Are there any productivity/taskd users around? taskd is the sync server for taskwarrior.
Please note I'm not looking for OKs to commit this yet, I'm just looking for feedback from users and porters. I think this still needs some work before it's ready to be committed. Below is a diff that updates taskd to the latest release, v1.1.0. Most of it is straightforward: * Most of our patches were accepted upstream (although apparently with some slight modifications) so they go away * I ported the changes from productivity/taskwarrior to use our libc's uuid functions so the sysutils/e2fsprogs dependency goes away (which was the main reason I started looking at this in the first place...) * The changes to file/config remove a duplicate log line, remove the client.allow config (see: http://taskwarrior.org/docs/taskserver/upgrade.html) add strict certificate validation, and only listen on the loopback interface by default (note that taskd no longer supports the wildcard so the previous value caused an error) Everything seems to be working with these changes. I have successfully tested sync'ing locally using the taskwarrior package, and I have tested sync'ing remotely from a Linux box. There are three things I'm struggling with: * The pki/ scripts included with taskd just don't seem to work, but I'm not sure if it's a problem with the scripts themselves or our version of GNUTLS. In particular, they generate certs that fail validation (on the client side I get an error message "certificate signer constraints were violated," and on the server side I get an error message "error in pull function). I had to manually generate all of the certificates myself using a newer version of GNUTLS on a Linux box. Should we patch them to get something that works on OpenBSD, provide our own alternatives, or tell users how to manually do everything themselves in pkg/README? * The trust=strict in files/config is the recommended setting and makes the most sense to me, but in light of the problems with the pki/ scripts I wonder if perhaps we would want to relax cert validation? The third thing is that based on whatever we decide to do about the other two things we'll need to show some love to pkg/README. I haven't even started thinking about that yet because I wanted to get other opinions about the first two issues. Thoughts? Comments? Questions? Obscenities? ;) Index: Makefile =================================================================== RCS file: /work/cvsroot/ports/productivity/taskd/Makefile,v retrieving revision 1.4 diff -p -u -r1.4 Makefile --- Makefile 25 Aug 2015 07:30:30 -0000 1.4 +++ Makefile 10 Nov 2015 22:20:31 -0000 @@ -2,9 +2,8 @@ COMMENT = lightweight server providing access to task data -DISTNAME = taskd-1.0.0 +DISTNAME = taskd-1.1.0 CATEGORIES = productivity net -REVISION = 1 HOMEPAGE = http://www.taskwarrior.org/ @@ -13,12 +12,15 @@ MASTER_SITES = ${HOMEPAGE}/download/ # MIT PERMIT_PACKAGE_CDROM = Yes -MODULES = devel/cmake +MODULES = gcc4 \ + devel/cmake -WANTLIB += c gnutls m pthread stdc++ uuid +MODGCC4_LANGS = c++ +MODGCC4_ARCHS = * -LIB_DEPENDS = security/gnutls \ - sysutils/e2fsprogs>=1.42.7 +WANTLIB += c gnutls m pthread + +LIB_DEPENDS = security/gnutls CONFIGURE_STYLE = cmake @@ -33,10 +35,13 @@ NO_TEST = Yes post-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/taskd/pki/ - ${INSTALL_SCRIPT} ${WRKSRC}/pki/!(*.orig) \ + ${INSTALL_SCRIPT} ${WRKSRC}/pki/generate!