This is OK for me, I would like another OK, otherwise i will commit it this
week.
Cheers.
— gonzalo
> On 16. May 2021, at 01:44, Aisha Tammy <openbsd.po...@aisha.cc> wrote:
>
> I've reattached the patch, hopefully without getting it mangled this time.
>
>
> diff --git a/net/usockets/Makefile b/net/usockets/Makefile
> index a484c23f93a..7fa566c8777 100644
> --- a/net/usockets/Makefile
> +++ b/net/usockets/Makefile
> @@ -3,38 +3,35 @@
> COMMENT = eventing, networking & crypto for async applications
> CATEGORIES = net
>
> -VERSION = 0.6.0
> -REVISION = 1
> +VERSION = 0.7.1
>
> DISTNAME = usockets-${VERSION}
> PKGNAME = ${DISTNAME:L}
>
> -SHARED_LIBS = usockets 1.0
> +SHARED_LIBS = usockets 1.1
>
> GH_ACCOUNT = uNetworking
> GH_PROJECT = uSockets
> -#GH_TAGNAME = v0.6.0
> -# cstdlib include error
> -GH_COMMIT = 7683672d87067cd75b854f4e36b9820f4809a4be
> -
> +#GH_TAGNAME = v0.7.1
> +# socket read/write error
> +GH_COMMIT = 5440dbac79bd76444175b76ee95dfcade12a6aac
>
> MAINTAINER = Aisha Tammy <open...@aisha.cc>
>
> # Apache 2.0
> PERMIT_PACKAGE = Yes
>
> -WANTLIB += ${COMPILER_LIBCXX} crypto ssl uv
> +WANTLIB += ${COMPILER_LIBCXX} crypto ssl uv
>
> # C11 C++17
> COMPILER = base-clang ports-gcc
>
> LIB_DEPENDS = devel/libuv
>
> -USE_GMAKE = Yes
> -MAKE_FLAGS = CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" \
> - CC="${CC}" CXX="${CXX}" \
> - LIBusockets_VERSION="${LIBusockets_VERSION}"
> +MAKE_ENV = LIBusockets_VERSION="${LIBusockets_VERSION}"
>
> NO_TEST = Yes
>
> +FAKE_FLAGS = PREFIX=${TRUEPREFIX}
> +
> .include <bsd.port.mk>
> diff --git a/net/usockets/distinfo b/net/usockets/distinfo
> index 964ba508e9e..ed3dd036b68 100644
> --- a/net/usockets/distinfo
> +++ b/net/usockets/distinfo
> @@ -1,2 +1,2 @@
> -SHA256 (usockets-0.6.0-7683672d.tar.gz) =
> 0OooGCHD8ezNIcaB1zDPK6RQLGGYGZJb24Vemjlat7c=
> -SIZE (usockets-0.6.0-7683672d.tar.gz) = 57634
> +SHA256 (usockets-0.7.1-5440dbac.tar.gz) =
> +pfJ3z/KBnpJ3VNxcIvxpwPuQUsJjxIeODxidvn/G3c=
> +SIZE (usockets-0.7.1-5440dbac.tar.gz) = 62372
> diff --git a/net/usockets/patches/patch-Makefile
> b/net/usockets/patches/patch-Makefile
> index e718b65a265..6c447bb9d38 100644
> --- a/net/usockets/patches/patch-Makefile
> +++ b/net/usockets/patches/patch-Makefile
> @@ -6,7 +6,7 @@ remove -flto -O3
> Index: Makefile
> --- Makefile.orig
> +++ Makefile
> -@@ -1,60 +1,40 @@
> +@@ -1,60 +1,39 @@
> -# WITH_OPENSSL=1 enables OpenSSL 1.1+ support or BoringSSL
> -# For now we need to link with C++ for OpenSSL support, but should be
> removed with time
> -ifeq ($(WITH_OPENSSL),1)
> @@ -30,7 +30,7 @@ Index: Makefile
> - override CFLAGS += -DLIBUS_USE_LIBUV
> - override LDFLAGS += -luv
> -endif
> -+PREFIX ?= "/usr/local"
> ++PREFIX ?= /usr/local
> +LIBDIR ?= "$(PREFIX)/lib"
> +INCLUDEDIR ?= "$(PREFIX)/include"
>
> @@ -39,19 +39,19 @@ Index: Makefile
> - override CFLAGS += -DLIBUS_USE_GCD
> - override LDFLAGS += -framework CoreFoundation
> -endif
> -+# OpenBSD specific library version
> -+LIBTARGET ?= libusockets.so.$(LIBusockets_VERSION)
> ++PKG_CONFIG ?= pkg-config
>
> -# WITH_ASAN builds with sanitizers
> -ifeq ($(WITH_ASAN),1)
> - override CFLAGS += -fsanitize=address -g
> -- override LDFLAGS += -lasan
> +- override LDFLAGS += -fsanitize=address
> -endif
> -+PKG_CONFIG ?= pkg-config
