I disagree with the change to use example.com, there are TLD reserved
for examples and documentation and .example is one of them, see RFC2606
https://www.rfc-editor.org/rfc/rfc2606.html#section-2
$ext_addr macro used in relayd is not defined before, so this won't work
out of the box and may mislead admins reading the readme.
ok solene@ otherwise
Le Mon, 25 Apr 2022 12:16:48 +0200,
Omar Polo <op@openbsd.org> a écrit :
> Florian Viehweger <openbsd@out-of-creativity.de> wrote:
> > Hi,
> >
> > this is a simple update for vger to 1.10.
> >
> > portcheck, 'make lib-depends-check' and 'make test' are happy.
> >
> > Some testing done on amd64.
> >
> > Comments?
>
> Don't want to hijack the thread but i was looking at vger the other day
> and noticed that the PLIST set /var/gemini as owned by the _vger user.
> Since vger doesn't need to create files (it pledges not to IIRC), I'd
> just drop the @mode/@owner/@group bits from the plist. /var/gemini is
> created anyway as world-readable, that's what it counts for vger (we
> don't have /var/www/htdocs owned by www in base either.)
>
> (+cc Solène for confirmation on this)
>
> While here I couldn't help myself not to tweak the README a bit... See
> if there are bits you like, or just drop it.
>
> your diff plus mine changes on top:
>
> Index: Makefile
> ===================================================================
> RCS file: /home/cvs/ports/net/vger/Makefile,v
> retrieving revision 1.4
> diff -u -p -r1.4 Makefile
> --- Makefile 26 Mar 2022 13:50:30 -0000 1.4
> +++ Makefile 25 Apr 2022 10:07:32 -0000
> @@ -1,5 +1,5 @@
> COMMENT = gemini server written in C used with inetd
> -V = 1.09
> +V = 1.10
> DISTNAME = vger-${V}
>
> CATEGORIES = net
> Index: distinfo
> ===================================================================
> RCS file: /home/cvs/ports/net/vger/distinfo,v
> retrieving revision 1.3
> diff -u -p -r1.3 distinfo
> --- distinfo 26 Mar 2022 13:50:30 -0000 1.3
> +++ distinfo 25 Apr 2022 10:07:36 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (vger-1.09.tar.gz) = sjuLH9gk0AV6BixQ7UJQN+omJtskyIzJh3HY34iYFh4=
> -SIZE (vger-1.09.tar.gz) = 13594
> +SHA256 (vger-1.10.tar.gz) = H7jCRt0B/vag1KI3iwoKlYxVvNh8jcSQzxCNv4IA7PM=
> +SIZE (vger-1.10.tar.gz) = 13853
> Index: pkg/PLIST
> ===================================================================
> RCS file: /home/cvs/ports/net/vger/pkg/PLIST,v
> retrieving revision 1.2
> diff -u -p -r1.2 PLIST
> --- pkg/PLIST 11 Mar 2022 19:48:05 -0000 1.2
> +++ pkg/PLIST 7 Apr 2022 21:49:05 -0000
> @@ -3,7 +3,4 @@
> @bin bin/vger
> @man man/man8/vger.8
> share/doc/pkg-readmes/${PKGSTEM}
> -@mode 755
> -@owner _vger
> -@group _vger
> @sample /var/gemini/
> Index: pkg/README
> ===================================================================
> RCS file: /home/cvs/ports/net/vger/pkg/README,v
> retrieving revision 1.2
> diff -u -p -r1.2 README
> --- pkg/README 11 Mar 2022 19:48:05 -0000 1.2
> +++ pkg/README 15 Apr 2022 21:19:47 -0000
> @@ -2,43 +2,41 @@
> | Running ${PKGSTEM} on OpenBSD
> +-------------------------------------------------------------------------------
>
> -Modify configuration files
> -==========================
> +Configuring inetd(8) and relayd(8)
> +==================================
>
> -In order to run Vger, you need to modify /etc/inetd.conf and /etc/relayd.conf.
> +Vger is meant to be run run by inetd(8) behind a relay daemon offering
> +TLS capabilities like relayd(8).
>
> -inetd.conf
> -----------
> +sample inetd.conf
> +-----------------
>
> 127.0.0.1:11965 stream tcp nowait _vger ${TRUEPREFIX}/bin/vger vger
>
> -relayd.conf
> ------------
> +sample relayd.conf
> +------------------
>
> log connection
> +
> tcp protocol "gemini" {
> - tls keypair hostname.example
> + tls keypair example.com
> }
>
> relay "gemini" {
> - listen on hostname.example port 1965 tls
> - protocol "gemini"
> - forward to 127.0.0.1 port 11965
> + listen on $ext_addr port 1965 tls
> + protocol "gemini"
> + forward to 127.0.0.1 port 11965
> }
>
> +Then enable and start inetd and relayd:
>
> -Enable respective services
> -==========================
> -
> -You need to enable and start inetd and relayd.
> -
> -$ rcctl enable relayd inetd
> -$ rcctl start relayd inetd
> + # rcctl enable relayd inetd
> + # rcctl start relayd inetd
>
> Firewall configuration
> ======================
>
> -Enable TCP port 1965.
> +Allow TCP traffic on port 1965.
>
> Usage
> =====
No comments:
Post a Comment