Commit Briefs
switch gotd from chroot(2) to unveil(2)
In the future, gotd will fork+exec new processes for each client connection. Using unveil instead of chroot avoids having to start such processes as root. The -portable version could use chroot(2) where no equivalent to unveil(2) exists. A future component which starts new processes will be isolated as a separate process, which could run as root in the -portable version. ok op@
in gotd regress, use USER instead of USERNAME and check for sudo/doas users
Problem where USERNAME is not usually set on OpenBSD reported by Mikhail ok jamsek
gotwebd: rework gotweb_get_repo_{description,cloneurl}
- use openat(2) since we've already opened the containing dir - use fstat(2) instead of multiple seeks - don't special case len == 0 ok and improvements by stsp
gotwebd: simplify gotweb_render_index
- drops the double loop; paginate in one go - avoid lstat + got_path_dir_is_empty for each entry: use dt_type if provided by the underlying filesystem - fixes a memleak: before `continue' we need to call gotweb_free_repo_dir ok stsp
gotwebd: use prev_disp to decide when to we've reached max_repos
instead of hardcoding d_i - 2 and so expecting only "." and ".." as skipped entries, use t->prev_disp that is the number of repositories traversed until now (both skipped due to the pagination and the ones actually rendered.) ok jamsek
portable: ci: update MacOS image
Cirrus CI is retiring its Intel-based MacOS VMs in favour of using M1 VMs which means a newer image.
getpwuid() returns NULL without setting errno if no user is found
pointed out by millert@
zap double grp.h include
spotted by Thomas