On Tue, Jan 20, 2026 at 11:19:37PM -0500, Chaz Kettleson wrote:
> On Mon, Jan 19, 2026 at 10:37:48PM -0500, Chaz Kettleson wrote:
> > On Mon, Jan 19, 2026 at 02:29:48PM -0500, Chaz Kettleson wrote:
> > > On Mon, Jan 19, 2026 at 06:04:35PM +0000, Stuart Henderson wrote:
> > > >
> > > > (to get this to fail, set PORTS_PRIVSEP=Yes in mk.conf, "sudo make
> > > > fix-permissions", and make sure user _pbuild is disabled from having
> > > > network access in pf.conf "block return log quick proto {tcp udp}
> > > > user _pbuild")
> > > >
> > > > I don't suppose it's possible to extract the built web ui pieces
> > > > from upstream's hmdm-5.37-install-ubuntu.zip or hmdm-5.37.4-os.war
> > > > rather than building them in the port?
> > > >
> > > >
> > >
> > > Hi Stuart,
> > >
> > > I appreciate the quick feedback. Apparently something in my environment
> > > was still online. I'll change to the above so I can observe the failure
> > > and iterate a version 2 with fixes.
> > >
> > > I customized the build.properties to set our defaults, but it might be
> > > possible to override them with the Tomcat Context xml and we can take
> > > the WAR wholesale without building anything. I'll investigate this as
> > > well.
> > >
> > > Thank you!
> > >
> > > --
> > > Chaz
> > >
> >
> > Hi Stuart,
> >
> > Your instinct was correct. Rather than build our defaults into the WAR,
> > we can override all of them with the context. As a result, we can use
> > the upstream WAR and no longer need to build anything.
> >
> > The attached version 2 now does the following:
> >
> > 1.) Brings in the WAR
> > 2.) Extracts sources to get the template files
> > 3.) Replaces template values with those suitable for OpenBSD and set
> > with with HMDM_ variables
> > 4.) Patches the context file with an SQL init (this was generated before
> > from the build.properties but absent in their installed artifacts
> > because they do the SQL initialization via their install script)
> > 5.) Uses better conventions for share vs share/examples
> >
> > --
> > Chaz
>
> Hello,
>
> Please find attached a version 3.
>
> It turns out that when you upload a APK file for distribution to
> devices, it attempts to run the 'aapt' command Android Asset Packaging
> Tool. Porting this from Linux is a non-starter. However, after looking
> at their code, they are only using it to pull package metadata from APKs
> to prefill in things like the package id, abi, application name, etc.
>
> I've written a 'fakeappt' that uses a Java library to perform the same
> parsing and matched the command line arguments and expected output for
> what they are using 'aapt' for. Everything appears to work nicely.
>
> I've added the APK parsing jar as a distfile, compile a small Java
> program to do the parsing, patched their 'aapt' path to point to a
> script in /usr/local/libexec/hmdm-server/aapt. Everything appears
> functionally complete from my testing.
>
> I intend to submit a PR upstream for them to do this parsing in Java
> instead of relying on installation of aapt in a Linux environment.
>
> As always, I appreciate any comments/feedback in getting this committed.
>
> --
> Chaz
Hello,
I've worked with the upstream devs to remove the 'aapt' requirement and
replace with a Java version.
https://github.com/h-mdm/hmdm-server/issues/124
For now I think this is still good to go from my testing with my
fakeaapt. Once they incorporate that feature I can later update the port
to remove the fakeaapt hack.
OK?
--
Chaz
No comments:
Post a Comment