Re: [net/zabbix] PSK support?
Whoops, Thunderbird mangled the line endings. Apparently it doesn't do
it if the extension is .txt? Hopefully this one is OK.
On 2/20/2020 4:11 PM, William Leuschner wrote:
robert@ and ports@,
What do you think about making gnutls the default cryptography library
for net/zabbix? I've attached a diff that changes it, if you think it's
a good idea.
Sincerely,
William Leuschner
Index: Makefile
===
RCS file: /cvs/ports/net/zabbix/Makefile,v
retrieving revision 1.162
diff -u -p -r1.162 Makefile
--- Makefile3 Feb 2020 19:13:41 - 1.162
+++ Makefile20 Feb 2020 21:04:40 -
@@ -36,7 +36,7 @@ FLAVORS = mysql pgsql sqlite3
SUBST_VARS += PREFIX-web ZABBIX_WEB MAJV
-WANTLIB = c iconv kvm m execinfo lber ldap crypto ssl z \
+WANTLIB = c iconv kvm m execinfo lber ldap z \
curl nghttp2 pcre
LIB_DEPENDS = converters/libiconv \
@@ -51,12 +51,13 @@ LIB_DEPENDS-server =${LIB_DEPENDS} \
textproc/libxml \
net/net-snmp \
textproc/iksemel \
- security/libssh2
+ security/libssh2 \
+ security/gnutls
RUN_DEPENDS-server = net/fping
# we want the _zabbix user&group as well as README-main
RUN_DEPENDS-server += net/zabbix,-main>=${VERSION}
-WANTLIB-server = ${WANTLIB} crypto ssl z netsnmp iksemel pthread \
- xml2 ssh2
+WANTLIB-server = ${WANTLIB} z netsnmp iksemel pthread \
+ xml2 ssh2 gnutls
CONFIGURE_STYLE = gnu
CONFIGURE_ARGS = --enable-server \
@@ -69,7 +70,7 @@ CONFIGURE_ARGS = --enable-server \
--with-ldap \
--with-jabber="${LOCALBASE}" \
--with-ssh2 \
- --with-openssl
+ --with-gnutls
CONFIGURE_ENV =CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib -lexecinfo" \
ac_cv_search___res_query=no
@@ -84,8 +85,9 @@ ZABBIX_WEB = ${PREFIX-web}/zabbix
LIB_DEPENDS-proxy =${LIB_DEPENDS} \
net/net-snmp \
security/libssh2 \
+ security/gnutls \
textproc/libxml
-WANTLIB-proxy =${WANTLIB} netsnmp ssh2 xml2 pthread
+WANTLIB-proxy =${WANTLIB} netsnmp ssh2 gnutls xml2 pthread
RUN_DEPENDS-proxy =# empty
FLAVOR ?= no_server
Re: [net/zabbix] PSK support?
robert@ and ports@,
What do you think about making gnutls the default cryptography library
for net/zabbix? I've attached a diff that changes it, if you think it's
a good idea.
On 2/19/2020 6:06 PM, Stuart Henderson wrote:
On 2020/02/19 16:17, William Leuschner wrote:
Hello porters,
I'm trying to set up Zabbix with pre-shared keys so that:
* connections are encrypted, and
* the agent will reject connections from anyone without the key.
The configuration that should work currently fails with a library error.
According to this note from 2017[1], PSK support was removed from LibreSSL,
and the best choice would be building against gnutls. Has anything changed
since then, or is gnutls still the best option? If gnutls is the best bet,
would a gnutls flavor be welcome?
Thanks,
William Leuschner
[1]: https://marc.info/?l=openbsd-ports&m=148465399628705&w=2
It will be a pain to add a FLAVOR to this port (you will have to handle
the combination with existing flavours and multipackages, it's possible but
definitely non-trivial, and means ongoing work testing more combinations
of build options for every update).
I don't use this and am not the maintainer so there might be good reasons
not to, but as far as the port is concerned it would be much simpler to
switch completely to gnutls rather than make it optional.
Sincerely,
William Leuschner
Index: Makefile
===
RCS file: /cvs/ports/net/zabbix/Makefile,v
retrieving revision 1.162
diff -u -p -r1.162 Makefile
--- Makefile3 Feb 2020 19:13:41 - 1.162
+++ Makefile20 Feb 2020 21:04:40 -
@@ -36,7 +36,7 @@ FLAVORS = mysql pgsql sqlite3
SUBST_VARS += PREFIX-web ZABBIX_WEB MAJV
-WANTLIB = c iconv kvm m execinfo lber ldap crypto ssl z \
+WANTLIB = c iconv kvm m execinfo lber ldap z \
curl nghttp2 pcre
LIB_DEPENDS = converters/libiconv \
@@ -51,12 +51,13 @@ LIB_DEPENDS-server =${LIB_DEPENDS} \
textproc/libxml \
net/net-snmp \
textproc/iksemel \
- security/libssh2
+ security/libssh2 \
+ security/gnutls
RUN_DEPENDS-server = net/fping
# we want the _zabbix user&group as well as README-main
RUN_DEPENDS-server += net/zabbix,-main>=${VERSION}
-WANTLIB-server = ${WANTLIB} crypto ssl z netsnmp iksemel pthread \
- xml2 ssh2
+WANTLIB-server = ${WANTLIB} z netsnmp iksemel pthread \
+ xml2 ssh2 gnutls
CONFIGURE_STYLE = gnu
CONFIGURE_ARGS = --enable-server \
@@ -69,7 +70,7 @@ CONFIGURE_ARGS = --enable-server \
--with-ldap \
--with-jabber="${LOCALBASE}" \
--with-ssh2 \
- --with-openssl
+ --with-gnutls
CONFIGURE_ENV =CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib -lexecinfo" \
ac_cv_search___res_query=no
@@ -84,8 +85,9 @@ ZABBIX_WEB = ${PREFIX-web}/zabbix
LIB_DEPENDS-proxy =${LIB_DEPENDS} \
net/net-snmp \
security/libssh2 \
+ security/gnutls \
textproc/libxml
-WANTLIB-proxy =${WANTLIB} netsnmp ssh2 xml2 pthread
+WANTLIB-proxy =${WANTLIB} netsnmp ssh2 gnutls xml2 pthread
RUN_DEPENDS-proxy =# empty
FLAVOR ?= no_server
[net/zabbix] PSK support?
Hello porters, I'm trying to set up Zabbix with pre-shared keys so that: * connections are encrypted, and * the agent will reject connections from anyone without the key. The configuration that should work currently fails with a library error. According to this note from 2017[1], PSK support was removed from LibreSSL, and the best choice would be building against gnutls. Has anything changed since then, or is gnutls still the best option? If gnutls is the best bet, would a gnutls flavor be welcome? Thanks, William Leuschner [1]: https://marc.info/?l=openbsd-ports&m=148465399628705&w=2
Re: WIP: netdata [was Re: How to write a PLIST for a program that does code-as-configuration in /etc]
So, first of all, sorry for how long it has taken me to reply! I got pulled away by life things. Second of all, thank you so much for your help with this! I’ll take a look this weekend, and based on what the diff looks like, I might even be able to finish the port. - William > On 30 May 2019, at 13:50, Stuart Henderson wrote: > > I've made a couple of other little changes, putting it at > https://github.com/jasperla/openbsd-wip/tree/master/sysutils/netdata >
How to write a PLIST for a program that does code-as-configuration in /etc
Hello ports@, I mentioned about a year ago that I was working on porting Netdata. Slow progress, I know :D I’ve run into a problem with my port. Netdata does a code-as-configuration thing where it dumps a bunch of python files into folders in /etc when you run it, which it uses to determine how to behave. Right now, make update-plist reports this to me: Can't put into any plist (no applicable prefix): /etc/netdata /etc/netdata/charts.d /etc/netdata/charts.d/.keep /etc/netdata/edit-config /etc/netdata/health.d /etc/netdata/health.d/.keep /etc/netdata/node.d /etc/netdata/node.d/.keep /etc/netdata/python.d /etc/netdata/python.d/.keep /etc/netdata/statsd.d /etc/netdata/statsd.d/.keep /var/cache/netdata /var/cache/netdata/.keep /var/lib /var/lib/netdata /var/lib/netdata/.keep /var/lib/netdata/registry /var/lib/netdata/registry/.keep /var/log/netdata /var/log/netdata/.keep Do any of you have experience porting programs like this, where clobbering its own config in /etc is intended behavior? I would appreciate any tips for how to create a PLIST for a program like this. My current port is attached, so you don’t have to repeat my work if you want to poke at it. Also, this is my first from-scratch port. I’m not finished yet, but if you see anything else obviously wrong with what I’ve done, I’d appreciate guidance there too! Sincerely, William Leuschner netdata.tgz Description: Binary data
Re: net/zabbix 4.0.5
ports@,
I tested this patch with my configuration on a 6.5-current machine and
everything seems A-OK. I’m aware the tree is locked, but I figured I’d throw my
2¢ in.
