[update] netshot 0.14.0

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[update] netshot 0.14.0

Remi Locherer
Hi,

this is a long overdue update for netshot from version 0.11.0 to 0.14.0.

It now contains improved and additional drivers, general improvements and
updated libraries (vulnerabilities!).
Release history: https://github.com/netfishers-onl/Netshot/tree/master/dist

The install instructions for Debian and CentoOS have been moved to the
wiki and are not part of the port anymore. Instead I added a pkg-readme
with detailed instructions.

I changed the port to depend exclusively on Java 1.8. Netshot depends on
nashorn which was deprecated after Java 1.8. It might work with later Java
versions but I did not test it yet.

OK?

Remi


Index: Makefile
===================================================================
RCS file: /cvs/ports/sysutils/netshot/Makefile,v
retrieving revision 1.6
diff -u -p -r1.6 Makefile
--- Makefile 12 Jul 2019 21:15:36 -0000 1.6
+++ Makefile 27 Aug 2019 21:10:34 -0000
@@ -2,8 +2,7 @@
 
 COMMENT = config backup and policy check for network devices
 
-V = 0.11.0
-REVISION = 1
+V = 0.14.0
 DISTNAME = netshot_${V}
 PKGNAME = ${DISTNAME:S/_/-/}
 WRKDIST = ${WRKDIR}
@@ -22,7 +21,7 @@ MASTER_SITES = https://github.com/netfi
 EXTRACT_SUFX = .zip
 
 MODULES = java
-MODJAVA_VER = 1.8+
+MODJAVA_VER = 1.8
 
 RUN_DEPENDS = java/javaPathHelper
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/sysutils/netshot/distinfo,v
retrieving revision 1.2
diff -u -p -r1.2 distinfo
--- distinfo 8 Feb 2019 21:33:40 -0000 1.2
+++ distinfo 13 Aug 2019 08:13:55 -0000
@@ -1,2 +1,2 @@
-SHA256 (netshot_0.11.0.zip) = 00N9CByc4inEaWctvmG6IRBZKf95vJrhTJ0Gu5NDfhY=
-SIZE (netshot_0.11.0.zip) = 45555732
+SHA256 (netshot_0.14.0.zip) = 7HX9oTy/mWagcSvTPsgekNX7WTelHS7eu1lNUbNdOO8=
+SIZE (netshot_0.14.0.zip) = 45721309
Index: patches/patch-netshot_conf
===================================================================
RCS file: /cvs/ports/sysutils/netshot/patches/patch-netshot_conf,v
retrieving revision 1.2
diff -u -p -r1.2 patch-netshot_conf
--- patches/patch-netshot_conf 8 Feb 2019 21:33:40 -0000 1.2
+++ patches/patch-netshot_conf 25 Aug 2019 21:27:25 -0000
@@ -20,16 +20,23 @@ Index: netshot.conf
 
  # REST
 -netshot.http.ssl.keystore.file = /usr/local/netshot/netshot.jks
-+netshot.http.ssl.keystore.file = ${PREFIX}/netshot/netshot.jks
++netshot.http.ssl.keystore.file = ${SYSCONFDIR}/netshot.jks
  netshot.http.ssl.keystore.pass = password
  #netshot.http.baseurl = https://localhost
  netshot.http.baseurl = https://0.0.0.0
-@@ -35,7 +35,7 @@ netshot.snmptrap.community = Netsh01
- # General settings
- netshot.snapshots.auto.interval = 15
+@@ -38,12 +38,12 @@ netshot.snapshots.auto.interval = 15
+ # Allow a trap received from any IP of a device to trigger an automatic snapshot
  netshot.snapshots.auto.anyip = true
+ # After a snapshot, dump the last configuration to a file in this directory
+-#netshot.snapshots.dump = /usr/local/netshot/dumps
++#netshot.snapshots.dump = ${VARBASE}/netshot/dumps
+ # Where to store the binary snapshot files
+-netshot.snapshots.binary.path = /var/local/netshot
++netshot.snapshots.binary.path = ${VARBASE}/netshot
+
+ # Where to look for additional drivers
 -netshot.drivers.path = /usr/local/netshot/drivers
 +netshot.drivers.path = ${PREFIX}/netshot/drivers
 
