use proper namespacing for gotwebd imsg type symbols

document the actual repository name restrictions enforced in gotsys.conf(5) The previous text came from gotd.conf(5) and suggested that repository names could contain path separators. However, the current gotsys implementation forbids them, and parts of gotsysd assume that a repository name corresponds to a directory entry. So we cannot allow path separators, at least for now.

remove a TODO item that is done

allow setting the repository HEAD reference via gotsys.conf

do not forget to actually free the repo itself in gotsys_repo_free()

some typos courtesy of codespell; ok stsp@

remove a duplicate imsgbuf_clear() call

remove another gotsysd todo item that is done

make gotsys-apply-conf use gotd reload instead of stop + restarting

set close-on-exec flag on more files used during gotd reload

repair build of gotctl and gotsh following the gotd_imsg file split

move duplicated gotd_imsg functions into a single source file

provide imsg-based variants of gotsys check/apply for gotd to use This allows for better inter-process communication, making error reporting easier. It also avoids closing standard output and standard error channels in a freshly forked child process, which seems to be a bad idea.

set close-on-exec flag on gotd socket to avoid it leaking during reloads

avoid double-close of gotd_reload_conf_fd

in gotsys-apply-conf, avoid using a -1 socket fd if gotd is not running

Xr gotctl and document SIGHUP issue

implement reload support in gotd, triggered via gotctl reload Reload must be triggered via 'gotctl reload' rather than SIGHUP because once gotd has dropped root privileges the gotd-secrets.conf file becomes permanently inaccessible. When SIGHUP is received gotd now logs a message which points the user at 'gotctl reload'.

set close-on-exec flag on client connections in gotd parent process Ensures that existing clients will be properly disconnected once the gotd reload feature is introduced.

remove closefrom() in gotd when gotsys is run closefrom doesn't have the desired effect as it may affect unrelated open files in the parent process. The right way to deal with this seems to be setting the close-on-exec flag on file descriptors instead.

drop pointless imsgbuf_allow_fdpass() calls from gotctl

merge two subsequent if (proc_id == GOTD_PROC_GOTD) blocks.

only the gotd parent process is able to drop root privs, make this more obvious

we can now greatly simplify the conditional which guards reading of gotd.conf

send request timeout to session_read so it no longer needs to read gotd.conf Also stop reading gotd.conf in repo_read, which is a trivial no-op.