- William
P.S. It looks like 4.0.6 was released at the end of March
(https://www.zabbix.com/rn/rn4.0.6), and 4.2.0 a day later
(https://www.zabbix.com/rn/rn4.2.0), so we’re a tad behind :D
> On 15 Mar, 2019, at 05:21, Mark Patruck wrote:
>
> The following diff updates net/zabbix to 4.0.5. Runs fine on
> amd64.
>
> Details: https://www.zabbix.com/rn/rn4.0.5
>
>
> Index: Makefile
> ===
> RCS file: /cvs/ports/net/zabbix/Makefile,v
> retrieving revision 1.156
> diff -u -p -r1.156 Makefile
> --- Makefile 12 Dec 2018 13:34:31 - 1.156
> +++ Makefile 14 Mar 2019 14:15:48 -
> @@ -5,7 +5,7 @@ COMMENT-server = network and application
> COMMENT-proxy = network and application monitoring - proxy
> COMMENT-web = network and application monitoring - web frontend
>
> -VERSION =4.0.0
> +VERSION =4.0.5
> DISTNAME =zabbix-${VERSION}
> FULLPKGNAME-main =zabbix-agent-${VERSION}
> FULLPKGPATH-main =net/zabbix,-main
> @@ -15,8 +15,6 @@ FULLPKGPATH-proxy = net/zabbix,-proxy
> FULLPKGNAME-web = zabbix-web-${VERSION}
> FULLPKGPATH-web = net/zabbix,-web
> CATEGORIES = net
> -REVISION-main = 0
> -REVISION-web = 0
>
> MAJV =${VERSION:C/^([0-9]+\.[0-9]+).*/\1/}
>
> Index: distinfo
> ===
> RCS file: /cvs/ports/net/zabbix/distinfo,v
> retrieving revision 1.45
> diff -u -p -r1.45 distinfo
> --- distinfo 26 Oct 2018 06:57:21 - 1.45
> +++ distinfo 14 Mar 2019 14:15:48 -
> @@ -1,2 +1,2 @@
> -SHA256 (zabbix-4.0.0.tar.gz) = VnPhBhVhAq/4xngaiQ2mzt/Jdc8T2W2HSbTHEm9Ca8c=
> -SIZE (zabbix-4.0.0.tar.gz) = 17984379
> +SHA256 (zabbix-4.0.5.tar.gz) = VefiGOFw3Qha4dZC1OkNw1dgEfo85yQHQly3MAPDGQY=
> +SIZE (zabbix-4.0.5.tar.gz) = 17098529
> Index: patches/patch-conf_zabbix_server_conf
> ===
> RCS file: /cvs/ports/net/zabbix/patches/patch-conf_zabbix_server_conf,v
> retrieving revision 1.10
> diff -u -p -r1.10 patch-conf_zabbix_server_conf
> --- patches/patch-conf_zabbix_server_conf 26 Oct 2018 06:57:21 -
> 1.10
> +++ patches/patch-conf_zabbix_server_conf 14 Mar 2019 14:15:48 -
> @@ -12,15 +12,15 @@ Index: conf/zabbix_server.conf
>
> ### Option: LogFileSize
> #Maximum size of log file in MB.
> -@@ -124,6 +124,7 @@ DBUser=zabbix
> +@@ -123,6 +123,7 @@ DBUser=zabbix
> # Mandatory: no
> # Default:
> # DBSocket=
> +DBSocket=/var/www/var/run/mysql/mysql.sock
>
> ### Option: DBPort
> - # Database port when not using local socket. Ignored for SQLite.
> -@@ -506,6 +507,7 @@ Timeout=4
> + # Database port when not using local socket.
> +@@ -504,6 +505,7 @@ Timeout=4
> # Mandatory: no
> # Default:
> # AlertScriptsPath=${datadir}/zabbix/alertscripts
> @@ -28,7 +28,7 @@ Index: conf/zabbix_server.conf
>
> ### Option: ExternalScripts
> #Full path to location of external scripts.
> -@@ -523,6 +525,7 @@ Timeout=4
> +@@ -521,6 +523,7 @@ Timeout=4
> # Mandatory: no
> # Default:
> # FpingLocation=/usr/sbin/fping
> @@ -36,7 +36,7 @@ Index: conf/zabbix_server.conf
>
> ### Option: Fping6Location
> #Location of fping6.
> -@@ -532,6 +535,7 @@ Timeout=4
> +@@ -530,6 +533,7 @@ Timeout=4
> # Mandatory: no
> # Default:
> # Fping6Location=/usr/sbin/fping6
> Index: patches/patch-configure
> ===
> RCS file: /cvs/ports/net/zabbix/patches/patch-configure,v
> retrieving revision 1.23
> diff -u -p -r1.23 patch-configure
> --- patches/patch-configure 26 Oct 2018 06:57:21 - 1.23
> +++ patches/patch-configure 14 Mar 2019 14:15:48 -
> @@ -28,7 +28,7 @@ Index: configure
> { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
> $as_echo "yes" >&6; }
> else
> -@@ -12500,12 +12501,12 @@ LIBS="$LIBS $ICONV_LIBS"
> +@@ -12512,12 +12513,12 @@ LIBS="$LIBS $ICONV_LIBS"
> RANLIB="ranlib"
>
>
> Index: patches/patch-src_libs_zbxcrypto_tls_c
> ===
> RCS file: /cvs/ports/net/zabbix/patches/patch-src_libs_zbxcrypto_tls_c,v
> retrieving revision 1.1
> diff -u -p -r1.1 patch-src_libs_zbxcrypto_tls_c
> --- patches/patch-src_libs_zbxcrypto_tls_c12 Aug 2018 13:25:53 -
> 1.1
> +++ patches/patch-src_libs_zbxcrypto_tls_c14 Mar 2019 14:15:48 -
> @@ -36,7 +36,17 @@ Index: src/libs/zbxcrypto/tls.c
>
> static void OPENSSL_cleanup(void)
> {
> -@@ -1419,6 +1422,7 @@ static unsigned intzbx_psk_client_cb(SSL *ssl,
> const
> +@@ -229,7 +232,9 @@ ZBX_THREAD_LOCAL static size_t
> psk_len_for_cb
Re: Porting netdata
I’ve gotten to the stage where I need to create the plist for netdata. (I haven’t touched any of the plugins yet; I want to package it so I can cleanly install/deinstall it and verify that I haven’t broken anything.) The project’s makefile creates a few directories in /var/lib that merely contain .keep files. Is better to work around this with a post-install rule in the port Makefile or to patch the software itself to create its own local state directories if they don’t exist? - William > On 11 Sep, 2018, at 00:22, William Leuschner wrote: > >> On 10 Sep, 2018, at 05:50, Stuart Henderson wrote: >> >> It's not going to be the simplest first port (it will need actual code >> porting, rather than just writing ports Makefile etc). > > Yeah, I’ve already run into a few of these. > >> Many of the Linux-ish plugins use procfs which isn't very helpful - >> the FreeBSD code is going to be closer but we don't have the >> GETSYSCTL_BY_NAME/GETSYSCTL_SIMPLE interfaces, these need changing to >> use sysctl(2). >> >> You probably want to refer to /usr/src/usr.bin/top while looking at >> this. > > Thanks for these tips! I haven’t yet made it to the FreeBSD plugin, but the > source for top has offered a few hints in other places. > > Upstream also seems to be quite excited to have an OpenBSD port (or really > ports to any other platform), which is great news! > https://github.com/firehol/netdata/issues/601
Re: Porting netdata
> On 10 Sep, 2018, at 05:50, Stuart Henderson wrote: > > It's not going to be the simplest first port (it will need actual code > porting, rather than just writing ports Makefile etc). Yeah, I’ve already run into a few of these. > Many of the Linux-ish plugins use procfs which isn't very helpful - > the FreeBSD code is going to be closer but we don't have the > GETSYSCTL_BY_NAME/GETSYSCTL_SIMPLE interfaces, these need changing to > use sysctl(2). > > You probably want to refer to /usr/src/usr.bin/top while looking at > this. Thanks for these tips! I haven’t yet made it to the FreeBSD plugin, but the source for top has offered a few hints in other places. Upstream also seems to be quite excited to have an OpenBSD port (or really ports to any other platform), which is great news! https://github.com/firehol/netdata/issues/601
Porting netdata
Hello ports@, I’m quite pleased with netdata (https://my-netdata.io) as a monitoring tool on my non-OpenBSD boxes, and I’d like to port it over. The project’s GitHub page has a few issues mentioning OpenBSD in passing, but nothing about porting it. Before I get too far into the weeds, is anyone else working on it (or tried to in the past)? This will be my first from-scratch port, which might not be a great choice because it is undoubtedly riddled with Linux-isms, but I think I’m up for the challenge :P Thanks, William
Re: [www/rt] A flavor for LDAP?
