fixes for kde6 upgrade

author: Cullum Smith <cullum@sacredheartsc.com> 2025-02-11 22:50:49 -0500
committer: Cullum Smith <cullum@sacredheartsc.com> 2025-02-11 22:50:49 -0500
commit: 7047f830acfe84e840403e69df161b9d51aca673 (patch)
tree: e444273e3412e677c74958468f274ed51f1aea4e
parent: 21e42dd2db8d987dbd08a3254ff0719d577c005e (diff)
download: infrastructure-7047f830acfe84e840403e69df161b9d51aca673.tar.gz
18 files changed, 53 insertions, 50 deletions
diff --git a/files/etc/cron.d/invidious.invidious_server b/files/etc/cron.d/invidious.invidious_server
index a270600..ad35f3a 100644
--- a/files/etc/cron.d/invidious.invidious_server
+++ b/files/etc/cron.d/invidious.invidious_server
@@ -1,4 +1,4 @@
 MAILTO=root
 0  3 * * * root /usr/local/libexec/invidious-update           -q ${invidious_local_username} ${invidious_repo_dir}
 30 3 * * * root /usr/local/libexec/invidious-sighelper-update -q ${invidious_local_username} ${invidious_sighelper_repo_dir}
-0  4 * * * root /usr/sbin/service invidious restart > /dev/null
+0  4 * * * root service invidious status > /dev/null && service invidious restart > /dev/null
diff --git a/files/etc/pam.d/sddm.freebsd b/files/etc/pam.d/sddm.freebsd
index c222750..f1f61f8 100644
--- a/files/etc/pam.d/sddm.freebsd
+++ b/files/etc/pam.d/sddm.freebsd
@@ -5,7 +5,7 @@
 auth      sufficient  pam_self.so no_warn
 auth      required    /usr/local/lib/security/pam_krb5.so try_first_pass
 auth      optional    pam_exec.so /usr/local/libexec/pam-create-local-homedir
-auth      optional    pam_kwallet5.so
+auth      optional    pam_kwallet5.so kdehome=localdisk/.local/share
 
 account   requisite   pam_securetty.so
 account   required    pam_nologin.so
@@ -17,6 +17,6 @@ session   required    pam_lastlog.so no_fail
 session   required    pam_xdg.so no_fail
 session   required    /usr/local/lib/security/pam_krb5.so
 session   optional    /usr/local/lib/pam_mkhomedir.so mode=0700
-session   optional    pam_kwallet5.so auto_start
+session   optional    pam_kwallet5.so kdehome=localdisk/.local/share auto_start
 
 password  required    /usr/local/lib/security/pam_krb5.so try_first_pass
diff --git a/files/etc/profile.d/kde.sh.desktop b/files/etc/profile.d/kde.sh.desktop
index 010d5c1..55d0065 100644
--- a/files/etc/profile.d/kde.sh.desktop
+++ b/files/etc/profile.d/kde.sh.desktop
@@ -3,4 +3,6 @@
 if [ "$XDG_CURRENT_DESKTOP" = KDE ]; then
   export SSH_ASKPASS_REQUIRE=prefer
   export SSH_ASKPASS=/usr/local/bin/ksshaskpass
+  # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280638
+  export KWIN_SCREENSHOT_NO_PERMISSION_CHECKS=1
 fi
diff --git a/files/etc/profile.d/local-homedir.sh.common b/files/etc/profile.d/local-homedir.sh.common
index 170a966..2310d7c 100644
--- a/files/etc/profile.d/local-homedir.sh.common
+++ b/files/etc/profile.d/local-homedir.sh.common
@@ -23,9 +23,3 @@ ln -sfn "${LOCAL_HOME}/.mozilla" "${HOME}/.mozilla"
 # thunderbird
 mkdir -p "${LOCAL_HOME}/.thunderbird"
 ln -sfn "${LOCAL_HOME}/.thunderbird" "${HOME}/.thunderbird"
-
-# kwallet
-# The kwallet PAM module hard-codes ~/.local/share/kwalletd, but kwallet itself
-# honors XDG_DATA_HOME! So we symlink from the local disk back into NFS. Gross!
-mkdir -p "${LOCAL_HOME}/.local/share/kwalletd"
-ln -sfn "${HOME}/.local/share/kwalletd/kwallet.salt" "${LOCAL_HOME}/.local/share/kwalletd/kdewallet.salt"
diff --git a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
index 43a6760..b90a9bf 100644
--- a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
+++ b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
@@ -4,7 +4,7 @@ DEFAULT_VERSIONS+=${poudriere_default_versions:-}
 MAKE_JOBS_NUMBER=${poudriere_make_jobs_number}
 
