• Updated 2023-07-12: Hello, Guest! Welcome back, and be sure to check out this follow-up post about our outage a week or so ago.

Netatalk 2.4.0 available

slipperygrey

Well-known member
The Netatalk team is proud to present version 2.4.0 of the venerable AFP file sharing suite. Grab the source code, or a Docker image, today!

This version is primarily a future-proofing release, introducing the modern Meson build system, while integrating an embedded WolfSSL as the encryption provider for the DHX and RandNum user authentication modules.

To make a long story short, you can now run Netatalk 2 on any modern OS and still be able to authenticate securely with old Macs (and IIGSes).

It also ships with a range of bugfixes, documentation updates and quality-of-life improvements. See the release notes (linked above) for the full list of changes!

Additionally, a massively improved v2.0 of the Webmin module for easy administration has been released in parallel, with support for all features in Netatalk 2.4.0.

1719130328945.png

I'm looking forward to hearing your feedback!
 

slipperygrey

Well-known member
If your OS is up to date enough, I warmly suggests trying out the new Meson build system!

And if your OS'es package manager is shipping a too old version of Meson (like.... say Solaris 11), you can try to install it with Python pip instead to get a newer version.

We have a new Compile appendix in the online manual, which is actually auto-generated from our GitHub actions YAML configuration, which means it's always guaranteed to be up to date.
 

slipperygrey

Well-known member
Netatalk 2.4.1 has been released today!

It contains a patch for a published CVE vulnerability, so it's recommended to upgrade your 2.x deployment, especially if serves a public IP.

We also restore support for SLP (Server Location Protocol) in the Meson build system, for those who you like to network your OSX 10.1 or 10.2 machines. :)
 

Durosity

Well-known member
I'm struggling to update from 2.3 installed as part of the PiSCSI easy install script to 2.4. I've tried so many different options based on the documentation I can find, but alas I'm just not smart enough to get it going.. is there a fairly straightforward step by step guide that I can use?
 

slipperygrey

Well-known member
I'm struggling to update from 2.3 installed as part of the PiSCSI easy install script to 2.4. I've tried so many different options based on the documentation I can find, but alas I'm just not smart enough to get it going.. is there a fairly straightforward step by step guide that I can use?
Which guides did you try already, and where do you get stuck? What kinds of error messages are you seeing?

The general flow is something like:
  1. Stop the old version of Netatalk first. (e.g. "sudo systemctl stop afpd atalkd").
  2. Build and install the software. The Compile Netatalk manual appendix has the concrete steps required for building 2.4. Pick either Autotools or Meson.
  3. Then start everything up again afterwards. (Replace "stop" with "start" in the above command.)
 

NJRoadfan

Well-known member
This should do the trick based on the PiSCSI setup.

Code:
sudo systemctl stop atalkd afpd papd a2boot timelord
sudo apt-get install meson ninja-build
wget "https://github.com/Netatalk/netatalk/releases/download/netatalk-2-4-1/netatalk-2.4.1.tar.xz"
tar xf netatalk-2.4.1.tar.xz
cd netatalk-2.4.1
meson setup build -Dwith-embedded-ssl=true -Dwith-quota=false -Dwith-init-style=debian-systemd -Dwith-uams-path=/usr/lib/netatalk
meson compile -C build
sudo meson install -C build
sudo systemctl start atalkd afpd papd timelord a2boot
 

68krazy

Well-known member
Hey @slipperygrey, I just got Netatalk working for the first time. Installation was an adventure since I’m a novice with Linux but I got there in the end, using Meson to install 2.4.1 and Webmin to set up and manage. Watching my SE/30 seamlessly connect to a share on my modern homelab server is one of the coolest tech things I’ve gotten to do in a while. Thank you so much for your work - this is going to be a game changer for how I use my old Macs
 

Durosity

Well-known member
Which guides did you try already, and where do you get stuck? What kinds of error messages are you seeing?

The general flow is something like:
  1. Stop the old version of Netatalk first. (e.g. "sudo systemctl stop afpd atalkd").
  2. Build and install the software. The Compile Netatalk manual appendix has the concrete steps required for building 2.4. Pick either Autotools or Meson.
  3. Then start everything up again afterwards. (Replace "stop" with "start" in the above command.)
Sorry meant to give more detail on what I'd tried, I was just tired and getting rather stressed. Thanks
This should do the trick based on the PiSCSI setup.

