usr/share/man/man1/fs_getverify.1 +/usr/share/man/man1/fs_help.1 +/usr/share/man/man1/fs_listacl.1 +/usr/share/man/man1/fs_listaliases.1 +/usr/share/man/man1/fs_listcells.1 +/usr/share/man/man1/fs_listquota.1 +/usr/share/man/man1/fs_lsmount.1 +/usr/share/man/man1/fs_memdump.1 +/usr/share/man/man1/fs_messages.1 +/usr/share/man/man1/fs_minidump.1 +/usr/share/man/man1/fs_mkmount.1 +/usr/share/man/man1/fs_monitor.1 +/usr/share/man/man1/fs_newalias.1 +/usr/share/man/man1/fs_newcell.1 +/usr/share/man/man1/fs_nukenfscreds.1 +/usr/share/man/man1/fs_precache.1 +/usr/share/man/man1/fs_quota.1 +/usr/share/man/man1/fs_rmmount.1 +/usr/share/man/man1/fs_rxstatpeer.1 +/usr/share/man/man1/fs_rxstatproc.1 +/usr/share/man/man1/fs_setacl.1 +/usr/share/man/man1/fs_setcachesize.1 +/usr/share/man/man1/fs_setcbaddr.1 +/usr/share/man/man1/fs_setcell.1 +/usr/share/man/man1/fs_setclientaddrs.1 +/usr/share/man/man1/fs_setcrypt.1 +/usr/share/man/man1/fs_setquota.1 +/usr/share/man/man1/fs_setserverprefs.1 +/usr/share/man/man1/fs_setverify.1 +/usr/share/man/man1/fs_setvol.1 +/usr/share/man/man1/fs_storebehind.1 +/usr/share/man/man1/fs_sysname.1 +/usr/share/man/man1/fs_trace.1 +/usr/share/man/man1/fs_uuid.1 +/usr/share/man/man1/fs_whereis.1 +/usr/share/man/man1/fs_whichcell.1 +/usr/share/man/man1/fs_wscell.1 +/usr/share/man/man1/klog.krb5.1 +/usr/share/man/man1/pagsh.1 +/usr/share/man/man1/pagsh.krb.1 +/usr/share/man/man1/tokens.1 +/usr/share/man/man1/tokens.krb.1 +/usr/share/man/man1/unlog.1 +/usr/share/man/man1/up.1 +/usr/share/man/man5/afs_cache.5 +/usr/share/man/man5/afszcm.cat.5 +/usr/share/man/man5/cacheinfo.5 +/usr/share/man/man8/afsd.8 +/usr/share/man/man8/fstrace.8 +/usr/share/man/man8/fstrace_apropos.8 +/usr/share/man/man8/fstrace_clear.8 +/usr/share/man/man8/fstrace_dump.8 +/usr/share/man/man8/fstrace_help.8 +/usr/share/man/man8/fstrace_lslog.8 +/usr/share/man/man8/fstrace_lsset.8 +/usr/share/man/man8/fstrace_setlog.8 +/usr/share/man/man8/fstrace_setset.8 +/usr/share/openafs/C/afszcm.cat + diff --git a/logrotate.openafs-server b/logrotate.openafs-server new file mode 100644 index 0000000..cdae1f0 --- /dev/null +++ b/logrotate.openafs-server @@ -0,0 +1,11 @@ +/var/log/openafs/*Log { + daily + compress + dateext + rotate 7 + olddir /var/log/openafs/old + missingok + notifempty + create 640 root root + copytruncate +} diff --git a/openafs-client.service b/openafs-client.service new file mode 100644 index 0000000..30afaef --- /dev/null +++ b/openafs-client.service @@ -0,0 +1,21 @@ +[Unit] +Description=OpenAFS Client +Wants=network-online.target +After=syslog.target network-online.target +Before=remote-fs.target + +[Service] +Type=forking +RemainAfterExit=true +EnvironmentFile=/etc/sysconfig/openafs-client +ExecStartPre=/sbin/modprobe libafs +ExecStart=/usr/sbin/afsd $AFSD_ARGS +ExecStartPost=/usr/bin/fs sysname $SYSNAME +ExecStartPost=/usr/bin/fs setcrypt $CRYPT +ExecStop=/usr/bin/umount /afs +ExecStop=/usr/sbin/afsd -shutdown +ExecStop=/sbin/rmmod libafs +KillMode=none + +[Install] +WantedBy=multi-user.target remote-fs.target diff --git a/openafs-client.service.allow_unsupported b/openafs-client.service.allow_unsupported new file mode 100644 index 0000000..f68bdab --- /dev/null +++ b/openafs-client.service.allow_unsupported @@ -0,0 +1,20 @@ +[Unit] +Description=OpenAFS Client +Wants=network-online.target +After=syslog.target network-online.target +Before=remote-fs.target + +[Service] +Type=forking +RemainAfterExit=true +EnvironmentFile=/etc/sysconfig/openafs-client +ExecStartPre=/sbin/modprobe libafs --allow-unsupported +ExecStart=/usr/sbin/afsd $AFSD_ARGS +ExecStartPost=/usr/bin/fs sysname $SYSNAME +ExecStartPost=/usr/bin/fs setcrypt $CRYPT +ExecStop=/usr/bin/umount /afs +ExecStop=/usr/sbin/afsd -shutdown +ExecStop=/sbin/rmmod libafs + +[Install] +WantedBy=multi-user.target remote-fs.target diff --git a/openafs-fuse-client.service b/openafs-fuse-client.service new file mode 100644 index 0000000..3a339e4 --- /dev/null +++ b/openafs-fuse-client.service @@ -0,0 +1,19 @@ +[Unit] +Description=OpenAFS Client Service +Wants=network-online.target +After=syslog.target network-online.target +Before=remote-fs.target + +[Service] +Type=forking +RemainAfterExit=true +EnvironmentFile=/etc/sysconfig/openafs-fuse-client +ExecStart=/usr/sbin/afsd.fuse $AFSD_ARGS +ExecStartPost=/usr/bin/fs sysname $SYSNAME +ExecStartPost=/usr/bin/fs setcrypt $CRYPT +ExecStop=/usr/bin/umount /afs +ExecStop=/usr/sbin/afsd.fuse -shutdown +KillMode=none + +[Install] +WantedBy=multi-user.target remote-fs.target diff --git a/openafs-server.service b/openafs-server.service new file mode 100644 index 0000000..c33728f --- /dev/null +++ b/openafs-server.service @@ -0,0 +1,11 @@ +[Unit] +Description=OpenAFS Server +After=syslog.target network.target + +[Service] +EnvironmentFile=-/etc/sysconfig/openafs-server +ExecStart=/usr/sbin/bosserver -nofork $BOSSERVER_ARGS +ExecStop=/usr/sbin/bos shutdown localhost -wait -localauth + +[Install] +WantedBy=multi-user.target diff --git a/openafs-stable-1_8_x-doc.tar.bz2 b/openafs-stable-1_8_x-doc.tar.bz2 new file mode 100644 index 0000000..545c506 --- /dev/null +++ b/openafs-stable-1_8_x-doc.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:751d7e554eabb383359b97963d6a14e286f98a13402298d3494accc9dd440b82 +size 3371907 diff --git a/openafs-stable-1_8_x-doc.tar.bz2.md5 b/openafs-stable-1_8_x-doc.tar.bz2.md5 new file mode 100644 index 0000000..8f0d8b1 --- /dev/null +++ b/openafs-stable-1_8_x-doc.tar.bz2.md5 @@ -0,0 +1 @@ +89e9cddb836abd6fa55f3af13d879bbf /home/hanke/obs/home:hauky:branches:filesystems/openafs/openafs-stable-1_8_x-doc.tar.bz2 diff --git a/openafs-stable-1_8_x-doc.tar.bz2.sha256 b/openafs-stable-1_8_x-doc.tar.bz2.sha256 new file mode 100644 index 0000000..2534c2c --- /dev/null +++ b/openafs-stable-1_8_x-doc.tar.bz2.sha256 @@ -0,0 +1 @@ +751d7e554eabb383359b97963d6a14e286f98a13402298d3494accc9dd440b82 /home/hanke/obs/home:hauky:branches:filesystems/openafs/openafs-stable-1_8_x-doc.tar.bz2 diff --git a/openafs-stable-1_8_x-src.tar.bz2 b/openafs-stable-1_8_x-src.tar.bz2 new file mode 100644 index 0000000..19660bf --- /dev/null +++ b/openafs-stable-1_8_x-src.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:33b7c95fc52aa200cd118c65dbeadf8b2536a330a8c0dc316493a5709b77eda4 +size 14642570 diff --git a/openafs-stable-1_8_x-src.tar.bz2.md5 b/openafs-stable-1_8_x-src.tar.bz2.md5 new file mode 100644 index 0000000..72bb6e7 --- /dev/null +++ b/openafs-stable-1_8_x-src.tar.bz2.md5 @@ -0,0 +1 @@ +6b06c6afa7b493940613d3ab6d804636 /home/hanke/obs/home:hauky:branches:filesystems/openafs/openafs-stable-1_8_x-src.tar.bz2 diff --git a/openafs-stable-1_8_x-src.tar.bz2.sha256 b/openafs-stable-1_8_x-src.tar.bz2.sha256 new file mode 100644 index 0000000..e838d7e --- /dev/null +++ b/openafs-stable-1_8_x-src.tar.bz2.sha256 @@ -0,0 +1 @@ +33b7c95fc52aa200cd118c65dbeadf8b2536a330a8c0dc316493a5709b77eda4 /home/hanke/obs/home:hauky:branches:filesystems/openafs/openafs-stable-1_8_x-src.tar.bz2 diff --git a/openafs.CellAlias b/openafs.CellAlias new file mode 100644 index 0000000..83d3c83 --- /dev/null +++ b/openafs.CellAlias @@ -0,0 +1 @@ +openafs.org openafs diff --git a/openafs.SuidCells b/openafs.SuidCells new file mode 100644 index 0000000..473a0f4 diff --git a/openafs.ThisCell b/openafs.ThisCell new file mode 100644 index 0000000..c87b55d --- /dev/null +++ b/openafs.ThisCell @@ -0,0 +1 @@ +openafs.org diff --git a/openafs.cacheinfo b/openafs.cacheinfo new file mode 100644 index 0000000..374bb61 --- /dev/null +++ b/openafs.cacheinfo @@ -0,0 +1 @@ +/afs:/var/cache/openafs:102400 diff --git a/openafs.changes b/openafs.changes new file mode 100644 index 0000000..b236ba0 --- /dev/null +++ b/openafs.changes @@ -0,0 +1,928 @@ +------------------------------------------------------------------- +Mon Dec 23 07:44:52 UTC 2024 - Christof Hanke + +- update to latest git branch stable-1_8_x, required to support kernel 6.12 + +------------------------------------------------------------------- +Mon Nov 25 10:54:35 UTC 2024 - Christof Hanke + +- update to latest git branch stable-1_8_x, includes security update 1.8.13 +- change version to openafs-1.8.13.g... since the new stable release is 1.8.13 +- remove patch handle_backports.diff, it is now included upstream +- remove intermediate patches: + * 03b280649f5e22ed74c217d7c98c3416a2fa9052: Linux-6.10: remove includes for asm/ia32_unistd.h + * 0f6a3a402f4a66114da9231032bd68cdc4dee7bc: Linux-6.10: Use filemap_alloc_folio when avail + * 658942f2791fad5e33ec7542158c16dfc66eed39: Linux-6.10: define a wrapper for vmalloc + * d8b56f21994ce66d8daebb7d69e792f34c1a19ed: afs: avoid empty-body warning + * 7097eec17bc01bcfc12c4d299136b2d3b94ec3d7: Linux 6.10: Move 'inline' before func return