import ports/net/guacamole, ok aja@

Apache Guacamole is a remote desktop gateway. It allows users to connect
using an HTML5 web browser and access systems using standard remote client
protocols like VNC, RDP, and SSH.

It comprises "guacamole-client", the front-end web application written
in Java which accepts connections from end-users web browsers, and
"guacamole-server" (the guacd proxy daemon and related libraries,
written in C), which runs on a gateway machine, accepting connections
from guacamole-client and connecting out to remote machines using their
standard protocol. Both guacamole-client and guacamole-server can run
on the same machine.

net/guacamole/Makefile

@@ -0,0 +1,5 @@
+SUBDIR =
+SUBDIR += client
+SUBDIR += server
+
+.include <bsd.port.subdir.mk>

net/guacamole/Makefile.inc

@@ -0,0 +1,9 @@
+V?=		1.4.0
+
+CATEGORIES=	net
+HOMEPAGE=	https://guacamole.apache.org/
+
+MAINTAINER=	Stuart Henderson <stu.ports@spacehopper.org>
+
+# Apache 2.0
+PERMIT_PACKAGE=	Yes

net/guacamole/client/Makefile

@@ -0,0 +1,71 @@
+MASTER_SITES=	${MASTER_SITE_APACHE:=guacamole/$V/binary/}
+DISTNAME=	guacamole-$V
+DISTFILES=	guacamole-$V.war
+
+COMMENT-main=	clientless remote desktop gateway, web application
+COMMENT-duo=	Guacamole extension for Duo authentication
+COMMENT-header=	Guacamole extension for HTTP header authentication
+COMMENT-jdbc=	Guacamole extension for database authentication via JDBC
+COMMENT-json=	Guacamole extension for encrypted JSON authentication
+COMMENT-quickconnect=	Guacamole extension for URI-based connections
+COMMENT-ldap=	Guacamole extension for LDAP authentication
+COMMENT-sso=	Guacamole extension for various single-sign-on providers
+COMMENT-totp=	Guacamole extension for TOTP (time-based OTP)
+
+MULTI_PACKAGES=	-main
+# sso [cas, openid, saml]
+AUTHS=		duo header jdbc json quickconnect ldap sso totp
+.for a in ${AUTHS}
+MULTI_PACKAGES+= -$a
+DISTFILES+=	guacamole-auth-$a-$V.tar.gz
+EXTRACT_ONLY+=	guacamole-auth-$a-$V.tar.gz
+PKGNAME-$a=	guacamole-auth-$a-$V
+.endfor
+
+MASTER_SITES0=	https://
+
+# hold at 9.x MS driver; 10.x defaults to using TLS encryption and needs
+# a connection string to disable, but guacamole-auth-jdbc-sqlserver doesn't
+# allow setting this, only host/user/pass.
+.for liburl libjar libver in \
+	github.com/microsoft/mssql-jdbc/releases/download/v9.4.1 mssql-jdbc -9.4.1.jre8 \
+	jdbc.postgresql.org/download postgresql -42.3.3 \
+	downloads.mariadb.com/Connectors/java/connector-java-2.7.3 mariadb-java-client -2.7.3
+DISTFILES+=	{${liburl}/}${libjar}${libver}.jar:0
+LIBS+=		${libjar}${libver}.jar ${libjar}.jar
+.endfor
+
+RUN_DEPENDS=	www/tomcat/v9
+
+NO_BUILD=	Yes
+NO_TEST=	Yes
+WRKDIST=	${WRKDIR}
+
+do-install:
+	${INSTALL_DATA_DIR} ${PREFIX}/share/guacamole{,/extensions,/lib} \
+	    ${PREFIX}/share/examples/guacamole
+	${INSTALL_DATA} ${FULLDISTDIR}/guacamole-$V.war \
+	    ${PREFIX}/share/guacamole/guacamole.war
+	${INSTALL_DATA} ${FILESDIR}/{guacamole.properties,user-mapping.xml} \
+	    ${PREFIX}/share/examples/guacamole/
+
+.for a in ${AUTHS}
+	cd ${PREFIX}/share/guacamole/extensions; \
+	for i in `find ${WRKSRC}/guacamole-auth-$a-$V -name '*.jar'`; do \
+	    ${INSTALL_DATA} $$i `basename $$i | sed s/-$V//`; \
+	done
+	cd ${WRKSRC}/guacamole-auth-$a-$V; \
+	[ -d doc ] && (cd doc; for i in `find . -type f`; do \
+		${INSTALL_DATA_DIR} ${PREFIX}/share/doc/guacamole-auth-$a/`dirname $$i`; \
+		${INSTALL_DATA} $$i ${PREFIX}/share/doc/guacamole-auth-$a/$$i; \
+	done ); \
+	for i in `find . -type f -and -path '*/schema/*'`; do \
+		${INSTALL_DATA_DIR} ${PREFIX}/share/doc/guacamole-auth-$a/`dirname $$i`; \
+		${INSTALL_DATA} $$i ${PREFIX}/share/doc/guacamole-auth-$a/$$i; \
+	done
+.endfor
+.for i j in ${LIBS}
+	${INSTALL_DATA} ${FULLDISTDIR}/$i ${PREFIX}/share/guacamole/lib/$j
+.endfor
+
+.include <bsd.port.mk>