 # Global port options
-OPTIONS_UNSET=TEST DEBUG GSSAPI_HEIMDAL GSSAPI_BASE GSSAPI_NONE HEIMDAL HEIMDAL_BASE NLS DOCS AVAHI LIBWRAP MYSQL MSQLND ODBC READLINE PULSEAUDIO UPNP BASH ZSH INFO SAMBA WAYLAND PLATFORM_WAYLAND PIPEWIRE TCP_WRAPPERS COMPAT32 JACK KDEPIM
+OPTIONS_UNSET=TEST DEBUG GSSAPI_HEIMDAL GSSAPI_BASE GSSAPI_NONE HEIMDAL HEIMDAL_BASE NLS DOCS AVAHI LIBWRAP MYSQL MSQLND ODBC READLINE PULSEAUDIO UPNP BASH ZSH INFO SAMBA TCP_WRAPPERS COMPAT32 JACK KDEPIM WAYLAND PLATFORM_WAYLAND PIPEWIRE
 OPTIONS_SET=GSSAPI GSSAPI_MIT MIT NONFREE LIBEDIT
 
 WINE_CROSS_BUILD=yes
@@ -46,16 +46,12 @@ mail_rspamd_SET=HYPERSCAN
 misc_kdeutils_UNSET=KFLOPPY KTEATIME
 misc_kdeedu_UNSET=KITEN
 mail_thunderbird_UNSET=PROFILE
-
-# With using virutal_oss, the OSS plugin causes a red error bar every
-# time the music is stopped paused. SNDIO seems fine.
-multimedia_audacious-plugins_SET=LAME SNDIO
-
 multimedia_ffmpeg_SET=OPENSSL
 multimedia_ffmpeg_UNSET=GNUTLS
 multimedia_kdemultimedia_UNSET=KDENLIVE
 multimedia_mpv_SET=CDIO LIBBLURAY
 multimedia_mpv_UNSET=NVDEC
+multimedia_qt6-multimedia_SET=ALSA
 multimedia_vlc_SET=FLAC MPEG2 X264 X265 VPX DCA FAAD AOM
 multimedia_webcamd_UNSET=DVB INPUT RADIO
 net-im_py-matrix-synapse_SET=PGSQL URLPREVIEW LDAP
@@ -79,8 +75,11 @@ security_heimdal_SET=LDAP
 security_heimdal_UNSET=BDB
 security_kf5-kdesu_SET=SUDO
 security_kf5-kdesu_UNSET=SU
+security_kf6-kdesu_SET=SUDO
+security_kf6-kdesu_UNSET=SU
 security_krb5_SET=DNS_FOR_REALM
 security_krb5_UNSET=KRB5_HTML KRB5_PDF
+security_p5-Authen-SASL_SET=KERBEROS
 security_pinentry-qt5_SET=LIBSECRET
 security_sudo_SET=LDAP
 security_sudo_UNSET=GSSAPI_MIT
@@ -98,5 +97,5 @@ www_firefox_UNSET=PROFILE
 www_nginx_SET=HTTPV3 HTTPV3_QTLS HTTP_AUTH_KRB5 HTTP_AUTH_LDAP HTTP_DAV_EXT
 www_nginx_UNSET=MAIL
 x11-toolkits_gtk30_UNSET=COLORD BROADWAY
-x11_kde5_UNSET=KDEADMIN
+x11_kde_UNSET=KDEADMIN
 x11_libinput_UNSET=LIBWACOM
diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
index fa56e43..db86bc5 100644
--- a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
+++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
@@ -4,9 +4,10 @@ archivers/php${php_version}-zip
 archivers/unzip
 archivers/zip
 audio/elisa
+audio/fooyin
