On Sun, 18 Dec 2022 15:11:22 +0100, Michael wrote:
> On Sun, Dec 18, 2022 at 11:55:12AM +0000, Stuart Henderson wrote:
> > On 2022/12/17 22:36, Michael wrote:
> > > On Sat, Dec 17, 2022 at 11:06:32AM +0100, Omar Polo wrote:
> > > > On 2022/12/17 10:41:26 +0100, Pascal Stumpf <pas...@stumpf.co> wrote:
> > > > > On Sat, 17 Dec 2022 10:18:15 +0100, Pascal Stumpf wrote:
> > > > > > A few tweaks:
> > > > > >
> > > > > > * set MAKE_FLAGS so that the build respects CFLAGS
> > > > > > * NO_TESTS = Yes
> > > > > > * add README and endless.rc to the port itself, reformat, turn on
> > > > > > -s per
> > > > > > default (syslog logging)
> > > > > > * add dedicated _endlessh user
> > > > > > * install a default config file into examples and @sample it
> > > > >
> > > > > * correct Nm in endlessh.1
> > > >
> > > > there's an extra patch-Makefile.orig in the tarball and
> > > > pkg/endlessh.rc is executable when it doesn't need to.
> > > >
> > > > ok for me with that fixed.
> > >
> > > Thanks to Pascal and you for the tweaks.
> > >
> > > I have tested the latest revision; works as expected and the changes
> > > seem fine to me. I took the liberty of fixing the last problems Omar
> > > mentioned in the attached port.
> > >
> > > >
> > > >
> > > > in pkg/README I'd say to symlink /etc/rc.d/endlessh to endlessh6
> > > > instead of copying it, less to worry when updating.
> > > >
> > > > If I'm reading it correctly, it can't directly bind to 22 because it
> > > > doesn't start as root, it' would be nice to include an excerpt of the
> > > > pf configuration to redirect the port 22 to 2222.
> > > >
> > > > I'd use a patch instead of perl -pi in post-install to tweak the
> > > > configuration, it's more verbose but it's also more resiliant to
> > > > upstream changes to the file.
> > > >
> > > > Including the diff for user.list in case it comes in handy to who
> > > > would like to test it.
> > > >
> > > > Index: user.list
> > > > ===================================================================
> > > > RCS file: /home/cvs/ports/infrastructure/db/user.list,v
> > > > retrieving revision 1.413
> > > > diff -u -p -r1.413 user.list
> > > > --- user.list 14 Dec 2022 12:09:05 -0000 1.413
> > > > +++ user.list 17 Dec 2022 09:50:27 -0000
> > > > @@ -395,3 +395,4 @@ id user group port
> > > > 884 _iblock _iblock net/iblock
> > > > 885 _mycorrhiza _mycorrhiza www/mycorrhiza
> > > > 886 _eduvpn _eduvpn net/eduvpn
> > > > +887 _endlessh _endlessh net/endlessh
> > > >
> >
> > There is no 1.1 release yet, so better name it 1.1pre20210430 (date of
> > commit).
> >
> > From readme:
> >
> > : If you want to cover both IPv4 and IPv6 you'll need to run *two*
> > instances of
> > : endlessh.
> > :
> > : - copy the endlessh rc script to ${RCDIR}/endlessh6
> > : - copy the config file to ${SYSCONFDIR}/endlessh/config6
> > : - use BindFamily 6 in config6
> > : - in rc.conf.local force endlessh6 to load config6 like so:
> > :
> > : endlessh6_flags=-s -f /etc/endlessh/config6
> > : endlessh_flags=-s
> >
> > No need to tell the user to do this, just provide an endlessh6 rc script
> > with the required daemon_flags. I don't think you need a second config
> > file, just use -6.
> >
> > : Covering more than 128 connections
> > : ==================================
> > :
> > : The defaults in OpenBSD only allow for 128 open file descriptors per
> > process,
> > : so regardless of the MaxClients setting in ${SYSCONFDIR}/endlessh/config
> > : you'll end up with something like 124 clients at the most.
> > : You can increase these limits in ${SYSCONFDIR}/login.conf for endlessh
> > (and
> > : endlessh6) like so:
> > :
> > : endlessh:\
> > : :openfiles=1024:\
> > : :tc=daemon:
> > : endlessh6:\
> > : :openfiles=1024:\
> > : :tc=daemon:
> >
> > Provide pkg/endlessh.login and endless6.login files instead. 1024x2 is
> > a bit high for the default kern.maxfiles, I would suggest not more than
> > 512 for the installed file, users can change it if they need more.
> >
> > Then because it is just using standard OS mechanisms there is no more
> > need for pkg/README.
> >
>
> Thanks for the feedback.
>
> Attached port should contain all the suggestions above.
> Also the pledge() comment was changed to "uses pledge() and unveil()"
>
> portcheck now complains about the two extra *.login files but looking at
> other ports that have those this seems normal:
>
> # /usr/ports/infrastructure/bin/portcheck
> extra file: pkg/endlessh.login
> extra file: pkg/endlessh6.login
> net/endlessh
>
>
> (this time actually reaching the mailinglist...)
As sthen@ said, you can now remove pkg/README. With that fixed, ok
pascal@.
>>> application/octet-stream attachment, name=endlessh.tgz
