Netatalk 3.2.0


If you redistribute binary Netatalk packages, please be advised that there may be incompatible licensing terms in this source package. To avoid potential issues when redistributing, it is strongly recommended to build this package with -Dwith-embedded-ssl=false when using the Meson build system. The Autotools build system is not affected. A future release version will address this issue.


If you previously used the Netatalk 3.1.18 Docker image for making Time Machine backups in macOS, you may run into errors after upgrading to the Netatalk 3.2.0 image or later. It is recommended to discard the backup sparsebundle and redo the backup. If you absolutely must access the older backup sparsebundle, downgrading to the 3.1.18 image should restore access.

Netatalk 3.2.0 is available!

The Netatalk team is proud to announce the first release in the Netatalk 3.2 release series.

This release contains a number of breaking changes compared to Netatalk 3.1, and is recommended for early adopters. It is highly recommended that you take a backup of your production environment before attempting to upgrade an existing Netatalk deployment to 3.2.0.

A companion release of the Webmin Module (v1.1) is also available, with support for the new and updated features in Netatalk 3.2.0, as well as a range of improvements and bugfixes.

Please see NEWS for the full changelog.

New Features

Meson build system

The Meson build system has been introduced, and exists in parallel with the traditional GNU Autotools build system. We plan to remove Autotools in a future feature release version of Netatalk.

Please see INSTALL for instructions how to use the new build system. The online manual also has a new appendix with build instructions for specific operating systems.

Consequently, starting with this release, we no longer distribute tarballs that were bootstrapped by autoconf. We still ship the bootstrap script and all the macros required so that you can bootstrap it yourself if needed.

Bundled WolfSSL

OpenSSL 3.0 has deprecated the DHCAST128 and DES encryption algorithms used by Apple’s DHX and Random Number UAMs, respectively. These UAMs are used for (somewhat) secure authentication with very old Mac OS clients (early OS X, Classic Mac OS, and Apple IIGS.)

We are now bundling a subset of WolfSSL with Netatalk, as the default encryption provider for these UAMs. Building Netatalk with bundled WolfSSL requires the use of the Meson build system.

Init Scripts

New init scripts have been added: FreeBSD, OpenBSD, and OpenRC (previously: Gentoo).

Additionally, the macOS launchd init script plist has been renamed to io.netatalk.* (from com.netatalk.*)

Added compile time options

Added runtime options

Dependency Changes


We have bumped the LDAP API version, and now require OpenLDAP v2.3 or later.

As a result, a new afp.conf option ldap uri has been introduced, while the old ldap server has been removed. The new option has a different syntax. See the manual for more information.

Spotlight toolchain

The bundled talloc library, as well as pre-generated SPARQL parser code, have been removed from distribution. These are key parts of the Spotlight tech stack, and must now be supplied by the user or packager for Spotlight functionality.

This introduces a compile- and runtime dependency on a system-supplied shared talloc library, which most contemporary operating systems have at the time of writing.

Additionally, a yacc parser (e.g. bison) and lexer (e.g. flex) are now compile time dependencies for building with Spotlight support.


The Perl runtime is now an optional dependency for Netatalk (it was previously mandatory.) Only when Perl is detected at compile time, the administrative CLI utilities that use the Perl runtime are installed.

At the same time, the afpstats CLI utility has been rewritten in Perl (previously: Python.)

Deprecated Features

Andrew File System

Andrew File System is a historical distributed file system with limited adoption at the time of writing. The AFS integration layer in Netatalk has not been functional for years, and was removed in this version.

CNID backends

The Concurrent Database (cdb) and Trivial Database (tdb) CNID backends have been removed in this version. The former was previously the default backend (v2.0 and earlier), but is prone to data loss and corruption. The latter was considered an incomplete implementation.

In Netatalk 3.2.0, Database Daemon (dbd) is the default and recommended backend, while the MySQL (mysql) backend is considered experimental but reportedly used in production environments with success.

What’s Changed

New Contributors

Full Changelog:…netatalk-3-2-0

Release published on 2024-06-01

Generated from the original at GitHub