go-shrt

Shortlinks and go-get redirects
git clone git://git.danielmoch.com/go-shrt.git
Log | Files | Refs | README | LICENSE

commit d37271cb0d749d32860212f8f199bc9001f984c7
parent 591dbe5e6e667388fab993a199b4c41205874099
Author: Daniel Moch <daniel@danielmoch.com>
Date:   Tue, 22 Dec 2020 07:47:53 -0500

Add pledge and unveil for OpenBSD

Diffstat:
M.gitignore | 1+
MMakefile | 2+-
Mcmd/shrt/main.go | 3+++
Acmd/shrt/openbsd.go | 58++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 63 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore @@ -1,4 +1,5 @@ /shrt +*.sig shrt.conf shrt.db shrt-*.tar.gz diff --git a/Makefile b/Makefile @@ -5,7 +5,7 @@ include config.mk all: shrt -go.mod: cmd/shrt/main.go *.go +go.mod: cmd/shrt/*.go *.go ${GO} mod tidy @touch go.mod diff --git a/cmd/shrt/main.go b/cmd/shrt/main.go @@ -58,6 +58,7 @@ var ( shrt, cfg *goshrt.ShrtFile version string + osInit func(string) error ) func usage(r int) { @@ -253,6 +254,8 @@ func main() { os.Exit(errShrtFile) } + osInit(dbpath) + shrt, err = goshrt.ReadShrtFile(dbpath) if err != nil { fmt.Fprintf(os.Stderr, "%s: db error -- %s\n", arg0, err.Error()) diff --git a/cmd/shrt/openbsd.go b/cmd/shrt/openbsd.go @@ -0,0 +1,58 @@ +// See LICENSE file for copyright and license details +// +build openbsd + +package main + +// #include <stdlib.h> +// #include <unistd.h> +import "C" + +import ( + "fmt" + "path/filepath" + "unsafe" +) + +func init() { + osInit = func(dbPath string) error { + path, err := filepath.Abs(dbPath) + if err != nil { + return fmt.Errorf("osInit: provided path cannot be made absolute") + } + err = unveil(path, "r") + if err != nil { + return fmt.Errorf("osInit: %s", err.Error()) + } + pledge("stdio rpath inet flock", "") + if err != nil { + return fmt.Errorf("osInit: %s", err.Error()) + } + return nil + } +} + +func pledge(promises, execpromises string) error { + cPromises := C.CString(promises) + defer C.free(unsafe.Pointer(cPromises)) + cExecPromises := C.CString(execpromises) + defer C.free(unsafe.Pointer(cExecPromises)) + + if eVal, err := C.pledge(cPromises, cExecPromises); eVal != 0 { + return fmt.Errorf("pledge: %d", err) + } + + return nil +} + +func unveil(path, permissions string) error { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + cPermissions := C.CString(permissions) + defer C.free(unsafe.Pointer(cPermissions)) + + if eVal, err := C.unveil(cPath, cPermissions); eVal != 0 { + return fmt.Errorf("unveil: %d", err) + } + + return nil +}