+
  # Authentication
- netshot.aaa.maxidletime = 1800
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/sysutils/netshot/pkg/PLIST,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 PLIST
--- pkg/PLIST 28 Aug 2018 11:25:53 -0000 1.1.1.1
+++ pkg/PLIST 27 Aug 2019 21:08:42 -0000
@@ -7,12 +7,11 @@ netshot/
 netshot/netshot.jar
 share/doc/netshot/
 share/doc/netshot/COPYING
-share/doc/netshot/INSTALL.Debian-Ubuntu-Mint.txt
-share/doc/netshot/INSTALL.Redhat-CentOS.txt
 share/doc/netshot/LICENSE.txt
 share/doc/netshot/README.txt
 share/doc/netshot/UPDATE.txt
 share/doc/netshot/VERSION.txt
+share/doc/pkg-readmes/${PKGSTEM}
 share/examples/netshot/
 share/examples/netshot/netshot.conf
 @mode 0640
@@ -21,3 +20,5 @@ share/examples/netshot/netshot.conf
 @mode 0750
 @owner _netshot
 @sample ${VARBASE}/log/netshot/
+@sample ${VARBASE}/netshot/
+@sample ${VARBASE}/netshot/dumps
Index: pkg/README
===================================================================
RCS file: pkg/README
diff -N pkg/README
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ pkg/README 1 Sep 2019 16:15:57 -0000
@@ -0,0 +1,46 @@
+$OpenBSD$
+
++-----------------------------------------------------------------------
+| Running ${PKGSTEM} on OpenBSD
++-----------------------------------------------------------------------
+
+Netshot requires a database which might be on the same server as Netshot
+or remote. It supports PostgreSQL and MySQL/MariaDB. Below example uses
+MariaDB on the same host.
+
+- Install the package mariadb-server.
+  See ${LOCALBASE}/share/doc/pkg-readmes/mariadb-server for the first
+  steps after the installation.
+
+- Create a database and a database user (change the password!):
+  $ mysql -u root
+  > CREATE DATABASE netshot01 CHARACTER SET utf8
+    DEFAULT COLLATE utf8_general_ci;
+  > GRANT ALL PRIVILEGES ON netshot01.*
+    TO 'netshot'@'localhost' IDENTIFIED BY 'netshot';
+  > quit
+
+- Check the database connection config in /etc/netshot.conf.
+  Should netshot not start but log "The server time zone value 'CEST' is
+  unreconized or represents more than one time zone" the connect string
+  might be modified to look like this:
+  netshot.db.url = jdbc:mysql://localhost/netshot01?serverTimezone=UTC
+
+- Create a TLS certificate in a Java keystore:
+  # ${LOCALBASE}/jdk-1.8.0/bin/keytool -genkey -keyalg RSA -alias selfsigned \
+    -keystore ${SYSCONFDIR}/netshot.jks -storepass password -validity 3600 \
+    -keysize 4096
+  # chmod 640 ${SYSCONFDIR}/netshot.jks
+  # chgrp _netshot ${SYSCONFDIR}/netshot.jks
+
+- Enable and start Netshot to create the database tables.
+  # rcctl enable netshot; rcctl start netshot
+
+- Add an initial application user to the database:
+  $ mysql -u root
+  > USE netshot01;
+  > INSERT INTO user (level, local, username, hashed_password)
+    VALUES (1000, 1, 'netshot', '7htrot2BNjUV/g57h/HJ/C1N0Fqrj+QQ');
+
+- Access Netshot with a browser on https://localhost:8443.
+  (username 'netshot' with password 'netshot')

Reply | Threaded
Open this post in threaded view
|

Re: [update] netshot 0.14.0

Remi Locherer
ping

On Sun, Sep 01, 2019 at 06:20:41PM +0200, Remi Locherer wrote:

> Hi,
>
> this is a long overdue update for netshot from version 0.11.0 to 0.14.0.
>
> It now contains improved and additional drivers, general improvements and
> updated libraries (vulnerabilities!).
> Release history: https://github.com/netfishers-onl/Netshot/tree/master/dist
>
> The install instructions for Debian and CentoOS have been moved to the
> wiki and are not part of the port anymore. Instead I added a pkg-readme
> with detailed instructions.
>
> I changed the port to depend exclusively on Java 1.8. Netshot depends on
> nashorn which was deprecated after Java 1.8. It might work with later Java
> versions but I did not test it yet.
>
> OK?
>
> Remi
>
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/sysutils/netshot/Makefile,v
> retrieving revision 1.6
> diff -u -p -r1.6 Makefile
> --- Makefile 12 Jul 2019 21:15:36 -0000 1.6
> +++ Makefile 27 Aug 2019 21:10:34 -0000
> @@ -2,8 +2,7 @@
>  
>  COMMENT = config backup and policy check for network devices
>  
> -V = 0.11.0
> -REVISION = 1
> +V = 0.14.0
>  DISTNAME = netshot_${V}
>  PKGNAME = ${DISTNAME:S/_/-/}
>  WRKDIST = ${WRKDIR}
> @@ -22,7 +21,7 @@ MASTER_SITES = https://github.com/netfi
>  EXTRACT_SUFX = .zip
>  
>  MODULES = java
> -MODJAVA_VER = 1.8+
> +MODJAVA_VER = 1.8
>  
>  RUN_DEPENDS = java/javaPathHelper
>  
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/sysutils/netshot/distinfo,v
> retrieving revision 1.2
> diff -u -p -r1.2 distinfo
> --- distinfo 8 Feb 2019 21:33:40 -0000 1.2
> +++ distinfo 13 Aug 2019 08:13:55 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (netshot_0.11.0.zip) = 00N9CByc4inEaWctvmG6IRBZKf95vJrhTJ0Gu5NDfhY=
> -SIZE (netshot_0.11.0.zip) = 45555732
> +SHA256 (netshot_0.14.0.zip) = 7HX9oTy/mWagcSvTPsgekNX7WTelHS7eu1lNUbNdOO8=
> +SIZE (netshot_0.14.0.zip) = 45721309
> Index: patches/patch-netshot_conf
> ===================================================================
> RCS file: /cvs/ports/sysutils/netshot/patches/patch-netshot_conf,v
> retrieving revision 1.2
> diff -u -p -r1.2 patch-netshot_conf
> --- patches/patch-netshot_conf 8 Feb 2019 21:33:40 -0000 1.2
> +++ patches/patch-netshot_conf 25 Aug 2019 21:27:25 -0000
> @@ -20,16 +20,23 @@ Index: netshot.conf
>  
>   # REST
>  -netshot.http.ssl.keystore.file = /usr/local/netshot/netshot.jks
> -+netshot.http.ssl.keystore.file = ${PREFIX}/netshot/netshot.jks
> ++netshot.http.ssl.keystore.file = ${SYSCONFDIR}/netshot.jks
>   netshot.http.ssl.keystore.pass = password
>   #netshot.http.baseurl = https://localhost
>   netshot.http.baseurl = https://0.0.0.0
> -@@ -35,7 +35,7 @@ netshot.snmptrap.community = Netsh01
> - # General settings
> - netshot.snapshots.auto.interval = 15
> +@@ -38,12 +38,12 @@ netshot.snapshots.auto.interval = 15
> + # Allow a trap received from any IP of a device to trigger an automatic snapshot
>   netshot.snapshots.auto.anyip = true
> + # After a snapshot, dump the last configuration to a file in this directory
> +-#netshot.snapshots.dump = /usr/local/netshot/dumps
> ++#netshot.snapshots.dump = ${VARBASE}/netshot/dumps
> + # Where to store the binary snapshot files
> +-netshot.snapshots.binary.path = /var/local/netshot
> ++netshot.snapshots.binary.path = ${VARBASE}/netshot
> +
> + # Where to look for additional drivers
>  -netshot.drivers.path = /usr/local/netshot/drivers
>  +netshot.drivers.path = ${PREFIX}/netshot/drivers
>  
> +
>   # Authentication
> - netshot.aaa.maxidletime = 1800
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/sysutils/netshot/pkg/PLIST,v
> retrieving revision 1.1.1.1
> diff -u -p -r1.1.1.1 PLIST
> --- pkg/PLIST 28 Aug 2018 11:25:53 -0000 1.1.1.1
> +++ pkg/PLIST 27 Aug 2019 21:08:42 -0000
> @@ -7,12 +7,11 @@ netshot/
>  netshot/netshot.jar
>  share/doc/netshot/
>  share/doc/netshot/COPYING
> -share/doc/netshot/INSTALL.Debian-Ubuntu-Mint.txt
> -share/doc/netshot/INSTALL.Redhat-CentOS.txt
>  share/doc/netshot/LICENSE.txt
>  share/doc/netshot/README.txt
>  share/doc/netshot/UPDATE.txt
>  share/doc/netshot/VERSION.txt
> +share/doc/pkg-readmes/${PKGSTEM}
>  share/examples/netshot/
>  share/examples/netshot/netshot.conf
>  @mode 0640
> @@ -21,3 +20,5 @@ share/examples/netshot/netshot.conf
>  @mode 0750
>  @owner _netshot
>  @sample ${VARBASE}/log/netshot/
> +@sample ${VARBASE}/netshot/
> +@sample ${VARBASE}/netshot/dumps
> Index: pkg/README
> ===================================================================
> RCS file: pkg/README
> diff -N pkg/README
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ pkg/README 1 Sep 2019 16:15:57 -0000
> @@ -0,0 +1,46 @@
> +$OpenBSD$
> +
> ++-----------------------------------------------------------------------
> +| Running ${PKGSTEM} on OpenBSD
> ++-----------------------------------------------------------------------
> +
> +Netshot requires a database which might be on the same server as Netshot
> +or remote. It supports PostgreSQL and MySQL/MariaDB. Below example uses
> +MariaDB on the same host.
> +
> +- Install the package mariadb-server.
> +  See ${LOCALBASE}/share/doc/pkg-readmes/mariadb-server for the first
> +  steps after the installation.
> +
> +- Create a database and a database user (change the password!):
> +  $ mysql -u root
> +  > CREATE DATABASE netshot01 CHARACTER SET utf8
> +    DEFAULT COLLATE utf8_general_ci;
> +  > GRANT ALL PRIVILEGES ON netshot01.*
> +    TO 'netshot'@'localhost' IDENTIFIED BY 'netshot';
> +  > quit
> +
> +- Check the database connection config in /etc/netshot.conf.
> +  Should netshot not start but log "The server time zone value 'CEST' is
> +  unreconized or represents more than one time zone" the connect string
> +  might be modified to look like this:
> +  netshot.db.url = jdbc:mysql://localhost/netshot01?serverTimezone=UTC
> +
> +- Create a TLS certificate in a Java keystore:
> +  # ${LOCALBASE}/jdk-1.8.0/bin/keytool -genkey -keyalg RSA -alias selfsigned \
> +    -keystore ${SYSCONFDIR}/netshot.jks -storepass password -validity 3600 \
> +    -keysize 4096
> +  # chmod 640 ${SYSCONFDIR}/netshot.jks
> +  # chgrp _netshot ${SYSCONFDIR}/netshot.jks
> +
> +- Enable and start Netshot to create the database tables.
> +  # rcctl enable netshot; rcctl start netshot
> +
> +- Add an initial application user to the database:
> +  $ mysql -u root
> +  > USE netshot01;
> +  > INSERT INTO user (level, local, username, hashed_password)
> +    VALUES (1000, 1, 'netshot', '7htrot2BNjUV/g57h/HJ/C1N0Fqrj+QQ');
> +
> +- Access Netshot with a browser on https://localhost:8443.
> +  (username 'netshot' with password 'netshot')

