portable: gotwebd: include grp.h Include grp.h only on Linux.

portable: gotwebd: handle setres{g,u}id This isn't defined on all systems.

portable: freebsd: EAI_NODATA On FreeBSD (and possibly others), EAI_NODATA was removed, in favour of using EAI_NONAME.

portable: add setproctitle This is needed for gotwebd.

portable: define SOCK_NONBLOCK This isn't always defined across all systems.

portable: provide WAIT_ANY implementation On POSIX systems, WAIT_ANY needs an implementation.

portable: honour sys/queue.h directly Don't assert compat/queue.h in favour of what's on the system. When -portable was first being developed, there were frequent clashes between libbsd, and the check for sys/queue.h got lost in that noise. Noticed by stsp@

portable: remove stale comments Remove comments which are no longer required.

portable: move FreeBSD capsicum header This tidies up an #include required for capsicum on FreeBSD -- as its inclusion on FreeBSD is unconditional, but masking out cap_enter() on non-FreeBSD systems isn't. No functional change -- it's just cosmetic.

use capsicum on FreeBSD Thanks to the design of Got, the libexec helpers don't need any resource (in fact they run under pledge "stdio recvfd" on OpenBSD) and so using cap_enter(2) on FreeBSD is dead-easy. While the main process can't be sandboxed on FreeBSD (needs to exec the helpers), all the tough work is done by these small libexec helpers which is also the biggest attack surface. tested by naddy, ok thomas

portable: add siphash implementation Siphash is being used in place of murmurhash for object-id set as this is faster. However, this isn't really seen much in the non-BSD userspace, so provide an implementation for it portably, if one isn't found.

portable: improve macos compat with bison/openssl Some MacOS systems might not have GNU Bison installed, or have openssl installed. In such instances the host versions of those can be used, with a few tweaks around the edges to make them work. This commit addresses these by: * Relaxing a HAVE_CRYPTO check for __APPLE__, since the inclusion of the machine-specific headers isn't dependent on openssl being installed; * If the non-GNU version of bison on MacOS is being used, define any missing YY* variables, and add a compiler #warning so we log something. This also updates the CI scripts to default to the system versions of bison and removes openssl as a core dependency -- it's more likely openssl is going to be installed, so removing it here will mean we can catch the case for just the MacOS-specific failures, and the inclusion of openssl on other OSes should cover the rest. Noticed by Evan Silberman

portable: add support for DragonFlyBSD This adds support for DragonFlyBSD.

portable: include support for MacOS This adds support for MacOS (Monteray onward, although should work on older MacOSes). The BSD wrapper for poll/ppoll has been lifted from the work the folks over at OpenSSH have done -- thanks!

portable: make UUID includes generic Move the detection of UUID header files to be included portably. This will have no functional effect until MacOS detection is put in place.

portable: add support for landlock landlock is a new set of linux APIs that is conceptually similar to unveil(2): the idea is to restrict what a process can do on a specified part of the filesystem. There are some differences in the behaviour: the major one being that the landlock ruleset is inherited across execve(2). This just restricts the libexec helpers by completely revoking ANY filesystem access; after all they are the biggest attack surface. got send/fetch/clone *may* end up spawning ssh(1), so at the moment is not possible to landlock the main process. From Omar Polo.

portable: add compat wrappers for timespec*() Although there are definitions for timespec*() functions in libbsd, these were added fairly recently, which means not all non-BSD systems will have them. In such cases, provide a portable wrapper.

portable: add FreeBSD support This adds the capability to compile got-portable on FreeBSD.

portable: initial Linux compilation This commit modifies the GoT main branch to be able to compile it under linux.