type + +------------------------------------------------------------------- +Wed Aug 14 06:46:15 UTC 2024 - Christof Hanke + +- update to latest git branch stable-1_8_x +- change version to openafs-1.8.12-g... since the new stable release is 1.8.12 +- apply intermediate patches for kernel 6.10 + * 03b280649f5e22ed74c217d7c98c3416a2fa9052: Linux-6.10: remove includes for asm/ia32_unistd.h + * 0f6a3a402f4a66114da9231032bd68cdc4dee7bc: Linux-6.10: Use filemap_alloc_folio when avail + * 658942f2791fad5e33ec7542158c16dfc66eed39: Linux-6.10: define a wrapper for vmalloc + * d8b56f21994ce66d8daebb7d69e792f34c1a19ed: afs: avoid empty-body warning + * 7097eec17bc01bcfc12c4d299136b2d3b94ec3d7: Linux 6.10: Move 'inline' before func return type + +------------------------------------------------------------------- +Fri Jun 14 05:47:03 UTC 2024 - Christof Hanke + +- change source-code base to git branch stable-1_8_x + * required for keeping up with Linux kernel development. +- new versioning scheme: openafs-$LAST_OFFICIAL_RELEASE.git$DATE_OF_NEWEST_COMMIT +- add note in RELNOTES about this change +- update ChangeLog from git + +------------------------------------------------------------------- +Mon Feb 26 12:45:02 UTC 2024 - Dominique Leuenberger + +- Use %patch -P N instead of deprecated %patchN. + +------------------------------------------------------------------- +Mon Jan 29 09:56:45 UTC 2024 - Christof Hanke + +- update to openafs-1.8.11~pre1 +- remove intermediate patches for newer Linux-kernels: + * fef2457.diff + * d15c7ab.diff + * 63801cf.diff + * 538f450.diff + * 6de0a64.diff + * 5b647bf.diff + * 6413fdb.diff + * 4f1d810.diff + +------------------------------------------------------------------- +Mon Dec 11 04:58:30 UTC 2023 - Christof Hanke + +- patch upstream patch fef2457.diff for 6.5 to handle backport by SUSE + * handle_backports.diff + +------------------------------------------------------------------- +Fri Nov 10 08:53:16 UTC 2023 - Christof Hanke + +- apply upstream-patches for kernel 6.6: + * 5b647bf.diff + * 6413fdb.diff + * 4f1d810.diff + +- replace upstream-patch for kernel 6.5 474750a.diff by correct commit + 6de0a64.diff for branch openafs-stable-1_8_x + + +------------------------------------------------------------------- +Mon Oct 2 07:29:50 UTC 2023 - Christof Hanke + +- apply upstream-patches for kernel 6.5: + * 63801cf.diff + * d15c7ab.diff + * fef2457.diff + * 538f450.diff + * 474750a.diff + +------------------------------------------------------------------- +Mon Jul 10 10:24:31 UTC 2023 - Christof Hanke + +- update to official openafs-1.8.10 +- remove obsolete patches: + * 7a3ad3bc.diff + * b885159.diff + * f6fbb85.diff + * 4cf7a9a.diff + +------------------------------------------------------------------- +Tue May 30 12:21:37 UTC 2023 - Christof Hanke + +- remove obsolete macro-call %{stop_on_removal} from spec-file + +------------------------------------------------------------------- +Mon May 15 06:48:21 UTC 2023 - Christof Hanke + +- apply upstream-patches for kernel 6.3: + * f6fbb85.diff + * 7a3ad3bc.diff + +------------------------------------------------------------------- +Thu Mar 2 14:01:53 UTC 2023 - Christof Hanke + +- apply patch from upstream for kernel 6.2: + * b885159.diff +- change BuildArch for subpackage kernel-source to noarch + +------------------------------------------------------------------- +Wed Jan 4 08:14:39 UTC 2023 - Christof Hanke + +- update to offical openafs-1.8.9 + * all changes as openafs-1.8.9pre2 + * fix possible DoS attack + +------------------------------------------------------------------- +Mon Dec 12 07:40:28 UTC 2022 - Christof Hanke + +- update to openafs-1.8.9pre2 + * Support mainline kernels up to 6.0 + * Support for building with more recent compilers + * some bugfixes, more see RELNOTES +- remove obsolete patches: + * 79f03c2.diff + +------------------------------------------------------------------- +Wed Oct 12 16:19:20 UTC 2022 - Christof Hanke + +- update to openafs-1.8.9pre1 +- remove obsolete patches: + * 05b722d.diff + * cc8edf7.diff + * 6348262.diff +- apply patch for kernel 6.0: + * 79f03c2.diff + + +------------------------------------------------------------------- +Tue Aug 16 09:54:58 UTC 2022 - Christof Hanke + +- update to current of upstream-branch openafs-stable-1_8_x +- apply patches for 15.9: + * 05b722d.diff 6348262.diff cc8edf7.diff +- remove patches now in openafs-stable-1_8_x + * fix_gcc_12_linux_5.18.diff + +------------------------------------------------------------------- +Wed Jun 22 16:13:18 UTC 2022 - Christof Hanke + +- apply patches adressing: + * Linux-5.17 and 5.18, gcc-11 and 12: fix_gcc_12_linux_5.18.diff +- remove patches from previous commit: + * a714e86.diff and 449d1fa.diff + * gcc-11.diff + +------------------------------------------------------------------- +Wed Apr 20 06:24:41 UTC 2022 - Christof Hanke + +- apply patches marked for upcoming release: + * kernel 5.17: a714e86.diff and 449d1fa.diff + * gcc-11: gcc-11.diff + +------------------------------------------------------------------- +Mon Mar 28 20:27:18 UTC 2022 - Christof Hanke + +- do not create client-package without KMP + +------------------------------------------------------------------- +Mon Feb 21 10:48:51 UTC 2022 - Christof Hanke + +- remove patch dir_layout.patch + this can be done via environment-variables +- replace openafs-1.8.x.ncurses6.patch with patch 4cf7a9a.diff. + 4cf7a9a.diff is coming from upstream and will be incorporated at some point. + +------------------------------------------------------------------- +Sun Jan 23 15:48:09 UTC 2022 - Christof Hanke + +- Update to new upstream release 1.8.8.1 + * Support mainline kernels 5.14, 5.15 and 5.16 +- remove local patch linux-kmp.patch: + * it supported mainline kernels only up to 5.15 + +------------------------------------------------------------------- +Mon Nov 29 15:08:46 UTC 2021 - Christof Hanke + +- re-add linux-kmp.patch. Required for 5.15 + +------------------------------------------------------------------- +Fri Oct 1 09:08:58 UTC 2021 - Guillaume GARDET + +- Fix %ifarch for 32-bit arm + +------------------------------------------------------------------- +Tue Aug 3 22:32:14 UTC 2021 - Christof Hanke + +- update to openafs version 1.8.8 +- remove linux-kmp.patch. Not required at the minute. + +------------------------------------------------------------------- +Thu Apr 29 07:01:26 UTC 2021 - Christof Hanke + +- add patches for kernel 5.12 to linux-kmp.patch + +------------------------------------------------------------------- +Thu Mar 4 14:57:26 UTC 2021 - Christof Hanke + +- add patches for kernel 5.11 to linux-kmp.patch + +------------------------------------------------------------------- +Mon Feb 22 16:38:07 UTC 2021 - Michael Meffie + +- fix building of perl module AFS::ukernel + +------------------------------------------------------------------- +Mon Feb 22 11:44:25 UTC 2021 - Matthias Gerstner + +- kernel-source.build-modules.sh: choose safe CWD while executing the build to + prevent files being created in unsafe locations. Use new SUSE naming + convention and rely on /etc/os-release, since /etc/SuSE-release no longer + exists. + +------------------------------------------------------------------- +Fri Feb 5 08:41:48 UTC 2021 - Christof Hanke + +- use stock 1.8.7 from openafs.org + * git-version might contain experimental code + * add linux-kmp.patch for newer kernels + +------------------------------------------------------------------- +Sat Jan 16 23:01:13 UTC 2021 - Christof Hanke + +- update to HEAD of git branch openafs-stable-1_8_x + * fix critical bug described in + https://lists.openafs.org/pipermail/openafs-info/2021-January/043026.html + * remove remove-get_ds-usage.patch + * remove add_arch_to_linux_kernel_make.patch + +------------------------------------------------------------------- +Mon Jan 11 10:01:15 UTC 2021 - Christof Hanke + +- cleanup spec-file + * do not include firewalld-stuff for SLE_12 + * use %ifarch instead of %if %{_arch} + * enable retpol line for TW x86_64 again + +------------------------------------------------------------------- +Mon Nov 2 09:20:37 UTC 2020 - Christof Hanke + +- update to HEAD of git branch openafs-stable-1_8_x + +------------------------------------------------------------------- +Mon Oct 12 15:15:08 UTC 2020 - Christof Hanke + +- add firewalld-configuration files +- enable loading of unsupported kernel-module on SLES15 + +------------------------------------------------------------------- +Mon Aug 17 12:49:33 UTC 2020 - Christof Hanke + +- update to HEAD of git branch openafs-stable-1_8_x + * kernel 5.8 not supported by 1.8.6 + and no official package-upates out