headers
Hideki Yamane | 11 Feb 2008 01:08
Picon
Favicon
Gravatar

netatalk and openssl issue

Hi netatalk folks,

 This mail is "give a special exception for openssl to netatalk license 
 or use gnutls" proposal.

 Now MacOS X 10.5 (Leopard) was released and it is set as default to use 
 cryptgrahic connections to AppleTalk fileservers. If we use netatalk without 
 configuring "--with-openssl=yes" option, we cannot connect from Leopard to 
 netatalk box anymore (Probably you can see users' scream by searching 
 "netatalk Leopard" with Google ;-). 

 Why? This is because netatalk is licensed under GPL, but GPL has incompatibility 
 with OpenSSL license by default. So distributions (like Debian I use) ship 
 their netatalk package with disabling openssl function. If I've upgraded 
 my Mac to Leopard, I must re-compile package source with openssl option by hand. 
 Yes, I can do such thing, but it spends some time and resources. 
 And for some users, it's terrible.

 If you can add "some special exception" item to netatalk license, all 
 distributions can put thier package with enabling openssl function by default, 
 ...and make Leopard (and future) users HAPPY. 

 and we can see some suggestion at http://www.gnome.org/~markmc/openssl-and-the-gpl.html
 Maybe license change is hard for netatalk because all copyright holders must 
 accept such change. So, you should change to use gnutls instead of OpenSSL.

 Could you think about it, please?
 Thank you for your reading.

--

--
(Continue reading)

Permalink | Reply | 2 comments |
headers
Thomas Kaiser | 11 Feb 2008 23:23
Picon

Re: netatalk and openssl issue

Hideki Yamane wrote:

> Now MacOS X 10.5 (Leopard) was released and it is set as default to use
> cryptgrahic connections to AppleTalk fileservers.

Which is good since cleartext passwords are nothing that should go over the
wire.

> If we use netatalk without configuring "--with-openssl=yes" option, we cannot
> connect from Leopard to netatalk box anymore

Well, simply use OpenSSL und build the appropriate UAMs (DHX and/or
Kerberos). Or if you think cleartext passwords shouldn't be banned since
decades let your Mac users do the following:

    defaults write com.apple.AppleShareClient afp_cleartext_allow -bool true

> (Probably you can see users' scream by searching "netatalk Leopard" with
> Google ;-).

I do only see Debian or Ubuntu users whining. Are there other Netatalk users
affected?

Regards,

Thomas

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
(Continue reading)

Permalink | Reply | 1 comment |
headers
Alex deVries | 11 Feb 2008 23:39
Picon

Re: netatalk and openssl issue


On 11-Feb-08, at 5:23 PM, Thomas Kaiser wrote:
>
>> (Probably you can see users' scream by searching "netatalk Leopard"  
>> with
>> Google ;-).
>
> I do only see Debian or Ubuntu users whining. Are there other  
> Netatalk users
> affected?

I don't think that other distributions are quite as particular about  
the openssl licensing issue. A solution to this might be for us to  
whip up some prebuilt Debian packages available for download.

Fedora's netatalk version has its own set of problems...  one of them  
is that they took a snapshot of netatalk from CVS (something post  
2.0.3, but before the Unix chmod fixes) and haven't uprevved it.   I  
don't think they've changed netatalk versions between FC6 and F8.   
Releasing 2.0.4 may help newer fedora versions into adopting a later  
version.

Changing the licensing of netatalk would be just about impossible  
given the large number of copyright owners of the code.

- Alex

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Alex deVries | 20 Feb 2008 19:31
Picon

Announcing afpfs-ng 0.8, an open source AFP client



This may be relevant to netatalk users, since afpfs-ng is an open source AFP client.  It is heavily tested against netatalk.

afpfs-ng is an open source client to access files by mounting the remote filesystem (through FUSE) locally, or a simple interactive command line tool (similiar to an ftp client).  It is written for Linux, and loosely tested on Mac OS X and FreeBSD.

