Time Machine, Meet Netatalk. But in Lion.

Introduction


This morning, I upgraded the first Mac around the house to MacOS 10.7 (aka,
“Lion”). Went smoothly, and it’s re-indexing Spotlight now. Insert comments
about how wonderful it is to have to get used to new trackpad finger gestures
(gestures are nice, but it’ll be a few days before I’m used to the workflow
change).


Naturally, Time Machine is now horribly broken. Originally, I was using AFP
and netatalk, as described here, but then I
switched to SMB and Samba (since Netatalk 2.1.x wasn’t as stable). Lion no
longer supports either of these methods; it only works with AFP 3.3. That’s
only supported by Netatalk 2.2, which (as of this writing) was committed to
git yesterday.


This page serves to document my odyessy in setting up netatalk on a FreeBSD
jail in the basement, from the latest source in git. Here’s a couple useful
links:


Throughout all this, I’m assuming a similar earlier
setup of Time Machine has been done, and the previous netatalk packages
have been removed. Right now, I’m mainly concerned with differences.

Source Setup


As shown in the links above, get git, grab the source, and start building:



pkg_add -r git
git clone git://netatalk.git.sourceforge.net/gitroot/netatalk/netatalk
cd netatalk
git checkout netatalk-2-2-0
./bootstrap
./configure –without-acls –without-pam –disable-ddp –disable-cups



I didn’t have appropriate zeroconf headers on my FreeBSD jail, so I didn’t
configure with –enable-zeroconf. I’ll use Avahi for that setup, if needed.
My config ended up looking like this (printout from ./configure):

Using libraries:
    LIBS =  -L$(top_srcdir)/libatalk
    CFLAGS = -I$(top_srcdir)/include -D_U_="__attribute__((unused))" -g -O2 -I$(top_srcdir)/sys
    SSL:
        LIBS   =  -lcrypto
        CFLAGS =  -I/usr/include/openssl
    LIBGCRYPT:
        LIBS   = -L/usr/local/lib -lgcrypt -lgpg-error
        CFLAGS = -I/usr/local/include
    BDB:
        LIBS   =  -L/usr/local/lib -ldb-4.6
        CFLAGS =  -I/usr/local/include/db46
Configure summary:
    Install style:
         none
    AFP:
         AFP 3.x calls activated: 
         Extended Attributes: ad | sys
    CNID:
         backends:  dbd last tdb
    UAMS:
         DHX     ()
         DHX2    ()
         RANDNUM ()
         passwd  ()
         guest
    Options:
         DDP (AppleTalk) support: no
         CUPS support:            no
         SLP support:             no
         Zeroconf support:        no
         tcp wrapper support:     yes
         quota support:           no
         admin group support:     yes
         valid shell check:       yes
         cracklib support:        no
         dropbox kludge:          no
         force volume uid/gid:    no
         Apple 2 boot support:    no
         ACL support:             no


The lack of CUPS and ACLs should be tolerable, since this is just going to
be used for Time Machine (I use Samba for everything else). Note that
initially I did leave ACL support to autodetect; it was enabled, but that led
to compilation errors.


Before you make, if you’re using FreeBSD like me you’ll need to
fix some compilation errors. I’m sure the ports folks will fix this in due
time, but as I’d rather not wait…


First, at.h:



— sys/netatalk/at.h.orig      2011-07-24 12:28:55.823029116 -0400
+++ sys/netatalk/at.h   2011-07-24 12:29:40.522913740 -0400
@@ -24,6 +24,14 @@
 #include <sys/types.h>
 #include <netinet/in.h> / so that we can deal with sun’s s_net #define /

+typedef unsigned char  u_char;
+typedef unsigned short u_short;
+typedef unsigned int   u_int;
+typedef unsigned long  u_long;
+
+#include <sys/select.h>
+#include <sys/uio.h>
+
 #ifdef MACOSX_SERVER
 #include <netat/appletalk.h>
 #endif / MACOSX_SERVER /



Then cnid_metad.c:



— etc/cnid_dbd/cnid_metad.c.orig      2011-07-24 12:48:52.140103389 -0400
+++ etc/cnid_dbd/cnid_metad.c   2011-07-24 12:49:21.195654454 -0400
@@ -45,6 +45,7 @@
 #include <sys/un.h>
 #define _XPG4_2 1
 #include <sys/socket.h>
+#include <sys/resource.h>
 #include <stdio.h>
 #include <time.h>




make, make install, and move on. Be warned: since
this install comes from source, there likely won’t be an init.d
or rc.d script to start up daemons. A usable FreeBSD template is
below (based of the most current port, as of this writing).

