Hi Klemens,

After some challenges building the port (all on me) this seems to work
well for me / my setup.  I appreciate you adding pledge to this code...

Thanks,

Paul

On Mon, Feb 05, 2024 at 12:20:31PM +0000, Klemens Nanni wrote:
| There are three pledges:
| - at the start
| - after daemon(3) to drop "proc exec" unless scripts are used
| - after sio_open(3) to drop "cpath dpath" unless metadata is used
| 
| Our port has libdaemon and metadata disabled, so it always ends up with
| "stdio rpath wpath inet unix dns [proc exec] audio", but the diff does
| account for them, such that enabling them does the right thing.
| 
| One might be able to drop more and/or use unveil(2), but that needs
| careful hoisting and consideration of other features our port currently
| does not enable.
| 
| Feedback? Objection? OK?
| 
| Index: Makefile
| ===================================================================
| RCS file: /cvs/ports/audio/shairport-sync/Makefile,v
| diff -u -p -r1.7 Makefile
| --- Makefile  31 Jan 2024 08:47:23 -0000      1.7
| +++ Makefile  5 Feb 2024 11:45:53 -0000
| @@ -1,7 +1,7 @@
|  COMMENT =    AirPlay audio player
|  
|  DIST_TUPLE = github  mikebrady       shairport-sync  4.3.2   .
| -REVISION =   0
| +REVISION =   1
|  
|  CATEGORIES = audio net
|  
| Index: patches/patch-shairport_c
| ===================================================================
| RCS file: patches/patch-shairport_c
| diff -N patches/patch-shairport_c
| --- /dev/null 1 Jan 1970 00:00:00 -0000
| +++ patches/patch-shairport_c 5 Feb 2024 12:04:21 -0000
| @@ -0,0 +1,75 @@
| +Index: shairport.c
| +--- shairport.c.orig
| ++++ shairport.c
| +@@ -1929,6 +1929,12 @@ void _display_config(const char *filename, const int l
| + #define display_config(argc, argv) _display_config(__FILE__, __LINE__, 
argc, argv)
| + 
| + int main(int argc, char **argv) {
| ++#if defined(__OpenBSD__)
| ++  /* Start with the superset of all potentially required promises. */
| ++  if (pledge("stdio rpath wpath cpath dpath inet unix dns proc exec audio", 
NULL) == -1)
| ++    die("pledge: %s", strerror(errno));
| ++#endif
| ++
| +   memset(&config, 0, sizeof(config)); // also clears all strings, BTW
| +   /* Check if we are called with -V or --version parameter */
| +   if (argc >= 2 && ((strcmp(argv[1], "-V") == 0) || (strcmp(argv[1], 
"--version") == 0))) {
| +@@ -2102,6 +2108,16 @@ int main(int argc, char **argv) {
| +   // parse arguments into config -- needed to locate pid_dir
| +   int audio_arg = parse_options(argc, argv);
| + 
| ++#if defined(__OpenBSD__)
| ++  /* Any command to be executed at runtime? */
| ++  int run_cmds =
| ++    config.cmd_active_start != NULL ||
| ++    config.cmd_active_stop != NULL ||
| ++    config.cmd_set_volume != NULL ||
| ++    config.cmd_start != NULL ||
| ++    config.cmd_stop != NULL;
| ++#endif
| ++
| +   // mDNS supports maximum of 63-character names (we append 13).
| +   if (strlen(config.service_name) > 50) {
| +     warn("The service name \"%s\" is too long (max 50 characters) and has 
been truncated.",
| +@@ -2237,6 +2253,16 @@ int main(int argc, char **argv) {
| + 
| + #endif
| + 
| ++#if defined(__OpenBSD__)
| ++  /* Past daemon(3)'s double fork(2). */
| ++
| ++  /* Only user-defined commands are executed. */
| ++  if (!run_cmds)
| ++    /* Drop "proc exec". */
| ++    if (pledge("stdio rpath wpath cpath dpath inet unix dns audio", NULL) 
== -1)
| ++      die("pledge: %s", strerror(errno));
| ++#endif
| ++
| + #ifdef CONFIG_AIRPLAY_2
| + 
| +   if (has_fltp_capable_aac_decoder() == 0) {
| +@@ -2351,6 +2377,24 @@ int main(int argc, char **argv) {
| +         config.output_name == NULL ? "<unspecified>" : config.output_name);
| +   }
| +   config.output->init(argc - audio_arg, argv + audio_arg);
| ++
| ++#if defined(__OpenBSD__)
| ++  /* Past first and last sio_open(3), sndio(7) only needs "audio". */
| ++
| ++# ifdef CONFIG_METADATA
| ++  /* Only coverart cache is created.
| ++   * Only metadata pipe is special. */
| ++  if (!config.metadata_enabled)
| ++# endif
| ++    /* Drop "cpath dpath". */
| ++    if (run_cmds) {
| ++      if (pledge("stdio rpath wpath inet unix dns proc exec audio", NULL) 
== -1)
| ++        die("pledge: %s", strerror(errno));
| ++    } else {
| ++      if (pledge("stdio rpath wpath inet unix dns audio", NULL) == -1)
| ++        die("pledge: %s", strerror(errno));
| ++    }
| ++#endif
| + 
| +   // pthread_cleanup_push(main_cleanup_handler, NULL);
| + 

-- 
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
                 http://www.weirdnet.nl/                 

Reply via email to