> ++LIBTARGET = libusockets.so.$(LIBusockets_VERSION)
>
> -override CFLAGS += -std=c11 -Isrc
> -override LDFLAGS += uSockets.a
> -+override LDFLAGS += -lstdc++ -lcrypto -lssl `$(PKG_CONFIG) --libs libuv`
> ++REQUIRES = libcrypto libssl libuv
> ++COMMON_FLAGS = -Isrc -DLIBUS_USE_OPENSSL -DLIBUS_USE_LIBUV
> `$(PKG_CONFIG) --cflags $(REQUIRES)`
>
> -# By default we build the uSockets.a static library
> -default:
> @@ -62,37 +62,35 @@ Index: Makefile
> - $(CXX) $(CXXFLAGS) -std=c++17 -flto -O3 -c src/crypto/*.cpp
> -endif
> - $(AR) rvs uSockets.a *.o
> -+COMMON_FLAGS = -DLIBUS_USE_OPENSSL -DLIBUS_USE_LIBUV -Isrc
> `$(PKG_CONFIG) --cflags libuv`
> -+override CFLAGS += $(COMMON_FLAGS)
> -+override CXXFLAGS += $(COMMON_FLAGS)
> ++CFLAGS += -std=c11 $(COMMON_FLAGS)
> ++CXXFLAGS += -std=c++17 $(COMMON_FLAGS)
> ++LDFLAGS += `$(PKG_CONFIG) --libs $(REQUIRES)`
>
> -# Builds all examples
> -.PHONY: examples
> -examples: default
> - for f in examples/*.c; do $(CC) -flto -O3 $(CFLAGS) -o $$(basename "$$f"
> ".c") "$$f" $(LDFLAGS); done
> +all:
> -+ $(CC) -std=c11 -fPIC $(CFLAGS) -c src/*.c src/eventing/*.c
> src/crypto/*.c
> -+ $(CXX) -std=c++17 -fPIC $(CXXFLAGS) -c src/crypto/*.cpp
> ++ $(CC) $(CFLAGS) -fPIC -c src/*.c src/eventing/*.c src/crypto/*.c
> ++ $(CXX) $(CXXFLAGS) -fPIC -c src/crypto/*.cpp
> + $(AR) rvs libusockets.a *.o
> + $(CC) -shared -o $(LIBTARGET) *.o -Wl,-soname,$(LIBTARGET) $(LDFLAGS)
> -+ sed -e "s:@PREFIX@:$(PREFIX):" -e "s:@VERSION@:$(LIBusockets_VERSION):"
> \
> -+ libusockets.pc.in > libusockets.pc
> ++ sed -e "s:@PREFIX@:$(PREFIX):" -e "s:@VERSION@:$(LIBusockets_VERSION):"
> libusockets.pc.in > libusockets.pc
>
> -swift_examples:
> - swiftc -O -I . examples/swift_http_server/main.swift uSockets.a -o
> swift_http_server
> -+install:
> -+ install -d "$(LIBDIR)/pkgconfig" "$(INCLUDEDIR)"
> -+ install -m 644 src/libusockets.h "$(INCLUDEDIR)"
> -+ install -m 755 $(LIBTARGET) "$(LIBDIR)"
> -+ install -m 755 libusockets.a "$(LIBDIR)"
> -+ install -m 644 libusockets.pc "$(LIBDIR)/pkgconfig"
> ++install: all
> ++ install -d "$(DESTDIR)$(LIBDIR)/pkgconfig" "$(DESTDIR)$(INCLUDEDIR)"
> ++ install -m 644 src/libusockets.h "$(DESTDIR)$(INCLUDEDIR)/"
> ++ install -m 644 $(LIBTARGET) "$(DESTDIR)$(LIBDIR)"
> ++ install -m 644 libusockets.a "$(DESTDIR)$(LIBDIR)/"
> ++ install -m 644 libusockets.pc "$(DESTDIR)$(LIBDIR)/pkgconfig/"
>
> clean:
> rm -f *.o
> rm -f *.a
> -- rm -rf .certs
> + rm -f *.so
> -+ rm -f libusockets.pc
> -+
> -+.PHONY: all install clean
> + rm -rf .certs
> ++ rm -f usockets.pc
> +
> ++.PHONY: all clean default install
> diff --git a/net/usockets/patches/patch-libusockets_pc_in
> b/net/usockets/patches/patch-libusockets_pc_in
> index 363646177e9..37a2632a788 100644
> --- a/net/usockets/patches/patch-libusockets_pc_in
> +++ b/net/usockets/patches/patch-libusockets_pc_in
> @@ -1,9 +1,9 @@
> -$OpenBSD: patch-libusockets_pc_in,v 1.1 2020/12/11 22:34:51 sthen Exp $
> +$OpenBSD$
>
> Index: libusockets.pc.in
> --- libusockets.pc.in.orig
> +++ libusockets.pc.in
> -@@ -0,0 +1,14 @@
> +@@ -0,0 +1,13 @@
> +prefix=@PREFIX@
> +libdir=${prefix}/lib
> +includedir=${prefix}/include
> @@ -17,4 +17,3 @@ Index: libusockets.pc.in
> +Libs: -L${libdir} -lusockets
> +Libs.private: -lcrypto -lssl
> +Requires.private: libuv