On 3/10/2018 8:23 AM, Stuart Henderson wrote:
> This shouldn't be CONFIGURE_STYLE=simple - CONFIGURE_STYLE=gnu is
> correct already.
It is? It seems to work correctly with CONFIGURE_STYLE=simple. I'm
still sort of new to this, do you mind explaining why?
> Is it actually required to run rt-test-dependencies? I haven't used rt
> for some years but from what I remember it's just a checker and doesn't
> make any actual changes?
Based on Paul's comments, I see now that it is not. The patch without
that part is below.
─
William Leuschner
wel2...@rit.edu
Index: Makefile
===
RCS file: /cvs/ports/www/rt/Makefile,v
retrieving revision 1.40
diff -u -p -r1.40 Makefile
--- Makefile11 Jan 2018 19:27:12 - 1.40
+++ Makefile20 Mar 2018 15:38:36 -
@@ -4,7 +4,7 @@ COMMENT=industrial-grade ticketing sys
DISTNAME= rt-4.4.2
CATEGORIES=www
-REVISION= 0
+REVISION= 1
MAINTAINER=Robert Nagy
Index: pkg/README
===
RCS file: /cvs/ports/www/rt/pkg/README,v
retrieving revision 1.1
diff -u -p -r1.1 README
--- pkg/README 14 Jun 2011 13:19:33 - 1.1
+++ pkg/README 20 Mar 2018 15:38:36 -
@@ -20,3 +20,6 @@ ${PREFIX}/share/doc/rt3/README
If you are upgrading your installation, don't forget to run:
# rt-setup-database --dba --prompt-for-dba-password \
--action upgrade
+
+If you plan to connect your rt installation to an LDAP domain,
+install p5-ldap.
Re: [www/rt] A flavor for LDAP?
Here's a patch that adds a short message to the README explaining how to
add LDAP support to RT. Also, when I tested the packaging, I noticed
that the configure script was being given some GNU-specific arguments
that it didn't understand, so I changed the configure script style from
GNU to simple in addition to bumping the revision.
─────
William Leuschner
wel2...@rit.edu
Index: Makefile
===
RCS file: /cvs/ports/www/rt/Makefile,v
retrieving revision 1.40
diff -u -p -r1.40 Makefile
--- Makefile11 Jan 2018 19:27:12 - 1.40
+++ Makefile8 Mar 2018 17:50:50 -
@@ -4,7 +4,7 @@ COMMENT=industrial-grade ticketing sys
DISTNAME= rt-4.4.2
CATEGORIES=www
-REVISION= 0
+REVISION= 1
MAINTAINER=Robert Nagy
@@ -107,7 +107,7 @@ NO_BUILD= Yes
PKG_ARCH= *
-CONFIGURE_STYLE= gnu
+CONFIGURE_STYLE= simple
CONFIGURE_ENV+=LDFLAGS="-L${LOCALBASE}/lib"
Index: pkg/README
===
RCS file: /cvs/ports/www/rt/pkg/README,v
retrieving revision 1.1
diff -u -p -r1.1 README
--- pkg/README 14 Jun 2011 13:19:33 - 1.1
+++ pkg/README 8 Mar 2018 17:50:50 -
@@ -20,3 +20,8 @@ ${PREFIX}/share/doc/rt3/README
If you are upgrading your installation, don't forget to run:
# rt-setup-database --dba --prompt-for-dba-password \
--action upgrade
+
+If you plan to connect your rt installation to an LDAP domain,
+install p5-ldap and then run
+
+# rt-test-dependencies
On 3/7/2018 8:12 PM, Stuart Henderson wrote:
> On 2018/03/07 20:01, William Leuschner wrote:
>>
>>> On 7 Mar, 2018, at 19:09, Stuart Henderson wrote:
>>>
>>>
>>> That is --enable-externalauth, isn't it?
>>
>> Yup, that’s the one.
>>
>>> i.e. the only thing it does is set a default in rt-test-dependencies
>>> which you can override with "rt-test-dependencies --with-externalauth"
>>> anyway. It doesn't turn any of the rest of the code on or off.
>>
>> Oh, I didn’t know that — I just looked at the configure script to see what
>> option I had to pass to get it to enable LDAP. I’ll give that a try.
>>
>> Would it be helpful for me to provide a patch that explains this in the
>> post-install message, so that other people who want to do the same thing
>> don’t have to rediscover all this?
>>
>> - William
>
> pkg/README would be the place to add it - this is the file that gets
> installed to /usr/local/share/doc/pkg-readmes/rt-$VERSION which is
> mentioned by pkg_add post-install.
>
> Changing this would also need REVISION www/rt/Makefile to be bumped.
>
Re: [www/rt] A flavor for LDAP?
> On 7 Mar, 2018, at 19:09, Stuart Henderson wrote: > > > That is --enable-externalauth, isn't it? Yup, that’s the one. > i.e. the only thing it does is set a default in rt-test-dependencies > which you can override with "rt-test-dependencies --with-externalauth" > anyway. It doesn't turn any of the rest of the code on or off. Oh, I didn’t know that — I just looked at the configure script to see what option I had to pass to get it to enable LDAP. I’ll give that a try. Would it be helpful for me to provide a patch that explains this in the post-install message, so that other people who want to do the same thing don’t have to rediscover all this? - William
[www/rt] A flavor for LDAP?
Hello ports@, My use-case for www/rt needs LDAP integration. RT supports this, but there's no way to make it happen on OpenBSD without recompiling RT myself. Would anyone be interested if I submitted a patch for www/rt that adds a FLAVOR for LDAP integration? ─ William Leuschner wel2...@rit.edu
Re: net/zabbix SSH flavor?
I discovered an issue with my patch for compiling net/zabbix with SSH by
default. Namely, I didn't bump the REVISION, so openup automatically
reinstalled it. Below is an updated version of the patch, with a
REVISION bump. Also, portcheck reported an absolute path in
pkg/README-server, so I rectified that as well.
