From nobody Sat Jun 24 21:42:44 2023
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QpSJb3xV9z4hp28
	for <freebsd-ports@mlmmj.nyi.freebsd.org>; Sat, 24 Jun 2023 21:42:55 +0000 (UTC)
	(envelope-from SRS0=p6JT=CM=quip.cz=000.fbsd@elsa.codelab.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QpSJZ4XqVz3GnM;
	Sat, 24 Jun 2023 21:42:54 +0000 (UTC)
	(envelope-from SRS0=p6JT=CM=quip.cz=000.fbsd@elsa.codelab.cz)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=none (mx1.freebsd.org: domain of "SRS0=p6JT=CM=quip.cz=000.fbsd@elsa.codelab.cz" has no SPF policy when checking 94.124.105.4) smtp.mailfrom="SRS0=p6JT=CM=quip.cz=000.fbsd@elsa.codelab.cz";
	dmarc=none
Received: from elsa.codelab.cz (localhost [127.0.0.1])
	by elsa.codelab.cz (Postfix) with ESMTP id B5BD6D788C;
	Sat, 24 Jun 2023 23:42:45 +0200 (CEST)
Received: from [192.168.145.49] (ip-89-177-27-225.bb.vodafone.cz [89.177.27.225])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by elsa.codelab.cz (Postfix) with ESMTPSA id AC93ED788B;
	Sat, 24 Jun 2023 23:42:44 +0200 (CEST)
Message-ID: <c252b857-8657-843f-7619-e5ec55b1c9db@quip.cz>
Date: Sat, 24 Jun 2023 23:42:44 +0200
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101
 Thunderbird/102.10.1
Subject: Re: Is it possible to build node package as single executable binary?
To: Hiroki Tagato <tagattie@FreeBSD.org>,
 FreeBSD Ports <freebsd-ports@freebsd.org>
References: <c50228d7-63c7-0e5c-7b38-d9e4c5a3e795@quip.cz>
 <5be6c0d2-5d71-38c9-028a-8ce065102be9@FreeBSD.org>
Content-Language: cs-Cestina
From: Miroslav Lachman <000.fbsd@quip.cz>
In-Reply-To: <5be6c0d2-5d71-38c9-028a-8ce065102be9@FreeBSD.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spamd-Result: default: False [-0.80 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	AUTH_NA(1.00)[];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-0.996];
	FORGED_SENDER(0.30)[000.fbsd@quip.cz,SRS0=p6JT=CM=quip.cz=000.fbsd@elsa.codelab.cz];
	MIME_GOOD(-0.10)[text/plain];
	MIME_TRACE(0.00)[0:+];
	RCPT_COUNT_TWO(0.00)[2];
	R_SPF_NA(0.00)[no SPF record];
	ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ];
	MLMMJ_DEST(0.00)[freebsd-ports@freebsd.org];
	TO_DN_ALL(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	RCVD_COUNT_THREE(0.00)[3];
	MID_RHS_MATCH_FROM(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	R_DKIM_NA(0.00)[];
	FROM_HAS_DN(0.00)[];
	DMARC_NA(0.00)[quip.cz];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	ARC_NA(0.00)[];
	FROM_NEQ_ENVFROM(0.00)[000.fbsd@quip.cz,SRS0=p6JT=CM=quip.cz=000.fbsd@elsa.codelab.cz]
X-Rspamd-Queue-Id: 4QpSJZ4XqVz3GnM
X-Spamd-Bar: /
X-ThisMailContainsUnwantedMimeParts: N

On 23/06/2023 13:11, Hiroki Tagato wrote:
> Hi Miroslav,
> 
> I have a WIP port of Bitwarden CLI in my forked ports repository.
> 
> Take a look at:
> https://github.com/tagattie/freebsd-ports/tree/main/security/bitwarden-cli
> 
> It generates a single binary executable "bw" by packaging the node 
> command and necessary node modules. I have only lightly tested the 
> package on FreeBSD 13/amd64 and it seems working.

Hello.
I built it in poudriere, installed on target server but it failed to run:

# bw -h
pkg/prelude/bootstrap.js:1876
       throw error;
       ^

Error: 
/tmp/pkg/3f7546d249992c0f148a46a96767b364fe2616ab97eacd2ea346785f0bee0134/argon2/lib/binding/napi-v3/argon2.node: 
mmap of data failed: Permission denied
     at process.dlopen (pkg/prelude/bootstrap.js:2255:28)
     at Object.Module._extensions..node 
(node:internal/modules/cjs/loader:1189:18)
     at Module.load (node:internal/modules/cjs/loader:981:32)
     at Function.Module._load (node:internal/modules/cjs/loader:822:12)
     at Module.require (node:internal/modules/cjs/loader:1005:19)
     at Module.require (pkg/prelude/bootstrap.js:1855:31)
     at require (node:internal/modules/cjs/helpers:102:18)
     at Object.<anonymous> 
(/snapshot/wrkdirs/overlays/mfh_overlay/security/bitwarden-cli/work/clients-cli-v2023.4.0/node_modules/argon2/argon2.js:9:25)
     at Module._compile (pkg/prelude/bootstrap.js:1930:22)
     at Object.Module._extensions..js 
(node:internal/modules/cjs/loader:1159:10) {
   code: 'ERR_DLOPEN_FAILED'
}


Then I found it is because we have /tmp mounted with nosuid, noexec set 
for security reason.
When I remounted /tmp with exec, the bw from package runs without error.

Do you know why this packaged "bw" needs /tmp to be executable while 
"bw" installed by "npm install" works with noexec set on /tmp?

Is there a way to fix it? I really would like to keep /tmp noexec.

Kind regards
Miroslav Lachman