(*.orig) \ + ${PREFIX}/share/examples/taskd/pki/ + ${INSTALL_DATA} ${WRKSRC}/pki/README \ ${PREFIX}/share/examples/taskd/pki/ + ${INSTALL_DATA} ${WRKSRC}/pki/vars \ + ${PREFIX}/share/examples/taskd/pki/vars.example ${SUBST_DATA} ${FILESDIR}/config \ ${PREFIX}/share/examples/taskd/config - ${INSTALL_DATA} ${FILESDIR}/vars.dist ${PREFIX}/share/examples/taskd/pki/ .include <bsd.port.mk> Index: distinfo =================================================================== RCS file: /work/cvsroot/ports/productivity/taskd/distinfo,v retrieving revision 1.1.1.1 diff -p -u -r1.1.1.1 distinfo --- distinfo 12 Jul 2014 22:08:35 -0000 1.1.1.1 +++ distinfo 10 Nov 2015 21:12:00 -0000 @@ -1,2 +1,2 @@ -SHA256 (taskd-1.0.0.tar.gz) = Fi7x7sSPgUWHDvDb4BIbeKbamYFbwYr3feB/uwq+AtA= -SIZE (taskd-1.0.0.tar.gz) = 128191 +SHA256 (taskd-1.1.0.tar.gz) = e4SI5oeXGuVnKf9OLlIJ/4gGz4zVdxi/1+UhvhMGIbQ= +SIZE (taskd-1.1.0.tar.gz) = 120115 Index: files/config =================================================================== RCS file: /work/cvsroot/ports/productivity/taskd/files/config,v retrieving revision 1.1.1.1 diff -p -u -r1.1.1.1 config --- files/config 12 Jul 2014 22:08:35 -0000 1.1.1.1 +++ files/config 14 Jan 2016 19:56:20 -0000 @@ -1,12 +1,12 @@ confirmation=1 extensions=${TRUEPREFIX}/libexec/taskd log=/var/log/taskd/taskd.log -log=/var/log/taskd/taskd.log pid.file=/var/run/taskd/taskd.pid queue.size=10 request.limit=1048576 root=/var/taskd -server=*:53589 +server=127.0.0.1:53589 +trust=strict verbose=1 client.cert=/var/taskd/client.cert.pem client.key=/var/taskd/client.key.pem @@ -14,4 +14,3 @@ server.cert=/var/taskd/server.cert.pem server.key=/var/taskd/server.key.pem server.crl=/var/taskd/server.crl.pem ca.cert=/var/taskd/ca.cert.pem -client.allow=^task [2-9] Index: files/vars.dist =================================================================== RCS file: files/vars.dist diff -N files/vars.dist --- files/vars.dist 12 Jul 2014 22:08:35 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,9 +0,0 @@ -#dnsnames="example.com example.net" -#ipaddrs="10.11.12.13 10.20.30.40" -bits=4096 -expiration_days=365 -organization="Göteborg Bit Factory" -cn="Göteborg Bit Factory" -country=SE -state="Västra Götaland" -locality="Göteborg" Index: patches/patch-CMakeLists_txt =================================================================== RCS file: patches/patch-CMakeLists_txt diff -N patches/patch-CMakeLists_txt --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-CMakeLists_txt 10 Nov 2015 21:48:36 -0000 @@ -0,0 +1,25 @@ +$OpenBSD$ +--- CMakeLists.txt.orig Tue Nov 10 15:44:28 2015 ++++ CMakeLists.txt Tue Nov 10 15:44:54 2015 +@@ -115,10 +115,10 @@ if (GNUTLS_FOUND) + endif (GNUTLS_FOUND) + + message ("-- Looking for libuuid") +-if (DARWIN OR FREEBSD) ++if (DARWIN OR FREEBSD OR OPENBSD) + # Apple and FreeBSD include the uuid functions in their libc, rather than libuuid + check_function_exists (uuid_unparse_lower HAVE_UUID_UNPARSE_LOWER) +-else (DARWIN OR FREEBSD) ++else (DARWIN OR FREEBSD OR OPENBSD) + find_path (UUID_INCLUDE_DIR uuid/uuid.h) + find_library (UUID_LIBRARY NAMES uuid) + if (UUID_INCLUDE_DIR AND UUID_LIBRARY) +@@ -131,7 +131,7 @@ else (DARWIN OR FREEBSD) + else (UUID_INCLUDE_DIR AND UUID_LIBRARY) + message (FATAL_ERROR "-- libuuid not found.") + endif (UUID_INCLUDE_DIR AND UUID_LIBRARY) +-endif (DARWIN OR FREEBSD) ++endif (DARWIN OR FREEBSD OR OPENBSD) + + if (HAVE_UUID_UNPARSE_LOWER) + message ("-- Found libuuid") Index: patches/patch-pki_README =================================================================== RCS file: /work/cvsroot/ports/productivity/taskd/patches/patch-pki_README,v retrieving revision 1.1.1.1 diff -p -u -r1.1.1.1 patch-pki_README --- patches/patch-pki_README 12 Jul 2014 22:08:35 -0000 1.1.1.1 +++ patches/patch-pki_README 10 Nov 2015 21:35:18 -0000 @@ -1,6 +1,6 @@ $OpenBSD: patch-pki_README,v 1.1.1.1 2014/07/12 22:08:35 landry Exp $ ---- pki/README.orig Fri Jun 20 22:26:36 2014 -+++ pki/README Fri Jun 20 22:27:24 2014 +--- pki/README.orig Sun May 10 16:35:22 2015 ++++ pki/README Tue Nov 10 15:35:03 2015 @@ -21,7 +21,7 @@ and cert will not be trusted by anyone, for good reaso Note, you can inspect any cert with the command: @@ -10,3 +10,10 @@ $OpenBSD: patch-pki_README,v 1.1.1.1 201 There is a 'generate' script here that will perform the above steps. Take a look at it to see the individual steps it takes to