net/guacamole/client/distinfo

@@ -0,0 +1,24 @@
+SHA256 (guacamole-1.4.0.war) = kvsG486P5Pky3f3/11o1LAarWNO9CpRvqlvtpz6FkvA=
+SHA256 (guacamole-auth-duo-1.4.0.tar.gz) = YpF+JcubbH4IxeE9pDMIRp+lirMXzX4fnhQOyU5KL9o=
+SHA256 (guacamole-auth-header-1.4.0.tar.gz) = P1SRc3sylQVpSdI1Eg3KYO6VGMlRsJJxeA3d8VFmqd4=
+SHA256 (guacamole-auth-jdbc-1.4.0.tar.gz) = R/TxIcrXSrZNW689FOj3CWd6JrMFgAWpdyd6B3FtTZw=
+SHA256 (guacamole-auth-json-1.4.0.tar.gz) = c5jwSuFjDJMknttPDyZ8pDs7pmci8j0T4FrPfXmoBGg=
+SHA256 (guacamole-auth-ldap-1.4.0.tar.gz) = 8oSIcXsmFopTluEl7H+/8bcmimWMYQD2rRu/vRihd3k=
+SHA256 (guacamole-auth-quickconnect-1.4.0.tar.gz) = XE9sXVgbdCC/ZY0WvlhanvRJnD2rrBSsQom3NkBmURc=
+SHA256 (guacamole-auth-sso-1.4.0.tar.gz) = Ve9q2sO+t1M2G2fq3aHHic4//HD+dHlOnd73DY5ri4w=
+SHA256 (guacamole-auth-totp-1.4.0.tar.gz) = TExTkO7LaNHfB+Ffolgp5RoHnUqDiHxeQXrI10GeeHs=
+SHA256 (mariadb-java-client-2.7.3.jar) = fII7L4/dpSKn925pyyh0grRiR8E1xMRLJ7mPsq4JJ0c=
+SHA256 (mssql-jdbc-9.4.1.jre8.jar) = lp17yoV3xKpKPuPR7iPloBFPxQNvC/ThLF+MjLYtHE8=
+SHA256 (postgresql-42.3.3.jar) = 7tBgT1ErpEgXlU3pmgfipUcKpL/LSB1OY6k+D/Dgrt4=
+SIZE (guacamole-1.4.0.war) = 13011205
+SIZE (guacamole-auth-duo-1.4.0.tar.gz) = 3596849
+SIZE (guacamole-auth-header-1.4.0.tar.gz) = 3566935
+SIZE (guacamole-auth-jdbc-1.4.0.tar.gz) = 16486378
+SIZE (guacamole-auth-json-1.4.0.tar.gz) = 11511282
+SIZE (guacamole-auth-ldap-1.4.0.tar.gz) = 9575832
+SIZE (guacamole-auth-quickconnect-1.4.0.tar.gz) = 3584581
+SIZE (guacamole-auth-sso-1.4.0.tar.gz) = 22414937
+SIZE (guacamole-auth-totp-1.4.0.tar.gz) = 4769666
+SIZE (mariadb-java-client-2.7.3.jar) = 621971
+SIZE (mssql-jdbc-9.4.1.jre8.jar) = 1346757
+SIZE (postgresql-42.3.3.jar) = 1039047