Index: Makefile
===
RCS file: /cvs/ports/net/zabbix/Makefile,v
retrieving revision 1.128
diff -u -p -r1.128 Makefile
--- Makefile26 Jul 2017 17:54:44 - 1.128
+++ Makefile20 Oct 2017 18:31:00 -
@@ -5,6 +5,7 @@ COMMENT-server =network and application
COMMENT-web = network and application monitoring - web frontend
VERSION = 3.2.7
+REVISION = 1
DISTNAME = zabbix-${VERSION}
FULLPKGNAME-main = zabbix-agent-${VERSION}
FULLPKGPATH-main = net/zabbix,-main
@@ -46,12 +47,13 @@ RUN_DEPENDS-main =
LIB_DEPENDS-server = ${LIB_DEPENDS} \
textproc/libxml \
net/net-snmp \
- textproc/iksemel
+ textproc/iksemel \
+ security/libssh2
RUN_DEPENDS-server = net/fping
# we want the _zabbix user&group as well as README-main
RUN_DEPENDS-server += net/zabbix,-main>=${VERSION}
WANTLIB-server = ${WANTLIB} crypto ssl z netsnmp iksemel pthread \
- xml2
+ xml2 ssh2
CONFIGURE_STYLE = gnu
CONFIGURE_ARGS = --enable-server \
@@ -62,7 +64,8 @@ CONFIGURE_ARGS = --enable-server \
--with-libxml2 \
--with-net-snmp \
--with-ldap \
- --with-jabber="${LOCALBASE}"
+ --with-jabber="${LOCALBASE}" \
+ --with-ssh2
CONFIGURE_ENV =CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib -lexecinfo" \
ac_cv_search___res_query=no
Index: pkg/README-server
===
RCS file: /cvs/ports/net/zabbix/pkg/README-server,v
retrieving revision 1.11
diff -u -p -r1.11 README-server
--- pkg/README-server 17 Jul 2015 20:38:43 - 1.11
+++ pkg/README-server 20 Oct 2017 18:31:00 -
@@ -98,7 +98,7 @@ automatically created and initialized if
for obvious performance reasons, it is NOT encouraged to use the SQLite
backend for a server.
-# cd /usr/local/share/zabbix/schema/sqlite3
+# cd ${TRUEPREFIX}/share/zabbix/schema/sqlite3
# su -m _zabbix -c "sqlite3 /var/db/zabbix/zabbix.db < schema.sql"
The following steps are not required for setting up a Zabbix Proxy.
# su -m _zabbix -c "sqlite3 /var/db/zabbix/zabbix.db < images.sql"
───────────
William Leuschner
wel2...@rit.edu
On 10/6/2017 1:57 PM, William Leuschner wrote:
> ping
>
> ─────
> William Leuschner
> wel2...@rit.edu
>
> On 9/25/2017 1:17 PM, William Leuschner wrote:
>> Ah, that did it! Thank you for the pointers. The now-fixed patch is
>> below. Comments?
>> ───
>> William Leuschner
>> wel2...@rit.edu
>>
>> Index: Makefile
>> ===
>> RCS file: /cvs/ports/net/zabbix/Makefile,v
>> retrieving revision 1.122
>> diff -u -p -r1.122 Makefile
>> --- Makefile 7 Jul 2016 18:47:32 - 1.122
>> +++ Makefile 22 Sep 2017 18:29:39 -
>> @@ -29,7 +29,7 @@ MODPHP_BUILDDEP = No
>>
>> MULTI_PACKAGES =-main -web
>> PSEUDO_FLAVORS =no_server
>> -FLAVORS = mysql pgsql sqlite3
>> +FLAVORS = mysql pgsql sqlite3 ssh
>>
>> SUBST_VARS += PREFIX-web ZABBIX_WEB MAJV
>>
>> @@ -77,7 +77,7 @@ FLAVOR = sqlite3
>> #if non-backend-related flavors are added, add them to
>> #the following line as ":L:Nflavor1:Nflavor2" so that
>> #they don't trigger a "Conflicting flavors" error.
>> -BACKEND = ${FLAVOR}
>> +BACKEND = ${FLAVOR:L:Nssh}
>> .if ${BACKEND} == "mysql"
>> MULTI_PACKAGES += -server
>> LIB_DEPENDS-server += databases/mariadb,-main
>> @@ -97,6 +97,13 @@ CONFIGURE_ARGS += --disable-server \
>> --disable-proxy
>> .else
>> ERRORS += "Fatal: Conflicting flavors: ${FLAVOR}";
>> +.endif
>> +
>> +# Include libssh if the ssh flavor is requested
>> +.if ${FLAVOR:Mssh}
>> +LIB_DEPENDS-server += security/libssh2
>> +WANTLIB-server += ssh2
>> +CONFIGURE_ARGS += --with-ssh2
>>
Re: net/zabbix SSH flavor?
I originally added a flavor because I though that was the standard way
of doing things. However, I completely agree that libssh2 is small and
self-contained enough to build in by default. Plus, it would be nice for
OpenBSD's port of Zabbix to "just work" with respect to SSH checks.
Patch below to include libssh by default:
Index: Makefile
===
RCS file: /cvs/ports/net/zabbix/Makefile,v
retrieving revision 1.127
diff -u -p -r1.127 Makefile
--- Makefile8 Jan 2017 19:24:53 - 1.127
+++ Makefile13 Oct 2017 16:47:27 -
@@ -46,12 +46,13 @@ RUN_DEPENDS-main =
LIB_DEPENDS-server = ${LIB_DEPENDS} \
textproc/libxml \
net/net-snmp \
- textproc/iksemel
+ textproc/iksemel \
+ security/libssh2
RUN_DEPENDS-server = net/fping
# we want the _zabbix user&group as well as README-main
RUN_DEPENDS-server += net/zabbix,-main>=${VERSION}
WANTLIB-server = ${WANTLIB} crypto ssl z netsnmp iksemel pthread \
- xml2
+ xml2 ssh2
CONFIGURE_STYLE = gnu
CONFIGURE_ARGS = --enable-server \
@@ -62,7 +63,8 @@ CONFIGURE_ARGS = --enable-server \
--with-libxml2 \
--with-net-snmp \
--with-ldap \
- --with-jabber="${LOCALBASE}"
+ --with-jabber="${LOCALBASE}" \
+ --with-ssh2
CONFIGURE_ENV =CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib -lexecinfo" \
ac_cv_search___res_query=no
───
William Leuschner
wel2...@rit.edu
On 10/13/2017 4:23 AM, Stuart Henderson wrote:
> On 2017/10/13 07:11, Antoine Jacoutot wrote:
>> Is it worth adding yet another FLAVOR to this port? Can't we enable it by
>> default?
>
> +1, libssh2 is self-contained and small.
>
Re: net/zabbix SSH flavor?
Now that the release hubbub is over, what do you all think of this patch
to add an ssh flavor to net/zabbix that lets it run SSH checks?
Index: Makefile
===
RCS file: /cvs/ports/net/zabbix/Makefile,v
retrieving revision 1.122
diff -u -p -r1.122 Makefile
--- Makefile7 Jul 2016 18:47:32 - 1.122
+++ Makefile22 Sep 2017 18:29:39 -
@@ -29,7 +29,7 @@ MODPHP_BUILDDEP = No
MULTI_PACKAGES = -main -web
PSEUDO_FLAVORS = no_server
-FLAVORS = mysql pgsql sqlite3
+FLAVORS = mysql pgsql sqlite3 ssh
SUBST_VARS += PREFIX-web ZABBIX_WEB MAJV
@@ -77,7 +77,7 @@ FLAVOR = sqlite3
#if non-backend-related flavors are added, add them to
#the following line as ":L:Nflavor1:Nflavor2" so that
#they don't trigger a "Conflicting flavors" error.
