summary refs log tree commit diff
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2021-09-03 15:07:50 -0400
committerJune McEnroe <june@causal.agency>2021-09-03 15:07:50 -0400
commit04204db3c18a97154bfcd81d2df5c05675a7504d (patch)
tree2c9a4e1849b560d26801491ab1b8f69bd81cc210
parentReorder file loading in main (diff)
downloadpounce-04204db3c18a97154bfcd81d2df5c05675a7504d.tar.gz
pounce-04204db3c18a97154bfcd81d2df5c05675a7504d.zip
OpenBSD: Drop no longer needed unveils and pledge promises
-rw-r--r--bounce.c30
1 files changed, 10 insertions, 20 deletions
diff --git a/bounce.c b/bounce.c
index b1c35c9..49ac1f2 100644
--- a/bounce.c
+++ b/bounce.c
@@ -156,14 +156,6 @@ static void unveilConfig(const char *path) {
 		unveilTarget(abs, "r");
 	}
 }
-
-static void unveilData(const char *path) {
-	const char *dirs = NULL;
-	for (const char *abs; NULL != (abs = dataPath(&dirs, path));) {
-		int error = unveil(abs, "rwc");
-		if (error && errno != ENOENT) err(EX_CANTCREAT, "%s", abs);
-	}
-}
 #endif /* __OpenBSD__ */
 
 static size_t parseSize(const char *str) {
@@ -367,16 +359,15 @@ int main(int argc, char *argv[]) {
 	unveilConfig(certPath);
 	unveilConfig(privPath);
 	if (caPath) unveilConfig(caPath);
-	if (trust) unveilConfig(trust);
-	if (clientCert) unveilConfig(clientCert);
-	if (clientPriv) unveilConfig(clientPriv);
-	if (savePath) unveilData(savePath);
 	if (bindPath[0]) unveilParent(bindPath, "rwc");
-
 	error = unveil(tls_default_ca_cert_file(), "r");
 	if (error) err(EX_OSFILE, "%s", tls_default_ca_cert_file());
 
-	error = pledge("stdio rpath wpath cpath flock inet dns unix recvfd", NULL);
+	if (bindPath[0]) {
+		error = pledge("stdio rpath inet dns cpath unix recvfd", NULL);
+	} else {
+		error = pledge("stdio rpath inet dns", NULL);
+	}
 	if (error) err(EX_OSERR, "pledge");
 #endif
 
@@ -426,12 +417,11 @@ int main(int argc, char *argv[]) {
 	int server = serverConnect(serverBindHost, host, port);
 
 #ifdef __OpenBSD__
-	char promises[64];
-	snprintf(
-		promises, sizeof(promises), "stdio rpath inet%s",
-		(bindPath[0] ? " cpath unix recvfd" : "")
-	);
-	error = pledge(promises, NULL);
+	if (bindPath[0]) {
+		error = pledge("stdio rpath inet cpath unix recvfd", NULL);
+	} else {
+		error = pledge("stdio rpath inet", NULL);
+	}
 	if (error) err(EX_OSERR, "pledge");
 #endif
 
ass='logheader'>2013-03-20Makefile: remove CGIT-CFLAGS files in clean stageJason A. Donenfeld 2013-03-20ui-summary.c: Move urls variable into print_urls()Lukas Fleischer There's no need for this variable to be global. Printing the header in print_urls() instead of print_url() allows for moving this variable into print_urls() without having to pass any status to print_url(). Note that this only works as long as we don't call print_urls() more than once. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2013-03-20Fix colspan valuesLukas Fleischer This fixes a couple of minor oversights in previous commits and adjusts all cells using colspan to use the correct width. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2013-03-20html: check return value of writeJason A. Donenfeld This squelches a gcc warning. It's also correct that we check to see if there are any partial or failed writes. For now, we just print a warning to stderr. In the future, perhaps it will prove wise to exit(1) on partial writes. 2013-03-20ui-shared: squelch compiler warning.Jason A. Donenfeld Since tail is initialized to 0, we will never get a warning on the last if statement, but recent gcc complains anyway. So, we initialize len as well. Future gcc versions should be able to optimize this out anyway. 2013-03-20cgit.mk: Use SHELL_PATH_SQ to run gen-version.shJohn Keeping On some platforms (notably Solaris) /bin/sh doesn't support enough of POSIX for gen-version.sh to run. Git's Makefile provides SHELL_PATH_SQ to address this issue so we just have to use it. Signed-off-by: John Keeping <john@keeping.me.uk> 2013-03-20cgit.mk: don't rebuild everything if CGIT_VERSION changesJohn Keeping If CGIT_VERSION is in CGIT_CFLAGS then a change in version (for example because you have committed your changes) causes all of the CGit objects to be rebuilt. Avoid this by using EXTRA_CPPFLAGS to add the version for only those files that are affected and make them depend on VERSION. Signed-off-by: John Keeping <john@keeping.me.uk> 2013-03-20ui-patch: use cgit_version not CGIT_VERSIONJohn Keeping We already have a global cgit_version which is set from the #define'd CGIT_VERSION in cgit.c. Change ui-patch.c to use this so that we only need to rebuild cgit.o when the version changes. Signed-off-by: John Keeping <john@keeping.me.uk> 2013-03-20Makefile: re-use Git's Makefile where possibleJohn Keeping