Reply | Threaded
Open this post in threaded view
|

Re: [update] netshot 0.14.0

Stuart Henderson
On 2019/09/09 07:53, Remi Locherer wrote:

> ping
>
> > retrieving revision 1.2
> > diff -u -p -r1.2 patch-netshot_conf
> > --- patches/patch-netshot_conf 8 Feb 2019 21:33:40 -0000 1.2
> > +++ patches/patch-netshot_conf 25 Aug 2019 21:27:25 -0000
> > @@ -20,16 +20,23 @@ Index: netshot.conf
> >  
> >   # REST
> >  -netshot.http.ssl.keystore.file = /usr/local/netshot/netshot.jks
> > -+netshot.http.ssl.keystore.file = ${PREFIX}/netshot/netshot.jks
> > ++netshot.http.ssl.keystore.file = ${SYSCONFDIR}/netshot.jks

this wants an @extra entry in PLIST

> > + # Allow a trap received from any IP of a device to trigger an automatic snapshot
> >   netshot.snapshots.auto.anyip = true
> > + # After a snapshot, dump the last configuration to a file in this directory
> > +-#netshot.snapshots.dump = /usr/local/netshot/dumps
> > ++#netshot.snapshots.dump = ${VARBASE}/netshot/dumps
> > + # Where to store the binary snapshot files
> > +-netshot.snapshots.binary.path = /var/local/netshot
> > ++netshot.snapshots.binary.path = ${VARBASE}/netshot
> > +
> > + # Where to look for additional drivers
> >  -netshot.drivers.path = /usr/local/netshot/drivers
> >  +netshot.drivers.path = ${PREFIX}/netshot/drivers
> >  
> > +
> >   # Authentication
> > - netshot.aaa.maxidletime = 1800
> > Index: pkg/PLIST
> > ===================================================================
> > RCS file: /cvs/ports/sysutils/netshot/pkg/PLIST,v
> > retrieving revision 1.1.1.1
> > diff -u -p -r1.1.1.1 PLIST
> > --- pkg/PLIST 28 Aug 2018 11:25:53 -0000 1.1.1.1
> > +++ pkg/PLIST 27 Aug 2019 21:08:42 -0000
> > @@ -7,12 +7,11 @@ netshot/
> >  netshot/netshot.jar
> >  share/doc/netshot/
> >  share/doc/netshot/COPYING
> > -share/doc/netshot/INSTALL.Debian-Ubuntu-Mint.txt
> > -share/doc/netshot/INSTALL.Redhat-CentOS.txt
> >  share/doc/netshot/LICENSE.txt
> >  share/doc/netshot/README.txt
> >  share/doc/netshot/UPDATE.txt
> >  share/doc/netshot/VERSION.txt
> > +share/doc/pkg-readmes/${PKGSTEM}
> >  share/examples/netshot/
> >  share/examples/netshot/netshot.conf
> >  @mode 0640
> > @@ -21,3 +20,5 @@ share/examples/netshot/netshot.conf
> >  @mode 0750
> >  @owner _netshot
> >  @sample ${VARBASE}/log/netshot/
> > +@sample ${VARBASE}/netshot/
> > +@sample ${VARBASE}/netshot/dumps

