- Compile without /dev/kmem access. This requires a small patch which
opens libkvm in a dummy mode which uses sysctls to implement most of
its interfaces rather than /dev/kmem access. This way we can drop the
dependency on /dev/kmem without rewriting existing code.
- Add a new snmpd user. Configure snmpd to drop privileges once it's
finished initialization.
- Remove the JAIL option. Now that snmpd avoids using /dev/kmem,
there's no need to have a special mode for running snmpd in jails.
The patch has been proposed upstream here:
https://sourceforge.net/p/net-snmp/mailman/net-snmp-coders/thread/ZjEwNV5BiTOQ-Adi%40nuc/#msg58766857
Approved by: zi
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45031
Benthos solves common data engineering tasks such as transformations,
integrations, and multiplexing with declarative and unit testable
configuration. This allows you to easily and incrementally adapt your data
pipelines as requirements change, letting you focus on the more exciting stuff.
Benthos is able to glue a wide range of sources and sinks together and hook
into a variety of databases, caches, HTTP APIs, lambdas and more, enabling you
to seamlessly drop it into your existing infrastructure.
Orchestrator is a replication topology manager for MySQL.
Features include:
* The topology and status of the replication tree is automatically detected
and monitored.
* Either a GUI, CLI or API can be used to check the status and perform
operations.
* Supports automatic failover of the master, and the replication tree can
be fixed when servers in the tree fail - either manually or automatically.
* It is not dependent on any specific version or flavor of MySQL (MySQL,
Percona Server, MariaDB or even MaxScale binlog servers).
* Orchestrator supports many different types of topologies, from a single
master -> slave to complex multi-layered replication trees consisting of
hundreds of servers.
* Orchestrator can make topology changes and will do so based on the state
at that moment; it does not require a configuration to be defined with what
corresponds to the database topology.
* The GUI is not only there to report the status - one of the cooler things
you can do is change replication just by doing a drag and drop in the web
interface (of course you can do this and much more through the CLI and API
as well).
- Update to 23.0.6
- Add keycloak user and group
- Add pkg-message
- Add support for development(start-dev) and production (start) mode at rc script
- Export JAVA_HOME from rc script
- Add keycloak build function into rc script
PR: 275658 276859
Approved by: maintainer timeout (2 weeks)
Cert Spotter is a Certificate Transparency log monitor from SSLMate
that alerts you when an SSL/TLS certificate is issued for one of your
domains. Cert Spotter is easier to use than other open source CT
monitors, since it does not require a database. It's also more robust,
since it uses a special certificate parser that ensures it won't miss
certificates.
KeyDB is a high performance fork of Redis with a focus on multithreading,
memory efficiency, and high throughput. In addition to performance
improvements, KeyDB offers features such as Active Replication, FLASH
Storage and Subkey Expires. KeyDB has a MVCC architecture that allows you
to execute queries such as KEYS and SCAN without blocking the database and
degrading performance.
KeyDB maintains full compatibility with the Redis protocol, modules, and
scripts. This includes the atomicity guarantees for scripts and transactions.
Because KeyDB keeps in sync with Redis development KeyDB is a superset of
Redis functionality, making KeyDB a drop in replacement for existing Redis
deployments.
On the same hardware KeyDB can achieve significantly higher throughput than
Redis. Active-Replication simplifies hot-spare failover allowing you to
easily distribute writes over replicas and use simple TCP based load
balancing/failover. KeyDB's higher performance allows you to do more on less
hardware which reduces operation costs and complexity.
WWW: https://docs.keydb.dev/
Galène (or Galene) is a videoconference server (an “SFU”) that is easy to
deploy and that requires moderate server resources. It was originally designed
for lectures, conferences and student tutorials, but is also useful for
traditional meetings.
Galène has been used in production at two major universities (Université de
Paris and Sorbonne Université) for lectures, practicals, seminars, and for
staff meetings. It has been used to host two conferences (SOCS'2020 and
JFLA'2021).
This is a DKIM signing and verification milter. It has been tested
with both Postfix and Sendmail.
Of note: this supports RFC8463 ED25519-SHA256 DKIM signatures
A few minor changes made to submitted patch:
* Switch PORTVERSION to DISTVERSION
* Use USES= localbase for UPNP option
* Disable autodetection of sqlite when WALLET option is selected
* Fix plist for net-p2p/namecoin-utils
Changelog: https://github.com/namecoin/namecoin-core/releases/tag/nc24.0
PR: 270753
plocate is a locate(1) based on posting lists, completely replacing mlocate
with a much faster (and smaller) index. It is suitable as a default locate on
your system. Like mlocate and slocate, the returned file set is
user-dependent, ie. a user will only see a file if find(1) would list it (all
directories from the root have +rx permissions).