net/guacamole/client/files/guacamole.properties

@@ -0,0 +1,6 @@
+# In many cases, this can be left at the default.
+# See https://guacamole.apache.org/doc/gug/configuring-guacamole.html
+
+#guacd-host:	localhost
+#guacd-port:	4822
+#guacd-ssl:	true     # requires configuration in guacd

net/guacamole/client/files/user-mapping.xml

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- Guacamole's default authentication module uses this XML file.
+
+  Each user is specified in an <authorize> tag, which contains a set of
+  <connection> tags describing the connections available to that user.
+  Many parameters are available including wake-on-lan, session recording
+  and others.
+
+  As an alternative to this XML file, various databases and other
+  methods can be used via extensions.
+
+  For more details about configuration, see
+  https://guacamole.apache.org/doc/gug/configuring-guacamole.html -->
+
+<user-mapping>
+    <authorize username="guacamole" password="guacamole">
+	<!-- connection name="vnc">
+		<protocol>vnc</protocol>
+		<param name="hostname">localhost</param>
+		<param name="port">5901</param>
+		<param name="password">somepass, optional</param>
+	</connection -->
+	<!-- connection name="rdp">
+		<protocol>rdp</protocol>
+		<param name="hostname">localhost</param>
+		<param name="port">3389</param>
+	</connection> -->
+	<connection name="ssh">
+		<protocol>ssh</protocol>
+		<param name="hostname">localhost</param>
+		<param name="port">22</param>
+		<param name="font-name">monospace</param>
+	</connection>
+    </authorize>
+</user-mapping>

net/guacamole/client/pkg/DESCR-duo

@@ -0,0 +1 @@
+Guacamole extension for Duo authentication.

net/guacamole/client/pkg/DESCR-header

@@ -0,0 +1 @@
+Guacamole extension for HTTP header authentication.

net/guacamole/client/pkg/DESCR-jdbc

@@ -0,0 +1 @@
+Guacamole extension for database authentication via JDBC.

net/guacamole/client/pkg/DESCR-json

@@ -0,0 +1 @@
+Guacamole extension for encrypted JSON authentication.

net/guacamole/client/pkg/DESCR-ldap

@@ -0,0 +1 @@
+Guacamole extension for LDAP authentication.

net/guacamole/client/pkg/DESCR-main

@@ -0,0 +1,13 @@
+Apache Guacamole is a remote desktop gateway. It allows users to connect
+using an HTML5 web browser and access systems using standard remote client
+protocols like VNC, RDP, and SSH.
+
+It comprises "guacamole-client", the front-end web application written
+in Java which accepts connections from end-users web browsers, and
+"guacamole-server" (the guacd proxy daemon and related libraries,
+written in C), which runs on a gateway machine, accepting connections
+from guacamole-client and connecting out to remote machines using their
+standard protocol. Both guacamole-client and guacamole-server can run
+on the same machine.
+
+This package provides "guacamole-client".

net/guacamole/client/pkg/DESCR-quickconnect

@@ -0,0 +1 @@
+Guacamole extension for URI-based connections.

net/guacamole/client/pkg/DESCR-sso

@@ -0,0 +1 @@
+Guacamole extension for various single-sign-on providers (CAS, OpenID, SAML).

net/guacamole/client/pkg/DESCR-totp

@@ -0,0 +1 @@
+Guacamole extension for TOTP (time-based OTP).

net/guacamole/client/pkg/PLIST-duo

@@ -0,0 +1,2 @@
+share/guacamole/extensions/
+share/guacamole/extensions/guacamole-auth-duo.jar

net/guacamole/client/pkg/PLIST-header

@@ -0,0 +1,2 @@
+share/guacamole/extensions/
+share/guacamole/extensions/guacamole-auth-header.jar

