Leopard, AFP and the Hardy Heron 9

Posted by sethbc on February 24, 2008

Damon Timm has a great post on installing netatalk on Ubuntu with SSL support.  I won’t go through the licensing issues again (I feel like enough people have done that already).  Suffice to say, Ubuntu doesn’t ship netatalk with SSL enabled, and Leopard requires SSL support to connect to AFP shares out of the box.  It’s easy enough to allow Leopard to use plaintext passwords with the following command:

defaults write com.apple.AppleShareClient afp_cleartext_allow -bool true

I just felt it would be a better idea to enable SSL by default on Hardy.This, as they say, is where things get tricky.  First, the version of netatalk in Hardy is broken (see discussion of the bug in Debian here).  There are one of two ways to fix this, simply hand-edit the offending patch, or use the source packages provided by Debian.  With this in mind, you can use the following instructions to download and build netatalk on Hardy (keeping in mind, as Damon mentions, you must have the Universe repository enabled in /etc/apt/sources.list):

$ mkdir -p ~/src/netatalk
$ cd ~/src/netatalk
$ sudo aptitude install devscripts cracklib2-dev dpkg-dev libssl-dev build-essential
$ sudo apt-get build-dep netatalk
$ apt-get source netatalk

Edit: the current version in Hardy is now 2.0.3-9.  The patch is no longer necessary.  If you choose to use the `apt-get source` line above, you should hand-edit the offending patch (that is until the MOTU update netatalk from version 2.0.3-7 to 2.0.3-8).  Below is a diff containing the only change necessary:

--- netatalk-2.0.3/debian/patches/107_afpd-zeroconf.patch
2007-12-21 21:53:43.000000000 +0100
+++ netatalk-2.0.3.new/debian/patches/107_afpd-zeroconf.patch
2007-12-21 21:56:52.000000000 +0100
@@ -350,7 +350,7 @@
+{
+  struct context *ctx = userdata;
+
-+  assert(g == ctx->group);
++  assert(!ctx->group || g == ctx->group);
+
+  switch (state) {
+

At this point you’re free to continue building netatalk.  EDIT: `sudo su` isn’t necessary with the new version of the package.  NB: the instructions below differ from Damon’s because building with an environment variable before “sudo” when env_reset is set in sudoers (the default behavior in Hardy) makes your efforts useless!  You should `sudo su` before creating the build rather than building with sudo (unless you don’t mind the potential security risk of removing env_reset from sudoers)

$ cd netatalk-2.0.3
$ DEB_BUILD_OPTIONS=ssl dpkg-buildpackage -us -uc
$ sudo debi

You should now be able to connect from Leopard to your Hardy Heron home directory!

Trackbacks

Use this link to trackback from your own site.

Comments

Leave a response

  1. Andy Sun, 30 Mar 2008 08:50:38 UTC

    Thanks for this! Saved my bacon… :o)

  2. chori Thu, 03 Apr 2008 15:39:21 UTC

    mine to

  3. Paco Rabadán Fri, 09 May 2008 10:50:48 UTC

    Great! Thanks to!

  4. Fredrik Bränström Thu, 15 May 2008 08:40:44 UTC

    Why doesn’t this work by default? It’s an outrage if you ask me. Why the heck would we not allow SSL on Ubuntu’s side?

  5. Netatalk y Leopard « howtux.es Thu, 15 May 2008 12:24:52 UTC

    [...] * http://sethbc.org/2008/02/24/leopard-afp-and-the-hardy-heron/ [...]

  6. Damon Thu, 15 May 2008 18:48:27 UTC

    Hi - thanks for the details surrounding Hardy Heron - I will add that bit, if you don’t mind, about sudo su for Hardy Heron … however, I will be honest, I don’t really understand it. Smile. Are you saying that without going into su it won’t work in Hardy (where it did in prior versions) ?

    I am still running 6.06.1 on my main server … though, on my web server I did do an in-place upgrade to Hardy from Dapper and (amazingly, I might add) netatalk did not break. And I did the upgrade over a remote shell. It’s really quite impressive.

    Thanks

  7. afkkir Mon, 19 May 2008 22:40:28 UTC

    I have the folowing error when I execute debi

    # debi
    (Lecture de la base de données… 65326 fichiers et répertoires déjà installés.)
    Préparation du remplacement de netatalk 2.0.3-9 (en utilisant netatalk_2.0.3-9_i386.deb) …
    hostname: Unknown host
    invoke-rc.d: initscript netatalk, action “stop” failed.
    dpkg : avertissement - ancien script pre-removal a retourné un code d’erreur de sortie 1
    dpkg - tentative d’exécution du script du nouveau paquet à la place …
    hostname: Unknown host
    invoke-rc.d: initscript netatalk, action “stop” failed.
    dpkg : erreur de traitement de netatalk_2.0.3-9_i386.deb (–install) :
    le sous-processus nouveau script pre-removal a retourné une erreur de sortie d’état 1
    hostname: Unknown host
    invoke-rc.d: initscript netatalk, action “start” failed.
    dpkg : erreur lors du nettoyage :
    le sous-processus post-installation script a retourné une erreur de sortie d’état 1
    Des erreurs ont été rencontrées pendant l’exécution :
    netatalk_2.0.3-9_i386.deb
    debi: debpkg -i failed

    Sorry, my install is in French

  8. sethbc Tue, 20 May 2008 11:51:59 UTC

    Actually, you don’t have to ’sudo su’ with the new package. I’ll update the instructions to reflect this.

  9. shon Mon, 30 Jun 2008 18:45:34 UTC

    Thanks for this. I am getting an error run

    ~/src/netatalk$ sudo apt-get build-dep netatalk

    I get

    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    Note, selecting automake instead of automake1.10
    E: Build-dependencies for netatalk could not be satisfied.

    Any suggestions?

Comments