Coda File System

Coda-6.0.15 and RPC2-2.0 (LWP-2.2, RVM-1.12, and linux-coda-6.4)

From: Jan Harkes <jaharkes_at_cs.cmu.edu>
Date: Tue, 30 May 2006 16:41:22 -0400
Coda-6.0.15 is available for download.

There are also new versions of linux-coda, lwp, rpc2 and rvm.
    linux-coda	6.4
    lwp		2.2
    rpc2	2.0
    rvm		1.12

Sources, Fedora Core 2 rpms and Debian packages can be found at

    ftp.coda.cs.cmu.edu:/pub/coda/

linux-coda, lwp and rvm only contain build fixes for recent Linux
kernels and the new gcc-4.1 compiler in Fedora Core 5.

The most notable change is RPC2-2.0, this release introduces strong
(AES-based) encryption for client-server connections.

However, to ease migration, the new library still supports the existing
binary API so you can install the new version of librpc2 everywhere
without being forced to upgrade to Coda-6.0.15. Also it is compatible
with clients or servers that are still running older RPC2 versions. So
you can safely install RPC2-2.0 on server without having to worry about
losing connectivity with older clients.

If a client and server are both running RPC2-2.0, they will always
negotiate a secure connection. This is mostly unnoticable, the way you
can tell is by typing a wrong password in clog, it will time out with
RPC2_NOBINDING instead of immediately returning RPC2_NOTAUTHENTICATED.

Of course the backward compatibility does introduce the possibility for
someone in the middle to force the connection to non-AES encrypted, so
if you don't care about compatibility, you can set the RPC2SEC_ONLY
environment variable before starting venus or any other RPC2 using
applications which will prevent the application from setting up any
non-encrypted connections.

Coda-6.0.15 itself is mostly backported server-side fixes. The main
reason there is a Coda-6.0.15 release simultaneously with this new RPC2
library is that I've used the new rpc2/secure encryption code to improve
the security of the Coda token. Because the format of the Coda token has
changed you have to upgrade all Coda servers to 6.0.15. Older server
will reject the new token, so users will not be able to authenticate to
your realm when you have a mix of older and newer servers. The new Coda
token has the same size as the old tokens, so it is not necessary to
upgrade old clients at the same time.

Jan


Changes:

rpc2-2.0
    rpc2 doesn't build on netbsd/sparc64 2.0ish (Greg Troxel)
    Attempt to fix conflicts with the official Debian package.
    Added strong pseudo random number generator.
    Various encryption/authentication modes.
	AES-CBC		- encryption
	AES-XCBC-MAC-96	- authentication
	AES-CCM		- combined encryption/authentication
    Allow user to set minimum key length with RPC2_KEYSIZE envvar.
    Log auditable security events to syslog.
    Added RPC2SEC_ONLY envvar to disable backward compatibility.
    Multicast related code removal.
    When displaying addrinfo, use ip-address when the hostname is long.
    Use a real password-based key derivation function
    FC5 build fixes

coda-6.0.14
    Make sure we pass valid 'owner' to resolution log entries.
    Weakly equal VVs should not trigger a R/U file conflict.
    Fix large file trickle reintegration.
    Interpret setmode argument in the fix file as an octal value
    Use unsigned int for partition blocks free/available counts.
    Use unsigned long for partition used/free block counts.
    FC5 compilation fixes that were sent to the bug tracker.
    Allow updates even when the rwcdb is opened read-only.
    Fix rwcdb_read on in-memory records.
    Look for libX11 in /usr/lib as well as /usr/X11R6/lib.
    Remove mmap code in rwcdb.
    Fix kerberos checks in configure. (Maurice van der Pot)
    Agressively disconnect clients when tokens expire.
    Close pipe to the parent when we crash during startup.
	(avoids getting the init scripts stuck during boot).
    Kick the FSO daemon whenever we hit yellow or red zones.
	(avoids unnecessary stalls waiting for cache space).
    Set root directory mode-bits on a new volume to 0755.
    Implemented a new Coda token format.
    Fix pathnames for binaries called by venus-setup.
    FC5 compile fixes
    Add a pretty ugly, but seemingly working make dist target

linux-coda-6.4
    Fix kernel oops with 2.6.15
    Dentry struct layout changed (2.6.16-rc1).
    Inode semaphores replaced by mutexes (2.6.16-rc1)

lwp-2.2
    Avoid stack overflow in the tdb test program on sparc64.
    Removed cross-compilation spec files
    FC5 build fixes

rvm-1.12
    Removed cross-compilation spec files
    FC5 build fixes
Received on 2006-05-30 16:46:17