On Wed, Jun 03, 2020 at 08:12:48PM -0500, Lucas Raab wrote:
> On Wed, Jun 03, 2020 at 07:06:28AM -0500, Lucas Raab wrote:
> > On Wed, Jun 03, 2020 at 12:56:00PM +0100, Stuart Henderson wrote:
> > > On 2020/06/03 06:02, Lucas Raab wrote:
> > > > On Wed, Jun 03, 2020 at 08:19:40AM +0200, Landry Breuil wrote:
> > > > > On Tue, Jun 02, 2020 at 05:01:06PM -0500, Lucas Raab wrote:
> > > > > > Hello,
> > > > > >
> > > > > > Here are three new ports, two deps, and the one piece de resistance,
> > > > > > web2ldap.
<snip>
> > > Rather than putting files in share/examples/web2ldap/templates and
> > > @sample'ing them across, another option is to put them in
> > > share/web2ldap/templates and installing a symlink at pkg_add time,
> > > something like this should work (untested):
> > >
> > > @exec-add [ -e ${SYSCONFDIR}/web2ldap ] || ln -s
> > > %D/share/web2ldap/templates ${SYSCONFDIR}/web2ldap/
> > >
> > > That allows using the templates directory by default, but still
> > > allows pointing the link elsewhere if you want to customise them.
> > >
> > > tls/ca-bundle.pem should just use the system file instead,
> > > /etc/ssl/cert.pem (_don't_ use ${SYSCONFDIR} for that one).
> >
> > Got it, I'll give that a whirl. Thanks!
> >
> > >
> > > > > - instead of using 'nobody', create a new separate user for the
> > > > > daemon,
> > > > > look for examples in other ports' PLIST (@newuser/@newgroup, +
> > > > > db/user.list line)
> > > >
> > > > My rationale here was that there aren't any files that an extra user
> > > > would need to own for web2ldap to run. Using nobody seemed the simplest
> > > > approach to nulling out any privileges for the service to work.
> > >
> > > "nobody" is absolutely not allowed.
> > >
> > > $ getent passwd nobody
> > > nobody:*:32767:32767:Unprivileged user for NFS:/nonexistent:/sbin/nologin
> > >
> > Aha, that makes sense now. Consider myself chastised :)
> >
>
> Updated ports attached.
>
> Changes:
> * py-ldap0 WANTLIB to use $(MODPY_WANTLIB} instead
> * use MODPY_EGG_VERSION in place of $V for web2ldap
> * new user _web2ldap to run the service
> * I backed off a bit from the two step install. I included a README to
> instruct the user to copy the template folder over. The templates can
> be customized, new ones added, etc so it didn't seem right to do a
> symlink. Thoughts?
> * Looking in hosts.py, the ca-bundle.pem file isn't specifically
> referenced. Instead, I added some words to the README mentioning
> that if a user needs to connect to TLS enabled servers, then he/she
> should point to /etc/ssl/cert.pem (unless otherwise needed). I forgot
> that that's what I ended up doing, looking at my own configuration.
after building the ports, tests fail the samefor py-ldap0 and web2ldap:
======================================================================
ERROR: tests (unittest.loader._FailedTest)
----------------------------------------------------------------------
ImportError: Failed to import test module: tests
Traceback (most recent call last):
File "/usr/local/lib/python3.7/unittest/loader.py", line 154, in
loadTestsFromName
module = __import__(module_name)
ModuleNotFoundError: No module named 'tests'
tests fail for py-xlwt:
File "/usr/local/lib/python3.7/unittest/loader.py", line 205, in
loadTestsFromName
test = obj()
TypeError: __init__() missing 2 required positional arguments: 'colx' and
'parent_sheet'
something i spotted - MODPY_BIN should be used in pkg/web2ldap.rc, dont
hardcode python3.7.
Im a bit confused by the README, why not patching the code (or the conf) to
make etc/ssl/cert.pem the default value ?
The default should work ootb, now if i try to run it, here's what i get at the
first hit:
2020-06-04 15:01:30 WARNING: AppHandler[135494693050] ErrorExit: 'I/O error
during reading connect form template file.'
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/web2ldap/app/gui.py", line 94,
in read_template
with open(tmpl_filename, 'rb') as tmpl_fileobj:
FileNotFoundError: [Errno 2] No such file or directory:
'/etc/web2ldap/templates/connect.html'
once i've symlinked the template dir under /etc/web2ldap it works (not saying
that's what has to be done, but its a solution):
$doas ln -s /usr/local/share/examples/web2ldap/templates /etc/web2ldap/templates
Adding BUILD_DEPENDS to RUN_DEPENDS is to be avoided, for example here it
installed devel/ccache for example..
other than that, managed to run it locally to connect to some servers at work
ssh forwarding the relevant ports, it seems to 'work' fine in basic testing,
binding as admin to the directory, etc..
Landry
