1 [[!meta title="Binary Packages Available from Third Parties"]]
2 # Binary Packages Available from Third Parties #
4 While OpenAFS.org packages up binary releases of OpenAFS, third parties may also release their own binary packages of OpenAFS. This page is an attempt to collect, in one place, various third party binary packages. Keep in mind that the packages would be supported by the third party and not openafs.org. However, you can still ask the OpenAFS community with questions about how and why things do or do not work.
6 ### Fedora and CentOS7/RHEL7 ###
8 #### JSBillings Fedora Copr ####
10 Repackaged using sources from http://www.openafs.org/. Does not use the spec file included there, but a slimmer package that uses non-transarc paths.
12 Does not support Linux Kernel 4.5 or newer.
14 * [OpenAFS](https://copr.fedorainfracloud.org/coprs/jsbillings/openafs/)
15 * [OpenAFS-KMod](https://copr.fedorainfracloud.org/coprs/jsbillings/openafs-kmod/)
19 Sine Nomine Associates digitally signed OpenAFS 1.6.x Installers:
21 * [OpenAFS 1.8.2 for MacOS 10.14 (Mojave)](https://download.sinenomine.net/openafs/bins/1.8.2/macos-10.14/)
22 * [OpenAFS 1.6.21 for MacOS 10.13 (High Sierra)](http://download.sinenomine.net/openafs/bins/1.6.21.1/macos-10.13/)
23 * [OpenAFS 1.6.20 for MacOS 10.12](http://download.sinenomine.net/openafs/bins/1.6.20/macos-10.12/)
24 * [OpenAFS 1.6.20 for MacOS 10.11](http://download.sinenomine.net/openafs/bins/1.6.20/macos-10.11/)
26 #### Release Notes for Sine Nomine Packages ####
28 The disk images provided here provide support for recent Mac OS X
29 versions, including provisional support for System Integrity Protection
30 (aka "rootless") on 10.11.
32 Included is an experimental change to the client to support the
33 additional security verification of 10.11, where programs using the
34 native "Cocoa" API will ask various root daemons (taskgated,
35 DesktopServicesHelper, syspolicyd, possibly others depending on
36 configuration) to verify files for them; these daemons do not have
37 access to the user's token, and would normally fail verification as a
38 result. This change means that root can read any AFS-resident file that
39 is locally cached without a token. While this is technically a security
40 violation, it should be noted that all versions of IBM AFS and OpenAFS
41 already allow root (or, with lax cache permissions, potentially any
42 user) to read any locally cached file by accessing the cache directory
43 directly. Thus, the risk this introduces is no greater than the risks
44 already carried by sites using AFS.
46 Programs using the BSD APIs do not use the root daemons and work as
47 expected, unless you run a signed binary from OpenAFS, in which case
48 taskgated will attempt to verify the binary's signature and internal
49 requirements and entitlements; this again requires the above root
52 On 10.11, client commands are installed to /opt/openafs/bin instead of
53 /usr/bin. The system path database is modified to add this directory to
54 the $PATH of new sessions. Running sessions after initial installation
55 of the client will need to add /opt/openafs/bin to their $PATH
58 The change to enable root to perform security checks appears to have
59 introduced an occasional issue where tab completion in a directory will
60 not work unless the directory's contents has previously been listed
61 (e.g. with "ls"). While the security checks are only performed on
62 10.11, the root access code path is active in all of the clients, so
63 this will also occur on 10.9 and 10.10. We are still working on
64 diagnosing the cause, and will provide an updated release when it is
65 available. In testing, this issue has proven uncommon and transient for
68 NOTE: The preference pane remains deprecated in this version of the
69 client. Sine Nomine is working on addressing problems in the preference
70 pane for future versions.