yet. + +------------------------------------------------------------------- +Mon Aug 10 08:43:10 UTC 2020 - Christof Hanke + +- add patch remove-get_ds-usage.patch to fix building KMP on aarch64 + +------------------------------------------------------------------- +Wed Jul 1 08:53:44 UTC 2020 - Christof Hanke + +- update to official 1.8.6 + * remove patch 4c4bdde.diff + * remove patch d3c7f75.diff + * use source URLs again + +------------------------------------------------------------------- +Tue Jun 16 12:56:21 UTC 2020 - Christof Hanke + +- remove fix_timeval_i586.patch + +------------------------------------------------------------------- +Tue Jun 16 12:55:14 UTC 2020 - Christof Hanke + +- disable retpol line for TW x86_64. It does not compile. + +------------------------------------------------------------------- +Mon Jun 15 08:24:17 UTC 2020 - Christof Hanke + +- update to HEAD of git branch openafs-stable-1_8_x. + * 1.8.6pre3 is not out yet. + * disable source URLs, none are present +- Fix build with GCC-10 + * add patch 4c4bdde.diff + * add patch d3c7f75.diff +- create ld.so.conf-file dynamically + +------------------------------------------------------------------- +Sat Apr 18 07:07:48 UTC 2020 - Christof Hanke + +- update to 1.8.6pre2 +- disable fix_timeval_i586.patch + +------------------------------------------------------------------- +Fri Apr 10 06:36:58 UTC 2020 - Christof Hanke + +- update to HEAD of git branch openafs-stable-1_8_x. + * 1.8.6pre2 is not out yet. + * disable source URLs, none are present + * remove patch forward-to-1.8.6.pre1.patch +- fix build of i586 with fix_timeval_i586.patch + +------------------------------------------------------------------- +Thu Apr 2 06:08:09 UTC 2020 - Christof Hanke + +- update to pre-release 1.8.6pre1: forward-to-1.8.6.pre1.patch + +------------------------------------------------------------------- +Wed Oct 23 13:48:04 UTC 2019 - Christof Hanke + +- update to security-release 1.8.5, adresses: + * OPENAFS-SA-2019-001: Skip server OUT args on error + * OPENAFS-SA-2019-002: Zero all server RPC args + * OPENAFS-SA-2019-003: ubik: Avoid unlocked ubik_currentTrans deref + +------------------------------------------------------------------- +Thu Oct 10 09:10:27 UTC 2019 - Christof Hanke + +- update to official version 1.8.4 +- support Linux-kernel 5.3 +- Avoid non-dir ENOENT errors in afs_lookup +- fix parsing of fileservers with -vlruthresh, etc. +- other bugfixes + +------------------------------------------------------------------- +Thu Sep 26 20:56:05 UTC 2019 - Christof Hanke + +- update to pre-release 1.8.4pre2 + * fix builds for Linux-kernels 5.3 + +------------------------------------------------------------------- +Sun Jul 28 18:34:40 UTC 2019 - Christof Hanke + +- disable compilation with LTO, does not work yet. + +------------------------------------------------------------------- +Tue Apr 30 10:17:44 UTC 2019 - Christof Hanke + +- update to 1.8.3 +- Require krb5-client for package openafs-client +- fix broken directory layout +- fix broken post-install script +- allow crypt to be set/unset on startup of client +- clean up source-filenames + +------------------------------------------------------------------- +Mon Mar 25 11:32:32 UTC 2019 - Jan Engelhardt + +- Use source URLs. + +------------------------------------------------------------------- +Thu Mar 14 08:37:04 UTC 2019 - Christof Hanke + +- update to pre-release 1.8.3pre1 + * fix builds for Linux-kernels 4.20 and 5.0 + * other fixes, see RELNOTES-1.8.3pre1 + * remove obsolete Linux-4.20.patch + +------------------------------------------------------------------- +Wed Jan 16 11:28:27 UTC 2019 - christof.hanke@mpcdf.mpg.de + +- Fix build for Lunux-4.20: Linux-4.20.patch +- use proper log-directory: dir_layout.patch + +------------------------------------------------------------------- +Fri Sep 28 12:47:02 UTC 2018 - Guillaume GARDET + +- Fix build for aarch64 + +------------------------------------------------------------------- +Wed Sep 12 12:37:15 UTC 2018 - Jan Engelhardt + +- Quote "*.c", and avoid unnecessary pass through xargs. + +------------------------------------------------------------------- +Wed Sep 12 10:41:43 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- update to security-release 1.8.2 + * fix CVE-2018-16947 (OPENAFS-SA-2018-001) + * fix CVE-2018-16948 (OPENAFS-SA-2018-002) + * fix CVE-2018-16949 (OPENAFS-SA-2018-003) + +------------------------------------------------------------------- +Wed Sep 12 05:46:01 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- add retpoline support + +------------------------------------------------------------------- +Sun Sep 9 08:14:26 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- update to version 1.8.1.1 +- Remove use_timespec64_for_kernel_4.18.patch. It is now integrated. + +------------------------------------------------------------------- +Thu Aug 16 14:02:44 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- Fix 32Bit build by adding + commit 554176bd236d772d670df9bdd2496facd5a4209a as + use_timespec64_for_kernel_4.18.patch + +------------------------------------------------------------------- +Thu Aug 16 07:53:42 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- Update to 1.8.1 +- Remove backporting patches for AArch64 build: + * add_support_fo_arm64_linux26.patch + * dont_require_AFS_SYSCALL.patch + * add_AFS_STRINGIZE_macro.patch + * avoid_double_param_in_arm64_kernel.patch + +------------------------------------------------------------------- +Wed Jun 27 19:09:41 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- adjust building of KMP to new kernels (see boo 1098050) + add patch add_arch_to_linux_kernel_make.patch for this +- add libtirpc-devel to BuildRequires: +- minor cleanups + +------------------------------------------------------------------- +Fri May 4 07:29:15 UTC 2018 - guillaume.gardet@opensuse.org + +- Update to 1.8.0 +- Fix AArch64 build by updating spec and backporting patches: + * add_support_fo_arm64_linux26.patch + * dont_require_AFS_SYSCALL.patch + * add_AFS_STRINGIZE_macro.patch + * avoid_double_param_in_arm64_kernel.patch + +------------------------------------------------------------------- +Thu Apr 19 16:53:21 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- remove package krb5-mit. It contained binaries for server and client. + Besides, client and server already had an implicit dependency on krb5. + Put the binaries to client and server-package respectively. +- Remove openafs-1.8.x.heimdal.patch and everything heimdal-related. + SUSE does not provide a proper heimdal and it's untested for a long + time. + +------------------------------------------------------------------- +Mon Apr 16 15:35:15 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- fdupes: use symlinks instead of hardlinks. Do not fdupe + /etc and /var + +------------------------------------------------------------------- +Fri Apr 6 10:53:13 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- fix dependencies between packages, so that fuse-client + can be installed. +- cleanup old sys-v sysconfig files and other minor fixes +- fix unit file for fuse-client + +------------------------------------------------------------------- +Mon Apr 2 20:59:53 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- build fuse-client unconditionally. +- do not build KMP on unsupported architectures so that overall + build succeeds. + +Wed Mar 28 05:39:53 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- rename binary backup to afs_backup. + - rename man pages and prefix "backup" in content +- prefix "scout" by "afs_" in man-page +- remove unnecessary macro indirection %ARCH +- replace hard-coded paths by macros +- make whitespace more consistent +- minor syntax and typo fixes + +------------------------------------------------------------------- +Sun Mar 18 23:34:56 UTC 2018 - jengelh@inai.de + +- Replace old $RPM_* vars (most of them) by macros. +- Replace unnecessary macro indirections like %bindir by %_bindir. + +------------------------------------------------------------------- +Thu Mar 15 08:28:10 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- cleanup last cleanup: also remove rc.