On Wed, Feb 11, 2026 at 07:49:22PM +0100, Noth wrote:
>
> On 11/02/2026 19:09, Chaz Kettleson wrote:
> > On Wed, Feb 11, 2026 at 05:24:05PM +0100, Noth wrote:
> > > On 09/02/2026 14:12, Chaz Kettleson wrote:
> > > > On Sun, Feb 01, 2026 at 06:15:22PM -0500, Chaz Kettleson wrote:
> > > > > On Tue, Jan 20, 2026 at 11:19:37PM -0500, Chaz Kettleson wrote:
> > > > > > On Mon, Jan 19, 2026 at 10:37:48PM -0500, Chaz Kettleson wrote:
> > > > > > > On Mon, Jan 19, 2026 at 02:29:48PM -0500, Chaz Kettleson wrote:
> > > > > > > > On Mon, Jan 19, 2026 at 06:04:35PM +0000, Stuart Henderson
> > > > > > > > wrote:
> > > > > > > > > (to get this to fail, set PORTS_PRIVSEP=Yes in mk.conf, "sudo
> > > > > > > > > make
> > > > > > > > > fix-permissions", and make sure user _pbuild is disabled from
> > > > > > > > > having
> > > > > > > > > network access in pf.conf "block return log quick proto {tcp
> > > > > > > > > udp}
> > > > > > > > > user _pbuild")
> > > > > > > > >
> > > > > > > > > I don't suppose it's possible to extract the built web ui
> > > > > > > > > pieces
> > > > > > > > > from upstream's hmdm-5.37-install-ubuntu.zip or
> > > > > > > > > hmdm-5.37.4-os.war
> > > > > > > > > rather than building them in the port?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > Hi Stuart,
> > > > > > > >
> > > > > > > > I appreciate the quick feedback. Apparently something in my
> > > > > > > > environment
> > > > > > > > was still online. I'll change to the above so I can observe the
> > > > > > > > failure
> > > > > > > > and iterate a version 2 with fixes.
> > > > > > > >
> > > > > > > > I customized the build.properties to set our defaults, but it
> > > > > > > > might be
> > > > > > > > possible to override them with the Tomcat Context xml and we
> > > > > > > > can take
> > > > > > > > the WAR wholesale without building anything. I'll investigate
> > > > > > > > this as
> > > > > > > > well.
> > > > > > > >
> > > > > > > > Thank you!
> > > > > > > >
> > > > > > > > --
> > > > > > > > Chaz
> > > > > > > >
> > > > > > > Hi Stuart,
> > > > > > >
> > > > > > > Your instinct was correct. Rather than build our defaults into
> > > > > > > the WAR,
> > > > > > > we can override all of them with the context. As a result, we can
> > > > > > > use
> > > > > > > the upstream WAR and no longer need to build anything.
> > > > > > >
> > > > > > > The attached version 2 now does the following:
> > > > > > >
> > > > > > > 1.) Brings in the WAR
> > > > > > > 2.) Extracts sources to get the template files
> > > > > > > 3.) Replaces template values with those suitable for OpenBSD and
> > > > > > > set
> > > > > > > with with HMDM_ variables
> > > > > > > 4.) Patches the context file with an SQL init (this was generated
> > > > > > > before
> > > > > > > from the build.properties but absent in their installed artifacts
> > > > > > > because they do the SQL initialization via their install script)
> > > > > > > 5.) Uses better conventions for share vs share/examples
> > > > > > >
> > > > > > > --
> > > > > > > Chaz
> > > > > > Hello,
> > > > > >
> > > > > > Please find attached a version 3.
> > > > > >
> > > > > > It turns out that when you upload a APK file for distribution to
> > > > > > devices, it attempts to run the 'aapt' command Android Asset
> > > > > > Packaging
> > > > > > Tool. Porting this from Linux is a non-starter. However, after
> > > > > > looking
> > > > > > at their code, they are only using it to pull package metadata from
> > > > > > APKs
> > > > > > to prefill in things like the package id, abi, application name,
> > > > > > etc.
> > > > > >
> > > > > > I've written a 'fakeappt' that uses a Java library to perform the
> > > > > > same
> > > > > > parsing and matched the command line arguments and expected output
> > > > > > for
> > > > > > what they are using 'aapt' for. Everything appears to work nicely.
> > > > > >
> > > > > > I've added the APK parsing jar as a distfile, compile a small Java
> > > > > > program to do the parsing, patched their 'aapt' path to point to a
> > > > > > script in /usr/local/libexec/hmdm-server/aapt. Everything appears
> > > > > > functionally complete from my testing.
> > > > > >
> > > > > > I intend to submit a PR upstream for them to do this parsing in Java
> > > > > > instead of relying on installation of aapt in a Linux environment.
> > > > > >
> > > > > > As always, I appreciate any comments/feedback in getting this
> > > > > > committed.
> > > > > >
> > > > > > --
> > > > > > Chaz
> > > > > Hello,
> > > > >
> > > > > I've worked with the upstream devs to remove the 'aapt' requirement
> > > > > and
> > > > > replace with a Java version.
> > > > >
> > > > > https://github.com/h-mdm/hmdm-server/issues/124
> > > > >
> > > > > For now I think this is still good to go from my testing with my
> > > > > fakeaapt. Once they incorporate that feature I can later update the
> > > > > port
> > > > > to remove the fakeaapt hack.
> > > > >
> > > > > OK?
> > > > >
> > > > > --
> > > > > Chaz
> > > > Hello,
> > > >
> > > > The appt requirement has been removed simplifying the port. There is no
> > > > longer a need to carry a 'fakeappt' and no longer anything to build.
> > > >
> > > > Please find attached version 4.
> > > >
> > > > OK?
> > > Hi,
> > >
> > > I tested the version attached in mail. Found a missing USER in the
> > > pkg-readme line for adding the user hmdm-user in PSQL:
> > >
> > > CREATE hmdm_user WITH PASSWORD 'secret';
> > >
> > > should be:
> > >
> > > CREATE USER hmdm_user WITH PASSWORD 'secret';
> > >
> > > My two cents would be that using createuser and createdb would be better
> > > than the PSQL commands:
> > >
> > > createuser -U postgres --pwprompt --no-superuser --createdb
> > > --no-createrole
> > > hmdm_user
> > >
> > > createdb -U hmdm_user hmdm
> > >
> > > Also adding to the pkg-readme that the default login & password are
> > > admin:admin would be great.
> > >
> > > Once I got it all set up (only tested with pf rdr-to rule) it all seems to
> > > work, I can generate a QR code. Haven't tried beyond that.
> > >
> > > Cheers,
> > >
> > > Noth
> > >
> > Thank you for testing this! I've updated the README to fix the PSQL and
> > noted the default username/password.
> >
> > v5 is attached. OK?
>
> OK for me, you're welcome!
>
> Cheers,
>
> Noth
>
ping
--
Chaz