 audio/freedesktop-sound-theme
 audio/gsound
-audio/kid3@kf5
+audio/kid3@kf6
 audio/kmix
 audio/musescore
 audio/pulseaudio
@@ -22,7 +23,7 @@ databases/postgresql${postgresql_version}-client
 databases/postgresql${postgresql_version}-server
 databases/redis
 deskutils/pim-sieve-editor
-deskutils/plasma5-sddm-kcm
+deskutils/plasma6-sddm-kcm
 deskutils/py-vdirsyncer
 devel/android-tools
 devel/ccache
@@ -72,8 +73,6 @@ mail/sieve-connect
 mail/thunderbird
 misc/php${php_version}-calendar
 misc/terminfo-db
-multimedia/audacious-plugins@qt5
-multimedia/audacious@qt5
 multimedia/handbrake
 multimedia/libdvdcss
 multimedia/libva-intel-media-driver
@@ -111,6 +110,7 @@ net/php${php_version}-sockets
 net/py-matrix-synapse-ldap3
 net/py-python-ldap
 net/rsync
+net/socat
 net/syncthing
 net/turnserver
 net/wireguard-tools
@@ -174,6 +174,7 @@ www/w3m
 x11-fonts/cantarell-fonts
 x11-fonts/droid-fonts-ttf
 x11-fonts/inconsolata-ttf
+x11-fonts/montserrat
 x11-fonts/noto-basic
 x11-fonts/noto-emoji
 x11-fonts/roboto-fonts-ttf
@@ -181,8 +182,9 @@ x11-fonts/terminus-font
 x11-fonts/terminus-ttf
 x11-fonts/ubuntu-font
 x11-fonts/webfonts
+x11-themes/sddm-freebsd-black-theme
 x11-toolkits/gtksourceview4
-x11/kde5
+x11/kde
 x11/sddm
 x11/xev
 x11/xorg
diff --git a/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server b/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server
index 7936cac..e628db8 100644
--- a/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server
+++ b/files/usr/local/etc/prosody/prosody.cfg.lua.xmpp_server
@@ -92,10 +92,11 @@ https_external_url = "https://${prosody_public_fqdn}/"
 trusted_proxies = { "127.0.0.1" }
 http_max_content_size = ${prosody_upload_sizelimit}
 
-Component "${prosody_public_fqdn}" "http_upload"
-http_upload_file_size_limit = ${prosody_upload_sizelimit}
-http_upload_expire_after = ${prosody_upload_expiration}
-http_upload_quota = ${prosody_upload_quota}
+Component "${prosody_public_fqdn}" "http_file_share"
+http_file_share_size_limit = ${prosody_upload_sizelimit}
+http_file_share_expires_after = ${prosody_upload_expiration}
+http_file_share_daily_quota = ${prosody_upload_quota}
+http_file_share_global_quota = ${prosody_upload_quota}
 