* files + +------------------------------------------------------------------- +Tue Mar 6 10:03:44 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- cleanup package for Factory: + - rename package to openafs. + - remove sys-v init stuff. + - apply recommendations given in Request 581009 + +------------------------------------------------------------------- +Wed Feb 28 09:25:52 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- add compat macro for new _fillupdir macro introduced in Nov 2017 + +------------------------------------------------------------------- +Wed Feb 28 08:30:33 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- update to 1.8.0pre5 + +------------------------------------------------------------------- +Sun Jan 7 08:31:00 UTC 2018 - christof.hanke@mpcdf.mpg.de + +- update to 1.8.0pre4 +- add patch for ncurses detection + +------------------------------------------------------------------- +Thu Dec 7 11:07:30 UTC 2017 - christof.hanke@mpcdf.mpg.de + +- update to 1.8.0pre3 +- add integrity check of tar-balls + +------------------------------------------------------------------- +Fri Sep 1 20:07:48 UTC 2017 - christof.hanke@mpcdf.mpg.de + +- do not strip binaries on install +- fix %postun server + +------------------------------------------------------------------- +Fri Sep 1 11:51:03 UTC 2017 - christof.hanke@mpcdf.mpg.de + +- update to 1.8.0pre2 +- use a preamble-file for KMP +- sort/cleanup/beautify spec-file + +------------------------------------------------------------------- +Fri Sep 1 07:05:21 UTC 2017 - christof.hanke@mpcdf.mpg.de + +- spec-file: + + use hardlinks for fdupes to provide correct header files in + kernel-source + + minor bugfixes, reorganization +- rename changes file to openafs18.changes + +------------------------------------------------------------------- +Thu Feb 9 14:41:57 UTC 2017 - christof.hanke@mpcdf.mpg.de + +- rename package to openafs18-* so they don't override + stable openafs-1.6 ones +- move ld.so to main package -- was in server-packages + +------------------------------------------------------------------- +Tue Feb 7 11:23:22 UTC 2017 - christof.hanke@mpcdf.mpg.de + +- enable building of KMP +- make openafs-krb5-mit package dependend on openafs-client package +- add ld.so - config to main package + +------------------------------------------------------------------- +Fri Jan 27 21:15:12 UTC 2017 - christof.hanke@rzg.mpg.de + +- remove pam, is not build on x86_64 and i596 + +------------------------------------------------------------------- +Mon Dec 26 18:59:09 UTC 2016 - christof.hanke@rzg.mpg.de + +- first version of 1.8 +- remove docs package, put man pages in induvidual packets +- remove layout-patch, deal with this in spec file directly + +------------------------------------------------------------------- +Sat Dec 3 14:56:56 UTC 2016 - christof.hanke@rzg.mpg.de + +- add new ChangeLog + +------------------------------------------------------------------- +Thu Dec 1 04:35:39 UTC 2016 - christof.hanke@rzg.mpg.de + +- update to version 1.6.20 + +------------------------------------------------------------------- +Wed Nov 16 09:21:52 UTC 2016 - christof.hanke@rzg.mpg.de + +- add missing RemainAfterExit=true to client-systemd unit. + +------------------------------------------------------------------- +Tue Nov 15 09:28:55 UTC 2016 - christof.hanke@rzg.mpg.de + +- update to version 1.6.19 + +------------------------------------------------------------------- +Tue Oct 4 11:19:50 UTC 2016 - aj@suse.com + +- Update README: Change SuSE to SUSE. + +------------------------------------------------------------------- +Thu Jul 21 07:52:14 UTC 2016 - christof.hanke@rzg.mpg.de + +- update to version 1.6.18.2 + +------------------------------------------------------------------- +Fri Jun 24 04:42:48 UTC 2016 - christof.hanke@rzg.mpg.de + +- update to version 1.6.18.1 + +------------------------------------------------------------------- +Tue May 10 15:19:28 UTC 2016 - christof.hanke@rzg.mpg.de + +- update to version 1.6.18 + +Thu Mar 17 06:35:21 UTC 2016 - christof.hanke@rzg.mpg.de + +- update to version 1.6.17 +- cleanup + +------------------------------------------------------------------- +Fri Dec 18 06:53:08 UTC 2015 - christof.hanke@rzg.mpg.de + +- update to version 1.6.16 +- remove fix for configure for new ncurses, now dealt with in + shipped package + +------------------------------------------------------------------- +Sat Nov 21 04:47:46 UTC 2015 - christof.hanke@rzg.mpg.de + +- start using change.log again +- fix configure test for new ncurses + +------------------------------------------------------------------- +Thu Jun 17 17:04:25 UTC 2010 - cseader@novell.com + +- update to version 1.4.12.1 + +------------------------------------------------------------------- +Wed Jan 25 21:39:00 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Mon Jan 23 15:58:43 CET 2006 - nadvornik@suse.cz + +- fixed kernel module to compile + +------------------------------------------------------------------- +Wed Jan 11 05:30:18 CET 2006 - mge@suse.de +- add openafs.SuidCells and openafs.CellServDB +- cleanup SPEC-file(s) +- finally adopt + sysconfig.transarcmode.openafs-client + rc.transarcmode.afs-server + rc.transarcmode.afs-client + to transarc mode; and fix a small typo in + rc.defaultmode.afs-client + +------------------------------------------------------------------- +Fri Jan 6 01:12:31 CET 2006 - mge@suse.de +- set "%defattr(-,root,root)" for transarcmode-file-lists +- fix lib64 build problem in transarcmode + +------------------------------------------------------------------- +Thu Jan 5 13:40:42 CET 2006 - mge@suse.de +- introduce transarc-mode and default-mode +- introduce "options" + +------------------------------------------------------------------- +Thu Dec 29 16:07:00 CET 2005 - mge@suse.de +- build for SLES 9 +- with heimdal krb5 support +- enable-largefile-fileserver + +------------------------------------------------------------------- +Wed Dec 21 16:09:26 CET 2005 - nadvornik@suse.cz + +- updated to 1.4.0 +- fixed dangerous compiler warnings + +------------------------------------------------------------------- +Mon Oct 31 12:37:05 CET 2005 - dmueller@suse.de + +- don't build as root + +------------------------------------------------------------------- +Fri Aug 26 12:51:02 CEST 2005 - nadvornik@suse.cz + +- fixed kernel module to build +- fixed sysconfig file name + +------------------------------------------------------------------- +Thu Jul 14 17:25:25 CEST 2005 - nadvornik@suse.cz + +- updated to 1.3.85 +- used LSB conforming init script names + +------------------------------------------------------------------- +Tue Jul 5 10:44:32 CEST 2005 - hare@suse.de + +- Update for linux 2.6.13. + +------------------------------------------------------------------- +Thu May 12 12:27:01 CEST 2005 - nadvornik@suse.cz + +- gcc4 fixes in kernel module + +------------------------------------------------------------------- +Tue Apr 12 17:02:34 CEST 2005 - nadvornik@suse.cz + +- fixed to compile with gcc4 + +------------------------------------------------------------------- +Wed Feb 23 12:08:07 CET 2005 - nadvornik@suse.cz + +- fixed memory leaks and 64bit fixes backported from 1.3.79 +- updated README.SUSE + +------------------------------------------------------------------- +Thu Feb 3 13:19:05 CET 2005 - nadvornik@suse.cz + +- updated to 1.3.78 + +------------------------------------------------------------------- +Mon Jan 31 15:58:33 CET 2005 - nadvornik@suse.cz + +- fixed afs.h to be usable from userspace [#50283] + +------------------------------------------------------------------- +Tue Jan 25 10:57:09 CET 2005 - nadvornik@suse.cz + +- updated to latest snapshot + +------------------------------------------------------------------- +Wed Sep 15 12:37:04 CEST 2004 - nadvornik@suse.cz + +- added requres: kernel-nongpl [#45167] +- fixed kernel module oops [#44618] + +------------------------------------------------------------------- +Wed Aug 11 15:51:03 CEST 2004 - nadvornik@suse.cz + +- use kernel module from openafs 1.3.70 to support kernel 2.6 + +------------------------------------------------------------------- +Mon Mar 08 17:18:49 CET 2004 - nadvornik@suse.cz + +- updated to 1.2.11 +- added note that client for kernel 2.6 is not available + +------------------------------------------------------------------- +Tue Jan 20 18:48:21 CET 2004 - ro@suse.de + +- added pam-devel to neededforbuild + +------------------------------------------------------------------- +Sat Dec 13 00:23:45 CET 2003 - meissner@suse.de + +- Added hack if no MTU came from userspace. +- Removed superflous ppc64 patch part. + +------------------------------------------------------------------- +Thu Dec 11 09:29:31 CET 2003 - meissner@suse.de + +- ppc64 port added (status: no longer crashes, talks to the network, + but not successfully). +- Change headerfiles to make it possible to do a ppc -> ppc64 crosscompile. + +------------------------------------------------------------------- +Mon Oct 6 17:30:17 CEST 2003 - olh@suse.de + +- build with -fPIC on ppc32 + +------------------------------------------------------------------- +Tue Sep 16 