net/guacamole/client/pkg/PLIST-jdbc

@@ -0,0 +1,43 @@
+share/doc/guacamole-auth-jdbc/
+share/doc/guacamole-auth-jdbc/mysql/
+share/doc/guacamole-auth-jdbc/mysql/schema/
+share/doc/guacamole-auth-jdbc/mysql/schema/001-create-schema.sql
+share/doc/guacamole-auth-jdbc/mysql/schema/002-create-admin-user.sql
+share/doc/guacamole-auth-jdbc/mysql/schema/upgrade/
+share/doc/guacamole-auth-jdbc/mysql/schema/upgrade/upgrade-pre-0.8.2.sql
+share/doc/guacamole-auth-jdbc/mysql/schema/upgrade/upgrade-pre-0.9.10.sql
+share/doc/guacamole-auth-jdbc/mysql/schema/upgrade/upgrade-pre-0.9.11.sql
+share/doc/guacamole-auth-jdbc/mysql/schema/upgrade/upgrade-pre-0.9.13.sql
+share/doc/guacamole-auth-jdbc/mysql/schema/upgrade/upgrade-pre-0.9.14.sql
+share/doc/guacamole-auth-jdbc/mysql/schema/upgrade/upgrade-pre-0.9.6.sql
+share/doc/guacamole-auth-jdbc/mysql/schema/upgrade/upgrade-pre-0.9.7.sql
+share/doc/guacamole-auth-jdbc/mysql/schema/upgrade/upgrade-pre-0.9.8.sql
+share/doc/guacamole-auth-jdbc/mysql/schema/upgrade/upgrade-pre-0.9.9.sql
+share/doc/guacamole-auth-jdbc/mysql/schema/upgrade/upgrade-pre-1.0.0.sql
+share/doc/guacamole-auth-jdbc/postgresql/
+share/doc/guacamole-auth-jdbc/postgresql/schema/
+share/doc/guacamole-auth-jdbc/postgresql/schema/001-create-schema.sql
+share/doc/guacamole-auth-jdbc/postgresql/schema/002-create-admin-user.sql
+share/doc/guacamole-auth-jdbc/postgresql/schema/upgrade/
+share/doc/guacamole-auth-jdbc/postgresql/schema/upgrade/upgrade-pre-0.9.10.sql
+share/doc/guacamole-auth-jdbc/postgresql/schema/upgrade/upgrade-pre-0.9.11.sql
+share/doc/guacamole-auth-jdbc/postgresql/schema/upgrade/upgrade-pre-0.9.13.sql
+share/doc/guacamole-auth-jdbc/postgresql/schema/upgrade/upgrade-pre-0.9.14.sql
+share/doc/guacamole-auth-jdbc/postgresql/schema/upgrade/upgrade-pre-0.9.7.sql
+share/doc/guacamole-auth-jdbc/postgresql/schema/upgrade/upgrade-pre-0.9.8.sql
+share/doc/guacamole-auth-jdbc/postgresql/schema/upgrade/upgrade-pre-0.9.9.sql
+share/doc/guacamole-auth-jdbc/postgresql/schema/upgrade/upgrade-pre-1.0.0.sql
+share/doc/guacamole-auth-jdbc/sqlserver/
+share/doc/guacamole-auth-jdbc/sqlserver/schema/
+share/doc/guacamole-auth-jdbc/sqlserver/schema/001-create-schema.sql
+share/doc/guacamole-auth-jdbc/sqlserver/schema/002-create-admin-user.sql
+share/doc/guacamole-auth-jdbc/sqlserver/schema/upgrade/
+share/doc/guacamole-auth-jdbc/sqlserver/schema/upgrade/upgrade-pre-1.0.0.sql
+share/guacamole/extensions/
+share/guacamole/extensions/guacamole-auth-jdbc-mysql.jar
+share/guacamole/extensions/guacamole-auth-jdbc-postgresql.jar
+share/guacamole/extensions/guacamole-auth-jdbc-sqlserver.jar
+share/guacamole/lib/
+share/guacamole/lib/mariadb-java-client.jar
+share/guacamole/lib/mssql-jdbc.jar
+share/guacamole/lib/postgresql.jar

net/guacamole/client/pkg/PLIST-json

@@ -0,0 +1,5 @@
+share/doc/guacamole-auth-json/
+share/doc/guacamole-auth-json/README.md
+share/doc/guacamole-auth-json/encrypt-json.sh
+share/guacamole/extensions/
+share/guacamole/extensions/guacamole-auth-json.jar

net/guacamole/client/pkg/PLIST-ldap

@@ -0,0 +1,8 @@
+share/doc/guacamole-auth-ldap/
+share/doc/guacamole-auth-ldap/examples/
+share/doc/guacamole-auth-ldap/examples/exampleConfigGroup.ldif
+share/doc/guacamole-auth-ldap/schema/
+share/doc/guacamole-auth-ldap/schema/guacConfigGroup.ldif
+share/doc/guacamole-auth-ldap/schema/guacConfigGroup.schema
+share/guacamole/extensions/
+share/guacamole/extensions/guacamole-auth-ldap.jar

