On 11/02/2026 19:09, Chaz Kettleson wrote:
> On Wed, Feb 11, 2026 at 05:24:05PM +0100, Noth wrote:
>> On 09/02/2026 14:12, Chaz Kettleson wrote:
>>> On Sun, Feb 01, 2026 at 06:15:22PM -0500, Chaz Kettleson wrote:
>>>> On Tue, Jan 20, 2026 at 11:19:37PM -0500, Chaz Kettleson wrote:
>>>>> On Mon, Jan 19, 2026 at 10:37:48PM -0500, Chaz Kettleson wrote:
>>>>>> On Mon, Jan 19, 2026 at 02:29:48PM -0500, Chaz Kettleson wrote:
>>>>>>> On Mon, Jan 19, 2026 at 06:04:35PM +0000, Stuart Henderson wrote:
>>>>>>>> (to get this to fail, set PORTS_PRIVSEP=Yes in mk.conf, "sudo make
>>>>>>>> fix-permissions", and make sure user _pbuild is disabled from having
>>>>>>>> network access in pf.conf "block return log quick proto {tcp udp}
>>>>>>>> user _pbuild")
>>>>>>>>
>>>>>>>> I don't suppose it's possible to extract the built web ui pieces
>>>>>>>> from upstream's hmdm-5.37-install-ubuntu.zip or hmdm-5.37.4-os.war
>>>>>>>> rather than building them in the port?
>>>>>>>>
>>>>>>>>
>>>>>>> Hi Stuart,
>>>>>>>
>>>>>>> I appreciate the quick feedback. Apparently something in my environment
>>>>>>> was still online. I'll change to the above so I can observe the failure
>>>>>>> and iterate a version 2 with fixes.
>>>>>>>
>>>>>>> I customized the build.properties to set our defaults, but it might be
>>>>>>> possible to override them with the Tomcat Context xml and we can take
>>>>>>> the WAR wholesale without building anything. I'll investigate this as
>>>>>>> well.
>>>>>>>
>>>>>>> Thank you!
>>>>>>>
>>>>>>> --
>>>>>>> Chaz
>>>>>>>
>>>>>> Hi Stuart,
>>>>>>
>>>>>> Your instinct was correct. Rather than build our defaults into the WAR,
>>>>>> we can override all of them with the context. As a result, we can use
>>>>>> the upstream WAR and no longer need to build anything.
>>>>>>
>>>>>> The attached version 2 now does the following:
>>>>>>
>>>>>> 1.) Brings in the WAR
>>>>>> 2.) Extracts sources to get the template files
>>>>>> 3.) Replaces template values with those suitable for OpenBSD and set
>>>>>> with with HMDM_ variables
>>>>>> 4.) Patches the context file with an SQL init (this was generated before
>>>>>> from the build.properties but absent in their installed artifacts
>>>>>> because they do the SQL initialization via their install script)
>>>>>> 5.) Uses better conventions for share vs share/examples
>>>>>>
>>>>>> --
>>>>>> Chaz
>>>>> Hello,
>>>>>
>>>>> Please find attached a version 3.
>>>>>
>>>>> It turns out that when you upload a APK file for distribution to
>>>>> devices, it attempts to run the 'aapt' command Android Asset Packaging
>>>>> Tool. Porting this from Linux is a non-starter. However, after looking
>>>>> at their code, they are only using it to pull package metadata from APKs
>>>>> to prefill in things like the package id, abi, application name, etc.
>>>>>
>>>>> I've written a 'fakeappt' that uses a Java library to perform the same
>>>>> parsing and matched the command line arguments and expected output for
>>>>> what they are using 'aapt' for. Everything appears to work nicely.
>>>>>
>>>>> I've added the APK parsing jar as a distfile, compile a small Java
>>>>> program to do the parsing, patched their 'aapt' path to point to a
>>>>> script in /usr/local/libexec/hmdm-server/aapt. Everything appears
>>>>> functionally complete from my testing.
>>>>>
>>>>> I intend to submit a PR upstream for them to do this parsing in Java
>>>>> instead of relying on installation of aapt in a Linux environment.
>>>>>
>>>>> As always, I appreciate any comments/feedback in getting this committed.
>>>>>
>>>>> --
>>>>> Chaz
>>>> Hello,
>>>>
>>>> I've worked with the upstream devs to remove the 'aapt' requirement and
>>>> replace with a Java version.
>>>>
>>>> https://github.com/h-mdm/hmdm-server/issues/124
>>>>
>>>> For now I think this is still good to go from my testing with my
>>>> fakeaapt. Once they incorporate that feature I can later update the port
>>>> to remove the fakeaapt hack.
>>>>
>>>> OK?
>>>>
>>>> --
>>>> Chaz
>>> Hello,
>>>
>>> The appt requirement has been removed simplifying the port. There is no
>>> longer a need to carry a 'fakeappt' and no longer anything to build.
>>>
>>> Please find attached version 4.
>>>
>>> OK?
>> Hi,
>>
>> I tested the version attached in mail. Found a missing USER in the
>> pkg-readme line for adding the user hmdm-user in PSQL:
>>
>> CREATE hmdm_user WITH PASSWORD 'secret';
>>
>> should be:
>>
>> CREATE USER hmdm_user WITH PASSWORD 'secret';
>>
>> My two cents would be that using createuser and createdb would be better
>> than the PSQL commands:
>>
>> createuser -U postgres --pwprompt --no-superuser --createdb --no-createrole
>> hmdm_user
>>
>> createdb -U hmdm_user hmdm
>>
>> Also adding to the pkg-readme that the default login & password are
>> admin:admin would be great.
>>
>> Once I got it all set up (only tested with pf rdr-to rule) it all seems to
>> work, I can generate a QR code. Haven't tried beyond that.
>>
>> Cheers,
>>
>> Noth
>>
> Thank you for testing this! I've updated the README to fix the PSQL and
> noted the default username/password.
>
> v5 is attached. OK?
OK for me, you're welcome!
Cheers,
Noth
No comments:
Post a Comment