Commit Briefs
got: minor refactor of got_pathlist_free() API
Accept flag parameter to optionally specify which pointers to free. This saves callers looping through the list to free pointers. ok + fix stsp@
fix uninitialised fildes variables in libexec helpers
Reviewed and uncovered as part of the diff in the forthcoming commit (pathlist API refactor). ok stsp@
fix snprintf error handling
follow the "proper secure idiom" described in the CAVEATS section of printf(3). reminded by tb@ and millert@
convert two snprintf to strlcpy
"looks good to me" millert@
portable: add back sys/queue.h
Now that the handling of including sys/queue.h is better, there's no need to remove those lines from the source. Copy the location of those original sys/queue.h lines from upstream at the same line number, so as to avoid any conflicts in the future.
use capsicum on FreeBSD
Thanks to the design of Got, the libexec helpers don't need any resource (in fact they run under pledge "stdio recvfd" on OpenBSD) and so using cap_enter(2) on FreeBSD is dead-easy. While the main process can't be sandboxed on FreeBSD (needs to exec the helpers), all the tough work is done by these small libexec helpers which is also the biggest attack surface. tested by naddy, ok thomas
portable: add support for landlock
landlock is a new set of linux APIs that is conceptually similar to unveil(2): the idea is to restrict what a process can do on a specified part of the filesystem. There are some differences in the behaviour: the major one being that the landlock ruleset is inherited across execve(2). This just restricts the libexec helpers by completely revoking ANY filesystem access; after all they are the biggest attack surface. got send/fetch/clone *may* end up spawning ssh(1), so at the moment is not possible to landlock the main process. From Omar Polo.
let 'got fetch' send all references to the server to avoid redundant downloads
Problem reported by naddy. ok naddy
portable: add FreeBSD support
This adds the capability to compile got-portable on FreeBSD.
portable: initial Linux compilation
This commit modifies the GoT main branch to be able to compile it under linux.
de-duplicate a constant used by both 'got fetch' and 'got send'
Both GOT_FETCH_PKTMAX and GOT_SEND_PKTMAX had the same value. Declare this value as GOT_PKT_MAX in got_lib_pkt.h instead.
move more code used by got-send-pack and got-fetch-pack to a common file
Move functions and data structures which implement Git protocol features required for fetching and sending pack files to new files lib/gitproto.c and lib/got_lib_gitproto.h. This code was duplicated in got-fetch-pack and got-send-pack. No functional change.
move pkt code used by got-fetch-pack and got-send-pack to a common file
The Git protocol uses a simple packet framing format. The got-fetch-pack and got-send-pack programs contained identical copies of functions to support this format. Move related functions to new file lib/pkt.c and link both programs against this common implementation. No functional change.