On 2018/02/14 09:02, Vinícius Zavam wrote:
>
>
> 2018-02-13 20:17 GMT+00:00 Vinícius Zavam <egyp...@googlemail.com>:
> >
> >
> >
> > On Feb 13, 2018 16:19, "Stuart Henderson" <s...@spacehopper.org>
> wrote:
> >
> > On 2018/02/13 13:51, Vinícius Zavam wrote:
> > >
>
> formatted version of previously sent email follows // inline.
thanks.
> > > Index: net/dnscrypt-proxy/pkg/PLIST-main
> > > ===================================================================
> > > RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/PLIST-main,v
> > > retrieving revision 1.6
> > > diff -u -p -u -p -r1.6 PLIST-main
> > > --- net/dnscrypt-proxy/pkg/PLIST-main 2 Aug 2017 09:32:40 -0000
> 1.6
> > > +++ net/dnscrypt-proxy/pkg/PLIST-main 13 Feb 2018 13:39:38 -0000
> > > @@ -1,4 +1,5 @@
> > > @comment $OpenBSD: PLIST-main,v 1.6 2017/08/02 09:32:40 giovanni
> Exp $
> > > +@conflict dnscrypt-proxy->1.9.5p3
> > > @newgroup _dnscrypt-proxy:688
> > > @newuser _dnscrypt-proxy:688:_dnscrypt-proxy:daemon:dnscrypt-proxy
> user:/var/empty:/sbin/nologin
> > > @bin bin/hostip
> >
> > IMHO it's better to just update the original port rather than adding
> a
> > new one, I don't think this is enough of a special case to maintain
> both
> > in parallel
> >
>
> we can go for it.
>
> > > Index: net/dnscrypt-proxy2/Makefile
> > > ===================================================================
> > > RCS file: net/dnscrypt-proxy2/Makefile
> > > diff -N net/dnscrypt-proxy2/Makefile
> > > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > > +++ net/dnscrypt-proxy2/Makefile 13 Feb 2018 13:39:38 -0000
> > > @@ -0,0 +1,44 @@
> > > +# $OpenBSD$
> > > +
> > > +COMMENT= Flexible DNS proxy with support for encrypted
> protocols
> >
> > lowercase Flexible -> flexible
> >
> > > +PORTNAME= dnscrypt-proxy
> > > +PORTVERS= 2.0.0
> > > +REVISION= 0
> > > +DISTNAME= ${PORTNAME}-${PORTVERS}
> > > +CATEGORIES= net security
> > > +
> > > +HOMEPAGE= https://dnscrypt.info/
> > > +MAINTAINER= Vinicius Zavam <egyp...@googlemail.com>
> > > +
> > > +GH_ACCOUNT= jedisct1
> > > +GH_PROJECT= ${PORTNAME}
> > > +GH_TAGNAME= ${PORTVERS}
> >
> > please don't use indirection like this PORTNAME/PORTVERS stuff, the
> entire
> > block above should be simply
> >
> > GH_ACCOUNT= jedisct1
> > GH_PROJECT= dnscrypt-proxy
> > GH_TAGNAME= 2.0.0
> >
>
> a lot of people are using V= or R= for similar purposes, so I really
> don't see a thing here.
when the same thing is repeated several times *and* it changes between
versions, then it can be useful to use another variable.
there's no need for it here.
