On 11/02/2026 19:09, Chaz Kettleson wrote:
On Wed, Feb 11, 2026 at 05:24:05PM +0100, Noth wrote:
On 09/02/2026 14:12, Chaz Kettleson wrote:
On Sun, Feb 01, 2026 at 06:15:22PM -0500, Chaz Kettleson wrote:
On Tue, Jan 20, 2026 at 11:19:37PM -0500, Chaz Kettleson wrote:
On Mon, Jan 19, 2026 at 10:37:48PM -0500, Chaz Kettleson wrote:
On Mon, Jan 19, 2026 at 02:29:48PM -0500, Chaz Kettleson wrote:
On Mon, Jan 19, 2026 at 06:04:35PM +0000, Stuart Henderson wrote:
(to get this to fail, set PORTS_PRIVSEP=Yes in mk.conf, "sudo make
fix-permissions", and make sure user _pbuild is disabled from having
network access in pf.conf "block return log quick proto {tcp udp}
user _pbuild")
I don't suppose it's possible to extract the built web ui pieces
from upstream's hmdm-5.37-install-ubuntu.zip or hmdm-5.37.4-os.war
rather than building them in the port?
Hi Stuart,
I appreciate the quick feedback. Apparently something in my environment
was still online. I'll change to the above so I can observe the failure
and iterate a version 2 with fixes.
I customized the build.properties to set our defaults, but it might be
possible to override them with the Tomcat Context xml and we can take
the WAR wholesale without building anything. I'll investigate this as
well.
Thank you!
--
Chaz
Hi Stuart,
Your instinct was correct. Rather than build our defaults into the WAR,
we can override all of them with the context. As a result, we can use
the upstream WAR and no longer need to build anything.
The attached version 2 now does the following:
1.) Brings in the WAR
2.) Extracts sources to get the template files
3.) Replaces template values with those suitable for OpenBSD and set
with with HMDM_ variables
4.) Patches the context file with an SQL init (this was generated before
from the build.properties but absent in their installed artifacts
because they do the SQL initialization via their install script)
5.) Uses better conventions for share vs share/examples
--
Chaz
Hello,
Please find attached a version 3.
It turns out that when you upload a APK file for distribution to
devices, it attempts to run the 'aapt' command Android Asset Packaging
Tool. Porting this from Linux is a non-starter. However, after looking
at their code, they are only using it to pull package metadata from APKs
to prefill in things like the package id, abi, application name, etc.
I've written a 'fakeappt' that uses a Java library to perform the same
parsing and matched the command line arguments and expected output for
what they are using 'aapt' for. Everything appears to work nicely.
I've added the APK parsing jar as a distfile, compile a small Java
program to do the parsing, patched their 'aapt' path to point to a
script in /usr/local/libexec/hmdm-server/aapt. Everything appears
functionally complete from my testing.
I intend to submit a PR upstream for them to do this parsing in Java
instead of relying on installation of aapt in a Linux environment.
As always, I appreciate any comments/feedback in getting this committed.
--
Chaz
Hello,
I've worked with the upstream devs to remove the 'aapt' requirement and
replace with a Java version.
https://github.com/h-mdm/hmdm-server/issues/124
For now I think this is still good to go from my testing with my
fakeaapt. Once they incorporate that feature I can later update the port
to remove the fakeaapt hack.
OK?
--
Chaz
Hello,
The appt requirement has been removed simplifying the port. There is no
longer a need to carry a 'fakeappt' and no longer anything to build.
Please find attached version 4.
OK?
Hi,
I tested the version attached in mail. Found a missing USER in the
pkg-readme line for adding the user hmdm-user in PSQL:
CREATE hmdm_user WITH PASSWORD 'secret';
should be:
CREATE USER hmdm_user WITH PASSWORD 'secret';
My two cents would be that using createuser and createdb would be better
than the PSQL commands:
createuser -U postgres --pwprompt --no-superuser --createdb --no-createrole
hmdm_user
createdb -U hmdm_user hmdm
Also adding to the pkg-readme that the default login & password are
admin:admin would be great.
Once I got it all set up (only tested with pf rdr-to rule) it all seems to
work, I can generate a QR code. Haven't tried beyond that.
Cheers,
Noth
Thank you for testing this! I've updated the README to fix the PSQL and
noted the default username/password.
v5 is attached. OK?
OK for me, you're welcome!
Cheers,
Noth
