From: Noth Subject: Re: [NEW] misc/hmdm-server To: Chaz Kettleson , ports@openbsd.org Date: Wed, 11 Feb 2026 19:49:22 +0100 On 11/02/2026 19:09, Chaz Kettleson wrote: > On Wed, Feb 11, 2026 at 05:24:05PM +0100, Noth wrote: >> On 09/02/2026 14:12, Chaz Kettleson wrote: >>> On Sun, Feb 01, 2026 at 06:15:22PM -0500, Chaz Kettleson wrote: >>>> On Tue, Jan 20, 2026 at 11:19:37PM -0500, Chaz Kettleson wrote: >>>>> On Mon, Jan 19, 2026 at 10:37:48PM -0500, Chaz Kettleson wrote: >>>>>> On Mon, Jan 19, 2026 at 02:29:48PM -0500, Chaz Kettleson wrote: >>>>>>> On Mon, Jan 19, 2026 at 06:04:35PM +0000, Stuart Henderson wrote: >>>>>>>> (to get this to fail, set PORTS_PRIVSEP=Yes in mk.conf, "sudo make >>>>>>>> fix-permissions", and make sure user _pbuild is disabled from having >>>>>>>> network access in pf.conf "block return log quick proto {tcp udp} >>>>>>>> user _pbuild") >>>>>>>> >>>>>>>> I don't suppose it's possible to extract the built web ui pieces >>>>>>>> from upstream's hmdm-5.37-install-ubuntu.zip or hmdm-5.37.4-os.war >>>>>>>> rather than building them in the port? >>>>>>>> >>>>>>>> >>>>>>> Hi Stuart, >>>>>>> >>>>>>> I appreciate the quick feedback. Apparently something in my environment >>>>>>> was still online. I'll change to the above so I can observe the failure >>>>>>> and iterate a version 2 with fixes. >>>>>>> >>>>>>> I customized the build.properties to set our defaults, but it might be >>>>>>> possible to override them with the Tomcat Context xml and we can take >>>>>>> the WAR wholesale without building anything. I'll investigate this as >>>>>>> well. >>>>>>> >>>>>>> Thank you! >>>>>>> >>>>>>> -- >>>>>>> Chaz >>>>>>> >>>>>> Hi Stuart, >>>>>> >>>>>> Your instinct was correct. Rather than build our defaults into the WAR, >>>>>> we can override all of them with the context. As a result, we can use >>>>>> the upstream WAR and no longer need to build anything. >>>>>> >>>>>> The attached version 2 now does the following: >>>>>> >>>>>> 1.) Brings in the WAR >>>>>> 2.) Extracts sources to get the template files >>>>>> 3.) Replaces template values with those suitable for OpenBSD and set >>>>>> with with HMDM_ variables >>>>>> 4.) Patches the context file with an SQL init (this was generated before >>>>>> from the build.properties but absent in their installed artifacts >>>>>> because they do the SQL initialization via their install script) >>>>>> 5.) Uses better conventions for share vs share/examples >>>>>> >>>>>> -- >>>>>> Chaz >>>>> Hello, >>>>> >>>>> Please find attached a version 3. >>>>> >>>>> It turns out that when you upload a APK file for distribution to >>>>> devices, it attempts to run the 'aapt' command Android Asset Packaging >>>>> Tool. Porting this from Linux is a non-starter. However, after looking >>>>> at their code, they are only using it to pull package metadata from APKs >>>>> to prefill in things like the package id, abi, application name, etc. >>>>> >>>>> I've written a 'fakeappt' that uses a Java library to perform the same >>>>> parsing and matched the command line arguments and expected output for >>>>> what they are using 'aapt' for. Everything appears to work nicely. >>>>> >>>>> I've added the APK parsing jar as a distfile, compile a small Java >>>>> program to do the parsing, patched their 'aapt' path to point to a >>>>> script in /usr/local/libexec/hmdm-server/aapt. Everything appears >>>>> functionally complete from my testing. >>>>> >>>>> I intend to submit a PR upstream for them to do this parsing in Java >>>>> instead of relying on installation of aapt in a Linux environment. >>>>> >>>>> As always, I appreciate any comments/feedback in getting this committed. >>>>> >>>>> -- >>>>> Chaz >>>> Hello, >>>> >>>> I've worked with the upstream devs to remove the 'aapt' requirement and >>>> replace with a Java version. >>>> >>>> https://github.com/h-mdm/hmdm-server/issues/124 >>>> >>>> For now I think this is still good to go from my testing with my >>>> fakeaapt. Once they incorporate that feature I can later update the port >>>> to remove the fakeaapt hack. >>>> >>>> OK? >>>> >>>> -- >>>> Chaz >>> Hello, >>> >>> The appt requirement has been removed simplifying the port. There is no >>> longer a need to carry a 'fakeappt' and no longer anything to build. >>> >>> Please find attached version 4. >>> >>> OK? >> Hi, >> >>   I tested the version attached in mail. Found a missing USER in the >> pkg-readme line for adding the user hmdm-user in PSQL: >> >> CREATE hmdm_user WITH PASSWORD 'secret'; >> >> should be: >> >> CREATE USER hmdm_user WITH PASSWORD 'secret'; >> >>  My two cents would be that using createuser and createdb would be better >> than the PSQL commands: >> >> createuser -U postgres --pwprompt --no-superuser --createdb --no-createrole >> hmdm_user >> >> createdb -U hmdm_user hmdm >> >> Also adding to the pkg-readme that the default login & password are >> admin:admin would be great. >> >> Once I got it all set up (only tested with pf rdr-to rule) it all seems to >> work, I can generate a QR code. Haven't tried beyond that. >> >> Cheers, >> >> Noth >> > Thank you for testing this! I've updated the README to fix the PSQL and > noted the default username/password. > > v5 is attached. OK? OK for me, you're welcome! Cheers, Noth