no trailing / so this copies the previously installed file to
${VARBASE}/netshot/dumps which I think is not what you want?

should have @extra or @extraunexec lines to remove the files which might be
created in those directories for pkg_delete -c.

> > Index: pkg/README
> > ===================================================================
> > RCS file: pkg/README
> > diff -N pkg/README
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ pkg/README 1 Sep 2019 16:15:57 -0000
> > @@ -0,0 +1,46 @@
> > +$OpenBSD$
> > +
> > ++-----------------------------------------------------------------------
> > +| Running ${PKGSTEM} on OpenBSD
> > ++-----------------------------------------------------------------------
> > +
> > +Netshot requires a database which might be on the same server as Netshot
> > +or remote. It supports PostgreSQL and MySQL/MariaDB. Below example uses
> > +MariaDB on the same host.
> > +
> > +- Install the package mariadb-server.
> > +  See ${LOCALBASE}/share/doc/pkg-readmes/mariadb-server for the first
> > +  steps after the installation.
> > +
> > +- Create a database and a database user (change the password!):
> > +  $ mysql -u root
> > +  > CREATE DATABASE netshot01 CHARACTER SET utf8
> > +    DEFAULT COLLATE utf8_general_ci;
> > +  > GRANT ALL PRIVILEGES ON netshot01.*
> > +    TO 'netshot'@'localhost' IDENTIFIED BY 'netshot';

think I'd use "IDENTIFIED BY 'password'" to make it more obvious
where the password goes, for people who aren't so familiar with sql
ops.

> > +  > quit
> > +
> > +- Check the database connection config in /etc/netshot.conf.

${SYSCONFDIR}

> > +  Should netshot not start but log "The server time zone value 'CEST' is
> > +  unreconized or represents more than one time zone" the connect string
> > +  might be modified to look like this:
> > +  netshot.db.url = jdbc:mysql://localhost/netshot01?serverTimezone=UTC
> > +
> > +- Create a TLS certificate in a Java keystore:
> > +  # ${LOCALBASE}/jdk-1.8.0/bin/keytool -genkey -keyalg RSA -alias selfsigned \

it could do with a comment next to MODJAVA_VER in the Makefile reminding to
change the path in README if changing MODJAVA_VER. (if it was MODJAVA_VER=1.8+
there's no single path that could be used here..)

> > +    -keystore ${SYSCONFDIR}/netshot.jks -storepass password -validity 3600 \
> > +    -keysize 4096
> > +  # chmod 640 ${SYSCONFDIR}/netshot.jks
> > +  # chgrp _netshot ${SYSCONFDIR}/netshot.jks
> > +
> > +- Enable and start Netshot to create the database tables.
> > +  # rcctl enable netshot; rcctl start netshot
> > +
> > +- Add an initial application user to the database:
> > +  $ mysql -u root
> > +  > USE netshot01;
> > +  > INSERT INTO user (level, local, username, hashed_password)
> > +    VALUES (1000, 1, 'netshot', '7htrot2BNjUV/g57h/HJ/C1N0Fqrj+QQ');
> > +
> > +- Access Netshot with a browser on https://localhost:8443.
> > +  (username 'netshot' with password 'netshot')
>

Reply | Threaded
Open this post in threaded view
|

Re: [update] netshot 0.14.0

Remi Locherer
On Wed, Sep 11, 2019 at 01:38:06AM +0100, Stuart Henderson wrote:

