From: Chaz Kettleson Subject: Re: [NEW] misc/hmdm-server To: ports@openbsd.org Date: Sun, 1 Feb 2026 18:15:20 -0500 On Tue, Jan 20, 2026 at 11:19:37PM -0500, Chaz Kettleson wrote: > On Mon, Jan 19, 2026 at 10:37:48PM -0500, Chaz Kettleson wrote: > > On Mon, Jan 19, 2026 at 02:29:48PM -0500, Chaz Kettleson wrote: > > > On Mon, Jan 19, 2026 at 06:04:35PM +0000, Stuart Henderson wrote: > > > > > > > > (to get this to fail, set PORTS_PRIVSEP=Yes in mk.conf, "sudo make > > > > fix-permissions", and make sure user _pbuild is disabled from having > > > > network access in pf.conf "block return log quick proto {tcp udp} > > > > user _pbuild") > > > > > > > > I don't suppose it's possible to extract the built web ui pieces > > > > from upstream's hmdm-5.37-install-ubuntu.zip or hmdm-5.37.4-os.war > > > > rather than building them in the port? > > > > > > > > > > > > > > Hi Stuart, > > > > > > I appreciate the quick feedback. Apparently something in my environment > > > was still online. I'll change to the above so I can observe the failure > > > and iterate a version 2 with fixes. > > > > > > I customized the build.properties to set our defaults, but it might be > > > possible to override them with the Tomcat Context xml and we can take > > > the WAR wholesale without building anything. I'll investigate this as > > > well. > > > > > > Thank you! > > > > > > -- > > > Chaz > > > > > > > Hi Stuart, > > > > Your instinct was correct. Rather than build our defaults into the WAR, > > we can override all of them with the context. As a result, we can use > > the upstream WAR and no longer need to build anything. > > > > The attached version 2 now does the following: > > > > 1.) Brings in the WAR > > 2.) Extracts sources to get the template files > > 3.) Replaces template values with those suitable for OpenBSD and set > > with with HMDM_ variables > > 4.) Patches the context file with an SQL init (this was generated before > > from the build.properties but absent in their installed artifacts > > because they do the SQL initialization via their install script) > > 5.) Uses better conventions for share vs share/examples > > > > -- > > Chaz > > Hello, > > Please find attached a version 3. > > It turns out that when you upload a APK file for distribution to > devices, it attempts to run the 'aapt' command Android Asset Packaging > Tool. Porting this from Linux is a non-starter. However, after looking > at their code, they are only using it to pull package metadata from APKs > to prefill in things like the package id, abi, application name, etc. > > I've written a 'fakeappt' that uses a Java library to perform the same > parsing and matched the command line arguments and expected output for > what they are using 'aapt' for. Everything appears to work nicely. > > I've added the APK parsing jar as a distfile, compile a small Java > program to do the parsing, patched their 'aapt' path to point to a > script in /usr/local/libexec/hmdm-server/aapt. Everything appears > functionally complete from my testing. > > I intend to submit a PR upstream for them to do this parsing in Java > instead of relying on installation of aapt in a Linux environment. > > As always, I appreciate any comments/feedback in getting this committed. > > -- > Chaz Hello, I've worked with the upstream devs to remove the 'aapt' requirement and replace with a Java version. https://github.com/h-mdm/hmdm-server/issues/124 For now I think this is still good to go from my testing with my fakeaapt. Once they incorporate that feature I can later update the port to remove the fakeaapt hack. OK? -- Chaz