On 2022/01/11 10:53, Theo Buehler wrote: > > sure, cleartext might sucks, but i always tunnel my cleartext psql cnx > > over ssh so... i wouldnt have issues with non-ssl pgadmin :) > > I figured that might be a common solution and that's why I sent this > patch for consideration.
It is exactly pgadmin's built-in ssh tunnel mode that is a problem, because it uses old libssh2. You can still connect over ssh tunnels of course, but you have to ssh-forward yourself and connect to localhost. If we can disable pgadmin3's tunneling *without* disabling direct TLS connections, that's probably more convenient to use. Possible diff for that below. *However* our port has never been patched to support connecting to PostgreSQL versions above 11.0, and AFAIK nobody has complained on ports@ about this. This gives me the impression that nobody is actually likely to be using it. > > > cc'ing landry@ since he sowed interest in pgadmin too. > > > > i dont use it but think it's a pity to see it go. pgadmin4 is a monster, > > so there were numerous pgadmin3 forks at the time, havent looked in > > details but at least https://github.com/AbdulYadi/pgadmin3 and > > https://github.com/Symbiatch/pgAdmin3; > > Both these seem to have the same issue of an outdated libssh2. I'm not > saying it's impossible or even particularly hard to patch them to build > and work. I stronlgy doubt that it's a good idea given that libssh2 had > its share of issues over the years. Symbiatch's fork is dead afaict. AbdulYadi's is more alive, and also has support for newer wxWidgets (without killing support for the old one), which is another problem with the current pgadmin3. > So: if we want to keep pgadmin3 with libssh2 support, someone with an > interest in this has to figure out how to link it against the libssh2 > port or shoehorn in an update some other way. If there's libssl or > libcrypto related issues with this I'll gladly help. > > > > > at that point, someone interested in having a psql gui should port > > http://sosedoff.github.io/pgweb/ and run it on localhost.. i think i > > sent a port for https://github.com/Jet1oeil/opendbviewer a while ago but > > it also seems not much alive upstream. Or OmniDB. Now the diff. Builds on -current libressl (and disables the SSH tunnel tab as expected), I don't know if it will work with tb's queued changes but should be easier to fix if it doesn't. But, I think if somebody does want to keep this in-tree they should take maintainer and get it working with 13.x (doesn't matter whether that's by patches or switching upstream). Index: Makefile =================================================================== RCS file: /cvs/ports/databases/pgadmin3/Makefile,v retrieving revision 1.46 diff -u -p -r1.46 Makefile --- Makefile 6 Jul 2021 16:55:32 -0000 1.46 +++ Makefile 11 Jan 2022 12:09:38 -0000 @@ -5,7 +5,7 @@ COMMENT= administration and development V= 1.22.1 DISTNAME= pgadmin3-$V CATEGORIES= databases devel -REVISION= 6 +REVISION= 7 HOMEPAGE= https://www.pgadmin.org/ @@ -14,10 +14,10 @@ MAINTAINER= Pierre-Emmanuel Andre <pea@o # Artistic license PERMIT_PACKAGE= Yes -WANTLIB += ${COMPILER_LIBCXX} c crypto m pq wx_baseu-3.0 wx_baseu_net-3.0 +WANTLIB += ${COMPILER_LIBCXX} c m pq wx_baseu-3.0 wx_baseu_net-3.0 WANTLIB += wx_baseu_xml-3.0 wx_gtk3u_adv-3.0 wx_gtk3u_aui-3.0 WANTLIB += wx_gtk3u_core-3.0 wx_gtk3u_html-3.0 wx_gtk3u_stc-3.0 -WANTLIB += wx_gtk3u_xrc-3.0 xml2 xslt z +WANTLIB += wx_gtk3u_xrc-3.0 xml2 xslt MASTER_SITES= https://ftp.postgresql.org/pub/pgadmin/pgadmin3/v$V/src/ @@ -31,9 +31,14 @@ LIB_DEPENDS= x11/wxWidgets>=3.0.4 \ BUILD_DEPENDS += databases/postgresql,-server \ textproc/py-sphinx,python3>=4.0.2 -CONFIGURE_STYLE=gnu +CONFIGURE_STYLE=autoreconf +AUTORECONF= sh ./bootstrap +AUTOCONF_VERSION= 2.69 +AUTOMAKE_VERSION= 1.15 + CONFIGURE_ENV= CPPFLAGS="${CXXFLAGS}" -CONFIGURE_ARGS= --with-pgsql=${LOCALBASE} \ +CONFIGURE_ARGS= --with-libgcrypt=no \ + --with-pgsql=${LOCALBASE} \ --with-wx-version=3.0 USE_GMAKE= Yes Index: patches/patch-configure =================================================================== RCS file: patches/patch-configure diff -N patches/patch-configure --- patches/patch-configure 15 Jul 2016 14:43:40 -0000 1.5 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,21 +0,0 @@ -$OpenBSD: patch-configure,v 1.5 2016/07/15 14:43:40 pea Exp $ ---- configure.orig Mon Feb 8 02:27:13 2016 -+++ configure Sat Jul 2 17:10:19 2016 -@@ -5743,7 +5743,7 @@ if ${ac_cv_lib_ssl_SSL_library_init+:} false; then : - $as_echo_n "(cached) " >&6 - else - ac_check_lib_save_LIBS=$LIBS --LIBS="-lssl $LIBS" -+LIBS="-lcrypto -lssl $LIBS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ - -@@ -6210,7 +6210,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu - - if test "$PG_SSL" = "yes" - then -- LIBS="${PG_LIB}/libpq.a $CRYPT_LIB $LIBS -lssl $CRYPTO_LIB" -+ LIBS="${PG_LIB}/libpq.a $CRYPT_LIB $LIBS -lcrypto -lssl $CRYPTO_LIB" - else - LIBS="${PG_LIB}/libpq.a $CRYPT_LIB $LIBS $CRYPTO_LIB" - fi Index: patches/patch-configure_ac_in =================================================================== RCS file: patches/patch-configure_ac_in diff -N patches/patch-configure_ac_in --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-configure_ac_in 11 Jan 2022 12:09:38 -0000 @@ -0,0 +1,27 @@ +$OpenBSD$ + +Index: configure.ac.in +--- configure.ac.in.orig ++++ configure.ac.in +@@ -95,20 +95,8 @@ fi + + AC_SUBST(LIBSREQUIRED) + +-if test "$ac_cv_libssl" != "yes" && test "$ac_cv_libgcrypt" != "yes"; then +- AC_MSG_NOTICE([cannot find OpenSSL or Libgcrypt, try --with-libssl-prefix=PATH or --with-libgcrypt-prefix=PATH]) +- BUILD_SSH_TUNNEL="no" +-else +- BUILD_SSH_TUNNEL="yes" +-fi ++BUILD_SSH_TUNNEL="no" + AM_CONDITIONAL([BUILD_SSH_TUNNEL], [test x$BUILD_SSH_TUNNEL = xyes]) +- +-if test "$ac_cv_libssl" = "yes"; then +- AC_DEFINE(LIBSSH2_OPENSSL, 1, [Compile libssh2 with OpenSSL support]) +- AC_DEFINE(HAVE_OPENSSL_CRYPTO, 1, [Compile libssh2 with OpenSSL support]) +- CPPFLAGS="$CPPFLAGS -DHAVE_OPENSSL_CRYPTO -DLIBSSH2_OPENSSL" +- LIBS="$LIBS $LIBSSL" +-fi + + if test "$ac_cv_libgcrypt" = "yes"; then + CPPFLAGS="$CPPFLAGS -DHAVE_GCRYPT"