> On 2019/09/09 07:53, Remi Locherer wrote:
> > ping
> >
> > > retrieving revision 1.2
> > > diff -u -p -r1.2 patch-netshot_conf
> > > --- patches/patch-netshot_conf 8 Feb 2019 21:33:40 -0000 1.2
> > > +++ patches/patch-netshot_conf 25 Aug 2019 21:27:25 -0000
> > > @@ -20,16 +20,23 @@ Index: netshot.conf
> > >  
> > >   # REST
> > >  -netshot.http.ssl.keystore.file = /usr/local/netshot/netshot.jks
> > > -+netshot.http.ssl.keystore.file = ${PREFIX}/netshot/netshot.jks
> > > ++netshot.http.ssl.keystore.file = ${SYSCONFDIR}/netshot.jks
>
> this wants an @extra entry in PLIST
>
> > > + # Allow a trap received from any IP of a device to trigger an automatic snapshot
> > >   netshot.snapshots.auto.anyip = true
> > > + # After a snapshot, dump the last configuration to a file in this directory
> > > +-#netshot.snapshots.dump = /usr/local/netshot/dumps
> > > ++#netshot.snapshots.dump = ${VARBASE}/netshot/dumps
> > > + # Where to store the binary snapshot files
> > > +-netshot.snapshots.binary.path = /var/local/netshot
> > > ++netshot.snapshots.binary.path = ${VARBASE}/netshot
> > > +
> > > + # Where to look for additional drivers
> > >  -netshot.drivers.path = /usr/local/netshot/drivers
> > >  +netshot.drivers.path = ${PREFIX}/netshot/drivers
> > >  
> > > +
> > >   # Authentication
> > > - netshot.aaa.maxidletime = 1800
> > > Index: pkg/PLIST
> > > ===================================================================
> > > RCS file: /cvs/ports/sysutils/netshot/pkg/PLIST,v
> > > retrieving revision 1.1.1.1
> > > diff -u -p -r1.1.1.1 PLIST
> > > --- pkg/PLIST 28 Aug 2018 11:25:53 -0000 1.1.1.1
> > > +++ pkg/PLIST 27 Aug 2019 21:08:42 -0000
> > > @@ -7,12 +7,11 @@ netshot/
> > >  netshot/netshot.jar
> > >  share/doc/netshot/
> > >  share/doc/netshot/COPYING
> > > -share/doc/netshot/INSTALL.Debian-Ubuntu-Mint.txt
> > > -share/doc/netshot/INSTALL.Redhat-CentOS.txt
> > >  share/doc/netshot/LICENSE.txt
> > >  share/doc/netshot/README.txt
> > >  share/doc/netshot/UPDATE.txt
> > >  share/doc/netshot/VERSION.txt
> > > +share/doc/pkg-readmes/${PKGSTEM}
> > >  share/examples/netshot/
> > >  share/examples/netshot/netshot.conf
> > >  @mode 0640
> > > @@ -21,3 +20,5 @@ share/examples/netshot/netshot.conf
> > >  @mode 0750
> > >  @owner _netshot
> > >  @sample ${VARBASE}/log/netshot/
> > > +@sample ${VARBASE}/netshot/
> > > +@sample ${VARBASE}/netshot/dumps
>
> no trailing / so this copies the previously installed file to
> ${VARBASE}/netshot/dumps which I think is not what you want?
>
> should have @extra or @extraunexec lines to remove the files which might be
> created in those directories for pkg_delete -c.
>
> > > Index: pkg/README
> > > ===================================================================
> > > RCS file: pkg/README
> > > diff -N pkg/README
> > > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > > +++ pkg/README 1 Sep 2019 16:15:57 -0000
> > > @@ -0,0 +1,46 @@
> > > +$OpenBSD$
> > > +
> > > ++-----------------------------------------------------------------------
> > > +| Running ${PKGSTEM} on OpenBSD
> > > ++-----------------------------------------------------------------------
> > > +
> > > +Netshot requires a database which might be on the same server as Netshot
> > > +or remote. It supports PostgreSQL and MySQL/MariaDB. Below example uses
> > > +MariaDB on the same host.
> > > +
> > > +- Install the package mariadb-server.
> > > +  See ${LOCALBASE}/share/doc/pkg-readmes/mariadb-server for the first
> > > +  steps after the installation.
> > > +
> > > +- Create a database and a database user (change the password!):
> > > +  $ mysql -u root
> > > +  > CREATE DATABASE netshot01 CHARACTER SET utf8
> > > +    DEFAULT COLLATE utf8_general_ci;
> > > +  > GRANT ALL PRIVILEGES ON netshot01.*
> > > +    TO 'netshot'@'localhost' IDENTIFIED BY 'netshot';
>
> think I'd use "IDENTIFIED BY 'password'" to make it more obvious
> where the password goes, for people who aren't so familiar with sql
> ops.
>
> > > +  > quit
> > > +
> > > +- Check the database connection config in /etc/netshot.conf.
>
> ${SYSCONFDIR}
>
> > > +  Should netshot not start but log "The server time zone value 'CEST' is
> > > +  unreconized or represents more than one time zone" the connect string
> > > +  might be modified to look like this:
> > > +  netshot.db.url = jdbc:mysql://localhost/netshot01?serverTimezone=UTC
> > > +
> > > +- Create a TLS certificate in a Java keystore:
> > > +  # ${LOCALBASE}/jdk-1.8.0/bin/keytool -genkey -keyalg RSA -alias selfsigned \
>
> it could do with a comment next to MODJAVA_VER in the Makefile reminding to
> change the path in README if changing MODJAVA_VER. (if it was MODJAVA_VER=1.8+
> there's no single path that could be used here..)
>
> > > +    -keystore ${SYSCONFDIR}/netshot.jks -storepass password -validity 3600 \
> > > +    -keysize 4096
> > > +  # chmod 640 ${SYSCONFDIR}/netshot.jks
> > > +  # chgrp _netshot ${SYSCONFDIR}/netshot.jks
> > > +
> > > +- Enable and start Netshot to create the database tables.
> > > +  # rcctl enable netshot; rcctl start netshot
> > > +
> > > +- Add an initial application user to the database:
> > > +  $ mysql -u root
> > > +  > USE netshot01;
> > > +  > INSERT INTO user (level, local, username, hashed_password)
> > > +    VALUES (1000, 1, 'netshot', '7htrot2BNjUV/g57h/HJ/C1N0Fqrj+QQ');
> > > +
> > > +- Access Netshot with a browser on https://localhost:8443.
> > > +  (username 'netshot' with password 'netshot')
> >
>