Have a look at http://afpfs-ng.sf.net .  Debian, RPMs and source tarballs are available.

Feedback welcome...


- Alex





What is new in afpfs-ng-0.8, February 18, 2008
----------------------------------------------

1. New command line (non-FUSE) tools:

a) batch mode of afpcmd

This lets you do simple transfers, eg.

> afpcmd afp://user:pass <at> server/alexdevries/linux-2.6.14.tar.bz2
Connected to server Cubalibre using UAM "DHX2"
Connected to volume alexdevries
   Getting file /linux-2.6.14.tar.bz2
Transferred 39172170 bytes in 2.862 seconds. (13687 kB/s)

b) interactive mode of afpcmd

This is file transfer tool similiar to an ftp client.  Has (local) filename
completion and command history.

c) get status tool, afpgetstatus

A simple tool to get the status information of a server without logging in.


2. FUSE client improvements

Continuation of FUSE client development, including the introduction of a new tool
called mount_afp, which has the same syntax as in Mac OS X.  Better status and
post-deployment debugging, proper forced or unforced exit and other bugs.


3. Protocol fixes

Many protocol enhancements and bug fixes, including: support for AFP 2.x, multiple
servers, session keys, signatures, meta information, chmod and chown fixes.
Tested against Mac OS X, OS9, Airport and netatalk.

File transfer performance is now similiar or faster to Mac OS X.


4. Development library

The source code of afpfs-ng has now been changed to a library (libafpclient) and
support for multiple clients (examples are FUSE, afpcmd, afpgetstatus).  With this
library, more AFP clients (GIO, KIO) can be built with limited pain.  This API is
not yet stabilized.

5. Other

FUSE client fully validated on Linux, builds on FreeBSD.
Command line client builds and runs on Linux, runs but is weakly tested on FreeBSD
and Mac OS X.

There are manpages.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Netatalk-devel mailing list
Netatalk-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netatalk-devel
Permalink | Reply | 0 comments |
headers
Dan Foody | 24 Feb 2008 15:54
Picon

Time Machine with netatalk

Hi all,


I've been trying to get Apple's Time Machine to work with a netatalk share (actually hosted by my NAS), and time machine is not able to create the data it needs on the NAS.

On the mac, when I run the following command (this is used under the covers to create the disk image time machine needs):

   hdiutil create -size 32m -debug -type SPARSEBUNDLE imagename

I get the following output errors:
    CBundleBackingStore::flushBand(fd=4,sector=0) system+disk sync failed 45 (Operation not supported) [ignoring error and trying fsync()]
    CBundleBackingStore::flushBand(0.000000d=0,sector=9265a30f0000002d) process buffers ONLY
    CBundleBackingStore::flushBands: flushBand(fd=0,sector=0) returned 45
    CBundleBackingStore::flushBands returned 45
    CBundleBackingStore::flush: returning 45

Elsewhere I've uncovered that hdiutil is likely trying to do an F_FULLFSYNC fcntl to force data to be flushed to the disk.

In the logs on my NAS, when I've run the hdituil command, I see the following netatalk errors:
    Feb 24 14:44:05 IomegaNetHDD daemon.err afpd[22213]: bad function 4F
    Feb 24 14:44:05 IomegaNetHDD daemon.err afpd[22213]: bad function 4F

So, I'm presuming that function 4F is related to the F_FULLFSYNC.

Any advice on what's the best way to get to the next level to try and resolve this?

(my hands are tied behind my back by the fact that I'm not running a custom debug build of netatalk -- it's on my NAS and the best I can do is change the config files for it).

Other people running netatalk on other NAS devices don't seem to be having it fail as badly as mine is -- while the debug log says it's "ignoring error and trying fsync", hdiutil starts rolling back it's work at the end of doing the flush.  So, either the debug message isn't accurate or a regular fsync isn't working for me either.