-BACKEND = ${FLAVOR}
+BACKEND = ${FLAVOR:L:Nssh}
.if ${BACKEND} == "mysql"
MULTI_PACKAGES += -server
LIB_DEPENDS-server += databases/mariadb,-main
@@ -97,6 +97,13 @@ CONFIGURE_ARGS += --disable-server \
--disable-proxy
.else
ERRORS += "Fatal: Conflicting flavors: ${FLAVOR}";
+.endif
+
+# Include libssh if the ssh flavor is requested
+.if ${FLAVOR:Mssh}
+LIB_DEPENDS-server += security/libssh2
+WANTLIB-server += ssh2
+CONFIGURE_ARGS += --with-ssh2
.endif
pre-configure:
───
William Leuschner
wel2...@rit.edu
On 9/25/2017 1:17 PM, William Leuschner wrote:
> Ah, that did it! Thank you for the pointers. The now-fixed patch is
> below. Comments? ─── William Leuschner
> wel2...@rit.edu
>
>
> On 9/21/2017 5:24 PM, Nigel Taylor wrote:
>>
>> $ cd /usr/ports/mystuff/net/zabbix $ doas make configure $ cd
>> /usr/ports/pobj/zabbix-3.2.7-mysql/zabbix-3.2.7 $ ./configure
>> --help | grep -i ssh If you want to use SSH2 based checks:
>> --with-ssh2[=DIR] use SSH2 package [default=no], DIR is the
>> SSH2
>>
>> I don't see a --with-ssh option
>>
>> that's LIB_DEPENDS-server += security/libssh2 WANTLIB-server +=
>> ssh2 CONFIGURE_ARGS += --with-ssh2
>>
>> You drop the lib on the WANTLIB, check the SHARED_LIBS in
>> security/libssh{,2}
Re: net/zabbix SSH flavor?
ping
─
William Leuschner
wel2...@rit.edu
On 9/25/2017 1:17 PM, William Leuschner wrote:
> Ah, that did it! Thank you for the pointers. The now-fixed patch is
> below. Comments?
> ───
> William Leuschner
> wel2...@rit.edu
>
> Index: Makefile
> ===
> RCS file: /cvs/ports/net/zabbix/Makefile,v
> retrieving revision 1.122
> diff -u -p -r1.122 Makefile
> --- Makefile 7 Jul 2016 18:47:32 - 1.122
> +++ Makefile 22 Sep 2017 18:29:39 -
> @@ -29,7 +29,7 @@ MODPHP_BUILDDEP = No
>
> MULTI_PACKAGES = -main -web
> PSEUDO_FLAVORS = no_server
> -FLAVORS =mysql pgsql sqlite3
> +FLAVORS =mysql pgsql sqlite3 ssh
>
> SUBST_VARS +=PREFIX-web ZABBIX_WEB MAJV
>
> @@ -77,7 +77,7 @@ FLAVOR =sqlite3
> #if non-backend-related flavors are added, add them to
> #the following line as ":L:Nflavor1:Nflavor2" so that
> #they don't trigger a "Conflicting flavors" error.
> -BACKEND =${FLAVOR}
> +BACKEND =${FLAVOR:L:Nssh}
> .if ${BACKEND} == "mysql"
> MULTI_PACKAGES += -server
> LIB_DEPENDS-server +=databases/mariadb,-main
> @@ -97,6 +97,13 @@ CONFIGURE_ARGS += --disable-server \
> --disable-proxy
> .else
> ERRORS +="Fatal: Conflicting flavors: ${FLAVOR}";
> +.endif
> +
> +# Include libssh if the ssh flavor is requested
> +.if ${FLAVOR:Mssh}
> +LIB_DEPENDS-server += security/libssh2
> +WANTLIB-server += ssh2
> +CONFIGURE_ARGS += --with-ssh2
> .endif
>
> pre-configure:
>
> On 9/21/2017 5:24 PM, Nigel Taylor wrote:
>>
>> $ cd /usr/ports/mystuff/net/zabbix
>> $ doas make configure
>> $ cd /usr/ports/pobj/zabbix-3.2.7-mysql/zabbix-3.2.7
>> $ ./configure --help | grep -i ssh
>> If you want to use SSH2 based checks:
>> --with-ssh2[=DIR] use SSH2 package [default=no], DIR is the SSH2
>>
>> I don't see a --with-ssh option
>>
>> that's
>> LIB_DEPENDS-server += security/libssh2
>> WANTLIB-server += ssh2
>> CONFIGURE_ARGS += --with-ssh2
>>
>> You drop the lib on the WANTLIB, check the SHARED_LIBS in
>> security/libssh{,2}
Re: net/zabbix SSH flavor?
Ah, that did it! Thank you for the pointers. The now-fixed patch is
below. Comments?
───
William Leuschner
wel2...@rit.edu
Index: Makefile
===
RCS file: /cvs/ports/net/zabbix/Makefile,v
retrieving revision 1.122
diff -u -p -r1.122 Makefile
--- Makefile7 Jul 2016 18:47:32 - 1.122
+++ Makefile22 Sep 2017 18:29:39 -
@@ -29,7 +29,7 @@ MODPHP_BUILDDEP = No
MULTI_PACKAGES = -main -web
PSEUDO_FLAVORS = no_server
-FLAVORS = mysql pgsql sqlite3
+FLAVORS = mysql pgsql sqlite3 ssh
SUBST_VARS += PREFIX-web ZABBIX_WEB MAJV
@@ -77,7 +77,7 @@ FLAVOR = sqlite3
#if non-backend-related flavors are added, add them to
#the following line as ":L:Nflavor1:Nflavor2" so that
#they don't trigger a "Conflicting flavors" error.
-BACKEND = ${FLAVOR}
+BACKEND = ${FLAVOR:L:Nssh}
.if ${BACKEND} == "mysql"
MULTI_PACKAGES += -server
LIB_DEPENDS-server += databases/mariadb,-main
@@ -97,6 +97,13 @@ CONFIGURE_ARGS += --disable-server \
--disable-proxy
.else
ERRORS += "Fatal: Conflicting flavors: ${FLAVOR}";
+.endif
+
+# Include libssh if the ssh flavor is requested
+.if ${FLAVOR:Mssh}
+LIB_DEPENDS-server += security/libssh2
+WANTLIB-server += ssh2
+CONFIGURE_ARGS += --with-ssh2
.endif
pre-configure:
On 9/21/2017 5:24 PM, Nigel Taylor wrote:
>
> $ cd /usr/ports/mystuff/net/zabbix
> $ doas make configure
> $ cd /usr/ports/pobj/zabbix-3.2.7-mysql/zabbix-3.2.7
> $ ./configure --help | grep -i ssh
> If you want to use SSH2 based checks:
> --with-ssh2[=DIR] use SSH2 package [default=no], DIR is the SSH2
>
> I don't see a --with-ssh option
>
> that's
> LIB_DEPENDS-server += security/libssh2
> WANTLIB-server += ssh2
> CONFIGURE_ARGS += --with-ssh2
>
> You drop the lib on the WANTLIB, check the SHARED_LIBS in
> security/libssh{,2}
net/zabbix SSH flavor?
Hello ports@!
I'm trying to add an `ssh` flavor to net/zabbix, which would compile
support for SSH items into zabbix-server. As far as I can tell, the
normal Makefile for net/zabbix doesn't build in support by default.
At the bottom of this message is what I tried so far, although it
doesn't work. When I run `FLAVOR="mysql ssh" doas make build`, the
output from Zabbix's configure script doesn't indicate that libssh was
included. (Yes, I've added keepenv to my doas.conf.)
So, that leaves me with two questions:
1. Can anyone point me in the right direction? What am I doing wrong
that's causing it to misbehave?
2. Is this something that other people are interested in, and would
therefore warrant inclusion into the ports tree?
Index: Makefile
===
RCS file: /cvs/ports/net/zabbix/Makefile,v
retrieving revision 1.122
diff -u -p -r1.122 Makefile
--- Makefile7 Jul 2016 18:47:32 - 1.122
+++ Makefile21 Sep 2017 17:58:23 -
@@ -29,7 +29,7 @@ MODPHP_BUILDDEP = No
MULTI_PACKAGES = -main -web
PSEUDO_FLAVORS = no_server
-FLAVORS = mysql pgsql sqlite3
+FLAVORS = mysql pgsql sqlite3 ssh
SUBST_VARS += PREFIX-web ZABBIX_WEB MAJV
@@ -77,7 +77,7 @@ FLAVOR = sqlite3
#if non-backend-related flavors are added, add them to
#the following line as ":L:Nflavor1:Nflavor2" so that
#they don't trigger a "Conflicting flavors" error.