Thank you for your thorough review!

Updated diff below.

OK?

Remi


Index: Makefile
===================================================================
RCS file: /cvs/ports/sysutils/netshot/Makefile,v
retrieving revision 1.6
diff -u -p -r1.6 Makefile
--- Makefile 12 Jul 2019 21:15:36 -0000 1.6
+++ Makefile 11 Sep 2019 20:00:20 -0000
@@ -2,8 +2,7 @@
 
 COMMENT = config backup and policy check for network devices
 
-V = 0.11.0
-REVISION = 1
+V = 0.14.0
 DISTNAME = netshot_${V}
 PKGNAME = ${DISTNAME:S/_/-/}
 WRKDIST = ${WRKDIR}
@@ -22,7 +21,8 @@ MASTER_SITES = https://github.com/netfi
 EXTRACT_SUFX = .zip
 
 MODULES = java
-MODJAVA_VER = 1.8+
+# when changing MODJAVA_VER: adpat jdk path in README
+MODJAVA_VER = 1.8
 
 RUN_DEPENDS = java/javaPathHelper
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/sysutils/netshot/distinfo,v
retrieving revision 1.2
diff -u -p -r1.2 distinfo
--- distinfo 8 Feb 2019 21:33:40 -0000 1.2
+++ distinfo 13 Aug 2019 08:13:55 -0000
@@ -1,2 +1,2 @@
-SHA256 (netshot_0.11.0.zip) = 00N9CByc4inEaWctvmG6IRBZKf95vJrhTJ0Gu5NDfhY=
-SIZE (netshot_0.11.0.zip) = 45555732
+SHA256 (netshot_0.14.0.zip) = 7HX9oTy/mWagcSvTPsgekNX7WTelHS7eu1lNUbNdOO8=
+SIZE (netshot_0.14.0.zip) = 45721309
Index: patches/patch-netshot_conf
===================================================================
RCS file: /cvs/ports/sysutils/netshot/patches/patch-netshot_conf,v
retrieving revision 1.2
diff -u -p -r1.2 patch-netshot_conf
--- patches/patch-netshot_conf 8 Feb 2019 21:33:40 -0000 1.2
+++ patches/patch-netshot_conf 25 Aug 2019 21:27:25 -0000
@@ -20,16 +20,23 @@ Index: netshot.conf
 
  # REST
 -netshot.http.ssl.keystore.file = /usr/local/netshot/netshot.jks
-+netshot.http.ssl.keystore.file = ${PREFIX}/netshot/netshot.jks
++netshot.http.ssl.keystore.file = ${SYSCONFDIR}/netshot.jks
  netshot.http.ssl.keystore.pass = password
  #netshot.http.baseurl = https://localhost
  netshot.http.baseurl = https://0.0.0.0
-@@ -35,7 +35,7 @@ netshot.snmptrap.community = Netsh01
- # General settings
- netshot.snapshots.auto.interval = 15
+@@ -38,12 +38,12 @@ netshot.snapshots.auto.interval = 15
+ # Allow a trap received from any IP of a device to trigger an automatic snapshot
  netshot.snapshots.auto.anyip = true
+ # After a snapshot, dump the last configuration to a file in this directory
+-#netshot.snapshots.dump = /usr/local/netshot/dumps
++#netshot.snapshots.dump = ${VARBASE}/netshot/dumps
+ # Where to store the binary snapshot files
+-netshot.snapshots.binary.path = /var/local/netshot
++netshot.snapshots.binary.path = ${VARBASE}/netshot
+
+ # Where to look for additional drivers
 -netshot.drivers.path = /usr/local/netshot/drivers
 +netshot.drivers.path = ${PREFIX}/netshot/drivers
 