Thanks!
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Netatalk-devel mailing list
Netatalk-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netatalk-devel
Permalink | Reply | 3 comments |
headers
Alex deVries | 24 Feb 2008 17:13
Picon

Re: Time Machine with netatalk


The 'bad function 4F' topic has come up quite a bit here.  In general,  
the undocumented feature really isn't relevant.  However, it is really  
hard to tell what this function is, and it may have some relevance to  
backups over AFP (for instance, in some cases the client and server's  
mount point are exchanged).

Although the Mac OS-side utilities are valuable in helping debug this,  
a network dump is going to be critical also. 'tcpdump -i en0 -s0 -w my  
capture port 548' will generate the file you'll want to load with  
wireshark.

All this said, netatalk can't handle hard links to directories, so  
your netatalk server is going to have some problems with Time Machine,  
although I don't know what the repercussions will be.

A fun project would be to write or port an AFP server to Linux that  
would sit directly on top of a ZFS/HFS+ filesystem driver, which would  
solve a lot of problems for file attributes that can't be handled  
through POSIX calls.  This would enable an open source TM server.

- Alex

On 24-Feb-08, at 9:54 AM, Dan Foody wrote:

> Hi all,
>
> I've been trying to get Apple's Time Machine to work with a netatalk  
> share (actually hosted by my NAS), and time machine is not able to  
> create the data it needs on the NAS.
>
> On the mac, when I run the following command (this is used under the  
> covers to create the disk image time machine needs):
>
>    hdiutil create -size 32m -debug -type SPARSEBUNDLE imagename
>
> I get the following output errors:
>     CBundleBackingStore::flushBand(fd=4,sector=0) system+disk sync  
> failed 45 (Operation not supported) [ignoring error and trying  
> fsync()]
>      
> CBundleBackingStore::flushBand(0.000000d=0,sector=9265a30f0000002d)  
> process buffers ONLY
>     CBundleBackingStore::flushBands: flushBand(fd=0,sector=0)  
> returned 45
>     CBundleBackingStore::flushBands returned 45
>     CBundleBackingStore::flush: returning 45
>
> Elsewhere I've uncovered that hdiutil is likely trying to do an  
> F_FULLFSYNC fcntl to force data to be flushed to the disk.
>
> In the logs on my NAS, when I've run the hdituil command, I see the  
> following netatalk errors:
>     Feb 24 14:44:05 IomegaNetHDD daemon.err afpd[22213]: bad  
> function 4F
>     Feb 24 14:44:05 IomegaNetHDD daemon.err afpd[22213]: bad  
> function 4F
>
> So, I'm presuming that function 4F is related to the F_FULLFSYNC.
>
> Any advice on what's the best way to get to the next level to try  
> and resolve this?
>
> (my hands are tied behind my back by the fact that I'm not running a  
> custom debug build of netatalk -- it's on my NAS and the best I can  
> do is change the config files for it).
>
> Other people running netatalk on other NAS devices don't seem to be  
> having it fail as badly as mine is -- while the debug log says it's  
> "ignoring error and trying fsync", hdiutil starts rolling back it's  
> work at the end of doing the flush.  So, either the debug message  
> isn't accurate or a regular fsync isn't working for me either.
>
> Thanks!
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
> Netatalk-devel mailing list
> Netatalk-devel <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/netatalk-devel

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Permalink | Reply | 2 comments |
headers
Dan Foody | 25 Feb 2008 02:48
Picon

Re: Time Machine with netatalk

Thanks Alex,


I wrote a short C program to test that only contained 3 lines (other than error checks):
fd = open("test", O_CREAT | O_RDWR, 0666);
rtrn = fcntl(fd, F_FULLFSYNC);
rtrn = close(fd);

So, I've verified that the "bad function 4F" is caused by F_FULLFSYNC (errno is ENOTSUP and the log on the NAS contains the "bad function 4F" error after running this -  but if I replace this line with a regular call to fsync there is no error in the netatalk log and all commands complete without error).

I've attached the tcpdump output file related to this 3-line program.