#!/bin/sh
#
# $FreeBSD: ports/net/netatalk/files/netatalk.in,v 1.3 2010/03/27 00:13:49 dougb Exp $
#
# PROVIDE: atalkd papd cnid_metad timelord afpd
# REQUIRE: DAEMON
# KEYWORD: shutdown
#
# AppleTalk daemons. Make sure not to start atalkd in the background:
# its data structures must have time to stablize before running the
# other processes.
#

# Set defaults. Please overide these in /usr/local/etc/netatalk.conf
ATALK_ZONE=
ATALK_NAME="`/bin/hostname -s`"
AFPD_UAMLIST=
AFPD_MAX_CLIENTS=50
AFPD_GUEST=nobody

# Load user config
if [ -f /usr/local/etc/netatalk/netatalk.conf ]; then . /usr/local/etc/netatalk/netatalk.conf; fi

netatalk_enable=${netatalk_enable-"NO"}
atalkd_enable=${atalkd_enable-"NO"}
papd_enable=${papd_enable-"NO"}
cnid_metad_enable=${cnid_metad_enable-"NO"}
afpd_enable=${afpd_enable-"NO"}
timelord_enable=${timelord_enable-"NO"}

. /etc/rc.subr

name=netatalk
rcvar=`set_rcvar`
hostname=`hostname -s`

start_cmd=netatalk_start
stop_cmd=netatalk_stop

netatalk_start() {
    checkyesno atalkd_enable && /usr/local/sbin/atalkd
    checkyesno atalkd_enable && \
        /usr/local/bin/nbprgstr -p 4 "${ATALK_NAME}:Workstation${ATALK_ZONE}" &
    checkyesno atalkd_enable && \
        /usr/local/bin/nbprgstr -p 4 "${ATALK_NAME}:netatalk${ATALK_ZONE}" &
    checkyesno papd_enable && /usr/local/sbin/papd
    checkyesno cnid_metad_enable && /usr/local/sbin/cnid_metad
    checkyesno timelord_enable && /usr/local/sbin/timelord
    checkyesno afpd_enable && \
        /usr/local/sbin/afpd -n "${ATALK_NAME}${ATALK_ZONE}" \
                -s /usr/local/etc/netatalk/AppleVolumes.system \
                -f /usr/local/etc/netatalk/AppleVolumes.default \
                -g ${AFPD_GUEST} \
                -c ${AFPD_MAX_CLIENTS} \
                ${AFPD_UAMLIST}
}

netatalk_stop() {
    checkyesno timelord_enable && killall timelord
    checkyesno afpd_enable && killall afpd
    checkyesno cnid_metad_enable && killall cnid_metad
    checkyesno papd_enable && killall papd
    checkyesno atalkd_enable && killall atalkd
}

load_rc_config ${name}
run_rc_command "$1"

Netatalk


A few extra options are needed, both for each mount and for the server itself.


Here’s the relavant (non-comment) bits at the end of AppleVolumes.default. Use your own paths and logins as appropriate.

# The line below sets some DEFAULT, starting with Netatalk 2.1.
:DEFAULT: options:upriv,usedots

# The "~" below indicates that Home directories are visible by default.
# If you do not wish to have people accessing their Home directories,
# please put a pound sign in front of the tilde or delete it.
#~
/tm/laptop "Laptop Backup" allow:laptop_login cnidscheme:dbd options:usedots,upriv,tm
/tm/desktop "Desktop Backup" allow:desktop_login cnidscheme:dbd options:usedots,upriv,tm

# End of File


And here’s the relevant pieces from afpd.conf. Obviously, use
your own server name and IP.

# default:
# - -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword
SERVER -tcp -ipaddr 10.0.0.10 -noddp -uamlist uams_randnum.so,uams_dhx.so,uams_dhx2.so -nosavepassword



Avahi




Avahi is relatively unchanged.  If you were using Avahi
before Lion, it should work the same.  I think.




File System Bits




Oddly enough, it looks like the .com.apple.timemachine.supported
file is no longer required.




Client Configuration




I'm still using the preference for an unsupported time machine volume.  Run
the following on the client:




defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1





If you aren’t dealing with a recently-upgraded client and pre-existing backups,
you may want to read the original notes on setting up sparsebundles on the
client here.



Caveats




None so far, but then, I’m still in the middle of my first Time Machine backup
under Lion.  Things largely seem to work, though.  Expect to spend some
non-trivial time on the first backup, to re-index any pre-existing dumps, but
then Time Machine appears to just do its thing normally.