generate the proper set of +@@ -32,5 +32,5 @@ chosen parameters. + + VAlidate a certificate with: + +- $ gnutls-certtool --verify --infile client.cert.pem --load-ca-certificate ca.cert.pem ++ $ certtool --verify --infile client.cert.pem --load-ca-certificate ca.cert.pem + Index: patches/patch-pki_generate =================================================================== RCS file: patches/patch-pki_generate diff -N patches/patch-pki_generate --- patches/patch-pki_generate 12 Jul 2014 22:08:35 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,9 +0,0 @@ -$OpenBSD: patch-pki_generate,v 1.1.1.1 2014/07/12 22:08:35 landry Exp $ ---- pki/generate.orig Fri Jun 20 22:26:36 2014 -+++ pki/generate Fri Jun 20 21:52:57 2014 -@@ -1,4 +1,4 @@ --#!/bin/bash -+#!/bin/sh - - # For a public or production server, purchase a cert from a known CA, and skip - # the next step. Index: patches/patch-pki_generate_ca =================================================================== RCS file: patches/patch-pki_generate_ca diff -N patches/patch-pki_generate_ca --- patches/patch-pki_generate_ca 12 Jul 2014 22:08:35 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,41 +0,0 @@ -$OpenBSD: patch-pki_generate_ca,v 1.1.1.1 2014/07/12 22:08:35 landry Exp $ ---- pki/generate.ca.orig Fri Jun 20 22:26:36 2014 -+++ pki/generate.ca Fri Jun 20 21:59:50 2014 -@@ -1,27 +1,30 @@ --#!/bin/bash -+#!/bin/sh - - # Take the correct binary to create the certificates --CERTTOOL=$(which gnutls-certtool || which certtool) -+CERTTOOL=$(which certtool) - if [[ -z "${CERTTOOL}" ]] - then - echo "ERROR: No certtool found" >&2 - exit 1 - fi - -+. ./vars -+ - # Create a CA key. - ${CERTTOOL} \ - --generate-privkey \ -+ --bits=$bits \ - --outfile ca.key.pem - - chmod 600 ca.key.pem - - # Sign a CA cert. - cat <<EOF >ca.info --organization = Göteborg Bit Factory --cn = Göteborg Bit Factory --country = SE --state = Västra Götaland --locality = Göteborg -+organization = $organization -+cn = $cn -+country = $country -+state = $state -+locality = $locality - ca - cert_signing_key - EOF Index: patches/patch-pki_generate_client =================================================================== RCS file: patches/patch-pki_generate_client diff -N patches/patch-pki_generate_client --- patches/patch-pki_generate_client 12 Jul 2014 22:08:35 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,39 +0,0 @@ -$OpenBSD: patch-pki_generate_client,v 1.1.1.1 2014/07/12 22:08:35 landry Exp $ ---- pki/generate.client.orig Fri Jun 20 22:26:36 2014 -+++ pki/generate.client Fri Jun 20 22:00:23 2014 -@@ -1,4 +1,4 @@ --#!/bin/bash -+#!/bin/sh - - NAME=client - if [ $# -gt 0 ] ; then -@@ -6,23 +6,26 @@ if [ $# -gt 0 ] ; then - fi - - # Take the correct binary to create the certificates --CERTTOOL=$(which gnutls-certtool || which certtool) -+CERTTOOL=$(which certtool) - if [[ -z "${CERTTOOL}" ]] - then - echo "ERROR: No certtool found" >&2 - exit 1 - fi - -+. ./vars -+ - # Create a client key. - ${CERTTOOL} \ - --generate-privkey \ -+ --bits=$bits \ - --outfile ${NAME}.key.pem - - # Sign a client cert with the key. - chmod 600 ${NAME}.key.pem - cat <<EOF >client.info --organization = Göteborg Bit Factory --cn = Göteborg Bit Factory -+organization = $organization -+cn = $cn - tls_www_client - encryption_key - signing_key Index: patches/patch-pki_generate_crl =================================================================== RCS file: patches/patch-pki_generate_crl diff -N patches/patch-pki_generate_crl --- patches/patch-pki_generate_crl 12 Jul 2014 22:08:35 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,21 +0,0 @@ -$OpenBSD: patch-pki_generate_crl,v 1.1.1.1 2014/07/12 22:08:35 landry Exp $ ---- pki/generate.crl.orig Fri Jun 20 22:26:36 2014 -+++ pki/generate.crl Fri Jun 20 22:00:47 2014 -@@ -1,12 +1,14 @@ --#!/bin/bash -+#!