F_FULLFSYNC is essentially identical to fsync except that it also guarantees that the device itself has written the data.  In constrast, standard fsync just ensures that the data has been given to the device - with no guarantee that the disk has not cached it for later writing.  Here's a link to the mac related man pages on fsync/F_FULLFSYNC: http://www.hmug.org/man/2/fsync.php

As for making Time Machine work, the hardlinks won't be an issue because Time Machine creates an expandable disk image (called a sparsebundle) on the share.  Inside the sparsebundle the disk image is formatted as HFS+.  So, the backup files are never stored natively on the share, they are stored within this HFS+ image.  The files seen by the NAS are just regular data files (no hard links, etc.).

- Dan

On Sun, Feb 24, 2008 at 11:13 AM, Alex deVries <alexthepuffin <at> gmail.com> wrote:

The 'bad function 4F' topic has come up quite a bit here.  In general,
the undocumented feature really isn't relevant.  However, it is really
hard to tell what this function is, and it may have some relevance to
backups over AFP (for instance, in some cases the client and server's
mount point are exchanged).

Although the Mac OS-side utilities are valuable in helping debug this,
a network dump is going to be critical also. 'tcpdump -i en0 -s0 -w my
capture port 548' will generate the file you'll want to load with
wireshark.

All this said, netatalk can't handle hard links to directories, so
your netatalk server is going to have some problems with Time Machine,
although I don't know what the repercussions will be.

A fun project would be to write or port an AFP server to Linux that
would sit directly on top of a ZFS/HFS+ filesystem driver, which would
solve a lot of problems for file attributes that can't be handled
through POSIX calls.  This would enable an open source TM server.


- Alex


On 24-Feb-08, at 9:54 AM, Dan Foody wrote:

> Hi all,
>
> I've been trying to get Apple's Time Machine to work with a netatalk
> share (actually hosted by my NAS), and time machine is not able to
> create the data it needs on the NAS.
>
> On the mac, when I run the following command (this is used under the
> covers to create the disk image time machine needs):
>
>    hdiutil create -size 32m -debug -type SPARSEBUNDLE imagename
>
> I get the following output errors:
>     CBundleBackingStore::flushBand(fd=4,sector=0) system+disk sync
> failed 45 (Operation not supported) [ignoring error and trying
> fsync()]
>
> CBundleBackingStore::flushBand(0.000000d=0,sector=9265a30f0000002d)
> process buffers ONLY
>     CBundleBackingStore::flushBands: flushBand(fd=0,sector=0)
> returned 45
>     CBundleBackingStore::flushBands returned 45
>     CBundleBackingStore::flush: returning 45
>
> Elsewhere I've uncovered that hdiutil is likely trying to do an
> F_FULLFSYNC fcntl to force data to be flushed to the disk.
>
> In the logs on my NAS, when I've run the hdituil command, I see the
> following netatalk errors:
>     Feb 24 14:44:05 IomegaNetHDD daemon.err afpd[22213]: bad
> function 4F
>     Feb 24 14:44:05 IomegaNetHDD daemon.err afpd[22213]: bad
> function 4F
>
> So, I'm presuming that function 4F is related to the F_FULLFSYNC.
>
> Any advice on what's the best way to get to the next level to try
> and resolve this?
>
> (my hands are tied behind my back by the fact that I'm not running a
> custom debug build of netatalk -- it's on my NAS and the best I can
> do is change the config files for it).
>
> Other people running netatalk on other NAS devices don't seem to be
> having it fail as badly as mine is -- while the debug log says it's
> "ignoring error and trying fsync", hdiutil starts rolling back it's
> work at the end of doing the flush.  So, either the debug message
> isn't accurate or a regular fsync isn't working for me either.
>
> Thanks!
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
> Netatalk-devel mailing list
> Netatalk-devel <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/netatalk-devel


Attachment (netatalk.tcpdump): application/octet-stream, 5604 bytes
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Netatalk-devel mailing list
Netatalk-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netatalk-devel
Permalink | Reply | 0 comments |

Gmane