02.11.2024 20:41, Klemens Nanni пишет:
> 02.11.2024 20:12, Kirill A. Korinsky пишет:
>> Just a side note: I'm working on bringing back ejabberd into OpenBSD world.
>>
>> If it possible I'd like to ask you to keep it.
>
> No problem.
>
> I doubt there's any chance for bluetooth-tools to come back any time soon...
> net/Makefile tells me it was actually unhooked in 2011 rather than 2016,
> when the _sdpd user got commented out.
>
> Feedback? OK?
Ping.
There is no reason to run yggdrasil as root, yet our rc script defaults
to this insecure mode.
_nginx was a no-go, _ejabberd is planning a come-back, so let's try this again.
Would be nice to ship a safe(r) port in 7.7-stable.
OK?
Index: infrastructure/db/user.list
===================================================================
RCS file: /cvs/ports/infrastructure/db/user.list,v
diff -u -p -r1.460 user.list
--- infrastructure/db/user.list 24 Feb 2025 19:19:55 -0000 1.460
+++ infrastructure/db/user.list 2 Mar 2025 10:11:20 -0000
@@ -97,7 +97,7 @@ id user group port
586 _gnugk _gnugk net/gnugk
587 _darkstat _darkstat net/darkstat
588 _dansguardian _dansguardian www/dansguardian
-#589 _sdpd _sdpd net/bluetooth-tools
+589 _yggdrasil _yggdrasil net/yggdrasil-go
590 _smsd _smsd comms/smstools
591 _bacula _bacula sysutils/bacula
592 _imapproxy _imapproxy mail/imapproxy
Index: net/yggdrasil-go/Makefile
===================================================================
RCS file: /cvs/ports/net/yggdrasil-go/Makefile,v
diff -u -p -r1.15 Makefile
--- net/yggdrasil-go/Makefile 21 Dec 2024 14:15:42 -0000 1.15
+++ net/yggdrasil-go/Makefile 16 Mar 2025 16:42:57 -0000
@@ -2,6 +2,7 @@ COMMENT = experimental fully end-to-end
MODGO_MODNAME = github.com/yggdrasil-network/yggdrasil-go
MODGO_VERSION = v0.5.12
+REVISION = 0
DISTNAME = yggdrasil-go-${MODGO_VERSION}
@@ -10,7 +11,7 @@ WRKDIST = ${WRKSRC}
SITES.gh = https://${MODGO_MODNAME}/
# https://github.com/yggdrasil-network/yggdrasil-go/pull/1215
-# pending "Use pledge(2) on OpenBSD"
+# merged "Use pledge(2) on OpenBSD"
PATCHFILES.gh = pledge-{commit/}7a0ed69.patch
PATCH_DIST_STRIP = -p1
Index: net/yggdrasil-go/pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/yggdrasil-go/pkg/PLIST,v
diff -u -p -r1.5 PLIST
--- net/yggdrasil-go/pkg/PLIST 2 Nov 2024 09:26:46 -0000 1.5
+++ net/yggdrasil-go/pkg/PLIST 16 Mar 2025 17:01:50 -0000
@@ -1,4 +1,6 @@
@rcscript ${RCDIR}/yggdrasil
+@newgroup _yggdrasil:589
+@newuser _yggdrasil:589:_yggdrasil::Yggdrasil Daemon:/nonexistent:/sbin/nologin
@bin bin/yggdrasil
@bin bin/yggdrasil-genkeys
@bin bin/yggdrasilctl
Index: net/yggdrasil-go/pkg/yggdrasil.rc
===================================================================
RCS file: /cvs/ports/net/yggdrasil-go/pkg/yggdrasil.rc,v
diff -u -p -r1.3 yggdrasil.rc
--- net/yggdrasil-go/pkg/yggdrasil.rc 2 Nov 2024 09:32:44 -0000 1.3
+++ net/yggdrasil-go/pkg/yggdrasil.rc 16 Mar 2025 16:53:47 -0000
@@ -1,7 +1,7 @@
#!/bin/ksh
daemon="${TRUEPREFIX}/bin/yggdrasil"
-daemon_flags="-logto syslog -useconffile ${SYSCONFDIR}/yggdrasil.conf"
+daemon_flags="-logto syslog -user _yggdrasil -useconffile
${SYSCONFDIR}/yggdrasil.conf"
. /etc/rc.d/rc.subr