WWW: https://plocate.sesse.net/
PR: 270657
TeleIRC is a Go implementation of a Telegram <=> IRC bridge. TeleIRC
works with any IRC channel and Telegram group. It bridges messages
between a Telegram group and an IRC channel.
PR: 265916
Approved by: Jesús Daniel Colmenares Oviedo (maintainer)
Sopel is a simple, lightweight, open source, easy-to-use IRC Utility
bot, written in Python. It's designed to be easy to use, run and
extend.
PR: 265807
Approved by: Jesús Daniel Colmenares Oviedo (maintainer)
Create an unprivileged user/group for their execution.
Also, add the cron file and update the rc.d script.
PR: 270433
Reported by: r@rfmoz.eu
Approved by: jeremy@smart-serv.net (maintainer)
Jellyfin is the volunteer-built media solution that
puts you in control of your media.
Stream to any device from your own server, with no strings attached.
Your media, your server, your way.
WWW: https://jellyfin.org/
Maintainer becomes submitter. Already maintainer of other ports.
Port installs binaries downloaded from a website without any
local compilation. The submitter has done the same for numerous
previous ports due to difficulties in locally building .NET based
ports. See PR for some discussion.
PR: 269754
Approved by: flo (mentor)
Differential Revision: https://reviews.freebsd.org/D38861
Apple push notification daemon for dovecot.
Together with dovecot-xaps-plugin, this will enable push email
for iOS devices that talk to your dovecot IMAP server.
WWW: https://github.com/freswa/dovecot-xaps-daemon
Submitter becomes maintainer. Is already maintainer of other ports.
PR: 269748
Approved by: flo (mentor)
Differential Revision: https://reviews.freebsd.org/D38779
To reduce conflicts with other packages and improve security, avoid
using the uucp UID and GID. This avoids potential conflicts with the
net/freebsd-uucp port.
Users who wish to continue using the uucp user and group may add
NUT_USER=uucp and NUT_GROUP=uucp to their make.conf.
PR: 268960
Reported by: delphij
MFH: 2023Q1
Includes adding a new group "pot" which is used to grant
unprivileged users access to read-only pot commands.
Depend on security/signify for pot image signatures.
While there, add a stub man page so users entering `man pot` see
something slightly useful, readd pkg-message.in to package.
Add a longer pkg-descr to make portlint happy.
Approved by: pizzamig (maintainer)
pgagroal is a high-performance protocol-native connection pool for
PostgreSQL. Which features High performance, Connection pool, Limit
connections for users and databases, Prefill support, Remove idle
connections, Connection validation, Enable / disable database access,
Graceful / fast shutdown, Prometheus support, Grafana 8 dashboard,
Remote management, Authentication query support, Failover support,
Transport Layer Security (TLS) v1.2+ support, Daemon support, User
vault, Lightweight connection pooler for PostgreSQL.
WWW: https://agroal.github.io/pgagroal/
Sponsored by: Bounce Experts
Loki is a horizontally-scalable, highly-available, multi-tenant log
aggregation system inspired by Prometheus. It is designed to be very
cost effective and easy to operate. It does not index the contents of
the logs, but rather a set of labels for each log stream.
WWW: https://github.com/grafana/loki
PR: 256030
With GoToSocial, you can keep in touch with your friends, post, read,
and share images and articles. All without being tracked or advertised
to!
GoToSocial provides a lightweight, customizable, and safety-focused
entryway into the Fediverse, and is comparable to (but distinct from)
existing projects such as Mastodon, Pleroma, Friendica, and PixelFed.
WWW: https://docs.gotosocial.org/en/latest/
devel/py-buildbot and devel/py-buildbot-worker requires a user buildbot
which is used in the rc script to drop privileges to unfortunately the
respective users and group do not exist.
PR: 248233
Reported by: ari@ish.com.au
- Add nats to UIDs and GIDs
- Add extra commands for logrotate and 'lame duck mode'.
From the docs:
In production we recommend that a server is shut down with "lame duck mode"
as a graceful way to slowly evict clients. With large deployments this
mitigates the "thundering herd" situation that will place CPU pressure on
servers as TLS enabled clients reconnect.
After entering lame duck mode, the server will stop accepting new
connections, wait for a 10 second grace period, then begin to evict clients
over a period of time configurable by the configuration option. This
period defaults to 2 minutes.