net/guacamole/client/pkg/PLIST-main

@@ -0,0 +1,21 @@
+@sample ${SYSCONFDIR}/guacamole/
+share/doc/pkg-readmes/${PKGSTEM}
+share/examples/guacamole/
+share/examples/guacamole/guacamole.properties
+@mode 640
+@owner root
+@group _tomcat
+@sample ${SYSCONFDIR}/guacamole/guacamole.properties
+@mode
+@owner
+@group
+share/examples/guacamole/user-mapping.xml
+@mode 640
+@owner root
+@group _tomcat
+@sample ${SYSCONFDIR}/guacamole/user-mapping.xml
+@mode
+@owner
+@group
+share/guacamole/
+share/guacamole/guacamole.war

net/guacamole/client/pkg/PLIST-quickconnect

@@ -0,0 +1,2 @@
+share/guacamole/extensions/
+share/guacamole/extensions/guacamole-auth-quickconnect.jar

net/guacamole/client/pkg/PLIST-sso

@@ -0,0 +1,4 @@
+share/guacamole/extensions/
+share/guacamole/extensions/guacamole-auth-sso-cas.jar
+share/guacamole/extensions/guacamole-auth-sso-openid.jar
+share/guacamole/extensions/guacamole-auth-sso-saml.jar

net/guacamole/client/pkg/PLIST-totp

@@ -0,0 +1,2 @@
+share/guacamole/extensions/
+share/guacamole/extensions/guacamole-auth-totp.jar

net/guacamole/client/pkg/README-main

@@ -0,0 +1,99 @@
++-------------------------------------------------------------------------------
+| Running ${PKGSTEM} on OpenBSD
++-------------------------------------------------------------------------------
+
+A minimal Guacamole installation requires the following components:
+
+- a Java servlet container (usually Tomcat). This could be described as a
+specialist web server for running Java-based web services.
+
+This can be used directly to provide an externally-accessible HTTP service,
+but in some cases it may be preferable to front-end it with a "reverse proxy"
+(nginx run as a forwarder, relayd, haproxy, or others) either to provide
+extra controls or more familiar configuration.
+
+- "guacamole-client", a Java web service which accepts user connections,
+authenticates them, and passes connections to guacd. This is run by
+the servlet container.
+
+- guacd (from "guacamole-server"), a separate proxy daemon. It accepts
+Guacamole connections from the web service and makes outgoing connections
+using various remote access protocols (including RDP, VNC, ssh).
+
+Authentication is done via the web service. The default method is
+configured via a single XML file, which is suitable for many small
+deployments. Authentication via other mechanisms is available by
+extensions which are packaged separately.
+
+Simple configuration of Guacamole
+---------------------------------
+You can link the web application into Tomcat's service directory:
+
+# ln -s /usr/local/share/guacamole/guacamole.war /var/tomcat/webapps/
+
+Edit the sample user authentication file:
+
+# vi /etc/guacamole/user-mapping.xml
+
+Enable and (re)start guacd and Tomcat:
+
+# rcctl enable guacd tomcat
+# rcctl restart guacd tomcat
+
+Connect a browser to http://localhost:8080/guacamole and login, you should
+see a list of desktop endpoints from the user-mapping file and be able to
+connect to them.
+
+Check Tomcat logs (usually /var/tomcat/logs/catalina.out) if you have problems.
+
+Enabling extensions
+-------------------
+Various extensions are available, mostly providing different methods to
+hold authentication information and configuration of which machines a user
+may connect to:
+
+guacamole-auth-duo		Duo two-factor authentication
+guacamole-auth-header		HTTP header authentication
+guacamole-auth-jdbc		JDBC (SQL) authentication
+guacamole-auth-json		Encrypted JSON authentication
+guacamole-auth-ldap		LDAP authentication
+guacamole-auth-sso		OpenID/SAML/CAS authentication
+guacamole-auth-totp		TOTP two-factor authentication
+
+Also, not really an authentication plugin, but packaged in the same way:
+
+guacamole-auth-quickconnect	Ad-hoc connections (direct URI entry)
+
+At startup, guacamole-client searches /etc/guacamole/extensions and loads
+any extensions discovered there. In common with standard practice for
+other OpenBSD packages, extensions are not enabled automatically when
+installed; you must take another step to do this.
+
+For the JDBC extensions, as well as the extension itself, the relevant
+JDBC connector for the database is required as you are using; versions
+which should be suitable are available in /usr/local/share/guacamole/lib.
+
+You can either symlink the entire installed extensions (and lib, if
+needed) directories from the package into place:
+
+# ln -s /usr/local/share/guacamole/extensions /etc/guacamole/
+# ln -s /usr/local/share/guacamole/lib /etc/guacamole/
+
+Alternatively, take a targetted approach and symlink only the files
+you need:
+
+# mkdir /etc/guacamole/{extensions,lib}
+# ln -s /usr/local/share/guacamole/extensions/guacamole-auth-quickconnect.jar \
+     /etc/guacamole/extensions/
+# ln -s /usr/local/share/guacamole/lib/mssql-jdbc.jar /etc/guacamole/extensions/
+
+Add any required configuration for the extension, and restart Tomcat to
+pick up the changes:
+
+# vi /etc/guacamole/guacamole.properties
+# rcctl restart tomcat
+
+If an extension is packaged with documentation or database schemas that
+should be used, you'll find them in /usr/local/share/doc/guacamole-auth-*.
+Otherwise check the online documentation for Guacamole for more information
+(https://guacamole.apache.org/doc/gug/jdbc-auth.html etc).

