Page MenuHomeFreeBSD

net-mgmt/librenms: Update to 1.35, many improvements

Authored by feld on Jan 14 2018, 3:59 PM.
Referenced Files
Unknown Object (File)
Fri, Jan 27, 12:06 PM
Unknown Object (File)
Thu, Jan 12, 8:28 AM
Unknown Object (File)
Jan 7 2023, 6:30 AM
Unknown Object (File)
Jan 2 2023, 2:59 AM
Unknown Object (File)
Dec 26 2022, 1:24 AM
Unknown Object (File)
Dec 25 2022, 11:49 PM
Unknown Object (File)
Dec 24 2022, 2:32 PM
Unknown Object (File)
Dec 20 2022, 4:46 PM



Update to 1.35


  • All files should be owned root:wheel except logs and rrd which need to be writable by the app
  • Add missing php posix extension
  • Do not install config.php by default. This breaks the install process which won't run if this file exists
  • Clean up automatic PLIST creation: don't install .orig or .bak files, don't add @dir as they aren't needed
  • Patch LibreNMS to make /validate/ page not produce warnings about files not being writable (for git updates)
  • Remove the Updates validation check altogether as we won't be using git to update
  • Patch the User validation check to only check the logs and rrd dir and ensure the correct user owns them
  • Change the default user in the generated config to "www"
  • Patch the File Lock code to put the lock file in /tmp and not in the WWWDIR which should not be writable
  • Update message in installer to use WWWDIR as suggested path for config.php
  • Use shebangfix instead of patch where applicable
  • Fix APACHEMOD port option and declaration of the USES=php

I may have forgotten something but this is the bulk of it.

Previously the LibreNMS port/package was not very easy to install or use and the result was an insecure
mess. Upsteam projects too often expect users to "git checkout" and run
everything in a directory writable by the www user which makes it a
juicy target for exploits.

Diff Detail

rP FreeBSD ports repository
No Lint Coverage
No Test Coverage
Build Status
Buildable 14468
Build 14613: arc lint + arc unit

Event Timeline


I have thought about moving config.php to /usr/local/etc and providing a symlink


That would be a simple change to the port but I'd like to avoid piling on even *more* changes in this review. My goal with this was to

  1. make it possible for a user to install the package and follow upstream docs to setup
  2. make it more "FreeBSD & packaged friendly"
  3. secure it out of the box

I have a few more improvements up my sleeve and I can include that in the next round.



I'm also considering moving the graph data to /var/db/librenms

@dvl @feld Lets commit this one and leave the other changes proposed for the next version to come

This revision is now accepted and ready to land.Jan 15 2018, 7:28 PM

Do not silence any of the steps in do-install

Add newsyslog config file so logs get rotated

This revision now requires review to proceed.Jan 18 2018, 7:54 PM


Just adding this one little feature before committing as gigantic logs
are going to bite someone someday.

Actually not going to commit with the newsyslog.conf because I hate the way this is handled right now in FreeBSD. The "include" statement in /etc/newsyslog.conf will grab every file so we can't even install with a .sample so users can customize log rotation to their liking...

This revision was not accepted when it landed; it landed in state Needs Review.Jan 18 2018, 8:22 PM
This revision was automatically updated to reflect the committed changes.