go-shrt

Shortlinks and go-get redirects
git clone git://git.danielmoch.com/go-shrt.git
Log | Files | Refs | README | LICENSE
commit d37271cb0d749d32860212f8f199bc9001f984c7
parent 591dbe5e6e667388fab993a199b4c41205874099
Author: Daniel Moch <daniel@danielmoch.com>
Date:   Tue, 22 Dec 2020 07:47:53 -0500

Add pledge and unveil for OpenBSD

Diffstat:

M.gitignore | 1+


MMakefile | 2+-


Mcmd/shrt/main.go | 3+++


Acmd/shrt/openbsd.go | 58++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


4 files changed, 63 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 /shrt
+*.sig
 shrt.conf
 shrt.db
 shrt-*.tar.gz
diff --git a/Makefile b/Makefile
@@ -5,7 +5,7 @@ include config.mk
 
 all: shrt
 
-go.mod: cmd/shrt/main.go *.go
+go.mod: cmd/shrt/*.go *.go
 	${GO} mod tidy
 	@touch go.mod
 
diff --git a/cmd/shrt/main.go b/cmd/shrt/main.go
@@ -58,6 +58,7 @@ var (
 
 	shrt, cfg *goshrt.ShrtFile
 	version   string
+	osInit    func(string) error
 )
 
 func usage(r int) {
@@ -253,6 +254,8 @@ func main() {
 		os.Exit(errShrtFile)
 	}
 
+	osInit(dbpath)
+
 	shrt, err = goshrt.ReadShrtFile(dbpath)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "%s: db error -- %s\n", arg0, err.Error())
diff --git a/cmd/shrt/openbsd.go b/cmd/shrt/openbsd.go
@@ -0,0 +1,58 @@
+// See LICENSE file for copyright and license details
+// +build openbsd
+
+package main
+
+// #include <stdlib.h>
+// #include <unistd.h>
+import "C"
+
+import (
+	"fmt"
+	"path/filepath"
+	"unsafe"
+)
+
+func init() {
+	osInit = func(dbPath string) error {
+		path, err := filepath.Abs(dbPath)
+		if err != nil {
+			return fmt.Errorf("osInit: provided path cannot be made absolute")
+		}
+		err = unveil(path, "r")
+		if err != nil {
+			return fmt.Errorf("osInit: %s", err.Error())
+		}
+		pledge("stdio rpath inet flock", "")
+		if err != nil {
+			return fmt.Errorf("osInit: %s", err.Error())
+		}
+		return nil
+	}
+}
+
+func pledge(promises, execpromises string) error {
+	cPromises := C.CString(promises)
+	defer C.free(unsafe.Pointer(cPromises))
+	cExecPromises := C.CString(execpromises)
+	defer C.free(unsafe.Pointer(cExecPromises))
+
+	if eVal, err := C.pledge(cPromises, cExecPromises); eVal != 0 {
+		return fmt.Errorf("pledge: %d", err)
+	}
+
+	return nil
+}
+
+func unveil(path, permissions string) error {
+	cPath := C.CString(path)
+	defer C.free(unsafe.Pointer(cPath))
+	cPermissions := C.CString(permissions)
+	defer C.free(unsafe.Pointer(cPermissions))
+
+	if eVal, err := C.unveil(cPath, cPermissions); eVal != 0 {
+		return fmt.Errorf("unveil: %d", err)
+	}
+
+	return nil
+}