02.11.2024 20:41, Klemens Nanni пишет:
> 02.11.2024 20:12, Kirill A. Korinsky пишет:
>> Just a side note: I'm working on bringing back ejabberd into OpenBSD world.
>>
>> If it possible I'd like to ask you to keep it.
> 
> No problem.
> 
> I doubt there's any chance for bluetooth-tools to come back any time soon...
> net/Makefile tells me it was actually unhooked in 2011 rather than 2016,
> when the _sdpd user got commented out.
> 
> Feedback? OK?
Ping.

There is no reason to run yggdrasil as root, yet our rc script defaults
to this insecure mode.

_nginx was a no-go, _ejabberd is planning a come-back, so let's try this again.

Would be nice to ship a safe(r) port in 7.7-stable.

OK?

Index: infrastructure/db/user.list
===================================================================
RCS file: /cvs/ports/infrastructure/db/user.list,v
diff -u -p -r1.460 user.list
--- infrastructure/db/user.list	24 Feb 2025 19:19:55 -0000	1.460
+++ infrastructure/db/user.list	2 Mar 2025 10:11:20 -0000
@@ -97,7 +97,7 @@ id  user		group		port
 586 _gnugk		_gnugk		net/gnugk
 587 _darkstat		_darkstat	net/darkstat
 588 _dansguardian	_dansguardian	www/dansguardian
-#589 _sdpd		_sdpd		net/bluetooth-tools
+589 _yggdrasil		_yggdrasil	net/yggdrasil-go
 590 _smsd		_smsd		comms/smstools
 591 _bacula		_bacula		sysutils/bacula
 592 _imapproxy		_imapproxy	mail/imapproxy
Index: net/yggdrasil-go/Makefile
===================================================================
RCS file: /cvs/ports/net/yggdrasil-go/Makefile,v
diff -u -p -r1.15 Makefile
--- net/yggdrasil-go/Makefile	21 Dec 2024 14:15:42 -0000	1.15
+++ net/yggdrasil-go/Makefile	16 Mar 2025 16:42:57 -0000
@@ -2,6 +2,7 @@ COMMENT =	experimental fully end-to-end 
 
 MODGO_MODNAME =	github.com/yggdrasil-network/yggdrasil-go
 MODGO_VERSION =	v0.5.12
+REVISION =	0
 
 DISTNAME =	yggdrasil-go-${MODGO_VERSION}
 
@@ -10,7 +11,7 @@ WRKDIST =		${WRKSRC}
 
 SITES.gh =		https://${MODGO_MODNAME}/
 # https://github.com/yggdrasil-network/yggdrasil-go/pull/1215
-# pending "Use pledge(2) on OpenBSD"
+# merged "Use pledge(2) on OpenBSD"
 PATCHFILES.gh =		pledge-{commit/}7a0ed69.patch
 PATCH_DIST_STRIP =	-p1
 
Index: net/yggdrasil-go/pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/yggdrasil-go/pkg/PLIST,v
diff -u -p -r1.5 PLIST
--- net/yggdrasil-go/pkg/PLIST	2 Nov 2024 09:26:46 -0000	1.5
+++ net/yggdrasil-go/pkg/PLIST	16 Mar 2025 17:01:50 -0000
@@ -1,4 +1,6 @@
 @rcscript ${RCDIR}/yggdrasil
+@newgroup _yggdrasil:589
+@newuser _yggdrasil:589:_yggdrasil::Yggdrasil Daemon:/nonexistent:/sbin/nologin
 @bin bin/yggdrasil
 @bin bin/yggdrasil-genkeys
 @bin bin/yggdrasilctl
Index: net/yggdrasil-go/pkg/yggdrasil.rc
===================================================================
RCS file: /cvs/ports/net/yggdrasil-go/pkg/yggdrasil.rc,v
diff -u -p -r1.3 yggdrasil.rc
--- net/yggdrasil-go/pkg/yggdrasil.rc	2 Nov 2024 09:32:44 -0000	1.3
+++ net/yggdrasil-go/pkg/yggdrasil.rc	16 Mar 2025 16:53:47 -0000
@@ -1,7 +1,7 @@
 #!/bin/ksh
 
 daemon="${TRUEPREFIX}/bin/yggdrasil"
-daemon_flags="-logto syslog -useconffile ${SYSCONFDIR}/yggdrasil.conf"
+daemon_flags="-logto syslog -user _yggdrasil -useconffile ${SYSCONFDIR}/yggdrasil.conf"
 
 . /etc/rc.d/rc.subr