| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
and while there sort the list of disallowed rules.
|
|
|
|
Given that env/param are new features of this release, no support for
the "old" syntax is needed.
|
|
In the same spite of the last commit, add the missing separators
between strings to avoid the auto-concat pitfalls. `=>' is used to
separate between `env' and `param' arguments, while for `fastcgi' the
keyword `port' is required between the hostname/ip address and the
port (if provided).
Since `env', `param' and `fastcgi' are all new stuff, there's no need
to keep compatibility.
|
|
|
|
With the newish automatic string concatenation, options like `mime'
that accepts two strings as parameter start to become ambiguous: which
strings gets concatenated? Instead of trying to document in the
manpage which argument(s) is subject to string concatenation, do the
concat always and introduce a separator. In the case of mime,
`to-ext' now acts as a separator to distinguish. While there, also
use a new keyword because it sounds better.
It's dead-easy to upgrade to the new configuration, possibly with some
sed magic, but for the moment the old `mime' form is preserved: (with
a warning!) Will be dropped in the next release.
|
|
not that it's a bottleneck, but it's fancier this way.
|
|
Setting the environment variable SKIP_RUNTIME_TESTS to 1 will prevent
the runtime tests. This is useful when running the tests inside a
sandbox.
based on a similar diff by Anna "CyberTailor"
|
|
|
|
|
|
|
|
OpenBSD accept it, but FreeBSD disallows it. PF_UNSPEC (or 0) should
be used instead. The FastCGI bit in the regress suite still doesn't
work on FreeBSD, but at least now it starts.
|
|
make sure we always close every fd in every possible code path; while
there, also add a log_err if fork(2) failed.
|
|
|
|
|
|
Initialize the logger as soon as possible and log by default to
stderr. With this, some (common?) errors are printed early instead of
ending up in syslog.
# NB: this is in configless mode
% ./gmid -p 80
[2021-07-07 11:05:57] bind: Address already in use
% ./gmid -p 81
[2021-07-07 11:13:53] bind: Permission denied
%
|
|
|
|
patch from Anna "CyberTailor"
It's handy for helpers like ebuild's use_enable.
(the sandbox is still always enabled by default)
|
|
patch from Anna "CyberTailor"
|
|
Initial patch from Anna "CyberTailor", tweaked by me (drop guessing_*
and always append CFLAGS)
|
|
|
|
but still try to autodetect with pkg-config if they aren't provided.
Passing CFLAGS/LDFLAGS from the command line will still override the
guessed ones.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
we need to delete the events associated with the backends, otherwise
the server process won't ever quit.
Here, we add a pending counter to every backend and shut down
immediately if they aren't handling any client; otherwise we try to
close them as soon as possible (i.e. when they close the connection to
the last connected client.)
|
|
our stderr could have been sent to the logger process, so it may be
invalid. Furthermore, in the future we may want to capture also the
stderr of the processes.
|
|
otherwise path, port and/or prog could become an invalid pointer.
|
|
|
|
before we matched ppc64le as ppc64 (which is big ending I presume), so
the seccomp filter would always kill gmid
#4 related
|
|
`printf | openssl` is ugly :/
|
|
Calling `configure' with --disable-sandbox will disable the sandbox
support *completely* at compile time. gmid will still complain at
compile time and during the startup.
Users shouldn't disable the sandbox if possible, but instead report
problem upstream so they get fixed (hopefully.)
#4 related
|
|
* SECCOMP_AUDIT_ARCH extended to support more architectures
* relax fcntl policy: allow the syscall regardless of the flags
* wrap every syscall in a ifdef, and add some (statx, fcntl64, ...)
used in x86
Some bits were taken from dhcpcd[0], thanks!
#4 related
[0]: https://roy.marples.name/git/dhcpcd/blob/HEAD:/src/privsep-linux.c
|
|
While one can define a macro using a reserved word as name using
-Dname=val, inside the configuration file it'll fail.
|
|
|
|
|
|
|
|
Now that we have this auto concat string thingy, macros can simply
expand to standalone strings in place, as single words.
Forgot to point it out in previous commits, but now we can
cert = "/etc/keys"
server "foo" {
cert $cert "/foo.crt"
...
}
|
|
|
|
|
|
|
|
|
|
|
|
Macros can be defined at the top of the configuration file:
dir = "/var/gemini"
cert = "/etc/keys"
and re-used later, for example
server "foo" {
root "$dir/foo" # -> /var/gemini/foo
cert "$cert/foo.pem" # -> /etc/keys/foo.pem
}
|
|
|