17:37:34 CEST 2003 - nadvornik@suse.cz + +- patch from cvs to use AllocLargeSpace for struct osi_file to prevent + oopses with some kernel configurations + +------------------------------------------------------------------- +Thu Sep 11 12:58:57 CEST 2003 - nadvornik@suse.cz + +- added option DYNROOT to sysconfig and enabled it by default [#27205] + +------------------------------------------------------------------- +Wed Sep 10 17:07:51 CEST 2003 - nadvornik@suse.cz + +- added cleanup before module build [#29649] + +------------------------------------------------------------------- +Tue Sep 09 18:33:38 CEST 2003 - nadvornik@suse.cz + +- fixed possible segfault + +------------------------------------------------------------------- +Thu Sep 04 12:30:00 CEST 2003 - nadvornik@suse.cz + +- set permissions of /var/lib/openafs to 700 +- README.SuSE fixes + +------------------------------------------------------------------- +Thu Aug 28 17:11:47 CEST 2003 - nadvornik@suse.cz + +- use ghost for /afs, the directory is created by init-script +- fixed README.SuSE + +------------------------------------------------------------------- +Thu Aug 21 14:32:58 CEST 2003 - nadvornik@suse.cz + +- moved all static libraries to /usr/lib/afs, fixes conflict with libdes +- used default value for THIS_CELL_SERVER_NAME +- removed old patches + +------------------------------------------------------------------- +Tue Aug 12 11:10:46 CEST 2003 - nadvornik@suse.cz + +- fixed a bug in init script + +------------------------------------------------------------------- +Mon Aug 11 18:26:28 CEST 2003 - nadvornik@suse.cz + +- updated to final 1.2.10 + +------------------------------------------------------------------- +Wed Jul 30 19:34:34 CEST 2003 - nadvornik@suse.cz + +- updated to 1.2.10-rc4 +- do not destroy CellServDB even if REGENERATE_CELL_INFO=yes +- fixed to compile on x86_64 + +------------------------------------------------------------------- +Wed Jul 30 14:25:46 CEST 2003 - sf@suse.de + +- use %_lib where it was missing + +------------------------------------------------------------------- +Wed Jul 09 19:20:55 CEST 2003 - nadvornik@suse.cz + +- fixed conflicts in filelist + +------------------------------------------------------------------- +Fri Jun 20 14:59:23 CEST 2003 - nadvornik@suse.cz + +- improved init scripts + +------------------------------------------------------------------- +Thu Jun 19 14:40:52 CEST 2003 - nadvornik@suse.cz + +- added README.SuSE +- fixed init scripts [#27426] +- installed man pages + +------------------------------------------------------------------- +Thu Jun 12 17:45:39 CEST 2003 - poeml@suse.de + +- add /usr/src/kernel-modules to the file list + +------------------------------------------------------------------- +Wed Jun 4 21:26:09 CEST 2003 - schwab@suse.de + +- Fix SMP configuration detection. + +------------------------------------------------------------------- +Wed May 14 12:28:04 CEST 2003 - poeml@suse.de + +- rework filelists: + - package/remove unpackaged files + - move some files into the server & client subpackages + - use %defattr +- fix deprecated tail -1 syntax (fixes building the kernel module) + +------------------------------------------------------------------- +Mon May 12 14:50:05 CEST 2003 - nadvornik@suse.cz + +- updated to 1.2.9 +- added DATA_ENCRYPTION option to sysconfig + +------------------------------------------------------------------- +Mon Mar 10 18:43:26 CET 2003 - poeml@suse.de + +- x86_64: add -lresolv, -fPIC +- fix lib path on all 64 bit platforms + +------------------------------------------------------------------- +Thu Mar 06 10:39:27 CET 2003 - nadvornik@suse.cz + +- added sysconfig metadata + +------------------------------------------------------------------- +Mon Feb 24 17:28:44 CET 2003 - nadvornik@suse.cz + +- added dirs /afs, /etc/openafs, /var/lib/openafs to filelist + +------------------------------------------------------------------- +Sun Feb 16 18:28:44 CET 2003 - olh@suse.de + +- workaround broken -lresolv detection, lib64 fixes + +------------------------------------------------------------------- +Wed Feb 12 16:42:07 CET 2003 - nadvornik@suse.cz + +- fixed multiline strings in kernel module + +------------------------------------------------------------------- +Fri Jan 24 11:11:23 CET 2003 - nadvornik@suse.cz + +- updated to 1.2.8 +- improved init script + +------------------------------------------------------------------- +Fri Nov 29 10:21:04 CET 2002 - nadvornik@suse.cz + +- included errno.h +- fixed multiline strings + +------------------------------------------------------------------- +Fri Nov 22 16:47:51 CET 2002 - nadvornik@suse.cz + +- first version of init scripts + +------------------------------------------------------------------- +Wed Nov 20 19:20:53 CET 2002 - poeml@suse.de + +- initial draft of a package. Lots of stuff missing, like init + scripts, or the kerberos 5 migration toolkit. + diff --git a/openafs.spec b/openafs.spec new file mode 100644 index 0000000..2be39da --- /dev/null +++ b/openafs.spec @@ -0,0 +1,996 @@ +# +# spec file for package openafs +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# +# needssslcertforbuild + + +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} +%define _fillupdir /var/adm/fillup-templates +%endif +%define _lto_cflags %{nil} + +# +# TUNABLES +# + +# package-wide definitions here + +# build authlibs +%define build_authlibs 1 + +# build kernel modules +%define build_kernel_modules 1 + +# flag for firewalld, only required for SLE-12 +%if 0%{?sle_version} <= 120500 && !0%{?is_opensuse} +%define have_firewalld 0 +%else +%define have_firewalld 1 +%endif + +# +# package internal directories +# +%define afslogsdir /var/log/openafs +%define afsconfdir /etc/openafs/server +%define viceetcdir /etc/openafs +%define vicecachedir /var/cache/openafs +%define afslocaldir /var/lib/openafs + +%ifarch ppc64le ppc64 %{arm} +%define build_kernel_modules 0 +%endif + +# used for %setup only +# leave upstream tar-balls untouched for integrity checks. +%define upstream_version stable-1_8_x + +Name: openafs + +Version: 1.8.13.g20241116 +Release: 0 +Summary: OpenAFS Distributed File System +License: IPL-1.0 +Group: System/Filesystems +URL: http://www.openafs.org/ + +Source0: openafs-%{upstream_version}-src.tar.bz2 +Source1: openafs-%{upstream_version}-doc.tar.bz2 +Source2: openafs-%{upstream_version}-src.tar.bz2.md5 +Source3: openafs-%{upstream_version}-doc.tar.bz2.md5 +Source4: openafs-%{upstream_version}-src.tar.bz2.sha256 +Source5: openafs-%{upstream_version}-doc.tar.bz2.sha256 + +Source10: README.SUSE.openafs +Source15: logrotate.openafs-server +Source18: RELNOTES-%{upstream_version} +Source19: ChangeLog +Source20: kernel-source.build-modules.sh +Source23: openafs-client.service +Source24: openafs-client.service.allow_unsupported +Source25: openafs-server.service +Source26: openafs-fuse-client.service +Source27: sysconfig.openafs-client +Source28: sysconfig.openafs-server +Source29: sysconfig.openafs-fuse-client +Source30: preamble +Source40: afs3-bos.xml +Source41: afs3-callback.xml +Source42: afs3-fileserver.xml +Source43: afs3-prserver.xml +Source44: afs3-rmtsys.xml +Source45: afs3-update.xml +Source46: afs3-vlserver.xml +Source47: afs3-volser.xml +Source55: openafs.SuidCells +Source56: openafs.CellAlias +Source57: openafs.ThisCell +Source58: openafs.cacheinfo +Source98: kmp_only.files +Source99: openafs.changes + +# GENERAL BuildRequires and Requires +# + +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: bison +BuildRequires: coreutils +BuildRequires: fdupes +BuildRequires: hostname +%if %{have_firewalld} +BuildRequires: firewall-macros +%endif +BuildRequires: flex +BuildRequires: fuse-devel +BuildRequires: git +BuildRequires: krb5-devel +BuildRequires: libtirpc-devel +BuildRequires: libtool +BuildRequires: ncurses-devel +BuildRequires: pkg-config +BuildRequires: swig + +Requires(post): %fillup_prereq + +%if %{build_kernel_modules} +BuildRequires: %{kernel_module_package_buildreqs} +%endif + +%description +AFS is a cross-platform distributed file system product pioneered at +Carnegie Mellon University and supported and developed as a product by +Transarc Corporation (now IBM Pittsburgh Labs). It offers a +client-server architecture for file sharing, providing location +independence, scalability, and transparent migration capabilities for +data. + +In addition, among its features are authentication, encryption, +caching, disconnected operations, replication for higher availability +and load balancing, and ACLs. + +%package server +Summary: OpenAFS File System Server +Group: System/Filesystems +Requires: %{name} = %{version} + +%description server +AFS is a