I'd use pretty much any other old uid than _nginx as that's one of the more
common ports to install. Just looking at spare numbers showing in the diff,
594/596 are way less common so fewer people will need to mess about with
rmuser.
We need to jump to another uid range quite a way before 1000 (running
backwards 999 998 etc for 'special' users is quite common) but last time I
asked nobody could agree on a new range that didn't cause problems. Would
be handy if they didn't need to be fixed per port (at least for those parts
that don't need specific numbers).
Agreed on pledge/unveil, they at least make review much more difficult.
Showing a list of libc functions called (nm -s) and mapping to pledges made
might help. Probably easier to do post import.
--
Sent from a phone, apologies for poor formatting.
On 14 August 2024 11:14:16 Omar Polo <o...@omarpolo.com> wrote:
On 2024/08/14 12:02:46 +0200, Omar Polo <o...@omarpolo.com> wrote:
Hello,
On 2024/08/11 15:20:32 -0400, Chaz Kettleson <c...@pyr3x.com> wrote:
On Sun, Aug 04, 2024 at 02:23:15PM GMT, Chaz Kettleson wrote:
On Sat, Jul 27, 2024 at 09:11:57AM GMT, c...@pyr3x.com wrote:
On Tue, Jul 23, 2024 at 08:02:08PM GMT, c...@pyr3x.com wrote:
On Tue, Jul 23, 2024 at 07:49:47PM GMT, c...@pyr3x.com wrote:
On Sun, Jul 21, 2024 at 11:35:16AM GMT, c...@pyr3x.com wrote:
> Hello,
>
> Attached is a new port HOPM.
>
> HOPM (Hybrid Open Proxy Monitor) is an open-proxy monitoring bot
> designed to monitor an individual server (all servers on the network
> have to run their own bot if the IRCd does not support the "far
> connect" user mode) with a local operator {} block and monitor
> connections. When a client connects to a server, HOPM will scan the
> connection for insecure proxies. Insecure proxies are determined
> by attempting to connect the proxy back to another host (usually
> the IRC server in question).
>
> HOPM is written ground-up in C language and it is an improved fork
> of BOPM (blitzed open proxy monitor), which is a concept derived
> from wgmon. It improves on wgmon with HTTP support, faster scanning
> (it can scan clients simultaneously), better layout (scalability)
> and DNSBL support.
>
> Looking for comments/feedback/testing to get this committed.
Some nits:
- we can use DIST_TUPLE instead of SITES since upstream doesn't provide
a distribution tarball.
- we can avoid patching the makefile and instead setting `sysconfdir' in
FAKE_FLAGS.
- some of the patches didn't apply, had to regen them.
ops, i typoed the version when moving to DIST_TUPLE, no wonders some
patches failed to apply... Sorry. Attaching now a fixed tarball.
I've added some commentary to the patches and added one to fix the
printing of one time_t.
[...]
> diff --git a/infrastructure/db/user.list b/infrastructure/db/user.list
> index 06bf2693c54..2189f6cd89e 100644
> --- a/infrastructure/db/user.list
> +++ b/infrastructure/db/user.list
> @@ -408,3 +408,4 @@ id user group port
> 897 _croc _croc sysutils/croc
> 898 _icingadb _icingadb net/icinga/icingadb
> 899 _openhab _openhab misc/openhab
> +900 _hopm _hopm net/hopm
- Instead of using 900 we can reuse another UID, I'd prefer not to get
too close to 1000.
cvs blame user.list | awk '/#/{print $3, $7}' | sort -t- -k3
suggests _nginx that was retired in 2012.
Added patches for pledge/unveil.
I'd postpone these for now if you agree. It'll require me more time to
feel confident about these changes, so let's get hopm in the tree and
then add pledge.
I'm attaching an updated tarball and the user.list diff that's ok op@ to
import. I don't run IRCd so can't really test this at runtime, but the
port now looks fine to me.
Index: user.list
===================================================================
RCS file: /home/cvs/ports/infrastructure/db/user.list,v
diff -u -p -r1.446 user.list
--- user.list 16 Jul 2024 20:25:49 -0000 1.446
+++ user.list 14 Aug 2024 09:25:04 -0000
@@ -101,7 +101,7 @@ id user group port
590 _smsd _smsd comms/smstools
591 _bacula _bacula sysutils/bacula
592 _imapproxy _imapproxy mail/imapproxy
-#593 _nginx _nginx www/nginx
+593 _hopm _hopm net/hopm
#594 _ejabberd _ejabberd net/ejabberd
595 _poppassd _poppassd sysutils/openpoppassd
#596 _heartbeat _heartbeat sysutils/heartbeat
