[Foundation-discuss] Proposal for RFP for Mac Packaging

Dave Botsch botsch@cnf.cornell.edu
Mon, 2 Nov 2015 14:57:24 -0500


The Foundation Board is considering sending out an RFP for Mac OS X
packaging of OpenAFS.

For some time now, OpenAFS itself has not distributed binaries for the
Mac platform (the most recent is 1.6.6 for 10.9) - leaving a big and a
noticable hole. 

Putting out binaries and installers for newer versions of OS X have been
complicated by new Apple security restrictions of the loading of Kernel
modules (prior to 10.10 one could simply disable the Gatekeeper
functionality via System Preferences). Unless one disables the kernel
signing requirement feature via either nvram boot arguments or recovery
mode options, the unsigned AFS kernel module won't load. For the
convenience of end users, having the OpenAFS binaries and installer
digitally signed would also be useful.

The RFP would encompass two main pieces:

	1. Update the Mac OS packaging scripts to create a "flat"
	installer package -- only a flat package can be digitally
	signed. Test that digital signing of packaging, binaries, and
	the kernel extension works as expected.

	2. Build and maintain packaging for the most current TWO
	releases of Mac OS X for the next year. This would include
	editing the various scripts to install and run AFS from a aprt
	of the system allowed by System Integrity Protection.

Packages would be posted on openafs.org (or at least linked from
openafs.org to the appropriate location).

The Foundation, itself, could provide keys for and/or digitally sign
packages and binaries once built.

This RFP would be open to all individuals, companies, and institutions.

We invite any thoughts, comments, questions, etc, here on the
foundation-discuss list. Things you may wish to share privately can be
sent directly to foundation (at) openafs.org .

On behalf of the OpenAFS Foundation Board...

-- 
********************************
David William Botsch
Programmer/Analyst
@CNFComputing
botsch@cnf.cornell.edu
********************************