On Sun, Dec 18, 2022 at 11:55:12AM +0000, Stuart Henderson wrote:
> On 2022/12/17 22:36, Michael wrote:
> > On Sat, Dec 17, 2022 at 11:06:32AM +0100, Omar Polo wrote:
> > > On 2022/12/17 10:41:26 +0100, Pascal Stumpf <pas...@stumpf.co> wrote:
> > > > On Sat, 17 Dec 2022 10:18:15 +0100, Pascal Stumpf wrote:
> > > > > A few tweaks:
> > > > >
> > > > > * set MAKE_FLAGS so that the build respects CFLAGS
> > > > > * NO_TESTS = Yes
> > > > > * add README and endless.rc to the port itself, reformat, turn on -s
> > > > > per
> > > > > default (syslog logging)
> > > > > * add dedicated _endlessh user
> > > > > * install a default config file into examples and @sample it
> > > >
> > > > * correct Nm in endlessh.1
> > >
> > > there's an extra patch-Makefile.orig in the tarball and
> > > pkg/endlessh.rc is executable when it doesn't need to.
> > >
> > > ok for me with that fixed.
> >
> > Thanks to Pascal and you for the tweaks.
> >
> > I have tested the latest revision; works as expected and the changes
> > seem fine to me. I took the liberty of fixing the last problems Omar
> > mentioned in the attached port.
> >
> > >
> > >
> > > in pkg/README I'd say to symlink /etc/rc.d/endlessh to endlessh6
> > > instead of copying it, less to worry when updating.
> > >
> > > If I'm reading it correctly, it can't directly bind to 22 because it
> > > doesn't start as root, it' would be nice to include an excerpt of the
> > > pf configuration to redirect the port 22 to 2222.
> > >
> > > I'd use a patch instead of perl -pi in post-install to tweak the
> > > configuration, it's more verbose but it's also more resiliant to
> > > upstream changes to the file.
> > >
> > > Including the diff for user.list in case it comes in handy to who
> > > would like to test it.
> > >
> > > Index: user.list
> > > ===================================================================
> > > RCS file: /home/cvs/ports/infrastructure/db/user.list,v
> > > retrieving revision 1.413
> > > diff -u -p -r1.413 user.list
> > > --- user.list 14 Dec 2022 12:09:05 -0000 1.413
> > > +++ user.list 17 Dec 2022 09:50:27 -0000
> > > @@ -395,3 +395,4 @@ id user group port
> > > 884 _iblock _iblock net/iblock
> > > 885 _mycorrhiza _mycorrhiza www/mycorrhiza
> > > 886 _eduvpn _eduvpn net/eduvpn
> > > +887 _endlessh _endlessh net/endlessh
> > >
>
> There is no 1.1 release yet, so better name it 1.1pre20210430 (date of
> commit).
>
> From readme:
>
> : If you want to cover both IPv4 and IPv6 you'll need to run *two* instances
> of
> : endlessh.
> :
> : - copy the endlessh rc script to ${RCDIR}/endlessh6
> : - copy the config file to ${SYSCONFDIR}/endlessh/config6
> : - use BindFamily 6 in config6
> : - in rc.conf.local force endlessh6 to load config6 like so:
> :
> : endlessh6_flags=-s -f /etc/endlessh/config6
> : endlessh_flags=-s
>
> No need to tell the user to do this, just provide an endlessh6 rc script
> with the required daemon_flags. I don't think you need a second config
> file, just use -6.
>
> : Covering more than 128 connections
> : ==================================
> :
> : The defaults in OpenBSD only allow for 128 open file descriptors per
> process,
> : so regardless of the MaxClients setting in ${SYSCONFDIR}/endlessh/config
> : you'll end up with something like 124 clients at the most.
> : You can increase these limits in ${SYSCONFDIR}/login.conf for endlessh (and
> : endlessh6) like so:
> :
> : endlessh:\
> : :openfiles=1024:\
> : :tc=daemon:
> : endlessh6:\
> : :openfiles=1024:\
> : :tc=daemon:
>
> Provide pkg/endlessh.login and endless6.login files instead. 1024x2 is
> a bit high for the default kern.maxfiles, I would suggest not more than
> 512 for the installed file, users can change it if they need more.
>
> Then because it is just using standard OS mechanisms there is no more
> need for pkg/README.
> Thanks for the feedback. Attached port should contain all the suggestions above. Also the pledge() comment was changed to "uses pledge() and unveil()" portcheck now complains about the two extra *.login files but looking at other ports that have those this seems normal: # /usr/ports/infrastructure/bin/portcheck extra file: pkg/endlessh.login extra file: pkg/endlessh6.login net/endlessh (this time actually reaching the mailinglist...)
endlessh.tgz
Description: Binary data