> -+
> diff --git a/www/purritobin/Makefile b/www/purritobin/Makefile
> index 698ca75c722..bde0d254896 100644
> --- a/www/purritobin/Makefile
> +++ b/www/purritobin/Makefile
> @@ -1,12 +1,11 @@
> # $OpenBSD $
>
> COMMENT = minimalistic command line pastebin
> -PKGNAME = ${DISTNAME:L}
> CATEGORIES = www net
>
> GH_ACCOUNT = PurritoBin
> GH_PROJECT = PurritoBin
> -GH_TAGNAME = 0.3.3
> +GH_TAGNAME = 0.6.7
>
> HOMEPAGE = https://bsd.ac/
> MAINTAINER = Aisha Tammy <open...@aisha.cc>
> @@ -15,24 +14,29 @@ MAINTAINER = Aisha Tammy <open...@aisha.cc>
> PERMIT_PACKAGE = Yes
>
> # uses pledge()
> -WANTLIB += ${COMPILER_LIBCXX} c m usockets
> +WANTLIB += ${COMPILER_LIBCXX} c lmdb usockets
>
> -# C++2a
> +# C++17
> COMPILER = base-clang
>
> -BUILD_DEPENDS = www/uwebsockets
> +MODULES = devel/meson
>
> -LIB_DEPENDS = net/usockets
> +CXXFLAGS += -I${LOCALBASE}/include
>
> -NO_TEST = Yes
> +CONFIGURE_ENV = LDFLAGS="${LDFLAGS} -L${LOCALBASE}/lib"
>
> -post-install:
> - ${INSTALL_DATA_DIR} ${PREFIX}/share/purritobin
> - ${INSTALL_DATA} ${WRKSRC}/frontend/paste.html \
> - ${PREFIX}/share/purritobin
> - ${INSTALL_DATA} ${WRKSRC}/clients/POSIX_shell_client.sh \
> - ${PREFIX}/share/purritobin
> +# ssl tests fail
> +#CONFIGURE_ARGS= -Denable_testing=true \
> +# -Dtest_shuf=gshuf \
> +# -Dtest_seq=gseq
>
> -FAKE_FLAGS = PREFIX=${TRUEPREFIX}
> +BUILD_DEPENDS = databases/lmdbxx \
> + www/uwebsockets
> +
> +LIB_DEPENDS = databases/lmdb \
> + net/usockets
> +
> +TEST_DEPENDS = net/curl \
> + sysutils/coreutils \
>
> .include <bsd.port.mk>
> diff --git a/www/purritobin/distinfo b/www/purritobin/distinfo
> index 71fc842ca7f..ca476eddb8f 100644
> --- a/www/purritobin/distinfo
> +++ b/www/purritobin/distinfo
> @@ -1,2 +1,2 @@
> -SHA256 (PurritoBin-0.3.3.tar.gz) =
> lmjTCXskzvTd8eCKxlGfClbEfk6COuqh90nqHSeQ1wc=
> -SIZE (PurritoBin-0.3.3.tar.gz) = 13155
> +SHA256 (PurritoBin-0.6.7.tar.gz) =
> ulpbdPB3lCpfNJRfW/oEqd8yJ0+NNdL4wwGhRuSQWvg=
> +SIZE (PurritoBin-0.6.7.tar.gz) = 20461
> diff --git a/www/purritobin/pkg/PLIST b/www/purritobin/pkg/PLIST
> index c09a1f0e346..e599cd370bc 100644
> --- a/www/purritobin/pkg/PLIST
> +++ b/www/purritobin/pkg/PLIST
> @@ -4,12 +4,13 @@
> @rcscript ${RCDIR}/purritobin
> @bin bin/purrito
> @man man/man1/purrito.1
> +share/PurritoBin/
> +share/PurritoBin/POSIX_shell_client.sh
> +share/PurritoBin/about.html
> +share/PurritoBin/index.html
> +share/PurritoBin/paste.html
> share/doc/pkg-readmes/${PKGSTEM}
> @owner _purritobin
> @group _purritobin
> +@sample /var/db/purritobin/
> @sample /var/www/purritobin/
> -@owner
> -@group
> -share/purritobin/
> -share/purritobin/POSIX_shell_client.sh
> -share/purritobin/paste.html
> diff --git a/www/purritobin/pkg/README b/www/purritobin/pkg/README
> index 07087bb4492..f05963c0ce0 100644
> --- a/www/purritobin/pkg/README
> +++ b/www/purritobin/pkg/README
> @@ -13,15 +13,18 @@ You need to set at least the following option for
> PurritoBin
>
> rcctl set purritobin flags -d <domain-name>
>
> -To look at all the possible options and descriptions
> +To take a quick look at all the possible options and descriptions
> purrito -h
>
> +For an in-depth explanation
> + man purrito
> +
>
> Exposing a webserver
> ====================
>
> PurritoBin saves all the pastes to a single folder.