 $(for vhost in $prosody_domains; do cat <<EOF
 VirtualHost "${vhost}"
diff --git a/files/usr/local/etc/sddm.conf.desktop b/files/usr/local/etc/sddm.conf.desktop
index 09c2000..fd4f227 100644
--- a/files/usr/local/etc/sddm.conf.desktop
+++ b/files/usr/local/etc/sddm.conf.desktop
@@ -7,3 +7,6 @@ SessionDir = /dev/null
 [Users]
 MinimumUid = ${sddm_min_uid}
 MaximumUid = ${sddm_max_uid}
+
+[Theme]
+Current=sddm-freebsd-black-theme
diff --git a/files/usr/local/libexec/invidious-sighelper-update.invidious_server b/files/usr/local/libexec/invidious-sighelper-update.invidious_server
index 3f928aa..99b305a 100644
--- a/files/usr/local/libexec/invidious-sighelper-update.invidious_server
+++ b/files/usr/local/libexec/invidious-sighelper-update.invidious_server
@@ -40,7 +40,8 @@ upstream_rev=$(as_invidious 'git rev-parse "@{u}"')
 
 if [ "$local_rev" != "$upstream_rev" ]; then
   echo "updating inv_sig_helper to rev ${upstream_rev}"
-  as_invidious 'git pull --ff-only && cargo build --release'
+  as_invidious 'git pull --ff-only'
+  as_invidious 'cargo build --release'
   service inv_sig_helper status 2>/dev/null && service inv_sig_helper restart
   service invidious status      2>/dev/null && service invidious restart
 else
diff --git a/files/usr/local/libexec/invidious-update.invidious_server b/files/usr/local/libexec/invidious-update.invidious_server
index eb6fcbd..3a444ad 100644
--- a/files/usr/local/libexec/invidious-update.invidious_server
+++ b/files/usr/local/libexec/invidious-update.invidious_server
@@ -40,7 +40,9 @@ upstream_rev=$(as_invidious 'git rev-parse "@{u}"')
 
 if [ "$local_rev" != "$upstream_rev" ]; then
   echo "updating invidious to rev ${upstream_rev}"
-  as_invidious 'git pull --ff-only && shards install --production && crystal build src/invidious.cr --release'
+  as_invidious 'git pull --ff-only'
+  as_invidious 'shards install --production'
+  as_invidious 'crystal build src/invidious.cr --release'
   service invidious status 2>/dev/null && service invidious restart
 else
   echo "invidious already up to date at rev ${local_rev}"
diff --git a/files/usr/local/libexec/pam-create-local-homedir.common b/files/usr/local/libexec/pam-create-local-homedir.common
index 2d30d06..b1ecef5 100644
--- a/files/usr/local/libexec/pam-create-local-homedir.common
+++ b/files/usr/local/libexec/pam-create-local-homedir.common
@@ -1,3 +1,4 @@
 #!/bin/sh
 
 install -o "$PAM_USER" -g "$PAM_USER" -m 0700 -d "/usr/local/home/${PAM_USER}"
+install -o "$PAM_USER" -g "$PAM_USER" -l s "/usr/local/home/${PAM_USER}" "/home/${PAM_USER}/localdisk"
diff --git a/files/usr/local/libexec/poudriere-cron.pkg_repository b/files/usr/local/libexec/poudriere-cron.pkg_repository
index 8f3dff7..e0dee52 100644
--- a/files/usr/local/libexec/poudriere-cron.pkg_repository
+++ b/files/usr/local/libexec/poudriere-cron.pkg_repository
@@ -16,11 +16,11 @@ done
 
 for jail in "$@"; do
   poudriere jail -u  -j "$jail" > /dev/null
-  poudriere bulk     -j "$jail"        -f /usr/local/etc/poudriere.d/idm-pkglist   -p "$ports_tree" -z idm    > /dev/null
+  poudriere bulk     -j "$jail"        -f /usr/local/etc/poudriere.d/idm-pkglist   -p "$ports_tree" -z idm
   poudriere pkgclean -j "$jail"        -f /usr/local/etc/poudriere.d/idm-pkglist   -p "$ports_tree" -z idm -y > /dev/null 2>&1
-  poudriere bulk     -j "$jail"        -f /usr/local/etc/poudriere.d/pkglist       -p "$ports_tree"           > /dev/null
+  poudriere bulk     -j "$jail"        -f /usr/local/etc/poudriere.d/pkglist       -p "$ports_tree"
   poudriere pkgclean -j "$jail"        -f /usr/local/etc/poudriere.d/pkglist       -p "$ports_tree" -y        > /dev/null 2>&1
-  poudriere bulk     -j "${jail}-i386" -f /usr/local/etc/poudriere.d/i386-pkglist  -p "$ports_tree"           > /dev/null
+  poudriere bulk     -j "${jail}-i386" -f /usr/local/etc/poudriere.d/i386-pkglist  -p "$ports_tree"
   poudriere pkgclean -j "${jail}-i386" -f /usr/local/etc/poudriere.d/i386-pkglist  -p "$ports_tree" -y        > /dev/null 2>&1
 done
 
