On Wed, Feb 11, 2026 at 05:24:05PM +0100, Noth wrote:
>
> On 09/02/2026 14:12, Chaz Kettleson wrote:
> > On Sun, Feb 01, 2026 at 06:15:22PM -0500, Chaz Kettleson wrote:
> > > On Tue, Jan 20, 2026 at 11:19:37PM -0500, Chaz Kettleson wrote:
> > > > On Mon, Jan 19, 2026 at 10:37:48PM -0500, Chaz Kettleson wrote:
> > > > > On Mon, Jan 19, 2026 at 02:29:48PM -0500, Chaz Kettleson wrote:
> > > > > > On Mon, Jan 19, 2026 at 06:04:35PM +0000, Stuart Henderson wrote:
> > > > > > > (to get this to fail, set PORTS_PRIVSEP=Yes in mk.conf, "sudo make
> > > > > > > fix-permissions", and make sure user _pbuild is disabled from
> > > > > > > having
> > > > > > > network access in pf.conf "block return log quick proto {tcp udp}
> > > > > > > user _pbuild")
> > > > > > >
> > > > > > > I don't suppose it's possible to extract the built web ui pieces
> > > > > > > from upstream's hmdm-5.37-install-ubuntu.zip or hmdm-5.37.4-os.war
> > > > > > > rather than building them in the port?
> > > > > > >
> > > > > > >
> > > > > > Hi Stuart,
> > > > > >
> > > > > > I appreciate the quick feedback. Apparently something in my
> > > > > > environment
> > > > > > was still online. I'll change to the above so I can observe the
> > > > > > failure
> > > > > > and iterate a version 2 with fixes.
> > > > > >
> > > > > > I customized the build.properties to set our defaults, but it might
> > > > > > be
> > > > > > possible to override them with the Tomcat Context xml and we can
> > > > > > take
> > > > > > the WAR wholesale without building anything. I'll investigate this
> > > > > > as
> > > > > > well.
> > > > > >
> > > > > > Thank you!
> > > > > >
> > > > > > --
> > > > > > Chaz
> > > > > >
> > > > > Hi Stuart,
> > > > >
> > > > > Your instinct was correct. Rather than build our defaults into the
> > > > > WAR,
> > > > > we can override all of them with the context. As a result, we can use
> > > > > the upstream WAR and no longer need to build anything.
> > > > >
> > > > > The attached version 2 now does the following:
> > > > >
> > > > > 1.) Brings in the WAR
> > > > > 2.) Extracts sources to get the template files
> > > > > 3.) Replaces template values with those suitable for OpenBSD and set
> > > > > with with HMDM_ variables
> > > > > 4.) Patches the context file with an SQL init (this was generated
> > > > > before
> > > > > from the build.properties but absent in their installed artifacts
> > > > > because they do the SQL initialization via their install script)
> > > > > 5.) Uses better conventions for share vs share/examples
> > > > >
> > > > > --
> > > > > Chaz
> > > > Hello,
> > > >
> > > > Please find attached a version 3.
> > > >
> > > > It turns out that when you upload a APK file for distribution to
> > > > devices, it attempts to run the 'aapt' command Android Asset Packaging
> > > > Tool. Porting this from Linux is a non-starter. However, after looking
> > > > at their code, they are only using it to pull package metadata from APKs
> > > > to prefill in things like the package id, abi, application name, etc.
> > > >
> > > > I've written a 'fakeappt' that uses a Java library to perform the same
> > > > parsing and matched the command line arguments and expected output for
> > > > what they are using 'aapt' for. Everything appears to work nicely.
> > > >
> > > > I've added the APK parsing jar as a distfile, compile a small Java
> > > > program to do the parsing, patched their 'aapt' path to point to a
> > > > script in /usr/local/libexec/hmdm-server/aapt. Everything appears
> > > > functionally complete from my testing.
> > > >
> > > > I intend to submit a PR upstream for them to do this parsing in Java
> > > > instead of relying on installation of aapt in a Linux environment.
> > > >
> > > > As always, I appreciate any comments/feedback in getting this committed.
> > > >
> > > > --
> > > > Chaz
> > > Hello,
> > >
> > > I've worked with the upstream devs to remove the 'aapt' requirement and
> > > replace with a Java version.
> > >
> > > https://github.com/h-mdm/hmdm-server/issues/124
> > >
> > > For now I think this is still good to go from my testing with my
> > > fakeaapt. Once they incorporate that feature I can later update the port
> > > to remove the fakeaapt hack.
> > >
> > > OK?
> > >
> > > --
> > > Chaz
> > Hello,
> >
> > The appt requirement has been removed simplifying the port. There is no
> > longer a need to carry a 'fakeappt' and no longer anything to build.
> >
> > Please find attached version 4.
> >
> > OK?
>
> Hi,
>
> I tested the version attached in mail. Found a missing USER in the
> pkg-readme line for adding the user hmdm-user in PSQL:
>
> CREATE hmdm_user WITH PASSWORD 'secret';
>
> should be:
>
> CREATE USER hmdm_user WITH PASSWORD 'secret';
>
> My two cents would be that using createuser and createdb would be better
> than the PSQL commands:
>
> createuser -U postgres --pwprompt --no-superuser --createdb --no-createrole
> hmdm_user
>
> createdb -U hmdm_user hmdm
>
> Also adding to the pkg-readme that the default login & password are
> admin:admin would be great.
>
> Once I got it all set up (only tested with pf rdr-to rule) it all seems to
> work, I can generate a QR code. Haven't tried beyond that.
>
> Cheers,
>
> Noth
> Thank you for testing this! I've updated the README to fix the PSQL and noted the default username/password. v5 is attached. OK? -- Chaz
hmdm-server_v5.tgz
Description: application/gtar-compressed