cross-platform distributed file system product pioneered at +Carnegie Mellon University and supported and developed as a product by +Transarc Corporation (now IBM Pittsburgh Labs). It offers a +client-server architecture for file sharing, providing location +independence, scalability, and transparent migration capabilities for +data. + +In addition, among its features are authentication, encryption, +caching, disconnected operations, replication for higher availability +and load balancing, and ACLs. This package contains the static +libraries and header files needed to develop applications for OpenAFS. + +%if %{build_authlibs} +%package authlibs +Summary: OpenAFS authentication shared libraries +Group: Development/Libraries/C and C++ + +%description authlibs +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package provides a shared version of libafsrpc and libafsauthent. +None of the programs included with OpenAFS currently use these shared +libraries; however, third-party software that wishes to perform AFS +authentication may link against them. + +%package authlibs-devel +Summary: OpenAFS shared library development +Group: Development/Libraries/C and C++ +Requires: %{name}-authlibs = %{version} +Requires: %{name}-devel = %{version} + +%description authlibs-devel +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package includes the static versions of libafsrpc and +libafsauthent, and symlinks required for building against the dynamic +libraries. + +%endif + +%package devel +Summary: OpenAFS Static Libraries and Header Files +Group: Development/Libraries/Other +Requires: %{name} = %{version} + +%description devel +AFS is a cross-platform distributed file system product pioneered at +Carnegie Mellon University and supported and developed as a product by +Transarc Corporation (now IBM Pittsburgh Labs). It offers a +client-server architecture for file sharing, providing location +independence, scalability, and transparent migration capabilities for +data. + +In addition, among its features are authentication, encryption, +caching, disconnected operations, replication for higher availability +and load balancing, and ACLs. This package contains the OpenAFS server. + +%package kernel-source +BuildArch: noarch +Summary: OpenAFS Kernel Module source tree +Group: System/Filesystems +Requires: bison +Requires: flex +Requires: gcc +Requires: kernel-devel +Provides: openafs-kernel = %{version} + +%description kernel-source +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package provides the source code to build your own AFS kernel +module. + +%if %{build_kernel_modules} +%package KMP +Summary: OpenAFS Distributed File System - kernel module +Group: System/Kernel + +%kernel_module_package -x lockdep um pae -p %{S:30} + +%description KMP +This package contains the kernel module for OpenAFS. For details see +the openafs package. + +%endif + +%package fuse_client +Summary: OpenAFS FUSE File System Client +Group: System/Filesystems +Conflicts: %{name}-client +Requires: %{name} = %{version} + +%description fuse_client +AFS is a cross-platform distributed file system product pioneered at +Carnegie Mellon University and supported and developed as a product by +Transarc Corporation (now IBM Pittsburgh Labs). It offers a +client-server architecture for file sharing, providing location +independence, scalability, and transparent migration capabilities for +data. + +This client is using the EXPERIMENTAL FUSE interface on LINUX. +It does not offer authentication etc. + +%if %{build_kernel_modules} +%package client +Summary: OpenAFS File System Client +Group: System/Filesystems +Requires: %{name} = %{version} +Requires: %{name}-kmp +Requires: krb5-client + +%description client +AFS is a cross-platform distributed file system product pioneered at +Carnegie Mellon University and supported and developed as a product by +Transarc Corporation (now IBM Pittsburgh Labs). It offers a +client-server architecture for file sharing, providing location +independence, scalability, and transparent migration capabilities for +data. + +In addition, among its features are authentication, encryption, +caching, disconnected operations, replication for higher availability +and load balancing, and ACLs. This package contains the OpenAFS client. +%endif + +%prep + +: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +: @@@ +: @@@ package-name: %{name} +: @@@ file-layout: fsh +: @@@ lib dir: %{_libdir} +: @@@ libexec dir: %{libexecdir} +: @@@ bin dir: %{_bindir} +: @@@ sbin dir: %{_sbindir} +: @@@ include dir: %{includedir} +: @@@ sysconf dir: %{_sysconfdir} +: @@@ man dir: %{_mandir} +: @@@ build modules: %{build_kernel_modules} +: @@@ architecture: %{_arch} +: @@@ target cpu: %{_target_cpu} +: @@@ +: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ + +for src_file in %{S:0} %{S:1}; do + if [ "`md5sum $src_file | awk '{print $1}'`" != "`cat $src_file.md5 | awk '{print $1}'`" ]; then + echo "ERROR: MD5-Integrity check for $src_file failed."; + exit 1 + fi + if [ "`sha256sum $src_file | awk '{print $1}'`" != "`cat $src_file.sha256 | awk '{print $1}'`" ]; then + echo "ERROR: SHA256-Integrity check for $src_file failed."; + exit 1 + fi +done + +%setup -q -n openafs-%{upstream_version} -T -b 0 -b 1 + +./regen.sh + +%build +# architecture specific settings +sysbase=%{_arch} + +%ifarch ppc +perl -pi -e 's,^(XCFLAGS.*),\1 -fPIC,' src/config/Makefile.ppc_linux24.in +%endif +%ifarch ppc64 ppc64le +sysbase=ppc64 +export LDFLAGS="$LDFLAGS -m64" +%endif +%ifarch %{arm} +sysbase=arm +%endif +%ifarch aarch64 +sysbase=arm64 +%define _arch arm64 +%endif +%ifarch s390x +sysbase=s390 +%endif +%ifarch x86_64 +sysbase=amd64 +perl -pi -e 's,^(XCFLAGS.*),\1 -fPIC,' src/config/Makefile.amd64_linux24.in +perl -pi -e 's,^(XLIBS.*),\1 -lresolv,' src/config/Makefile.amd64_linux24.in +%endif + +afs_sysname=${sysbase}_linux26 + +RPM_OPT_FLAGS=`echo ${RPM_OPT_FLAGS} | sed s/-D_FORTIFY_SOURCE=2//` +export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fPIC -fcommon" + +export KRB5LIBS='-lcom_err -lkrb5' +export PATH_KRB5_CONFIG=%{krb5_config} +export afsdbdir='/var/lib/openafs/db' +export afslocaldir='/var/lib/openafs' +export afslogsdir='/var/log/openafs' +export afsdbdir='/var/lib/openafs/db' +%configure \ + --disable-transarc-paths \ + --disable-strip-binaries \ + --includedir=%{_includedir}/openafs \ + --sysconfdir=%{_sysconfdir} \ + --mandir=%{_mandir} \ + --with-afs-sysname=$afs_sysname \ + --disable-kernel-module \ + --with-swig + +make CCFLAGS="$CFLAGS" XCFLAGS="$CFLAGS" PAM_CFLAGS="$CFLAGS" KOPTS="$CFLAGS" all_nolibafs +make CCFLAGS="$CFLAGS" XCFLAGS="$CFLAGS" PAM_CFLAGS="$CFLAGS" KOPTS="$CFLAGS" only_libafs_tree + +# the test suite need a configured KDC +#make -C src/tests all + +# Kernel-module + +%if %{build_kernel_modules} +mkdir obj + +for flavor in %flavors_to_build; do + rm -rf obj/$flavor + cp -a libafs_tree obj/$flavor + pushd obj/$flavor + find . -name "*.c" -exec sed -i '/MODULE_LICENSE(/a MODULE_INFO(retpoline, "Y");' "{}" "+" + ./configure --with-linux-kernel-build=/usr/src/linux-obj/%{_target_cpu}/$flavor --with-linux-kernel-headers=/usr/src/linux \ + --disable-transarc-paths --without-swig + export EXTRA_CFLAGS='-DVERSION=\"%version\"' + export LINUX_MAKE_ARCH="ARCH=%{_arch}" + make + popd +done +%endif +# build_kernel_modules + +%install + +# +# install build binaries using make + +make DESTDIR=%{buildroot} install_nolibafs + +# +# man-pages + +OLD_PWD=`pwd` +cd doc/man-pages +%make_install +cd $OLD_PWD + +# +# create directories +mkdir -p %{buildroot}/%_unitdir +mkdir -p %{buildroot}/%{afslogsdir}/old +mkdir -p %{buildroot}/%{_fillupdir} +mkdir -p %{buildroot}/%{vicecachedir} +mkdir -p %{buildroot}/%{viceetcdir} +mkdir -p %{buildroot}%{_datadir}/openafs/C +mkdir -p %{buildroot}/%{afsconfdir} +mkdir -p %{buildroot}/%{afslocaldir} +mkdir -p %{buildroot}/%{_sbindir} + +# +# client +# also used by others +cp -a %{S:56} %{buildroot}/%{viceetcdir}/CellAlias +cp -a %{S:57} %{buildroot}/%{viceetcdir}/ThisCell +cp -a src/afsd/CellServDB %{buildroot}/%{viceetcdir}/CellServDB +cp -a %{S:55} %{buildroot}/%{viceetcdir}/SuidCells +cp -a %{S:58} %{buildroot}/%{viceetcdir}/cacheinfo + +# kmp-only +%if %{build_kernel_modules} +cp -a src/afs/afszcm.cat %{buildroot}%{_datadir}/openafs/C +install -m 644 %{S:27} %{buildroot}/%{_fillupdir}/sysconfig.openafs-client +%if 0%{?sle_version} > 150000 +install -m 644 %{S:24} %{buildroot}/%_unitdir/openafs-client.service +%else +install -m 644 %{S:23} %{buildroot}/%_unitdir +%endif +ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcopenafs-client +%endif + +# +# fuse client package + +install -m 644 %{S:29} %{buildroot}/%{_fillupdir}/sysconfig.openafs-fuse-client +install -m 644 %{S:26} %{buildroot}/%_unitdir +ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcopenafs-fuse-client + +# +# server +install -m 644 %{S:28} %{buildroot}/%{_fillupdir}/sysconfig.openafs-server +install -m 644 %{S:25} %{buildroot}/%_unitdir +ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcopenafs-server + +# +# kernel-source +mkdir -p %{buildroot}/usr/src/kernel-modules/openafs +chmod -R o-w src/libafs +chmod -R o-w libafs_tree +cp -a libafs_tree %{buildroot}/usr/src/kernel-modules/openafs +install -m 755 %{S:20} %{buildroot}/usr/src/kernel-modules/openafs/build-modules.sh +install -m 644 LICENSE %{buildroot}/usr/src/kernel-modules/openafs/LICENSE + +# KMP +%if %{build_kernel_modules} +export INSTALL_MOD_PATH=%{buildroot} +export INSTALL_MOD_DIR=updates + +for flavor in %flavors_to_build; do + make -C /usr/src/linux-obj/%{_arch}/$flavor %{?linux_make_arch} modules_install \ + M=$PWD/`find obj/$flavor/ -name MODLOAD-\* -type d` +done +%endif + +# +# main package +cp -a %{S:10} README.SUSE +cp -a %{S:18} RELNOTES +cp -a %{S:19} ChangeLog + +mkdir -p %{buildroot}/etc/ld.so.conf.d +echo %{_libdir}/openafs > %{buildroot}/etc/ld.so.conf.d/openafs.conf + +# move some bin to sbin +mv %{buildroot}/%{_bindir}/asetkey %{buildroot}/%{_sbindir}/asetkey +mv %{buildroot}/%{_bindir}/bos %{buildroot}/%{_sbindir}/bos +mv %{buildroot}/%{_bindir}/akeyconvert %{buildroot}/%{_sbindir}/akeyconvert +mv %{buildroot}/%{_bindir}/udebug %{buildroot}/%{_sbindir}/udebug + +# avoid conflicts with other packages by adding the prefix afs_ to filenames +mv %{buildroot}%{_bindir}/scout %{buildroot}%{_bindir}/afs_scout +cat %{buildroot}/%{_mandir}/man1/scout.1 | sed 's/\/afs_scout/g' > %{buildroot}/%{_mandir}/man1/afs_scout.1 +rm %{buildroot}/%{_mandir}/man1/scout.1 +mv %{buildroot}%{_sbindir}/backup %{buildroot}%{_sbindir}/afs_backup +OLD_PWD=`pwd` +cd %{buildroot}/%{_mandir}/man8/ +for f in $(ls backup*); do + cat $f | sed 's/\/afs_backup/g' > afs_"$f" + rm $f +done +cd $OLD_PWD + +# create manpage for afsd.fuse as a real file +rm %{buildroot}/%{_mandir}/man8/afsd.fuse.8 +cp -p %{buildroot}/%{_mandir}/man8/afsd.8 %{buildroot}/%{_mandir}/man8/afsd.fuse.8 + +# move %%{_libdir}/afs-stuff to %%{_libdir}/openafs +mv %{buildroot}/%{_libdir}/afs/* %{buildroot}/%{_libdir}/openafs +mv %{buildroot}/%{_libdir}/*.* %{buildroot}/%{_libdir}/openafs +rm -rf %{buildroot}/%{_libdir}/afs + +# move perl module to perl vendor library path +mkdir -p %{buildroot}/%{perl_vendorlib}/AFS +mv %{buildroot}/%{_libdir}/perl/AFS/ukernel.pm %{buildroot}/%{perl_vendorlib}/AFS/ukernel.pm +mkdir -p %{buildroot}%{perl_vendorarch} +mv %{buildroot}/%{_libdir}/perl/ukernel.so %{buildroot}/%{perl_vendorarch}/ukernel.so + +# firewalld + +%if %{have_firewalld} +mkdir -p %{buildroot}%{_prefix}/lib/firewalld/services/ +install -D -m 644 %{S:40} %{buildroot}%{_prefix}/lib/firewalld/services/ +install -D -m 644 %{S:41} %{buildroot}%{_prefix}/lib/firewalld/services/ +install -D -m 644 %{S:42} %{buildroot}%{_prefix}/lib/firewalld/services/ +install -D -m 644 %{S:43} %{buildroot}%{_prefix}/lib/firewalld/services/ +install -D -m 644 %{S:44} %{buildroot}%{_prefix}/lib/firewalld/services/ +install -D -m 644 %{S:45} %{buildroot}%{_prefix}/lib/firewalld/services/ +install -D -m 644 %{S:46} %{buildroot}%{_prefix}/lib/firewalld/services/ +install -D -m 644 %{S:47} %{buildroot}%{_prefix}/lib/firewalld/services/ +%endif + +# +# general cleanup +# + +# we supposedly don't need this on linux +rm %{buildroot}/%{_sbindir}/rmtsysd + +%if ! %{build_authlibs} +rm %{buildroot}/%{_libdir}/libafsauthent.so.* +rm %{buildroot}/%{_libdir}/libafsrpc.so.* +rm %{buildroot}/%{_libdir}/libkopenafs.so.* +rm %{buildroot}/%{_libdir}/libafsauthent.so +rm %{buildroot}/%{_libdir}/libafsrpc.so +rm %{buildroot}/%{_libdir}/libkopenafs.so +%endif +%if ! %{build_kernel_modules} +for f in $(cat %{S:98}); do + rm -f %{buildroot}/$f +done +%endif + +# remove all static libraries +find %{buildroot} -type f -name "*.a" -delete + +# remove unused man pages +for x in dlog symlink symlink_list symlink_make symlink_remove; do + rm %{buildroot}/%{_mandir}/man1/${x}.1 +done +for x in rmtsysd xfs_size_check aklog_dynamic_auth; do + rm %{buildroot}/%{_mandir}/man8/${x}.8 +done + +# compress man pages +OLD_PWD=`pwd` +for d in %{buildroot}%{_mandir}/man*; do + cd $d + for f in *; do + if [ -h $f ]; then + mv $f $f.gz + elif [ -f $f ];then + gzip -9 $f + else + echo "Unknown thing to compress : $f" + fi + done +done +cd $OLD_PWD + +# replace duplicates by symlinks +%fdupes -s %{buildroot}/usr + +# +# main + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%post kernel-source +echo To install the kernel-module, do: +echo cd /usr/src/kernel-modules/openafs +echo sh ./build-modules.sh build +echo sh ./build-modules.sh install + +# +# fuse client + +%pre fuse_client +%service_add_pre openafs-fuse-client.service + +%preun fuse_client +%service_del_preun openafs-fuse-client.service + +%post fuse_client +if [ ! -d /afs ]; then + mkdir /afs +fi +%{fillup_only -n openafs-fuse-client} +%service_add_post openafs-fuse-client.service +/sbin/ldconfig + +if [ "x$1" = "x" ]; then + my_operation=0 +else + my_operation=$1 +fi + +if [ $my_operation -gt 1 ]; then + echo Not stopping the possibly running client. + echo You must restart the client to put the upgrade into effect. +else + echo This is the experimental FUSE implementation of the openafs-client + echo Please configure your cell like with the in-kernel openafs-client + echo authentication etc. is not implemented yet in this version. +fi + +%postun fuse_client +%service_del_postun openafs-fuse-client.service +if [ -d /afs ]; then + echo make sure to remove directory /afs if unwanted. +fi +/sbin/ldconfig + +# +# client + +%if %{build_kernel_modules} +%pre client +%service_add_pre openafs-client.service + +%post client +if [ ! -d /afs ]; then + mkdir /afs +fi +/sbin/ldconfig +%{fillup_only -n openafs-client} +%service_add_post openafs-client.service +%if %{have_firewalld} +%firewalld_reload +%endif + +if [ "x$1" = "x" ]; then + my_operation=0 +else + my_operation=$1 +fi +if [ $my_operation -gt 1 ]; then + echo Not stopping the possibly running client. + echo You must restart the client to put the upgrade into effect. +else + echo For configuring the client, please check /etc/sysconfig/openafs-client + echo and/or follow the instructions found on http://www.openafs.org how to install an openafs-client. +fi + +%preun client +%service_del_preun openafs-client.service + +%postun client +if [ -d /afs ]; then + echo make sure to remove directory /afs if unwanted. +fi +/sbin/ldconfig +%service_del_postun openafs-client.service +%endif + +# +# server + +%pre server +%service_add_pre openafs-server.service + +%post server +/sbin/ldconfig +%{fillup_only -n openafs-server} +%service_add_post openafs-server.service + +if [ "$FIRST_ARG" -gt 1 ]; then + # update no new install + echo Not stopping the possibly running services. + echo You must restart the service to put the upgrade into effect. + if [ -d /var/openafs ]; then + echo To upgrade, stop the server, copy the contents of /var/openafs to /var/lib/openafs, + echo remove the empty directory /var/openafs and then start the server again. + fi +else + echo For configuring the server, please check /etc/sysconfig/openafs-server + echo and/or follow the instructions found on http://www.openafs.org to install an openafs-client. +fi + +%preun server +%service_del_preun openafs-server.service + +%postun server +/sbin/ldconfig +%service_del_postun openafs-server.service + +# +# devel + +%post devel + +%postun devel + +# +# authlibs + +%if %{build_authlibs} +%post authlibs + +%postun authlibs +%endif + +# +# FILES +# + +%files +%defattr(-,root,root) +%config /etc/ld.so.conf.d/openafs.conf +%config(noreplace) %{viceetcdir}/CellAlias +%config(noreplace) %{viceetcdir}/CellServDB +%config(noreplace) %{viceetcdir}/ThisCell +%dir %{viceetcdir} +%doc %{_mandir}/man5/afsmonitor.5.gz +%doc %{_mandir}/man1/afs.1.gz +%doc %{_mandir}/man1/afs_compile_et.1.gz +%doc %{_mandir}/man1/afs_scout.1.gz +%doc %{_mandir}/man1/afsmonitor.1.gz +%doc %{_mandir}/man1/cmdebug.1.gz +%doc %{_mandir}/man1/pts.1.gz +%doc %{_mandir}/man1/pts_*.gz +%doc %{_mandir}/man1/restorevol.1.gz +%doc %{_mandir}/man1/rxdebug.1.gz +%doc %{_mandir}/man1/sys.1.gz +%doc %{_mandir}/man1/translate_et.1.gz +%doc %{_mandir}/man1/udebug.1.gz +%doc %{_mandir}/man1/vos.1.gz +%doc %{_mandir}/man1/vos_*gz +%doc %{_mandir}/man1/xstat_cm_test.1.gz +%doc %{_mandir}/man1/xstat_fs_test.1.gz +%doc %{_mandir}/man5/CellAlias.5.gz +%doc %{_mandir}/man5/CellServDB.5.gz +%doc %{_mandir}/man5/NetInfo.5.gz +%doc %{_mandir}/man5/NetRestrict.5.gz +%doc %{_mandir}/man5/ThisCell.5.gz +%doc %{_mandir}/man5/afs.5.gz +%doc %{_mandir}/man5/butc.5.gz +%doc %{_mandir}/man5/butc_logs.5.gz +%doc %{_mandir}/man5/fms.log.5.gz +%doc %{_mandir}/man5/sysid.5.gz +%doc %{_mandir}/man5/uss.5.gz +%doc %{_mandir}/man5/uss_*.5.gz +%doc %{_mandir}/man8/afs_backup.8.gz +%doc %{_mandir}/man8/afs_backup_*.8.gz +%doc %{_mandir}/man8/bos.8.gz +%doc %{_mandir}/man8/bos_[a-t]*.8.gz +%doc %{_mandir}/man8/bos_uninstall.8.gz +%doc %{_mandir}/man8/butc.8.gz +%doc %{_mandir}/man8/fms.8.gz +%doc %{_mandir}/man8/read_tape.8.gz +%doc %{_mandir}/man8/uss.8.gz +%doc %{_mandir}/man8/uss_*.8.gz +%doc %{_mandir}/man8/vsys.8.gz +%doc NEWS README* RELNOTES ChangeLog +%{_bindir}/afs_compile_et +%{_bindir}/afs_scout +%{_bindir}/afsio +%{_bindir}/afsmonitor +%{_bindir}/cmdebug +%{_bindir}/pts +%{_bindir}/restorevol +%{_bindir}/sys +%{_bindir}/translate_et +%{_bindir}/xstat_cm_test +%{_bindir}/xstat_fs_test +%{_libdir}/openafs/libafshcrypto.so.