> > CATEGORIES= net security
> >
> > HOMEPAGE= https://dnscrypt.info/
> > MAINTAINER= Vinicius Zavam <egyp...@googlemail.com>
> >
> > > +
> > > +# ISC
> > > +PERMIT_PACKAGE_CDROM= YES
> > > +
> > > +DOCS= README.md
> >
> > set but never used
> >
> > > +
> > > +MODULES= lang/go
> > > +
> > > +TARGET_BASE= github.com/${GH_ACCOUNT}/${GH_PROJECT}
> > > +WRKSRC= ${MODGO_WORKSPACE}/src/${TARGET_BASE}
> > > +ALL_TARGET= ${TARGET_BASE}/${GH_PROJECT}
> >
> > I can't really comment on go ports stuff, it totally confuses me
> >
> > > +post-configure:
> > > + cd ${WRKSRC} && ln -sf vendor src && ln -sf ${WRKSRC}/$
> {GH_PROJECT} src/${TARGET_BASE};
> >
> > GH_PROJECT indirection is hard to read, and you're already cd'd to $
> {WRKSRC}
> > so the second ln doesn't need the ${WRKSRC}, so maybe "... && ln -sf
> > dnscrypt-proxy src/${TARGET_BASE}" ?
> >
>
> Go is... "special" :-( [edit]
>
> > zap trailing ;
> >
>
> it's present in many ports' Makefiles.
it isn't, i saw it used in simh and one other port, both by mistake i think.
it *is* used in some .mk files, but only in variables which are used for
including as part of a make target.
> > > +do-install:
> > > + mkdir -p ${PREFIX}/sbin && \
> > > + ${INSTALL_PROGRAM} ${MODGO_WORKSPACE}/bin/* ${PREFIX}
> /sbin/;
> >
> > don't use mkdir, if you needed to create this directory $
> {INSTALL_PROGRAM_DIR}
> > would be the one, but ${PREFIX}/sbin is already created for you.
> >
>
> I refused to believe the same, but needed to make it this way. trust
> me.
it is not needed.
> > zap trailing ;
>
> dito.
>
> > > +
> > > +post-install:
> > > + mkdir -p ${PREFIX}/etc ${PREFIX}/share/examples/${GH_PROJECT}
> && \
> > > + ${INSTALL_DATA} ${MODGO_WORKSPACE}/src/${TARGET_BASE}/$
> {GH_PROJECT}/example* \
> > > + ${PREFIX}/share/examples/${GH_PROJECT}/ && \
> > > + ${INSTALL_DATA} ${MODGO_WORKSPACE}/src/${TARGET_BASE}/$
> {GH_PROJECT}/example-dnscrypt-proxy.toml \
> > > + ${PREFIX}/etc/dnscrypt-proxy.toml;
> >
> > nothing should be using ${PREFIX}/etc.
> >
> > mkdir -> ${INSTALL_DATA_DIR}
> >
> > GH_PROJECT indirection makes it hard to read, just write
> dnscrypt-proxy
> >
>
> repeat the same thing/string every time? GH_PROJECT *must* be set,
> so... I made use of it. [edit]
you're repeating ${GH_PROJECT} every time, and that's harder to type
and read than dnscrypt-proxy. keep it simple :)
> > trailing ;
>
> dito.
>
> > > + sed -i -e 's,require_dnssec = false,require_dnssec = true,g'
> ${PREFIX}/etc/dnscrypt-proxy.toml;
> > > +
> >
> > just use a normal patch on the input file rather than sed (though why
> > change the default anyway?)
> >
> > ${PREFIX}/etc again
> >
>
> suggestions? it is /usr/local,
OpenBSD doesn't use /usr/local/etc.
> we could just make it practice to be used out of the box; or should one
> copy the config and edit it manually in order to use the service?
@sample is the standard mechanism for this that doesn't break upgrades.
> the thing is running as root; I know.
>
> so, here I would like to ask you: does OpenBSD handles Go daemons in a
> peculiar way, like FreeBSD? [1]
> there's also a port for FreeBSD, if you want to check it. [2]
can't answer this, i haven't had a reason to use FreeBSD for years so
don't know about how their startup system currently works.
> in order to use low ports, using `daemon -u USER` did not do the trick,
> and even the method using `su`
daemons binding to a low port need to start as root, then they normally
setuid to a low privileged user after binding. that's down to the program,
not the startup script.
anyway my updated version is a more solid base, but don't think we
should do anything with it until it supports privdrop.