-BACKEND = ${FLAVOR}
+BACKEND = ${FLAVOR:L:Nssh}
.if ${BACKEND} == "mysql"
MULTI_PACKAGES += -server
LIB_DEPENDS-server += databases/mariadb,-main
@@ -97,6 +97,13 @@ CONFIGURE_ARGS += --disable-server \
--disable-proxy
.else
ERRORS += "Fatal: Conflicting flavors: ${FLAVOR}";
+.endif
+
+# Include libssh if the ssh flavor is requested
+.if ${FLAVOR:L:Mssh}
+LIB_DEPENDS-server += security/libssh
+WANTLIB-server += libssh
+CONFIGURE_ARGS += --with-ssh
.endif
pre-configure:
───
William Leuschner
wel2...@rit.edu
Re: GSSAPI flavor for Dovecot
Yup, everything still works.
- William
On 11/30/2016 7:30 AM, William Leuschner wrote:
> Ah, whoops! Thanks for catching that! I'll test it later today.
>
> – William
>
> On Nov 30, 2016, 07:15 -0500, Stuart Henderson , wrote:
>> On 2016/11/29 11:53, William Leuschner wrote:
>>> Hello Brad,
>>>
>>> I've written a patch for Dovecot that adds GSSAPI as a flavor. Could you
>>> take a look at it?
>>
>> Your diff doesn't register the library dependencies properly. This one
>> is more complete but I have no way to test nor opinion on whether it
>> should be committed or not.
>>
>> Index: Makefile
>> ===
>> RCS file: /cvs/ports/mail/Makefile,v
>> retrieving revision 1.351
>> diff -u -p -r1.351 Makefile
>> --- Makefile 2 Nov 2016 19:30:58 - 1.351
>> +++ Makefile 30 Nov 2016 12:15:02 -
>> @@ -33,6 +33,7 @@
>> SUBDIR += dkim-milter
>> SUBDIR += dkimproxy
>> SUBDIR += dovecot
>> + SUBDIR += dovecot,gssapi
>> SUBDIR += dovecot-antispam
>> SUBDIR += dovecot-pigeonhole
>> SUBDIR += dspam
>> Index: dovecot/Makefile
>> ===
>> RCS file: /cvs/ports/mail/dovecot/Makefile,v
>> retrieving revision 1.247
>> diff -u -p -r1.247 Makefile
>> --- dovecot/Makefile 12 Nov 2016 15:37:32 - 1.247
>>
>> +++ dovecot/Makefile 30 Nov 2016 12:15:02 -
>> @@ -7,9 +7,7 @@ COMMENT-postgresql= PostgreSQL authentic
>>
>> V_MAJOR= 2.2
>> V_DOVECOT= 2.2.26.0
>> -REVISION= 0
>> -REVISION-server= 1
>> -REVISION-ldap= 1
>> +REVISION= 2
>>
>> DISTNAME= dovecot-${V_DOVECOT}
>> PKGNAME= dovecot-${V_DOVECOT}
>> @@ -43,6 +41,12 @@ WANTLIB-ldap= crypto lber-2.4 ldap-2.4 s
>> WANTLIB-mysql= crypto m lib/mysql/mysqlclient pthread ssl stdc++ z
>> WANTLIB-postgresql= crypto pq>=4 ssl
>>
>> +.for i in ${MULTI_PACKAGES:N-main}
>> +# subpackages aren't flavoured, so overwrite the default name/path
>> +FULLPKGNAME$i ?= dovecot$i-${V_DOVECOT}
>> +FULLPKGPATH$i ?= ${PKGPATH},$i
>> +.endfor
>> +
>> LIB_DEPENDS+= archivers/bzip2 \
>> archivers/lz4 \
>> archivers/xz \
>> @@ -70,10 +74,19 @@ CONFIGURE_ARGS= --with-rundir=/var/dovec
>> CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
>> LDFLAGS="-L${LOCALBASE}/lib"
>>
>> +FLAVORS= gssapi
>> PSEUDO_FLAVORS= no_db no_ldap no_mysql no_postgresql
>> FLAVOR?=
>> .if ${FLAVOR:Mno_db}
>> FLAVOR+= no_ldap no_mysql no_postgresql
>> +.endif
>> +
>> +.if ${FLAVOR:Mgssapi}
>> +CONFIGURE_ARGS+= --with-gssapi=yes
>> +MODULES+= security/heimdal
>> +LIB_DEPENDS-server= ${MODHEIMDAL_LIB_DEPENDS}
>> +WANTLIB-server+= ${MODHEIMDAL_WANTLIB} com_err heimdal/lib/gssapi
>> +WANTLIB-server+= heimdal/lib/heimntlm heimdal/lib/heimsqlite
>> .endif
>>
>> MULTI_PACKAGES= -server -ldap -mysql -postgresql
>> Index: dovecot/pkg/DESCR-server
>> ===
>> RCS file: /cvs/ports/mail/dovecot/pkg/DESCR-server,v
>> retrieving revision 1.6
>> diff -u -p -r1.6 DESCR-server
>> --- dovecot/pkg/DESCR-server 28 May 2011 19:40:41 - 1.6
>>
>> +++ dovecot/pkg/DESCR-server 30 Nov 2016 12:15:02 -
>> @@ -4,3 +4,6 @@ several coding techniques to avoid most
>> can work with standard mbox and maildir formats and it's fully compatible
>> with UW-IMAP and Courier IMAP servers as well as mail clients accessing
>> the mailboxes directly.
>> +
>> +Flavors:
>> + gssapi: support for GSSAPI authentication in Dovecot
>>
Re: GSSAPI flavor for Dovecot
Ah, whoops! Thanks for catching that! I'll test it later today.
– William
On Nov 30, 2016, 07:15 -0500, Stuart Henderson , wrote:
> On 2016/11/29 11:53, William Leuschner wrote:
> > Hello Brad,
> >
> > I've written a patch for Dovecot that adds GSSAPI as a flavor. Could you
> > take a look at it?
>
> Your diff doesn't register the library dependencies properly. This one
> is more complete but I have no way to test nor opinion on whether it
> should be committed or not.
>
> Index: Makefile
> ===
> RCS file: /cvs/ports/mail/Makefile,v
> retrieving revision 1.351
> diff -u -p -r1.351 Makefile
> --- Makefile 2 Nov 2016 19:30:58 - 1.351 (tel:58%20-%201.351)
> +++ Makefile 30 Nov 2016 12:15:02 -
> @@ -33,6 +33,7 @@
> SUBDIR += dkim-milter
> SUBDIR += dkimproxy
> SUBDIR += dovecot
> + SUBDIR += dovecot,gssapi
> SUBDIR += dovecot-antispam
> SUBDIR += dovecot-pigeonhole
> SUBDIR += dspam
> Index: dovecot/Makefile
> ===
> RCS file: /cvs/ports/mail/dovecot/Makefile,v
> retrieving revision 1.247
> diff -u -p -r1.247 Makefile
> --- dovecot/Makefile 12 Nov 2016 15:37:32 - 1.247 (tel:32%20-%201.247)
> +++ dovecot/Makefile 30 Nov 2016 12:15:02 -
> @@ -7,9 +7,7 @@ COMMENT-postgresql= PostgreSQL authentic
>
> V_MAJOR= 2.2
> V_DOVECOT= 2.2.26.0
> -REVISION= 0
> -REVISION-server= 1
> -REVISION-ldap= 1
> +REVISION= 2
>
> DISTNAME= dovecot-${V_DOVECOT}
> PKGNAME= dovecot-${V_DOVECOT}
> @@ -43,6 +41,12 @@ WANTLIB-ldap= crypto lber-2.4 ldap-2.4 s
> WANTLIB-mysql= crypto m lib/mysql/mysqlclient pthread ssl stdc++ z
> WANTLIB-postgresql= crypto pq>=4 ssl
>
> +.for i in ${MULTI_PACKAGES:N-main}
> +# subpackages aren't flavoured, so overwrite the default name/path
> +FULLPKGNAME$i ?= dovecot$i-${V_DOVECOT}
> +FULLPKGPATH$i ?= ${PKGPATH},$i
> +.endfor
> +
> LIB_DEPENDS+= archivers/bzip2 \
> archivers/lz4 \
> archivers/xz \
> @@ -70,10 +74,19 @@ CONFIGURE_ARGS= --with-rundir=/var/dovec
> CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
> LDFLAGS="-L${LOCALBASE}/lib"
>
> +FLAVORS= gssapi
> PSEUDO_FLAVORS= no_db no_ldap no_mysql no_postgresql
> FLAVOR?=
> .if ${FLAVOR:Mno_db}
> FLAVOR+= no_ldap no_mysql no_postgresql
> +.endif
> +
> +.if ${FLAVOR:Mgssapi}
> +CONFIGURE_ARGS+= --with-gssapi=yes
> +MODULES+= security/heimdal
> +LIB_DEPENDS-server= ${MODHEIMDAL_LIB_DEPENDS}
> +WANTLIB-server+= ${MODHEIMDAL_WANTLIB} com_err heimdal/lib/gssapi
> +WANTLIB-server+= heimdal/lib/heimntlm heimdal/lib/heimsqlite
> .endif
>
> MULTI_PACKAGES= -server -ldap -mysql -postgresql
> Index: dovecot/pkg/DESCR-server
> ===
> RCS file: /cvs/ports/mail/dovecot/pkg/DESCR-server,v
> retrieving revision 1.6
> diff -u -p -r1.6 DESCR-server
> --- dovecot/pkg/DESCR-server 28 May 2011 19:40:41 - 1.6
> (tel:41%20-%201.6)
> +++ dovecot/pkg/DESCR-server 30 Nov 2016 12:15:02 -
> @@ -4,3 +4,6 @@ several coding techniques to avoid most
> can work with standard mbox and maildir formats and it's fully compatible
> with UW-IMAP and Courier IMAP servers as well as mail clients accessing
> the mailboxes directly.