* +%{_libdir}/openafs/librokenafs.so.* +%{_sbindir}/afs_backup +%{_sbindir}/bos +%{_sbindir}/butc +%{_sbindir}/fms +%{_sbindir}/read_tape +%{_sbindir}/rxdebug +%{_sbindir}/udebug +%{_sbindir}/uss +%{_sbindir}/vos +%{_sbindir}/vsys + +%files fuse_client +%defattr(-,root,root) +%{_sbindir}/afsd.fuse +%{_sbindir}/rcopenafs-fuse-client +%config(noreplace) %{viceetcdir}/SuidCells +%config(noreplace) %{viceetcdir}/cacheinfo +%doc %{_mandir}/man8/afsd.fuse.8.gz +%_unitdir/openafs-fuse-client.service +%{_fillupdir}/sysconfig.openafs-fuse-client +%{vicecachedir} + +%if %{build_kernel_modules} +%files client +%defattr(-,root,root) + %{_bindir}/fs + %{_bindir}/aklog + %{_bindir}/klog.krb5 + %{_bindir}/pagsh + %{_bindir}/pagsh.krb + %{_bindir}/tokens + %{_bindir}/tokens.krb + %{_bindir}/unlog + %{_bindir}/up + %{_sbindir}/afsd + %{_sbindir}/fstrace +%doc %{_mandir}/man1/fs.1.gz +%doc %{_mandir}/man1/fs_*.1.gz +%doc %{_mandir}/man1/aklog.1.gz +%doc %{_mandir}/man1/klog.krb5.1.gz +%doc %{_mandir}/man1/pagsh.1.gz +%doc %{_mandir}/man1/pagsh.krb.1.gz +%doc %{_mandir}/man1/tokens.1.gz +%doc %{_mandir}/man1/tokens.krb.1.gz +%doc %{_mandir}/man1/unlog.1.gz +%doc %{_mandir}/man1/up.1.gz +%doc %{_mandir}/man8/afsd.8.gz +%doc %{_mandir}/man8/fstrace.8.gz +%doc %{_mandir}/man8/fstrace_*.8.gz +%_unitdir/openafs-client.service +%doc %{_mandir}/man1/copyauth.1.gz +%doc %{_mandir}/man5/cacheinfo.5.gz +%doc %{_mandir}/man5/afs_cache.5.gz +%dir %{_datadir}/openafs +%dir %{_datadir}/openafs/C +%{_datadir}/openafs/C/afszcm.cat +%doc %{_mandir}/man5/afszcm.cat.5.gz +%config(noreplace) %{viceetcdir}/SuidCells +%config(noreplace) %{viceetcdir}/cacheinfo +%{_sbindir}/rcopenafs-client +%{_fillupdir}/sysconfig.openafs-client +%{vicecachedir} +%if %{have_firewalld} +%dir %{_prefix}/lib/firewalld +%dir %{_prefix}/lib/firewalld/services +%{_prefix}/lib/firewalld/services/afs3-callback.xml +%{_prefix}/lib/firewalld/services/afs3-rmtsys.xml +%endif +%endif + +%files server +%defattr(-,root,root) +%attr(770,root,root) %dir %{afslocaldir} +%attr(775,root,root) %dir %{afslogsdir} +%config %{viceetcdir}/server +%doc %{_mandir}/man5/AuthLog.5.gz +%doc %{_mandir}/man5/AuthLog.dir.5.gz +%doc %{_mandir}/man5/BackupLog.5.gz +%doc %{_mandir}/man5/BosConfig.5.gz +%doc %{_mandir}/man5/BosLog.5.gz +%doc %{_mandir}/man5/FORCESALVAGE.5.gz +%doc %{_mandir}/man5/FileLog.5.gz +%doc %{_mandir}/man5/KeyFile.5.gz +%doc %{_mandir}/man5/KeyFileExt.5.gz +%doc %{_mandir}/man5/NoAuth.5.gz +%doc %{_mandir}/man5/PtLog.5.gz +%doc %{_mandir}/man5/SALVAGE.fs.5.gz +%doc %{_mandir}/man5/SalvageLog.5.gz +%doc %{_mandir}/man5/UserList.5.gz +%doc %{_mandir}/man5/VLLog.5.gz +%doc %{_mandir}/man5/VolserLog.5.gz +%doc %{_mandir}/man5/afs_volume_header.5.gz +%doc %{_mandir}/man5/bdb.DB0.5.gz +%doc %{_mandir}/man5/krb.conf.5.gz +%doc %{_mandir}/man5/krb.excl.5.gz +%doc %{_mandir}/man5/prdb.DB0.5.gz +%doc %{_mandir}/man5/salvage.lock.5.gz +%doc %{_mandir}/man5/tapeconfig.5.gz +%doc %{_mandir}/man5/vldb.DB0.5.gz +%doc %{_mandir}/man8/akeyconvert.8.gz +%doc %{_mandir}/man8/asetkey.8.gz +%doc %{_mandir}/man8/bos_util.8.gz +%doc %{_mandir}/man8/bosserver.8.gz +%doc %{_mandir}/man8/buserver.8.gz +%doc %{_mandir}/man8/dafileserver.8.gz +%doc %{_mandir}/man8/dafssync-debug.8.gz +%doc %{_mandir}/man8/dafssync-debug_*.8.gz +%doc %{_mandir}/man8/dasalvager.8.gz +%doc %{_mandir}/man8/davolserver.8.gz +%doc %{_mandir}/man8/fileserver.8.gz +%doc %{_mandir}/man8/fssync-debug.8.gz +%doc %{_mandir}/man8/fssync-debug_*.8.gz +%doc %{_mandir}/man8/prdb_check.8.gz +%doc %{_mandir}/man8/pt_util.8.gz +%doc %{_mandir}/man8/ptserver.8.gz +%doc %{_mandir}/man8/salvager.8.gz +%doc %{_mandir}/man8/salvageserver.8.gz +%doc %{_mandir}/man8/state_analyzer.8.gz +%doc %{_mandir}/man8/upclient.8.gz +%doc %{_mandir}/man8/upserver.8.gz +%doc %{_mandir}/man8/vldb_check.8.gz +%doc %{_mandir}/man8/vldb_convert.8.gz +%doc %{_mandir}/man8/vlserver.8.gz +%doc %{_mandir}/man8/voldump.8.gz +%doc %{_mandir}/man8/volinfo.8.gz +%doc %{_mandir}/man8/volscan.8.gz +%doc %{_mandir}/man8/volserver.8.gz +%dir %{_libexecdir}/openafs +%{_libexecdir}/openafs/buserver +%{_libexecdir}/openafs/dafileserver +%{_libexecdir}/openafs/dasalvager +%{_libexecdir}/openafs/davolserver +%{_libexecdir}/openafs/fileserver +%{_libexecdir}/openafs/ptserver +%{_libexecdir}/openafs/salvager +%{_libexecdir}/openafs/salvageserver +%{_libexecdir}/openafs/upclient +%{_libexecdir}/openafs/upserver +%{_libexecdir}/openafs/vlserver +%{_libexecdir}/openafs/volserver +%{_sbindir}/asetkey +%{_sbindir}/akeyconvert +%{_sbindir}/bos_util +%{_sbindir}/bosserver +%{_sbindir}/dafssync-debug +%{_sbindir}/fssync-debug +%{_sbindir}/prdb_check +%{_sbindir}/pt_util +%{_sbindir}/salvsync-debug +%{_sbindir}/state_analyzer +%{_sbindir}/vldb_check +%{_sbindir}/vldb_convert +%{_sbindir}/voldump +%{_sbindir}/volinfo +%{_sbindir}/volscan +%_unitdir/openafs-server.service +%{_sbindir}/rcopenafs-server +/%{_fillupdir}/sysconfig.openafs-server +%if %{have_firewalld} +%dir %{_prefix}/lib/firewalld +%dir %{_prefix}/lib/firewalld/services +%{_prefix}/lib/firewalld/services/afs3-bos.xml +%{_prefix}/lib/firewalld/services/afs3-fileserver.xml +%{_prefix}/lib/firewalld/services/afs3-prserver.xml +%{_prefix}/lib/firewalld/services/afs3-update.xml +%{_prefix}/lib/firewalld/services/afs3-vlserver.xml +%{_prefix}/lib/firewalld/services/afs3-volser.xml +%endif + +%files devel +%defattr(-,root,root) +%dir %{_libdir}/openafs +%doc %{_mandir}/man1/livesys.1.gz +%doc %{_mandir}/man1/rxgen.1.gz +%doc %{_mandir}/man3/AFS::ukernel.3.gz +%{_bindir}/livesys +%{_bindir}/rxgen +%{_includedir}/openafs/ +%{_libdir}/openafs/libafshcrypto.so +%{_libdir}/openafs/librokenafs.so +%{perl_vendorarch}/ukernel.so +%dir %{perl_vendorlib}/AFS +%{perl_vendorlib}/AFS/ukernel.pm + +%files kernel-source +%defattr(-,root,root) +%dir /usr/src/kernel-modules +%dir /usr/src/kernel-modules/openafs +/usr/src/kernel-modules/openafs/* + +%if %{build_authlibs} +%files authlibs +%defattr(-,root,root) +%{_libdir}/openafs/libafsauthent.so.* +%{_libdir}/openafs/libafsrpc.so.* +%{_libdir}/openafs/libkopenafs.so.* + +%files authlibs-devel +%defattr(-,root,root) +%{_libdir}/openafs/libafsauthent.so +%{_libdir}/openafs/libafsrpc.so +%{_libdir}/openafs/libkopenafs.so +%endif + +# +# CHANGELOG +# + +%changelog diff --git a/preamble b/preamble new file mode 100644 index 0000000..e9bfbf7 --- /dev/null +++ b/preamble @@ -0,0 +1,3 @@ +Requires: kernel-%1 +Requires: %{name}-client = %{version} +Conflicts: %{name}-fuse-client = %{version} diff --git a/sysconfig.openafs-client b/sysconfig.openafs-client new file mode 100644 index 0000000..06ff3d3 --- /dev/null +++ b/sysconfig.openafs-client @@ -0,0 +1,17 @@ +# +# startup options for the openAFS client. +# see man afsd for details + +AFSD_ARGS="-fakestat -memcache -blocks 102400 -dynroot -afsdb" + +# +# sysname to set after startup +# leave empty for default setting. + +SYSNAME="" + +# +# switch for encryption to be set after startup +# must be one of "on" or "off" + +CRYPT="on" diff --git a/sysconfig.openafs-fuse-client b/sysconfig.openafs-fuse-client new file mode 100644 index 0000000..761671b --- /dev/null +++ b/sysconfig.openafs-fuse-client @@ -0,0 +1,17 @@ +# +# startup options for the openAFS FUSE client. +# see man afsd for details + +AFSD_ARGS="-fakestat -memcache -blocks 102400 -dynroot -afsdb" + +# +# sysname to set after startup +# leave empty for default setting. + +SYSNAME="" + +# +# switch for encryption to be set after startup +# must be one of "on" or "off" + +CRYPT="on" diff --git a/sysconfig.openafs-server b/sysconfig.openafs-server new file mode 100644 index 0000000..025e6c8 --- /dev/null +++ b/sysconfig.openafs-server @@ -0,0 +1,4 @@ +## Path: Network/File systems/AFS server +## Description: AFS server configuration, default mode + +# all is set in /etc/openafs/BosConfig