net/guacamole/server/Makefile

@@ -0,0 +1,51 @@
+MASTER_SITES=	${MASTER_SITE_APACHE:=guacamole/$V/source/}
+DISTNAME=	guacamole-server-$V
+COMMENT=	clientless remote desktop gateway
+
+SHARED_LIBS +=	guac-client-kubernetes    0.0 # 0.0
+SHARED_LIBS +=	guac-client-rdp           0.0 # 0.0
+SHARED_LIBS +=	guac-client-ssh           0.0 # 0.0
+SHARED_LIBS +=	guac-client-vnc           0.0 # 0.0
+SHARED_LIBS +=	guac                      0.0 # 20.0
+
+WANTLIB += ${COMPILER_LIBCXX} X11 Xau Xdmcp Xext Xrender aom avahi-client
+WANTLIB += avahi-common avcodec avformat avutil brotlidec brotlienc
+WANTLIB += bz2 c cairo crypto cups dav1d dbus-1 epoll-shim execinfo
+WANTLIB += expat fontconfig freerdp-client2 freerdp2 freetype
+WANTLIB += gcrypt glib-2.0 gmp gnutls gobject-2.0 gpg-error gsm
+WANTLIB += harfbuzz hogweed iconv idn2 intl jpeg lzma lzo2 m mp3lame
+WANTLIB += nettle ogg opus p11-kit pango-1.0 pangocairo-1.0 pixman-1
+WANTLIB += png pulse sasl2 sndio speex ssh2 ssl swresample swscale
+WANTLIB += tasn1 theoradec theoraenc unistring usb-1.0 uuid vncclient
+WANTLIB += vorbis vorbisenc vpx webp websockets winpr2 x264 x265
+WANTLIB += xcb xcb-render xcb-shm xkbfile xml2 xvidcore z zstd
+
+COMPILER=	base-clang ports-gcc
+
+LIB_DEPENDS=	audio/pulseaudio \
+		devel/glib2 \
+		devel/pango \
+		graphics/ffmpeg \
+		graphics/libwebp \
+		net/libvncserver \
+		security/libssh2 \
+		sysutils/e2fsprogs \
+		www/libwebsockets \
+		x11/freerdp
+LIBTOOL_FLAGS=	--tag=disable-static
+CONFIGURE_STYLE= gnu
+CONFIGURE_ENV=	CPPFLAGS="-I${LOCALBASE}/include -D_BSD_SOURCE" \
+		LDFLAGS="-L${LOCALBASE}/lib"
+CONFIGURE_ARGS=	--without-telnet
+
+# various source files have no linefeed before eof, which trips -Werror
+post-extract:
+	find ${WRKSRC} -name Makefile.in -exec sed -i 's,-Werror ,,' {} +
+
+post-install:
+	${INSTALL_DATA_DIR} ${PREFIX}/share/examples/guacamole/
+	${INSTALL_DATA} ${FILESDIR}/guacd.conf \
+	    ${PREFIX}/share/examples/guacamole/
+	rm ${PREFIX}/lib{,/freerdp2}/*.la
+
+.include <bsd.port.mk>