> -By default it is the folder /var/www/purritobin.
> +By default it is the folder ${LOCALSTATEDIR}/www/purritobin.
> So it is possible to just expose the folder via httpd(8)
>
> sample httpd(8) configuration
> @@ -30,6 +33,10 @@ http_port=80
> https_port=443
> ext_if=egress
>
> +# so that non suffixed paste files are recognized as
> +# plain text files
> +default type text/plain
> +
> server "bsd.ac" {
> alias "www.bsd.ac"
> listen on $ext_if port $http_port
> @@ -44,29 +51,97 @@ server "bsd.ac" {
>
> server "bsd.ac" {
> alias "www.bsd.ac"
> - listen on egress port $https_port
> + listen on $ext_if port $https_port
> + tls {
> + certificate "/etc/ssl/bsd.ac.crt"
> + key "/etc/ssl/private/bsd.ac.key"
> + }
> root "/purritobin"
> directory index "index.html"
> }
>
>
> +sample nginx(8) configuration
> +-----------------------------
> +user nginx;
> +worker_processes 1;
> +error_log /var/log/nginx/error.log warn;
> +pid /var/run/nginx.pid;
> +
> +events {
> + worker_connections 1024;
> +}
> +
> +http {
> + include /etc/nginx/mime.types;
> + default_type text/plain;
> + charset utf-8;
> + log_format main '$remote_addr - $remote_user [$time_local] "$request"
> '
> + '$status $body_bytes_sent "$http_referer" '
> + '"$http_user_agent" "$http_x_forwarded_for"';
> + access_log /var/log/nginx/access.log main;
> + sendfile on;
> + keepalive_timeout 65;
> +
> + server {
> + listen 80 default_server;
> + location / {
> + return 301 https://$host$request_uri;
> + }
> + location /.well-known/acme-challenge/ {
> + alias /var/www/acme-challenge/;
> + }
> + }
> +
> + server {
> + listen 443 ssl;
> + server_name bsd.ac www.bsd.ac;
> +
> + ssl_certificate /etc/ssl/bsd.ac.crt;
> + ssl_certificate_key /etc/ssl/private/bsd.ac.key;
> +
> + # to allow online paste submission
> + add_header 'Access-Control-Allow-Origin' 'https://bsd.ac:42069';
> +
> + root /var/www/purritobin;
> + location /.well-known/acme-challenge/ {
> + alias /var/www/acme-challenge/;
> + }
> + }
> +}
> +
> +
> Encrypted pastes
> ================
>
> The default clients of PurritoBin are installed to
> -${PREFIX}/share/purritobin/POSIX_shell_clients.sh
> +${PREFIX}/share/purritobin/POSIX_shell_client.sh
>
> To enable server side support for these pastes
> make sure that paste.html file located at
> ${PREFIX}/share/purritobin/paste.html
> is available for viewing, typically possible by just
> -dumping the file into /var/www/purritobin
> +dumping the file into ${LOCALSTATEDIR}/www/purritobin
> +
> +
> +Online pasting through web-portal
> +=================================
> +
> +To paste using the javascript form, the CORS header
> +from both the paste server and the http server need to
> +allow each other in the "Access-Control-Allow-Origin"
> +HTTP header.
