libbsd as a library was created some years back to pull together BSD-specific functionality to be used on non-BSD systems. When it was in its infancy, and not being widely adopted across non-BSD systems, there was often a need to carry around compat versions of sys/{queue,tree}.h This is no longer the case -- and the compat code for this has never worked on systems which lacked a compatible sys/tree.h header anyway, so remove this, and let the user know that libbsd is needed. A few people have mentioned this to me.

In the sockaddr_storage struct, there can be a ss_len field. This is seen on some BSDs, but not Linux. Since this isn't POSIX-specific, there's no guarantee it will be available on all systems.

Include grp.h only on Linux.

This isn't defined on all systems.

On FreeBSD (and possibly others), EAI_NODATA was removed, in favour of using EAI_NONAME.

This is needed for gotwebd.

This isn't always defined across all systems.

On POSIX systems, WAIT_ANY needs an implementation.

Don't assert compat/queue.h in favour of what's on the system. When -portable was first being developed, there were frequent clashes between libbsd, and the check for sys/queue.h got lost in that noise. Noticed by stsp@

Remove comments which are no longer required.

This tidies up an #include required for capsicum on FreeBSD -- as its inclusion on FreeBSD is unconditional, but masking out cap_enter() on non-FreeBSD systems isn't. No functional change -- it's just cosmetic.

Thanks to the design of Got, the libexec helpers don't need any resource (in fact they run under pledge "stdio recvfd" on OpenBSD) and so using cap_enter(2) on FreeBSD is dead-easy. While the main process can't be sandboxed on FreeBSD (needs to exec the helpers), all the tough work is done by these small libexec helpers which is also the biggest attack surface. tested by naddy, ok thomas

Siphash is being used in place of murmurhash for object-id set as this is faster. However, this isn't really seen much in the non-BSD userspace, so provide an implementation for it portably, if one isn't found.

Some MacOS systems might not have GNU Bison installed, or have openssl installed. In such instances the host versions of those can be used, with a few tweaks around the edges to make them work. This commit addresses these by: * Relaxing a HAVE_CRYPTO check for __APPLE__, since the inclusion of the machine-specific headers isn't dependent on openssl being installed; * If the non-GNU version of bison on MacOS is being used, define any missing YY* variables, and add a compiler #warning so we log something. This also updates the CI scripts to default to the system versions of bison and removes openssl as a core dependency -- it's more likely openssl is going to be installed, so removing it here will mean we can catch the case for just the MacOS-specific failures, and the inclusion of openssl on other OSes should cover the rest. Noticed by Evan Silberman

This adds support for DragonFlyBSD.

This adds support for MacOS (Monteray onward, although should work on older MacOSes). The BSD wrapper for poll/ppoll has been lifted from the work the folks over at OpenSSH have done -- thanks!

Move the detection of UUID header files to be included portably. This will have no functional effect until MacOS detection is put in place.

landlock is a new set of linux APIs that is conceptually similar to unveil(2): the idea is to restrict what a process can do on a specified part of the filesystem. There are some differences in the behaviour: the major one being that the landlock ruleset is inherited across execve(2). This just restricts the libexec helpers by completely revoking ANY filesystem access; after all they are the biggest attack surface. got send/fetch/clone *may* end up spawning ssh(1), so at the moment is not possible to landlock the main process. From Omar Polo.

Although there are definitions for timespec*() functions in libbsd, these were added fairly recently, which means not all non-BSD systems will have them. In such cases, provide a portable wrapper.

This adds the capability to compile got-portable on FreeBSD.

This commit modifies the GoT main branch to be able to compile it under linux.