Code:
sudo systemctl stop atalkd afpd papd a2boot timelord
sudo apt-get install meson ninja-build
wget "https://github.com/Netatalk/netatalk/releases/download/netatalk-2-4-1/netatalk-2.4.1.tar.xz"
tar xf netatalk-2.4.1.tar.xz
cd netatalk-2.4.1
meson setup build -Dwith-embedded-ssl=true -Dwith-quota=false -Dwith-init-style=debian-systemd -Dwith-uams-path=/usr/lib/netatalk
meson compile -C build
sudo meson install -C build
sudo systemctl start atalkd afpd papd timelord a2boot
Aha perfect, thank you.. never used meson before, but even so I have to do things like this so infrequently that I tend to forget how I got it working last time. Really should make better notes... :D
 

NJRoadfan

Well-known member
Forgot if PiSCSI is still running bullseye, you'll likely need to install meson via pip, so here is instructions for that:

Code:
sudo systemctl stop atalkd afpd papd a2boot timelord
sudo apt-get install ninja-build python3-pip
sudo pip install meson
wget "https://github.com/Netatalk/netatalk/releases/download/netatalk-2-4-1/netatalk-2.4.1.tar.xz"
tar xf netatalk-2.4.1.tar.xz
cd netatalk-2.4.1
meson setup build -Dwith-embedded-ssl=true -Dwith-quota=false -Dwith-init-style=debian-systemd -Dwith-uams-path=/usr/lib/netatalk
meson compile -C build
sudo meson install -C build
sudo systemctl start atalkd afpd papd timelord a2boot
 

slipperygrey

Well-known member
Hey @slipperygrey, I just got Netatalk working for the first time. Installation was an adventure since I’m a novice with Linux but I got there in the end, using Meson to install 2.4.1 and Webmin to set up and manage. Watching my SE/30 seamlessly connect to a share on my modern homelab server is one of the coolest tech things I’ve gotten to do in a while. Thank you so much for your work - this is going to be a game changer for how I use my old Macs
Thanks for sharing your story! Enjoy your old school Mac file sharing.
 

slipperygrey

Well-known member
Continuing the saga of old-school encryption in Netatalk, we released version 2.4.2 today which addresses a licensing issue raised by the Debian project. As a result, we have reverted to relying on OpenSSL/LibreSSL with the bundled SSL provider... for the CAST algorithm only.

This is only a concern for redistribution, as we have been told, so it doesn't hinder distribution (as in: the Netatalk project distributing its own package, or private use by end users) but if you're redistributing a binary package of Netatalk in, say, a Linux distro, then upgrading to 2.4.2 is mandatory, as it were...

But IANAL; the above is just what laypersons are telling other laypersons about legal things. I'm definitely glad that we could jettison the code with iffy licensing terms, so I think it's a change for the better. My collaborator is looking into potentially using libnettle for our crypto needs, and bail on the OpenSSL ecosystem once and for all. I can't wait!

Additionally, the release includes a bunch of build system fixes for specific platforms and use cases.
 

NJRoadfan

Well-known member
Hopefully the CAST issue is resolved. I was surprised to learn that the Debian team had objections in the past to compiling UAMs that used OpenSSL (mainly DHX and randnum), even though they were just dynamically linking the library. This was one reason why so many people were compiling Netatalk in the past even though the Debian repo had a package available.
 

slipperygrey

Well-known member
From what I understand, the nature of the GPL license is that its copyleft provisions apply not just to code that you do static linking with, but also via dynamic linking. I haven't found any first hand legal write-up that describes this mechanism, though.

Reading through the FSF's list of licenses[1] it seems they really hate "advertising clauses". The prime example is the original BSD-4-clause, but SSLeay also has an advertising clause. I can see how back in the days, if you wanted to print an ad in a paper publication for your software built on open source software, and had to list the names 100+ copyright holders in the ad, it imposed unreasonable burdens on your freedom to do business.

BTW for the longest time I wondered why the text of old-school BSD-3-clause license have clauses numbered 1, 2, 4. Now I know: They just deleted clause 3 (the advertising clause) and kept the numbering.

[1] https://www.gnu.org/licenses/license-list.en.html
 

slipperygrey

Well-known member
Version 2.4.3 is out now. This is mainly a Meson build system feature and bugfix release, as part of my effort to deliver Debian deb packaging of Netatalk. It fixes fun stuff such as Kerberos API checks, 64 bit architecture detection, library runpaths, pkgconfdir overrides, and support for installing multiple init styles. (Debian is weird that is encourages packages to supply old-school SysV init scripts, but the init.d backend is actually just systemd under the hood AFAICT.)

If you don't care about any of the above, there's no rush to upgrade!
 

slipperygrey

Well-known member
This would be fantastic, thank you for your ongoing effort on it!
I'm already publishing unofficial debs for Bookworm over at GitHub that you can sideload today.

Actually getting Debian to distribute netatalk2 is a bit of a longer project... Getting attention and sponsorship is an uphill battle!
 

slipperygrey

Well-known member
Netatalk 2.4.4 is available. This is yet again a build system bugfix release, working towards stabilizing Debian deb packaging. If Netatalk is working fine for you, take this is an optional upgrade.

At this point, I consider the current Netatalk release series (2.4.x, 3.2.x) stable and "done".

This project is finally in a good place where we have a modern and flexible build system, with fully functioning user authentication. I can finally pivot to what I wanted to do in the first place: consolidate the best of 2.x and 3.x into one Mac file sharing suite to rule them all, so stay tuned...
 
Top