> +
> +Flavors:
> + gssapi: support for GSSAPI authentication in Dovecot
>
GSSAPI flavor for Dovecot
Hello Brad,
I've written a patch for Dovecot that adds GSSAPI as a flavor. Could you
take a look at it?
Thanks,
William Leuschner
Index: Makefile
===
RCS file: /cvs/ports/mail/Makefile,v
retrieving revision 1.342
diff -u -p -r1.342 Makefile
--- Makefile11 Jul 2016 10:15:18 - 1.342
+++ Makefile31 Oct 2016 18:41:24 -
@@ -33,6 +33,7 @@
SUBDIR += dkim-milter
SUBDIR += dkimproxy
SUBDIR += dovecot
+ SUBDIR += dovecot,gssapi
SUBDIR += dovecot-antispam
SUBDIR += dovecot-pigeonhole
SUBDIR += dspam
Index: dovecot/Makefile
===
RCS file: /cvs/ports/mail/dovecot/Makefile,v
retrieving revision 1.241
diff -u -p -r1.241 Makefile
--- dovecot/Makefile5 Jul 2016 09:27:35 - 1.241
+++ dovecot/Makefile31 Oct 2016 18:41:24 -
@@ -7,7 +7,7 @@ COMMENT-postgresql= PostgreSQL authentic
V_MAJOR= 2.2
V_DOVECOT= 2.2.24
-REVISION= 0
+REVISION= 1
DISTNAME= dovecot-${V_DOVECOT}
PKGNAME= dovecot-${V_DOVECOT}
@@ -66,10 +66,17 @@ CONFIGURE_ARGS= --with-rundir=/var/dovec
CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib"
+FLAVORS= gssapi
PSEUDO_FLAVORS=no_db no_ldap no_mysql no_postgresql
FLAVOR?=
.if ${FLAVOR:Mno_db}
FLAVOR+= no_ldap no_mysql no_postgresql
+.endif
+
+.if ${FLAVOR:Mgssapi}
+CONFIGURE_ARGS+=KRB5CONFIG=/usr/local/heimdal/bin/krb5-config
+CONFIGURE_ARGS+=--with-gssapi=yes
+MODULES+=security/heimdal
.endif
MULTI_PACKAGES= -server -ldap -mysql -postgresql
Index: dovecot/pkg/DESCR-server
===
RCS file: /cvs/ports/mail/dovecot/pkg/DESCR-server,v
retrieving revision 1.6
diff -u -p -r1.6 DESCR-server
--- dovecot/pkg/DESCR-server28 May 2011 19:40:41 - 1.6
+++ dovecot/pkg/DESCR-server31 Oct 2016 18:41:24 -
@@ -4,3 +4,6 @@ several coding techniques to avoid most
can work with standard mbox and maildir formats and it's fully compatible
with UW-IMAP and Courier IMAP servers as well as mail clients accessing
the mailboxes directly.
+
+Flavors:
+gssapi: support for GSSAPI authentication in Dovecot
Re: GSSAPI flavor for Dovecot
Hello, ports@!
Has anyone had a chance to look at this yet?
- William
On 10/31/2016 2:45 PM, William Leuschner wrote:
> Hello again, porters!
>
> I've written a new flavor for Dovecot to add support for GSSAPI. Could
> someone take a look at it?
>
> Thanks,
> William Leuschner
>
> Index: Makefile
> ===
> RCS file: /cvs/ports/mail/Makefile,v
> retrieving revision 1.342
> diff -u -p -r1.342 Makefile
> --- Makefile 11 Jul 2016 10:15:18 - 1.342
> +++ Makefile 31 Oct 2016 18:41:24 -
> @@ -33,6 +33,7 @@
> SUBDIR += dkim-milter
> SUBDIR += dkimproxy
> SUBDIR += dovecot
> + SUBDIR += dovecot,gssapi
> SUBDIR += dovecot-antispam
> SUBDIR += dovecot-pigeonhole
> SUBDIR += dspam
> Index: dovecot/Makefile
> ===
> RCS file: /cvs/ports/mail/dovecot/Makefile,v
> retrieving revision 1.241
> diff -u -p -r1.241 Makefile
> --- dovecot/Makefile 5 Jul 2016 09:27:35 - 1.241
> +++ dovecot/Makefile 31 Oct 2016 18:41:24 -
> @@ -7,7 +7,7 @@ COMMENT-postgresql= PostgreSQL authentic
>
> V_MAJOR= 2.2
> V_DOVECOT= 2.2.24
> -REVISION=0
> +REVISION=1
>
> DISTNAME=dovecot-${V_DOVECOT}
> PKGNAME= dovecot-${V_DOVECOT}
> @@ -66,10 +66,17 @@ CONFIGURE_ARGS= --with-rundir=/var/dovec
> CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
> LDFLAGS="-L${LOCALBASE}/lib"
>
> +FLAVORS= gssapi
> PSEUDO_FLAVORS= no_db no_ldap no_mysql no_postgresql
> FLAVOR?=
> .if ${FLAVOR:Mno_db}
> FLAVOR+= no_ldap no_mysql no_postgresql
> +.endif
> +
> +.if ${FLAVOR:Mgssapi}
> +CONFIGURE_ARGS+=KRB5CONFIG=/usr/local/heimdal/bin/krb5-config
> +CONFIGURE_ARGS+=--with-gssapi=yes
> +MODULES+=security/heimdal
> .endif
>
> MULTI_PACKAGES= -server -ldap -mysql -postgresql
> Index: dovecot/pkg/DESCR-server
> ===
> RCS file: /cvs/ports/mail/dovecot/pkg/DESCR-server,v
> retrieving revision 1.6
> diff -u -p -r1.6 DESCR-server
> --- dovecot/pkg/DESCR-server 28 May 2011 19:40:41 - 1.6
> +++ dovecot/pkg/DESCR-server 31 Oct 2016 18:41:24 -
> @@ -4,3 +4,6 @@ several coding techniques to avoid most
> can work with standard mbox and maildir formats and it's fully compatible
> with UW-IMAP and Courier IMAP servers as well as mail clients accessing
> the mailboxes directly.
> +
> +Flavors:
> +gssapi: support for GSSAPI authentication in Dovecot
>
Re: building curl with gssapi disables ssl
Try putting it after the '--with-gssapi' instruction. Configure's
arguments *shouldn't* be order-dependent, but you never know. If that
doesn't work, I'm afraid I can't offer you anything else. I'm still
pretty new at this kind of thing.
- William Leuschner
On 10/31, Jiri B wrote:
> On Thu, Oct 27, 2016 at 10:31:04AM -0400, William Leuschner wrote:
> > > SSL support: no
> > > (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )
> >
> > Have you tried adding "--with-ssl" to CONFIGURE_ARGS?