> +
> +An example for setting the CORS header in purrito(1)
> +is available in the man page. As httpd(8) does not allow
> +setting HTTP headers, relayd(8) can be used as a workaround,
> +or the above nginx(8) example can be used.
>
>
> PF bruteforce blocking
> ======================
>
> -PurritoBin exposes a port using -p <port> (by default: 42069) for
> +PurritoBin exposes ports using -p <port> (by default: 42069) for
> clients to post their pastes.
> PurritoBin does not enforce any rate limiting for number of pastes
> at a time as this can be done much better using pf(4)
> @@ -83,7 +158,7 @@ pass # establish keep-state
>
> block quick from <bruteforce>
>
> -# no more than one connection every 3 seconds
> +# no more than 1 connection every 3 seconds
> pass in on egress proto tcp from any to any port $purritobin_port \
> flags S/SA keep state \
> (max-src-conn-rate 1/3, \
> @@ -94,20 +169,3 @@ block return in on ! lo0 proto tcp to port 6000:6010
>
> # Port build user does not need network
> block return out log proto {tcp udp} user _pbuild
> -
> -
> -Cron job for cleaning
> -=====================
> -
> -PurritoBin leaves the cleaning upto the webmaster.
> -Fortunately, due to the simple storage mechanism, you can
> -do the cleaning very easily in daily.local
> -
> -sample daily.local for cron cleanup
> ------------------------------------
> -
> -find /var/www/purritobin/ -type f ! -name index.html \
> - ! -name paste.html \
> - -delete
> -
> -This clears all pastes which were done during the day.
> diff --git a/www/uwebsockets/Makefile b/www/uwebsockets/Makefile
> index 98d36ebdb9c..093e5059b02 100644
> --- a/www/uwebsockets/Makefile
> +++ b/www/uwebsockets/Makefile
> @@ -6,7 +6,7 @@ CATEGORIES = www
>
> GH_ACCOUNT = uNetworking
> GH_PROJECT = uWebSockets
> -GH_TAGNAME = v18.17.0
> +GH_TAGNAME = v19.2.0
>
> MAINTAINER = Aisha Tammy <open...@aisha.cc>
>
> @@ -21,9 +21,7 @@ NO_BUILD = Yes
> NO_TEST = Yes
>
> do-install:
> - ${INSTALL_DATA_DIR} ${PREFIX}/include/uWebSockets/f2
> + ${INSTALL_DATA_DIR} ${PREFIX}/include/uWebSockets
> ${INSTALL_DATA} ${WRKSRC}/src/*.h ${PREFIX}/include/uWebSockets
> - ${INSTALL_DATA} ${WRKSRC}/src/f2/*.hpp \
> - ${PREFIX}/include/uWebSockets/f2
>
> .include <bsd.port.mk>
> diff --git a/www/uwebsockets/distinfo b/www/uwebsockets/distinfo
> index 0d9ebdb3b51..18736637663 100644
> --- a/www/uwebsockets/distinfo
> +++ b/www/uwebsockets/distinfo
> @@ -1,2 +1,2 @@
> -SHA256 (uWebSockets-18.17.0.tar.gz) =
> 4tK9Dlm9a1RCcKo0gAP9SkI5EBW0vw61TgFhrRCPkT8=
> -SIZE (uWebSockets-18.17.0.tar.gz) = 276629
> +SHA256 (uWebSockets-19.2.0.tar.gz) =
> KVYHUpMJB1S8JDHFNjT5Oh50c5xhOSvmBAyz7SlDDsI=
> +SIZE (uWebSockets-19.2.0.tar.gz) = 296110
> diff --git a/www/uwebsockets/pkg/PLIST b/www/uwebsockets/pkg/PLIST
> index 93802815df0..80010cdaac8 100644
> --- a/www/uwebsockets/pkg/PLIST
> +++ b/www/uwebsockets/pkg/PLIST
> @@ -13,6 +13,7 @@ include/uWebSockets/HttpRouter.h
> include/uWebSockets/Loop.h
> include/uWebSockets/LoopData.h
> include/uWebSockets/MessageParser.h
> +include/uWebSockets/MoveOnlyFunction.h
> include/uWebSockets/Multipart.h
> include/uWebSockets/PerMessageDeflate.h
> include/uWebSockets/ProxyParser.h
> @@ -26,5 +27,3 @@ include/uWebSockets/WebSocketData.h
> include/uWebSockets/WebSocketExtensions.h
> include/uWebSockets/WebSocketHandshake.h
> include/uWebSockets/WebSocketProtocol.h
> -include/uWebSockets/f2/
> -include/uWebSockets/f2/function2.hpp
> <lmdbxx.tgz>