diff --git a/files/usr/local/libexec/prosody-acme-proxy.xmpp_server b/files/usr/local/libexec/prosody-acme-proxy.xmpp_server
index 70faddd..776aae8 100644
--- a/files/usr/local/libexec/prosody-acme-proxy.xmpp_server
+++ b/files/usr/local/libexec/prosody-acme-proxy.xmpp_server
@@ -44,8 +44,8 @@ md5_new=$(md5sum "$CERT_DIR"/*.crt "$CERT_DIR"/*.key | tee "$CHECKSUM_FILE")
 
 # If any certificates differ, reload prosody.
 if [ "$md5_old" != "$md5_new" ]; then
-  if prosodyctl status >/dev/null 2>&1; then
-    prosodyctl reload
+  if service prosody status >/dev/null; then
+    service prosody reload
   else
     echo 'prosody not running, not reloading'
   fi
diff --git a/files/usr/local/libexec/prosody-update-roster.xmpp_server b/files/usr/local/libexec/prosody-update-roster.xmpp_server
index 84c0c6e..68ffded 100644
--- a/files/usr/local/libexec/prosody-update-roster.xmpp_server
+++ b/files/usr/local/libexec/prosody-update-roster.xmpp_server
@@ -46,4 +46,4 @@ foreach my $entry ($search->entries) {
 }
 close $fh;
 
-system('prosodyctl reload');
+system('service prosody reload');
diff --git a/scripts/hostclass/desktop b/scripts/hostclass/desktop
index 8fdfca4..c85ef28 100644
--- a/scripts/hostclass/desktop
+++ b/scripts/hostclass/desktop
@@ -45,9 +45,9 @@ zfs set \
   com.sun:auto-snapshot:weekly=true \
   "${state_dataset}/home"
 
-# Enable sndio.
-sysrc -v sndiod_enable=YES
-service sndiod status || service sndiod start
+# Disable sndiod (not needed).
+sysrc -v sndiod_enable=NO
+service sndiod status && service sndiod stop
 
 # Create local group for desktop-access.
 # This is for *local* users that need access to the drm device.
@@ -66,12 +66,12 @@ service webcamd status || service webcamd start
 install_file -m 0644 /usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop
 install_file -m 0555 /usr/local/libexec/nss-trust-root-ca
 
-# Install gajim desktop file.
-install_file -m 0644 /usr/local/share/applications/gajim.desktop
-
 # Add sddm user to drm access group.
 pw groupmod "$desktop_access_role" -m "$sddm_user"
 