net/guacamole/server/distinfo

@@ -0,0 +1,2 @@
+SHA256 (guacamole-server-1.4.0.tar.gz) = J4kHXIsl5apC3sUFSR00Jbey/iBRdysABoYMJuile5A=
+SIZE (guacamole-server-1.4.0.tar.gz) = 1099194

net/guacamole/server/files/guacd.conf

@@ -0,0 +1,13 @@
+[daemon]
+# debug, info, warning, error
+#log_level = info
+
+[server]
+#bind_host = localhost
+#bind_port = 4822
+
+[ssl]
+# for communications between web application and guacd
+# (mainly useful if they run on separate hosts)
+#server_certificate = /etc/ssl/server.crt
+#server_key = /etc/ssl/private/server.key

net/guacamole/server/patches/patch-src_libguac_client_c

@@ -0,0 +1,15 @@
+Not supported on OpenBSD, but guacd seems to run OK without this anyway.
+
+Index: src/libguac/client.c
+--- src/libguac/client.c.orig
++++ src/libguac/client.c
+@@ -172,7 +172,9 @@ guac_client* guac_client_alloc() {
+ 
+     /* Init locks */
+     pthread_rwlockattr_init(&lock_attributes);
++#ifndef __OpenBSD__
+     pthread_rwlockattr_setpshared(&lock_attributes, PTHREAD_PROCESS_SHARED);
++#endif
+ 
+     pthread_rwlock_init(&(client->__users_lock), &lock_attributes);
+ 

net/guacamole/server/patches/patch-src_libguac_pool_c

@@ -0,0 +1,15 @@
+Not supported on OpenBSD, but guacd seems to run OK without this anyway.
+
+Index: src/libguac/pool.c
+--- src/libguac/pool.c.orig
++++ src/libguac/pool.c
+@@ -41,7 +41,9 @@ guac_pool* guac_pool_alloc(int size) {
+ 
+     /* Init lock */
+     pthread_mutexattr_init(&lock_attributes);
++#ifndef __OpenBSD__
+     pthread_mutexattr_setpshared(&lock_attributes, PTHREAD_PROCESS_SHARED);
++#endif
+     pthread_mutex_init(&(pool->__lock), &lock_attributes);
+ 
+     return pool;

net/guacamole/server/patches/patch-src_libguac_socket-broadcast_c

@@ -0,0 +1,15 @@
+Not supported on OpenBSD, but guacd seems to run OK without this anyway.
+
+Index: src/libguac/socket-broadcast.c
+--- src/libguac/socket-broadcast.c.orig
++++ src/libguac/socket-broadcast.c
+@@ -357,7 +357,9 @@ guac_socket* guac_socket_broadcast(guac_client* client
+     socket->data = data;
+ 
+     pthread_mutexattr_init(&lock_attributes);
++#ifndef __OpenBSD__
+     pthread_mutexattr_setpshared(&lock_attributes, PTHREAD_PROCESS_SHARED);
++#endif
+ 
+     /* Init lock */
+     pthread_mutex_init(&(data->socket_lock), &lock_attributes);

net/guacamole/server/patches/patch-src_libguac_socket-fd_c

@@ -0,0 +1,15 @@
+Not supported on OpenBSD, but guacd seems to run OK without this anyway.
+
+Index: src/libguac/socket-fd.c
+--- src/libguac/socket-fd.c.orig
++++ src/libguac/socket-fd.c
+@@ -431,7 +431,9 @@ guac_socket* guac_socket_open(int fd) {
+     socket->data = data;
+ 
+     pthread_mutexattr_init(&lock_attributes);
++#ifndef __OpenBSD__
+     pthread_mutexattr_setpshared(&lock_attributes, PTHREAD_PROCESS_SHARED);
++#endif
+ 
+     /* Init locks */
+     pthread_mutex_init(&(data->socket_lock), &lock_attributes);

net/guacamole/server/patches/patch-src_libguac_socket-wsa_c

@@ -0,0 +1,15 @@
+Not supported on OpenBSD, but guacd seems to run OK without this anyway.
+
+Index: src/libguac/socket-wsa.c
+--- src/libguac/socket-wsa.c.orig
++++ src/libguac/socket-wsa.c
+@@ -427,7 +427,9 @@ guac_socket* guac_socket_open_wsa(SOCKET sock) {
+     socket->data = data;
+ 
+     pthread_mutexattr_init(&lock_attributes);
++#ifndef __OpenBSD__
+     pthread_mutexattr_setpshared(&lock_attributes, PTHREAD_PROCESS_SHARED);
++#endif
+ 
+     /* Init locks */
+     pthread_mutex_init(&(data->socket_lock), &lock_attributes);

