[OpenAFS-devel] OpenAFS release team weekly meeting

Michael Meffie mmeffie@sinenomine.net
Fri, 20 Sep 2019 12:05:59 -0400 

OpenAFS release team weekly meeting

Date: Sep 20, 2019

Participants:
- Stephan Wiesand, Release Manager
- Ben Kaduk
- Michael Meffie
- Yadavendra Yadav
- Mark Vitale

The weekly release team meetings are held on Fridays at 15:00GMT
(11:00EDT) in release-team@conference.openafs.org on jabber.  Please
request login information if you would like to participate. Logs are
available at:

    https://conference.openafs.org/release-team@conference.openafs.org/


1.8.x series
============

Stephan to unleash 1.8.4pre2 today.
- 1.8.4pre2 web change is live
- writing the announcement

1.6.x (old stable)
==================

Stephan plans to start preparing gerrits for the 1.6.24 release.

master/1.9.x
============

The following gerrit has been unstalled:

2288 Fast restart for Ubik database servers

Ben invites reviews and testing before merging to master.


PAG Disscusions
===============

Yadav reports good news on the PAM on RHEL8 issues reported earlier:

  On RHEL8 I tried pam_sss.so + pam_afs_session.so for Integrated login
  and it works by making some config changes. So as we thought pam_sss.so will
  get us TGT and pam_afs_session will get us PAG based token.  I will create a
  doc for same and share early next week.

  I will check on GNOME based session and how PAG based token works for RHEL8.



This news was followed with some discussions about pam_afs_sessions:

  pam_afs_session always create PAG based tokens.  I was thinking to have
  GNOME/GDM PAM config to somehow create UID based tokens. Does pam_afs_session
  allows UID based token ? OR is there some other way we can get UID based token
  using PAM ?

Stephan suggested the pam_afs_session "nopag option":

  If this option is set, no PAG will be created. Be careful when using this
  option, since it means that the user will inherit a PAG from the process
  managing the login. If sshd, for instance, is started in a PAG , every user who
  logs in via ssh will be put in the same PAG and will share tokens if this
  option is used.o

Yadav reported:

  I tried [the nopag option] but no luck with that

  I tried ssh till now, gdm is still pending .. but was thinking if gdm is
  started by systemd then PAG will not work, so try to get UID based token for it

  need to work more on gdm based login, will send some data next week on this


Patches
=======

Recently submitted for branch 'openafs-stable-1_6_x':


Recently merged onto branch 'openafs-stable-1_6_x':


Recently submitted for branch 'openafs-stable-1_8_x':

13851 rx: Export rx_GetCallStatus
13850 WINNT: Link butc against audit
13849 kauth: Move COUNT_REQ to beginning of block
13848 WINNT: Build bubasics before audit
13852 WINNT: Link tbutc against mtafsutil.lib
13847 afs: Avoid panics in afs_InvalidateAllSegments

Recently merged onto branch 'openafs-stable-1_8_x':

13839 9fa11cd96 Make OpenAFS 1.8.4pre2
13840 cf7ee9a76 Update NEWS for 1.8.4pre2

Recently submitted for branch 'master':

13869 SOLARIS: prevent stack overflow check SEGV for LWP binaries
13868 config: use LWP_CFLAGS in lwptool
13867 SOLARIS: add autoconfig support for Studio 12.6
13874 rx: Introduce ack_is_valid
13876 rx: Avoid new server calls for big-seq DATA pkts
13875 rx: Avoid lastReceiveTime update for invalid ACKs
13861 FBSD: use V_VMIO when available
13873 viced: consistently enforce host thread quota for ICBS(3)
13871 ubik: Declare udisk_end void
13870 ubik: Introduce DBCOMMITTING flag
13872 ubik: Use refcounting for ubik_currentTrans
13866 ubik: Move *tidCounter to version_globals
13865 ubik: Make dbFlags protected by just DBHOLD
13864 ubik: Rename flags to dbFlags
13863 ubik: Clarify UBIK_VERSION_LOCK semantics
13862 ubik: Log urecovery_CheckTid-aborted txes
13857 FBSD: use new if_addr_lock for FBSD 12
13856 FBSD: malloc/free hacks for 12
13855 FBSD: follow ROOTINO->UFS_ROOTINO rename in 12
13854 FBSD: accommodate 12.0's 64-bit inodes
13860 FBSD: provide LINK_MAX when undefined
13859 FBSD: use VM_CNT_INC/VM_CNT_ADD on FreeBSD 12
13858 FBSD: use new syscall registration helpers

Recently merged onto branch 'master':

13867 fe6798d0d SOLARIS: add autoconfig support for Studio 12.6
13641 e87c40f45 rx: clear call_queue_lock after removing call from queue
13677 3be5880d1 afs: Avoid panics in afs_InvalidateAllSegments
13759 1c4e94da2 The interminable rework of afs_random()
13827 276bd5c7f aklog: use any enctype in get_credv5
13826 7a13bce25 aklog: retry getting tokens for KRB5_KT_NOTFOUND error
13717 2a33a80f7 rx: Introduce rxi_NetSend
13825 655929761 aklog: Use HAVE_ENCODE_KRB5_ENC_TKT_PART for aklog impersonate
13838 d1e90b82e ptserver: Increase length limit of namelist, idlist, prlist, prentries
13762 54150f381 LINUX: Check for -Wno-error=frame-larger-than=

-- 
Michael Meffie <mmeffie@sinenomine.net>