On 2025/07/07 15:30, emulti@disroot.org wrote:
> 
> A browser plugin 'browserpass' exists for Firefox/Chromium that
> interfaces with the 'pass' password manager (password-store package).
> In my testing it is light and fast, and improvement on the likes of
> keepassxc-browser.
> 
> It requires a 'native messaging' binary written in Go, that supports
> pledge() on OpenBSD.
> 
> Upstream: https://github.com/browserpass/browserpass-native/
> 
> Installing manually was a bit of a pain, requiring patches to the
> provided Makefile to get around incompatibilities between sed and GNU
> sed, install and GNU install. 
> 
> I tried to use the MODULES= lang/go infrastructure in
> lang/go/go.port.mk, but no distribution file can be found:
> 
> ===>  Checking files for browserpass-native-3.1.0
> >> Fetch
> >> https://proxy.golang.org/github.com/browserpass/browserpass-native/@v/v3.1.0.zip
> ftp: Error retrieving
> https://proxy.golang.org/github.com/browserpass/browserpass-native/@v/v3.1.0.zip:
> 404 Not Found ... 
> 
> I expected go to then head off and retrieve the distfile from github, as
> but it just cycles through the standard ftp.openbsd.org etcetera. So I
> fell back to using GH_ACCOUNT and friends.
> 
> I then tried building the port using this Makefile:
> 
> COMMENT=	Native Messaging host for the Browserpass browser plugin
> ONLY_FOR_ARCHS = amd64
> 
> DISTNAME=	browserpass-native-3.1.0
> CATEGORIES=	security
> EXTRACT_SUFX=	.zip
> HOMEPAGE=	https://github.com/browserpass/browserpass-native
> MAINTAINER=	Chris Billington <emulti@disroot.org>
> 
> # ISC License
> PERMIT_PACKAGE=	Yes
> 
> # uses pledge()
> WANTLIB += c pthread
> 
> GH_ACCOUNT =            browserpass
> GH_PROJECT =            browserpass-native
> GH_TAGNAME =            3.1.0
> 
> #MODULES=	lang/go
> #MODGO_MODNAME = github.com/browserpass/browserpass-native
> #MODGO_VERSION = v3.1.0
> 
> RUN_DEPENDS=	
>                 
> USE_GMAKE=	Yes
> 
> #WRKDIST=        ${WRKDIR}/github.com/browserpass/browserpass-native@$
> #{MODGO_VERSION}
> 
> .include <bsd.port.mk>
> 
> Tarball of the WIP port is also attached.
> 
> 'make build' gives the following (ports tree is owned by myuser/wsrc):
> 
> $ make build
> ===>  Generating configure for browserpass-native-3.1.0
> ===>  Configuring for browserpass-native-3.1.0
> ===>  Building for browserpass-native-3.1.0
> env GOOS=openbsd GOARCH=amd64 go build -o browserpass-openbsd64
> failed to initialize build cache
> at /browserpass-native-3.1.0_writes_to_HOME/.cache/go-build:
> mkdir /browserpass-native-3.1.0_writes_to_HOME: permission denied
> gmake: *** [Makefile:48: browserpass-openbsd64] Error 1 *** Error 2
> in . (/usr/ports/infrastructure/mk/bsd.port.mk:3069
> '/usr/ports/pobj/browserpass-native-3.1.0/.build_done':
> @cd /usr/ports/pobj/...) *** Error 2
> in /usr/ports/security/browserpass-native
> (/usr/ports/infrastructure/mk/bsd.port.mk:2712 'build':
> @lock=browserpass-native-3.1.0...)
> 
> Running 'doas make build' works, but the cache is put in 
> /browserpass-native-3.1.0_writes_to_HOME/ which I'm sure can't be right.

The distfile doesn't contain the other go modules used by
browserpass-native - "go build" as run by the upstream makefile tries to
download them, they need to be listed in the port makefile so this can
be handled by ports instead. (Ports aren't allowed to download during
build anyway - recommended that you build ports as the _pbuild user
which is done automatically if you set PORTS_PRIVSEP=Yes in mk.conf
and that user is blocked from network access by the default pf.conf).

As you saw, the normal ports infrastructure for handling go ports
doesn't work for browserpass-native with the v3 tagged version. I think
this is because something upstream isn't quite how go wants it to be
setup - https://pkg.go.dev/github.com/browserpass/browserpass-native
doesn't show it either.

You can generate a first cut at a port for the (much newer)
non-tagged version that does show up there quite easily - "portgen go
github.com/browserpass/browserpass-native". Though that's not very
helpful if you want the tagged version..

(If things were setup how go wants them, I'd expect "portgen go
github.com/browserpass/browserpass-native/v3" to generate a port for
the tagged version, but that just fails at the moment).