> >
> > - William
>
> Hi,
>
> yes, I did.
>
> j.
>
> $ env FLAVOR=gssapi make show=CONFIGURE_ARGS
> --with-ca-bundle=/etc/ssl/cert.pem --with-libidn=/usr/local
> --without-libpsl --without-libssh2 --with-ssl
> --with-gssapi=/usr/local/heimdal --prefix='/usr/local' --sysconfdir='/etc'
> --mandir='/usr/local/man' --infodir='/usr/local/info' --localstatedir='/var'
> --disable-silent-rules --disable-gtk-doc
>
> jirib:/home/jirib/cvs/openbsd-ports/net/curl
> $ env FLAVOR=gssapi make configure 2>&1 | grep Protocols:
> Protocols:DICT FILE FTP GOPHER HTTP IMAP POP3 RTSP SMTP TELNET TFTP
GSSAPI flavor for Dovecot
Hello again, porters!
I've written a new flavor for Dovecot to add support for GSSAPI. Could
someone take a look at it?
Thanks,
William Leuschner
Index: Makefile
===
RCS file: /cvs/ports/mail/Makefile,v
retrieving revision 1.342
diff -u -p -r1.342 Makefile
--- Makefile11 Jul 2016 10:15:18 - 1.342
+++ Makefile31 Oct 2016 18:41:24 -
@@ -33,6 +33,7 @@
SUBDIR += dkim-milter
SUBDIR += dkimproxy
SUBDIR += dovecot
+ SUBDIR += dovecot,gssapi
SUBDIR += dovecot-antispam
SUBDIR += dovecot-pigeonhole
SUBDIR += dspam
Index: dovecot/Makefile
===
RCS file: /cvs/ports/mail/dovecot/Makefile,v
retrieving revision 1.241
diff -u -p -r1.241 Makefile
--- dovecot/Makefile5 Jul 2016 09:27:35 - 1.241
+++ dovecot/Makefile31 Oct 2016 18:41:24 -
@@ -7,7 +7,7 @@ COMMENT-postgresql= PostgreSQL authentic
V_MAJOR= 2.2
V_DOVECOT= 2.2.24
-REVISION= 0
+REVISION= 1
DISTNAME= dovecot-${V_DOVECOT}
PKGNAME= dovecot-${V_DOVECOT}
@@ -66,10 +66,17 @@ CONFIGURE_ARGS= --with-rundir=/var/dovec
CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib"
+FLAVORS= gssapi
PSEUDO_FLAVORS=no_db no_ldap no_mysql no_postgresql
FLAVOR?=
.if ${FLAVOR:Mno_db}
FLAVOR+= no_ldap no_mysql no_postgresql
+.endif
+
+.if ${FLAVOR:Mgssapi}
+CONFIGURE_ARGS+=KRB5CONFIG=/usr/local/heimdal/bin/krb5-config
+CONFIGURE_ARGS+=--with-gssapi=yes
+MODULES+=security/heimdal
.endif
MULTI_PACKAGES= -server -ldap -mysql -postgresql
Index: dovecot/pkg/DESCR-server
===
RCS file: /cvs/ports/mail/dovecot/pkg/DESCR-server,v
retrieving revision 1.6
diff -u -p -r1.6 DESCR-server
--- dovecot/pkg/DESCR-server28 May 2011 19:40:41 - 1.6
+++ dovecot/pkg/DESCR-server31 Oct 2016 18:41:24 -
@@ -4,3 +4,6 @@ several coding techniques to avoid most
can work with standard mbox and maildir formats and it's fully compatible
with UW-IMAP and Courier IMAP servers as well as mail clients accessing
the mailboxes directly.
+
+Flavors:
+gssapi: support for GSSAPI authentication in Dovecot
Re: building curl with gssapi disables ssl
> SSL support: no
> (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )
Have you tried adding "--with-ssl" to CONFIGURE_ARGS?
- William
Re: GSSAPI flavor for OpenLDAP
> Yes I think that is all that's needed from that side of things.
> It also needs a REVISION bump, the new flavour mentioning in DESCR,
> and adding to databases/Makefile.
Done, done, and done.
> Also please take care of spaces/tabs in the diff - thunderbird
> mangled it, sending as an attachment is the lazy way around this ;)
> also it looked like the new lines may have had a mix of spaces and
> tabs.
I appreciate the benefit of the doubt, but alas, my MUA was not at
fault. I just made a bad assumption about which indentation method was
in use :)
The diff is attached, hopefully up-to-snuff this time.
- William Leuschner
Index: Makefile
===
RCS file: /cvs/ports/databases/openldap/Makefile,v
retrieving revision 1.145
diff -u -p -r1.145 Makefile
--- Makefile29 Jun 2016 16:14:38 - 1.145
+++ Makefile25 Oct 2016 16:07:17 -
@@ -8,7 +8,7 @@ COMMENT-server =open-source LDAP softwa
DISTNAME = openldap-2.4.44
PKGNAME-main = ${DISTNAME:S/-/-client-/}
PKGNAME-server = ${DISTNAME:S/-/-server-/}
-REVISION-server = 0
+REVISION-server = 1
# overwrite -main pkgname/path to strip FLAVOR, aci only affects the server
FULLPKGNAME-main = ${DISTNAME:S/-/-client-/}
@@ -49,7 +49,7 @@ CONFIGURE_STYLE = autoconf
USE_GROFF =Yes
FLAVOR ?=
-FLAVORS = aci
+FLAVORS = aci gssapi
CONFIGURE_ARGS += --enable-ipv6 \
--with-tls=openssl
@@ -92,6 +92,11 @@ CONFIGURE_ARGS +=--disable-mdb
.if ${FLAVOR:Maci}
CONFIGURE_ARGS += --enable-aci
+.endif
+
+.if ${FLAVOR:Mgssapi}
+CONFIGURE_ARGS += --with-kerberos
+MODULES += security/heimdal
.endif
MODGNU_CONFIG_GUESS_DIRS = ${WRKSRC} ${WRKSRC}/build
Index: pkg/DESCR-server
===
RCS file: /cvs/ports/databases/openldap/pkg/DESCR-server,v
retrieving revision 1.5
diff -u -p -r1.5 DESCR-server
--- pkg/DESCR-server20 Oct 2012 08:36:13 - 1.5
+++ pkg/DESCR-server25 Oct 2016 16:07:17 -
@@ -12,3 +12,4 @@ various administrative binaries.
Flavors:
aci enable the *experimental* ACI dynamic access control
+gssapi compile with GSSAPI support (and Heimdal)
GSSAPI flavor for OpenLDAP
I've written a patch (pasted below) that adds a GSSAPI flavor to the
OpenLDAP port. This should bring back another small piece of the
functionality that was lost when Heimdal was axed from base.
Is this a welcome change? If so, can someone with experience take a look
and make sure I haven't done something horribly wrong?
Thanks,
William Leuschner
Index: Makefile
===
RCS file: /cvs/ports/databases/openldap/Makefile,v
retrieving revision 1.145
diff -u -p -r1.145 Makefile
--- Makefile29 Jun 2016 16:14:38 - 1.145
+++ Makefile24 Oct 2016 18:26:59 -
@@ -49,7 +49,7 @@ CONFIGURE_STYLE = autoconf
USE_GROFF =Yes
FLAVOR ?=
-FLAVORS = aci
+FLAVORS = aci gssapi
CONFIGURE_ARGS += --enable-ipv6 \
--with-tls=openssl
@@ -92,6 +92,12 @@ CONFIGURE_ARGS +=--disable-mdb
.if ${FLAVOR:Maci}
CONFIGURE_ARGS += --enable-aci
+.endif
+
+.if ${FLAVOR:Mgssapi}
+CONFIGURE_ARGS += --with-kerberos
+WANTLIB += ${MODHEIMDAL_WANTLIB}
+MOD_DEPENDS += ${MODHEIMDAL_MOD_DEPENDS}
.endif
MODGNU_CONFIG_GUESS_DIRS = ${WRKSRC} ${WRKSRC}/build
