Re: [new] net/zerotier-one
Thanks for taking a look at this! On Wed, Apr 12, 2023, at 15:19, Stuart Henderson wrote: ... > diff below does: ... > - draw more attention to the fairly restrictive license > (they will need to make a new release before the "change date" stuff > can apply, so drop that until it actually happens) That works for me. > It probably also could do with an rc script, and possibly also a > pkg-readme describing basic usage if it's not obvious from upstream > docs (for correct style, base it on the template in > ports/infrastructure/templates). I have an rc script that I need to add. I can add a readme. Aisha mentioned the possibility of running as root, then dropping permissions. I read the source code and permission dropping is not yet implemented for OpenBSD. (It's hiding behind #if defined(__LINUX__).) I don't mind implementing this eventually, but it's not going to happen this month. Thanks for the diff! Troy
Re: [new] net/zerotier-one
On Fri, Apr 7, 2023, at 07:51, A Tammy wrote: >> https://github.com/troyjfarrell/zerotier-one-openbsd-ports > Please attach it as a tarball here. CVS isn't necessary on the mailing > list. Attached. >> Notes: >> - The current version of ZeroTier-One is not (yet) FOSS, but uses the >> Business Source License, so it will become FOSS in a few years. > Is it allowed to distribute it to users as a binary/source package? IANAL, but I believe so. From LICENSE.txt[^1], "the Licensor hereby grants you the right to copy, modify, create derivative works, redistribute, and make non-production use of the Licensed Work," subject to the following restrictions until the "Change Date": - Recipients may not "sell hosted ZeroTier services as a 'SaaS' Product" - Recipients may not "create Non-Open-Source Commercial Derviative Works" - "Certain Government Uses" are restricted I believe that redistribution of binary packages, provided it happens under an Open Source(tm) license ¯\(°_o)/¯, is an acceptable use. [1]: https://raw.githubusercontent.com/zerotier/ZeroTierOne/dev/LICENSE.txt > If it is a daemon, it is generally a good idea for it to have its own > user. The way I understand zerotier is that it would probably need to > be started as root and then it would drop permissions later to its > own user(?), someone can correct me if I am wrong. You can look at the > headscale port for details on how to do that - > https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/headscale/ You are probably right. I believe that it needs access to /dev/tapN, which would require being started as root. Thanks! Troy zerotier-one.tar.gz Description: GNU Zip compressed data
[new] net/zerotier-one
Hello, I'm new here. OpenBSD is one of many platforms that I support, and a customer needs ZeroTier on OpenBSD, so I've taken a shot at packaging it under the name net/zerotier-one. You can find it on GitHub for now. (I know that OpenBSD uses CVS, but I haven't made time to learn that yet.) https://github.com/troyjfarrell/zerotier-one-openbsd-ports Notes: - The current version of ZeroTier-One is not (yet) FOSS, but uses the Business Source License, so it will become FOSS in a few years. - I plan to add an rc.d script soon. - I don't know whether this daemon needs its own user or not. How do I decide that? I'm leaning toward yes, because it puts a secret API token in /var/db/zerotier-one/authtoken.secret, which should probably be accessible by the daemon. Feedback is welcome. Thanks! Troy