On 2025/07/07 15:30, emulti@disroot.org wrote:
>> 
>> A browser plugin 'browserpass' exists for Firefox/Chromium that
>> interfaces with the 'pass' password manager (password-store package).
>> In my testing it is light and fast, and improvement on the likes of
>> keepassxc-browser.
>> 
>> It requires a 'native messaging' binary written in Go, that supports
>> pledge() on OpenBSD.
>> 
>> Upstream: https://github.com/browserpass/browserpass-native/
>> 
>> Installing manually was a bit of a pain, requiring patches to the
>> provided Makefile to get around incompatibilities between sed and GNU
>> sed, install and GNU install. 
>> 
>> I tried to use the MODULES= lang/go infrastructure in
>> lang/go/go.port.mk, but no distribution file can be found:
>> 
>> ===>>  Checking files for browserpass-native-3.1.0
>> >> Fetch
>> >> https://proxy.golang.org/github.com/browserpass/browserpass-native/@v/v3.1.0.zip
>> ftp: Error retrieving
>> https://proxy.golang.org/github.com/browserpass/browserpass-native/@v/v3.1.0.zip:
>> 404 Not Found ... 
>> 
>> I expected go to then head off and retrieve the distfile from github,
>> as but it just cycles through the standard ftp.openbsd.org etcetera.
>> So I fell back to using GH_ACCOUNT and friends.
>> 
>> I then tried building the port using this Makefile:
>> 
>> COMMENT=	Native Messaging host for the Browserpass browser
>> plugin ONLY_FOR_ARCHS = amd64
>> 
>> DISTNAME=	browserpass-native-3.1.0
>> CATEGORIES=	security
>> EXTRACT_SUFX=	.zip
>> HOMEPAGE=	https://github.com/browserpass/browserpass-native
>> MAINTAINER=	Chris Billington <emulti@disroot.org>>
>> 
>> # ISC License
>> PERMIT_PACKAGE=	Yes
>> 
>> # uses pledge()
>> WANTLIB += c pthread
>> 
>> GH_ACCOUNT =            browserpass
>> GH_PROJECT =            browserpass-native
>> GH_TAGNAME =            3.1.0
>> 
>> #MODULES=	lang/go
>> #MODGO_MODNAME = github.com/browserpass/browserpass-native
>> #MODGO_VERSION = v3.1.0
>> 
>> RUN_DEPENDS=	
>>                 
>> USE_GMAKE=	Yes
>> 
>> #WRKDIST=        $
>> #{WRKDIR}/github.com/browserpass/browserpass-native@$ {MODGO_VERSION}
>> 
>> .include <bsd.port.mk>>
>> 
>> Tarball of the WIP port is also attached.
>> 
>> 'make build' gives the following (ports tree is owned by
>> myuser/wsrc):
>> 
>> $ make build
>> ===>  Generating configure for browserpass-native-3.1.0
>> ===>  Configuring for browserpass-native-3.1.0
>> ===>  Building for browserpass-native-3.1.0
>> env GOOS=openbsd GOARCH=amd64 go build -o browserpass-openbsd64
>> failed to initialize build cache
>> at /browserpass-native-3.1.0_writes_to_HOME/.cache/go-build:
>> mkdir /browserpass-native-3.1.0_writes_to_HOME: permission denied
>> gmake: *** [Makefile:48: browserpass-openbsd64] Error 1 *** Error 2
>> in . (/usr/ports/infrastructure/mk/bsd.port.mk:3069
>> '/usr/ports/pobj/browserpass-native-3.1.0/.build_done':
>> @cd /usr/ports/pobj/...) *** Error 2
>> in /usr/ports/security/browserpass-native
>> (/usr/ports/infrastructure/mk/bsd.port.mk:2712 'build':
>> @lock=browserpass-native-3.1.0...)
>> 
>> Running 'doas make build' works, but the cache is put in 
>> /browserpass-native-3.1.0_writes_to_HOME/ which I'm sure can't be
>> right.

> The distfile doesn't contain the other go modules used by
> browserpass-native - "go build" as run by the upstream makefile tries
> to download them, they need to be listed in the port makefile so this
> can be handled by ports instead. (Ports aren't allowed to download
> during build anyway - recommended that you build ports as the _pbuild
> user which is done automatically if you set PORTS_PRIVSEP=Yes in
> mk.conf and that user is blocked from network access by the default
> pf.conf).
>
> As you saw, the normal ports infrastructure for handling go ports
> doesn't work for browserpass-native with the v3 tagged version. I
> think this is because something upstream isn't quite how go wants it
> to be setup -
> https://pkg.go.dev/github.com/browserpass/browserpass-native doesn't
> show it either.

> You can generate a first cut at a port for the (much newer)
> non-tagged version that does show up there quite easily - "portgen go
> github.com/browserpass/browserpass-native". Though that's not very
> helpful if you want the tagged version..
>
> (If things were setup how go wants them, I'd expect "portgen go
> github.com/browserpass/browserpass-native/v3" to generate a port for
> the tagged version, but that just fails at the moment).

Thanks Stuart. After setting up PRIVSEP I tried out portgen- very neat
indeed!

I made the attached port with portgen from the non-tagged version on
pkg.go.dev. It builds and installs fine, but the 'browser-files'
firefox-host.json/chromium-host.json files that are supposed to be
installed to /usr/local/lib don't seem to be installed. They
exist in the distfile but not the package as built. Picking them out
manually and copying them to the appropriate browser location, the
package works fine. Is it necessary to add some kind of post-install
step to extract them from the port Makefile, or somehow tag them for
packaging?

tar.gz of the port files (still from mystuff/go) is attached.

-- 
Chris <emulti@disroot.org>

• browserpass-native.tar.gz (3K)