+
  # Authentication
- netshot.aaa.maxidletime = 1800
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/sysutils/netshot/pkg/PLIST,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 PLIST
--- pkg/PLIST 28 Aug 2018 11:25:53 -0000 1.1.1.1
+++ pkg/PLIST 11 Sep 2019 20:40:29 -0000
@@ -3,21 +3,26 @@
 @newuser _netshot:817:_netshot:daemon:Netshot Account:/nonexistent:/sbin/nologin
 @rcscript ${RCDIR}/netshot
 netshot/
-@sample netshot/drivers/
+netshot/drivers/
 netshot/netshot.jar
 share/doc/netshot/
 share/doc/netshot/COPYING
-share/doc/netshot/INSTALL.Debian-Ubuntu-Mint.txt
-share/doc/netshot/INSTALL.Redhat-CentOS.txt
 share/doc/netshot/LICENSE.txt
 share/doc/netshot/README.txt
 share/doc/netshot/UPDATE.txt
 share/doc/netshot/VERSION.txt
+share/doc/pkg-readmes/${PKGSTEM}
 share/examples/netshot/
 share/examples/netshot/netshot.conf
 @mode 0640
 @group _netshot
 @sample ${SYSCONFDIR}/netshot.conf
+@extra ${SYSCONFDIR}/netshot.jks
 @mode 0750
 @owner _netshot
 @sample ${VARBASE}/log/netshot/
+@sample ${VARBASE}/netshot/
+@sample ${VARBASE}/netshot/dumps/
+@extraunexec rm -rf netshot/drivers/*
+@extraunexec rm -rf ${VARBASE}/netshot/dumps/*
+@extraunexec rm -rf ${VARBASE}/netshot/!(dumps)
Index: pkg/README
===================================================================
RCS file: pkg/README
diff -N pkg/README
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ pkg/README 11 Sep 2019 19:55:39 -0000
@@ -0,0 +1,46 @@
+$OpenBSD$
+
++-----------------------------------------------------------------------
+| Running ${PKGSTEM} on OpenBSD
++-----------------------------------------------------------------------
+
+Netshot requires a database which might be on the same server as Netshot
+or remote. It supports PostgreSQL and MySQL/MariaDB. Below example uses
+MariaDB on the same host.
+
+- Install the package mariadb-server.
+  See ${LOCALBASE}/share/doc/pkg-readmes/mariadb-server for the first
+  steps after the installation.
+
+- Create a database and a database user (change the password!):
+  $ mysql -u root
+  > CREATE DATABASE netshot01 CHARACTER SET utf8
+    DEFAULT COLLATE utf8_general_ci;
+  > GRANT ALL PRIVILEGES ON netshot01.*
+    TO 'netshot'@'localhost' IDENTIFIED BY 'password';
+  > quit
+
+- Check the database connection config in ${SYSCONFDIR}/netshot.conf.
+  Should netshot not start but log "The server time zone value 'CEST' is
+  unreconized or represents more than one time zone" the connect string
+  might be modified to look like this:
+  netshot.db.url = jdbc:mysql://localhost/netshot01?serverTimezone=UTC
+
+- Create a TLS certificate in a Java keystore:
+  # ${LOCALBASE}/jdk-1.8.0/bin/keytool -genkey -keyalg RSA -alias selfsigned \
+    -keystore ${SYSCONFDIR}/netshot.jks -storepass password -validity 3600 \
+    -keysize 4096
+  # chmod 640 ${SYSCONFDIR}/netshot.jks
+  # chgrp _netshot ${SYSCONFDIR}/netshot.jks
+
+- Enable and start Netshot to create the database tables.
+  # rcctl enable netshot; rcctl start netshot
+
+- Add an initial application user to the database:
+  $ mysql -u root
+  > USE netshot01;
+  > INSERT INTO user (level, local, username, hashed_password)
+    VALUES (1000, 1, 'netshot', '7htrot2BNjUV/g57h/HJ/C1N0Fqrj+QQ');
+
+- Access Netshot with a browser on https://localhost:8443.
+  (username 'netshot' with password 'netshot')