Commits
- Commit:
ef0b17aa7b1ff2b4dd0c2ee7b2e28eb5cd3b47c8
- From:
- Thomas Adam <thomas@xteddy.org>
- Date:
portable: move FreeBSD capsicum header
This tidies up an #include required for capsicum on FreeBSD -- as its
inclusion on FreeBSD is unconditional, but masking out cap_enter() on
non-FreeBSD systems isn't.
No functional change -- it's just cosmetic.
- Commit:
5d120ea8410ddc2808e476d554ba931dc19d8c50
- From:
- Omar Polo <op@omarpolo.com>
- Date:
use capsicum on FreeBSD
Thanks to the design of Got, the libexec helpers don't need any resource
(in fact they run under pledge "stdio recvfd" on OpenBSD) and so using
cap_enter(2) on FreeBSD is dead-easy.
While the main process can't be sandboxed on FreeBSD (needs to exec the
helpers), all the tough work is done by these small libexec helpers
which is also the biggest attack surface.
tested by naddy, ok thomas
- Commit:
ddd12270ff092d803b3e6fd6d9e6701a49bb5c65
- From:
- Thomas Adam <thomas@xteddy.org>
- Date:
portable: add siphash implementation
Siphash is being used in place of murmurhash for object-id set as this
is faster. However, this isn't really seen much in the non-BSD
userspace, so provide an implementation for it portably, if one isn't
found.
- Commit:
81e077a6cea50b04ac9be4f63abd004846653251
- From:
- Thomas Adam <thomas@xteddy.org>
- Date:
portable: improve macos compat with bison/openssl
Some MacOS systems might not have GNU Bison installed, or have openssl
installed. In such instances the host versions of those can be used,
with a few tweaks around the edges to make them work.
This commit addresses these by:
* Relaxing a HAVE_CRYPTO check for __APPLE__, since the inclusion of the
machine-specific headers isn't dependent on openssl being installed;
* If the non-GNU version of bison on MacOS is being used, define any
missing YY* variables, and add a compiler #warning so we log
something.
This also updates the CI scripts to default to the system versions of
bison and removes openssl as a core dependency -- it's more likely
openssl is going to be installed, so removing it here will mean we can
catch the case for just the MacOS-specific failures, and the inclusion
of openssl on other OSes should cover the rest.
Noticed by Evan Silberman
- Commit:
b26177ada1d244a139f037595c3d8119c8fcdb14
- From:
- Thomas Adam <thomas@xteddy.org>
- Date:
portable: add support for DragonFlyBSD
This adds support for DragonFlyBSD.
- Commit:
d24ddaa6a9de118f70658f7fd917c37cc787b425
- From:
- Thomas Adam <thomas@xteddy.org>
- Date:
portable: include support for MacOS
This adds support for MacOS (Monteray onward, although should work on
older MacOSes).
The BSD wrapper for poll/ppoll has been lifted from the work the folks
over at OpenSSH have done -- thanks!
- Commit:
9d70a0bf7236fdcfbe7186f0d90a5a15f5a10b18
- From:
- Thomas Adam <thomas@xteddy.org>
- Date:
portable: make UUID includes generic
Move the detection of UUID header files to be included portably. This
will have no functional effect until MacOS detection is put in place.
- Commit:
97799ccd4b67a81f97039305d4fdd66588da9962
- From:
- Thomas Adam <thomas@xteddy.org>
- Date:
portable: add support for landlock
landlock is a new set of linux APIs that is conceptually similar to
unveil(2): the idea is to restrict what a process can do on a
specified part of the filesystem. There are some differences in the
behaviour: the major one being that the landlock ruleset is inherited
across execve(2).
This just restricts the libexec helpers by completely revoking ANY
filesystem access; after all they are the biggest attack surface. got
send/fetch/clone *may* end up spawning ssh(1), so at the moment is not
possible to landlock the main process.
From Omar Polo.
- Commit:
de1dbfe9d859807c79840ee4720ca95641cbfdb0
- From:
- Thomas Adam <thomas@xteddy.org>
- Date:
portable: add compat wrappers for timespec*()
Although there are definitions for timespec*() functions in libbsd,
these were added fairly recently, which means not all non-BSD systems
will have them. In such cases, provide a portable wrapper.
- Commit:
92a9e85d28a30997176ce0d3c2915e3ea70782c7
- From:
- Thomas Adam <thomas@xteddy.org>
- Date:
portable: add FreeBSD support
This adds the capability to compile got-portable on FreeBSD.
- Commit:
dd038bc6ec835ad3fd3c0b5303b8af9ad506c8cc
- From:
- Thomas Adam <thomas@xteddy.org>
- Via:
- Thomas Adam <thomas.adam@smoothwall.net>
- Date:
portable: initial Linux compilation
This commit modifies the GoT main branch to be able to compile it under
linux.