/bin/sh - -+. ./vars -+ - # CRL - Certificate Revocation List - cat <<EOF >crl.info --expiration_days = 365 -+expiration_days = $expiration_days - EOF - - # Take the correct binary to create the certificates --CERTTOOL=$(which gnutls-certtool || which certtool) -+CERTTOOL=$(which certtool) - if [[ -z "${CERTTOOL}" ]] - then - echo "ERROR: No certtool found" >&2 Index: patches/patch-pki_generate_server =================================================================== RCS file: patches/patch-pki_generate_server diff -N patches/patch-pki_generate_server --- patches/patch-pki_generate_server 12 Jul 2014 22:08:35 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,48 +0,0 @@ -$OpenBSD: patch-pki_generate_server,v 1.1.1.1 2014/07/12 22:08:35 landry Exp $ ---- pki/generate.server.orig Wed Jan 15 23:47:49 2014 -+++ pki/generate.server Tue Jun 24 11:25:44 2014 -@@ -1,26 +1,38 @@ --#!/bin/bash -+#!/bin/sh - - # Take the correct binary to create the certificates --CERTTOOL=$(which gnutls-certtool || which certtool) -+CERTTOOL=$(which certtool) - if [[ -z "${CERTTOOL}" ]] - then - echo "ERROR: No certtool found" >&2 - exit 1 - fi - -+dnsnames="`hostname`" -+ipaddrs=$(for ip in `ifconfig -A | awk '/inet/ {print $2}' | egrep -v '(^::1$|^fe80:|^127\.)'` ; do -+ echo -n "$ip " -+done) -+ -+. ./vars -+ - # Create a server key. - ${CERTTOOL} \ - --generate-privkey \ -+ --bits=$bits \ - --outfile server.key.pem - - chmod 600 server.key.pem - - # Sign a server cert using the key. - cat <<EOF >server.info --organization = Göteborg Bit Factory --cn = Göteborg Bit Factory --dns_name = "tasktools.org" --ip_address = "97.107.141.107" -+organization = $organization -+cn = $cn -+$(for host in $dnsnames ; do -+ echo dns_name = $host -+done) -+$(for ip in $ipaddrs ; do -+ echo ip_address = $ip -+done) - tls_www_server - encryption_key - signing_key Index: patches/patch-src_util_cpp =================================================================== RCS file: patches/patch-src_util_cpp diff -N patches/patch-src_util_cpp --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_util_cpp 10 Nov 2015 21:48:30 -0000 @@ -0,0 +1,12 @@ +$OpenBSD$ +--- src/util.cpp.orig Tue Nov 10 15:46:44 2015 ++++ src/util.cpp Tue Nov 10 15:47:54 2015 +@@ -136,7 +136,7 @@ int autoComplete ( + // representation is always lowercase anyway. + // For the implementation details, refer to + // http://svnweb.freebsd.org/base/head/sys/kern/kern_uuid.c +-#ifdef FREEBSD ++#if defined(FREEBSD) || defined(OPENBSD) + const std::string uuid () + { + uuid_t id; Index: patches/patch-src_util_h =================================================================== RCS file: patches/patch-src_util_h diff -N patches/patch-src_util_h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_util_h 10 Nov 2015 21:48:27 -0000 @@ -0,0 +1,12 @@ +$OpenBSD$ +--- src/util.h.orig Tue Nov 10 15:46:30 2015 ++++ src/util.h Tue Nov 10 15:45:58 2015 +@@ -29,7 +29,7 @@ + + #include <string> + #include <vector> +-#ifdef FREEBSD ++#if defined(FREEBSD) || defined(OPENBSD) + #include <uuid.h> + #else + #include <uuid/uuid.h> Index: pkg/PLIST =================================================================== RCS file: /work/cvsroot/ports/productivity/taskd/pkg/PLIST,v retrieving revision 1.2 diff -p -u -r1.2 PLIST --- pkg/PLIST 25 Aug 2015 07:30:30 -0000 1.2 +++ pkg/PLIST 13 Jan 2016 21:37:19 -0000 @@ -8,6 +8,7 @@ @group _taskd @sample /var/taskd/ @sample /var/log/taskd/ +@sample /var/run/taskd/ @mode 0700 @sample /var/taskd/orgs/ @mode @@ -16,6 +17,7 @@ @bin bin/taskd bin/taskdctl @man man/man1/taskd.1 +@man man/man1/taskdctl.1 @man man/man5/taskdrc.5 share/examples/taskd/ share/examples/taskd/config @@ -34,7 +36,7 @@ share/examples/taskd/pki/generate.ca share/examples/taskd/pki/generate.client share/examples/taskd/pki/generate.crl share/examples/taskd/pki/generate.server -share/examples/taskd/pki/vars.dist +share/examples/taskd/pki/vars.example @sample share/examples/taskd/pki/vars share/taskd/ share/taskd/AUTHORS