+# Install gajim desktop file.
+install_file -m 0644 /usr/local/share/applications/gajim.desktop
+
 # Configure pam services.
 install_file -m 0644 \
   /etc/pam.d/sddm \
diff --git a/scripts/hostclass/pkg_repository b/scripts/hostclass/pkg_repository
index 5caa69b..24284a5 100644
--- a/scripts/hostclass/pkg_repository
+++ b/scripts/hostclass/pkg_repository
@@ -5,7 +5,7 @@
 : ${poudriere_dataset:="${state_dataset:-zroot}"}
 : ${poudriere_make_jobs_number:='4'}
 : ${poudriere_priority_boost:='gcc* llvm* rust'}
-: ${poudriere_allow_make_jobs_packages:='ImageMagick* bitwarden-cli cargo-c *chromium* cmake cmake-core digikam eclipse electron* ffmpeg firefox thunderbird gcc* gnutls gtk3* icu libreoffice* llvm* mongodb* mysql*-client mysql*-server node* openjdk* openssl pkg postgresql* qt*-webengine rust webkit* wine vaultwarden'}
+: ${poudriere_allow_make_jobs_packages:='ImageMagick* bitwarden-cli cargo-c *chromium* cmake cmake-core digikam eclipse electron* ffmpeg firefox thunderbird gcc* gnutls gtk3* icu libreoffice* llvm* mongodb* mysql*-client mysql*-server node* openjdk* openssl pkg plasma6-plasma-workspace postgresql* qt*-webengine rust webkit* wine vaultwarden'}
 : ${poudriere_ccache_size:='50.0G'}
 : ${poudriere_default_versions:='imagemagick=7-nox11'}
 
diff --git a/scripts/hostname/desktop1 b/scripts/hostname/desktop1
index b68cbcc..fc12885 100644
--- a/scripts/hostname/desktop1
+++ b/scripts/hostname/desktop1
@@ -11,7 +11,7 @@ playback_device=1
 recording_device=0
 samplerate=48000
 bits=16
-buffer_ms=100
+buffer_ms=4
 microphone_gain=50
 max_channels=2
 
diff --git a/vars/hostclass/desktop b/vars/hostclass/desktop
index 64bef68..fafc268 100644
--- a/vars/hostclass/desktop
+++ b/vars/hostclass/desktop
@@ -18,10 +18,6 @@ enable_serial_console=false
 # UID/GID hiding breaks consolekit and KDE screen locker.
 see_other_uids=1
 
-# sndiod's control socket lives under /tmp, but sndoid starts *before* /tmp is
-# cleared out, resulting in the socket being blown away.
-clear_tmp_enable=false
-
 # Chromium seems to need this to enable VAAPI video decoding on intel.
 chrome_flags='--enable-features=Vulkan,VulkanFromANGLE,DefaultANGLEVulkan'
 
@@ -38,17 +34,16 @@ gsound"
 
 # signal-desktop requires pulseaudio for audio/video chat. SAD!
 # Also, freedesktop-sound-theme is required for notification sounds in Dino
+# digikam port currently broken
+# kwalletd requires socat?
 desktop_packages="
 ${gajim_packages}
 android-file-transfer-qt5
 android-tools
-audacious-plugins-qt5
-audacious-qt5
 bind-tools
 ca_root_nss
 cantarell-fonts
 chromium
-digikam
 dino
 droid-fonts-ttf
 eclipse
@@ -56,6 +51,7 @@ elisa
 en-hunspell
 ffmpeg
 firefox
+fooyin
 freedesktop-sound-theme
 git
 gnupg
@@ -65,8 +61,8 @@ hs-pandoc
 inconsolata-ttf
 jq
 k3b
-kde5
-kid3-kf5
+kde
+kid3-kf6
 kmix
 kmymoney
 konversation
@@ -89,8 +85,10 @@ python
 roboto-fonts-ttf
 rsync
 sddm
+sddm-freebsd-black-theme
 signal-desktop
 sndio
+socat
 stow
 terminus-font
 terminus-ttf
author	Cullum Smith <cullum@sacredheartsc.com>	2025-02-11 22:50:49 -0500
committer	Cullum Smith <cullum@sacredheartsc.com>	2025-02-11 22:50:49 -0500
commit	7047f830acfe84e840403e69df161b9d51aca673 (patch)
tree	e444273e3412e677c74958468f274ed51f1aea4e
parent	21e42dd2db8d987dbd08a3254ff0719d577c005e (diff)
download	infrastructure-7047f830acfe84e840403e69df161b9d51aca673.tar.gz