net/guacamole/server/pkg/DESCR

@@ -0,0 +1,13 @@
+Apache Guacamole is a remote desktop gateway. It allows users to connect
+using an HTML5 web browser and access systems using standard remote client
+protocols like VNC, RDP, and SSH.
+
+It comprises "guacamole-client", the front-end web application written
+in Java which accepts connections from end-users web browsers, and
+"guacamole-server" (the guacd proxy daemon and related libraries,
+written in C), which runs on a gateway machine, accepting connections
+from guacamole-client and connecting out to remote machines using their
+standard protocol. Both guacamole-client and guacamole-server can run
+on the same machine.
+
+This package is for "guacamole-server".

net/guacamole/server/pkg/PLIST

@@ -0,0 +1,67 @@
+@newgroup _guacd:875
+@newuser _guacd:875:_guacd::guacamole user:/nonexistent:/sbin/nologin
+@sample ${SYSCONFDIR}/guacamole/
+@rcscript ${RCDIR}/guacd
+@bin bin/guacenc
+@bin bin/guaclog
+include/guacamole/
+include/guacamole/argv-constants.h
+include/guacamole/argv-fntypes.h
+include/guacamole/argv.h
+include/guacamole/audio-fntypes.h
+include/guacamole/audio-types.h
+include/guacamole/audio.h
+include/guacamole/client-constants.h
+include/guacamole/client-fntypes.h
+include/guacamole/client-types.h
+include/guacamole/client.h
+include/guacamole/error-types.h
+include/guacamole/error.h
+include/guacamole/hash.h
+include/guacamole/layer-types.h
+include/guacamole/layer.h
+include/guacamole/object-types.h
+include/guacamole/object.h
+include/guacamole/parser-constants.h
+include/guacamole/parser-types.h
+include/guacamole/parser.h
+include/guacamole/plugin-constants.h
+include/guacamole/plugin.h
+include/guacamole/pool-types.h
+include/guacamole/pool.h
+include/guacamole/protocol-constants.h
+include/guacamole/protocol-types.h
+include/guacamole/protocol.h
+include/guacamole/socket-constants.h
+include/guacamole/socket-fntypes.h
+include/guacamole/socket-ssl.h
+include/guacamole/socket-types.h
+include/guacamole/socket.h
+include/guacamole/stream-types.h
+include/guacamole/stream.h
+include/guacamole/string.h
+include/guacamole/timestamp-types.h
+include/guacamole/timestamp.h
+include/guacamole/unicode.h
+include/guacamole/user-constants.h
+include/guacamole/user-fntypes.h
+include/guacamole/user-types.h
+include/guacamole/user.h
+include/guacamole/wol-constants.h
+include/guacamole/wol.h
+lib/freerdp2/
+@so lib/freerdp2/libguac-common-svc-client.so
+@so lib/freerdp2/libguacai-client.so
+@lib lib/libguac-client-kubernetes.so.${LIBguac-client-kubernetes_VERSION}
+@lib lib/libguac-client-rdp.so.${LIBguac-client-rdp_VERSION}
+@lib lib/libguac-client-ssh.so.${LIBguac-client-ssh_VERSION}
+@lib lib/libguac-client-vnc.so.${LIBguac-client-vnc_VERSION}
+@lib lib/libguac.so.${LIBguac_VERSION}
+@man man/man1/guacenc.1
+@man man/man1/guaclog.1
+@man man/man5/guacd.conf.5
+@man man/man8/guacd.8
+@bin sbin/guacd
+share/examples/guacamole/
+share/examples/guacamole/guacd.conf
+@sample ${SYSCONFDIR}/guacamole/guacd.conf

net/guacamole/server/pkg/guacd.rc

@@ -0,0 +1,8 @@
+#!/bin/ksh
+
+daemon="${TRUEPREFIX}/sbin/guacd"
+daemon_user="_guacd"
+
+. /etc/rc.d/rc.subr
+
+rc_cmd $1