On Tue, Dec 20, 2022 at 07:04:19PM +0100, Pascal Stumpf wrote:
> On Sun, 18 Dec 2022 15:11:22 +0100, Michael wrote:
> > On Sun, Dec 18, 2022 at 11:55:12AM +0000, Stuart Henderson wrote:
> > > On 2022/12/17 22:36, Michael wrote:
> > > > On Sat, Dec 17, 2022 at 11:06:32AM +0100, Omar Polo wrote:
> > > > > On 2022/12/17 10:41:26 +0100, Pascal Stumpf <pas...@stumpf.co> wrote:
> > > > > > On Sat, 17 Dec 2022 10:18:15 +0100, Pascal Stumpf wrote:
> > > > > > > A few tweaks:
> > > > > > >
> > > > > > > * set MAKE_FLAGS so that the build respects CFLAGS
> > > > > > > * NO_TESTS = Yes
> > > > > > > * add README and endless.rc to the port itself, reformat, turn on
> > > > > > > -s per
> > > > > > > default (syslog logging)
> > > > > > > * add dedicated _endlessh user
> > > > > > > * install a default config file into examples and @sample it
> > > > > >
> > > > > > * correct Nm in endlessh.1
> > > > >
> > > > > there's an extra patch-Makefile.orig in the tarball and
> > > > > pkg/endlessh.rc is executable when it doesn't need to.
> > > > >
> > > > > ok for me with that fixed.
> > > >
> > > > Thanks to Pascal and you for the tweaks.
> > > >
> > > > I have tested the latest revision; works as expected and the changes
> > > > seem fine to me. I took the liberty of fixing the last problems Omar
> > > > mentioned in the attached port.
> > > >
> > > > >
> > > > >
> > > > > in pkg/README I'd say to symlink /etc/rc.d/endlessh to endlessh6
> > > > > instead of copying it, less to worry when updating.
> > > > >
> > > > > If I'm reading it correctly, it can't directly bind to 22 because it
> > > > > doesn't start as root, it' would be nice to include an excerpt of the
> > > > > pf configuration to redirect the port 22 to 2222.
> > > > >
> > > > > I'd use a patch instead of perl -pi in post-install to tweak the
> > > > > configuration, it's more verbose but it's also more resiliant to
> > > > > upstream changes to the file.
> > > > >
> > > > > Including the diff for user.list in case it comes in handy to who
> > > > > would like to test it.
> > > > >
> > > > > Index: user.list
> > > > > ===================================================================
> > > > > RCS file: /home/cvs/ports/infrastructure/db/user.list,v
> > > > > retrieving revision 1.413
> > > > > diff -u -p -r1.413 user.list
> > > > > --- user.list 14 Dec 2022 12:09:05 -0000 1.413
> > > > > +++ user.list 17 Dec 2022 09:50:27 -0000
> > > > > @@ -395,3 +395,4 @@ id user group port
> > > > > 884 _iblock _iblock net/iblock
> > > > > 885 _mycorrhiza _mycorrhiza www/mycorrhiza
> > > > > 886 _eduvpn _eduvpn net/eduvpn
> > > > > +887 _endlessh _endlessh net/endlessh
> > > > >
> > >
> > > There is no 1.1 release yet, so better name it 1.1pre20210430 (date of
> > > commit).
> > >
> > > From readme:
> > >
> > > : If you want to cover both IPv4 and IPv6 you'll need to run *two*
> > > instances of
> > > : endlessh.
> > > :
> > > : - copy the endlessh rc script to ${RCDIR}/endlessh6
> > > : - copy the config file to ${SYSCONFDIR}/endlessh/config6
> > > : - use BindFamily 6 in config6
> > > : - in rc.conf.local force endlessh6 to load config6 like so:
> > > :
> > > : endlessh6_flags=-s -f /etc/endlessh/config6
> > > : endlessh_flags=-s
> > >
> > > No need to tell the user to do this, just provide an endlessh6 rc script
> > > with the required daemon_flags. I don't think you need a second config
> > > file, just use -6.
> > >
> > > : Covering more than 128 connections
> > > : ==================================
> > > :
> > > : The defaults in OpenBSD only allow for 128 open file descriptors per
> > > process,
> > > : so regardless of the MaxClients setting in ${SYSCONFDIR}/endlessh/config
> > > : you'll end up with something like 124 clients at the most.
> > > : You can increase these limits in ${SYSCONFDIR}/login.conf for endlessh
> > > (and
> > > : endlessh6) like so:
> > > :
> > > : endlessh:\
> > > : :openfiles=1024:\
> > > : :tc=daemon:
> > > : endlessh6:\
> > > : :openfiles=1024:\
> > > : :tc=daemon:
> > >
> > > Provide pkg/endlessh.login and endless6.login files instead. 1024x2 is
> > > a bit high for the default kern.maxfiles, I would suggest not more than
> > > 512 for the installed file, users can change it if they need more.
> > >
> > > Then because it is just using standard OS mechanisms there is no more
> > > need for pkg/README.
> > >
> >
> > Thanks for the feedback.
> >
> > Attached port should contain all the suggestions above.
> > Also the pledge() comment was changed to "uses pledge() and unveil()"
> >
> > portcheck now complains about the two extra *.login files but looking at
> > other ports that have those this seems normal:
> >
> > # /usr/ports/infrastructure/bin/portcheck
> > extra file: pkg/endlessh.login
> > extra file: pkg/endlessh6.login
> > net/endlessh
> >
> >
> > (this time actually reaching the mailinglist...)
>
> As sthen@ said, you can now remove pkg/README. With that fixed, ok
> pascal@.
>
> >>> application/octet-stream attachment, name=endlessh.tgz
Sure you got the right *.tgz? There should be no pkg/README.
$ sha256 endlessh.tgz
SHA256 (endlessh.tgz) =
def490d59c6b31e528f8750c06f1c7552b15be35c1406ff0e554d1b8694ada0d
$ tar tzf endlessh.tgz
endlessh
endlessh/pkg
endlessh/pkg/DESCR
endlessh/pkg/PLIST
endlessh/pkg/endlessh.rc
endlessh/pkg/endlessh6.rc
endlessh/pkg/endlessh.login
endlessh/pkg/endlessh6.login
endlessh/Makefile
endlessh/patches
endlessh/patches/patch-Makefile
endlessh/patches/patch-endlessh_1
endlessh/distinfo
