On 2022/12/17 22:36, Michael wrote:
> On Sat, Dec 17, 2022 at 11:06:32AM +0100, Omar Polo wrote:
> > On 2022/12/17 10:41:26 +0100, Pascal Stumpf <pas...@stumpf.co> wrote:
> > > On Sat, 17 Dec 2022 10:18:15 +0100, Pascal Stumpf wrote:
> > > > A few tweaks:
> > > >
> > > > * set MAKE_FLAGS so that the build respects CFLAGS
> > > > * NO_TESTS = Yes
> > > > * add README and endless.rc to the port itself, reformat, turn on -s per
> > > > default (syslog logging)
> > > > * add dedicated _endlessh user
> > > > * install a default config file into examples and @sample it
> > >
> > > * correct Nm in endlessh.1
> >
> > there's an extra patch-Makefile.orig in the tarball and
> > pkg/endlessh.rc is executable when it doesn't need to.
> >
> > ok for me with that fixed.
>
> Thanks to Pascal and you for the tweaks.
>
> I have tested the latest revision; works as expected and the changes
> seem fine to me. I took the liberty of fixing the last problems Omar
> mentioned in the attached port.
>
> >
> >
> > in pkg/README I'd say to symlink /etc/rc.d/endlessh to endlessh6
> > instead of copying it, less to worry when updating.
> >
> > If I'm reading it correctly, it can't directly bind to 22 because it
> > doesn't start as root, it' would be nice to include an excerpt of the
> > pf configuration to redirect the port 22 to 2222.
> >
> > I'd use a patch instead of perl -pi in post-install to tweak the
> > configuration, it's more verbose but it's also more resiliant to
> > upstream changes to the file.
> >
> > Including the diff for user.list in case it comes in handy to who
> > would like to test it.
> >
> > Index: user.list
> > ===================================================================
> > RCS file: /home/cvs/ports/infrastructure/db/user.list,v
> > retrieving revision 1.413
> > diff -u -p -r1.413 user.list
> > --- user.list 14 Dec 2022 12:09:05 -0000 1.413
> > +++ user.list 17 Dec 2022 09:50:27 -0000
> > @@ -395,3 +395,4 @@ id user group port
> > 884 _iblock _iblock net/iblock
> > 885 _mycorrhiza _mycorrhiza www/mycorrhiza
> > 886 _eduvpn _eduvpn net/eduvpn
> > +887 _endlessh _endlessh net/endlessh
> >
There is no 1.1 release yet, so better name it 1.1pre20210430 (date of commit).
>From readme:
: If you want to cover both IPv4 and IPv6 you'll need to run *two* instances of
: endlessh.
:
: - copy the endlessh rc script to ${RCDIR}/endlessh6
: - copy the config file to ${SYSCONFDIR}/endlessh/config6
: - use BindFamily 6 in config6
: - in rc.conf.local force endlessh6 to load config6 like so:
:
: endlessh6_flags=-s -f /etc/endlessh/config6
: endlessh_flags=-s
No need to tell the user to do this, just provide an endlessh6 rc script
with the required daemon_flags. I don't think you need a second config
file, just use -6.
: Covering more than 128 connections
: ==================================
:
: The defaults in OpenBSD only allow for 128 open file descriptors per process,
: so regardless of the MaxClients setting in ${SYSCONFDIR}/endlessh/config
: you'll end up with something like 124 clients at the most.
: You can increase these limits in ${SYSCONFDIR}/login.conf for endlessh (and
: endlessh6) like so:
:
: endlessh:\
: :openfiles=1024:\
: :tc=daemon:
: endlessh6:\
: :openfiles=1024:\
: :tc=daemon:
Provide pkg/endlessh.login and endless6.login files instead. 1024x2 is
a bit high for the default kern.maxfiles, I would suggest not more than
512 for the installed file, users can change it if they need more.
Then because it is just using standard OS mechanisms there is no more
need for pkg/README.
