for now the node-modules-cp-online-24.04.13-2.tar.gz is only at https://people.freebsd.org/~jsm/node-modules-cp-online-24.04.13-2.tar.gz (not copied to distfiles) the changes to the LibreOffice makefile is only the postinstall part. the broken API part is an old part ig...

Last time I tried to port it in https://reviews.freebsd.org/D34051 the main obstacle was that COOL uses various Linux-specific features to jail its processes. I reached the stage when it runs, but in an "insecure" mode, which isn't ready for the production. To properly port this software a lot of upstream work was required.

Did something changed in that regard, or you just took sources from GitHub and wrapped them into a port?

In D49636#1131583, @arrowd wrote:

Last time I tried to port it in https://reviews.freebsd.org/D34051 the main obstacle was that COOL uses various Linux-specific features to jail its processes. I reached the stage when it runs, but in an "insecure" mode, which isn't ready for the production. To properly port this software a lot of upstream work was required.

Did something changed in that regard, or you just took sources from GitHub and wrapped them into a port?

Yes I noted as well the highly linux specific security model. I use setuid bit for coolmount with upstreams username check, and chroot by normal user with security.bsd.unprivileged_chroot = 1. So everything runs as a normal user except for the null_mounts. (wrapped in coolmount) I did unfortunately not know of you prior work...

I think the proper way to port this software would be to approach upstream and merge our patches there, then wait for a new release.

As for jailing approach - I was thinking on utilizing jail(2) call directly to lockdown COOL worker processes. This of course would require going a completely different code path for jail creation.

In D49636#1231396, @jsm wrote:

use autoreconf for bundled liborcus, and use a TMP_PLIST for collabora-office

BTW, why not use mdds and liborcus from ports? They are already present for libreoffice

In D49636#1231458, @fluffy wrote:

In D49636#1231396, @jsm wrote:

use autoreconf for bundled liborcus, and use a TMP_PLIST for collabora-office

BTW, why not use mdds and liborcus from ports? They are already present for libreoffice

The ports version is too new for the collabora tag in libreoffice core.

Thanks for your work on this! Too busy with life to build and test it at the moment, but hope to find time one day to add this to my Nextcloud server.

Just skimming through the conversations, it looks like your mention running processes in a jail? So, is it required to install and run 'net/collabora' on a FreeBSD host? My understanding is jail commands are typically run by root on a host system.

Personally, I run most applications in separate jails for ease of maintenance, so not sure if that is possible if 'net/collabora' is calling jail commands?

Thanks again!