Hi Klemens, After some challenges building the port (all on me) this seems to work well for me / my setup. I appreciate you adding pledge to this code...
Thanks, Paul On Mon, Feb 05, 2024 at 12:20:31PM +0000, Klemens Nanni wrote: | There are three pledges: | - at the start | - after daemon(3) to drop "proc exec" unless scripts are used | - after sio_open(3) to drop "cpath dpath" unless metadata is used | | Our port has libdaemon and metadata disabled, so it always ends up with | "stdio rpath wpath inet unix dns [proc exec] audio", but the diff does | account for them, such that enabling them does the right thing. | | One might be able to drop more and/or use unveil(2), but that needs | careful hoisting and consideration of other features our port currently | does not enable. | | Feedback? Objection? OK? | | Index: Makefile | =================================================================== | RCS file: /cvs/ports/audio/shairport-sync/Makefile,v | diff -u -p -r1.7 Makefile | --- Makefile 31 Jan 2024 08:47:23 -0000 1.7 | +++ Makefile 5 Feb 2024 11:45:53 -0000 | @@ -1,7 +1,7 @@ | COMMENT = AirPlay audio player | | DIST_TUPLE = github mikebrady shairport-sync 4.3.2 . | -REVISION = 0 | +REVISION = 1 | | CATEGORIES = audio net | | Index: patches/patch-shairport_c | =================================================================== | RCS file: patches/patch-shairport_c | diff -N patches/patch-shairport_c | --- /dev/null 1 Jan 1970 00:00:00 -0000 | +++ patches/patch-shairport_c 5 Feb 2024 12:04:21 -0000 | @@ -0,0 +1,75 @@ | +Index: shairport.c | +--- shairport.c.orig | ++++ shairport.c | +@@ -1929,6 +1929,12 @@ void _display_config(const char *filename, const int l | + #define display_config(argc, argv) _display_config(__FILE__, __LINE__, argc, argv) | + | + int main(int argc, char **argv) { | ++#if defined(__OpenBSD__) | ++ /* Start with the superset of all potentially required promises. */ | ++ if (pledge("stdio rpath wpath cpath dpath inet unix dns proc exec audio", NULL) == -1) | ++ die("pledge: %s", strerror(errno)); | ++#endif | ++ | + memset(&config, 0, sizeof(config)); // also clears all strings, BTW | + /* Check if we are called with -V or --version parameter */ | + if (argc >= 2 && ((strcmp(argv[1], "-V") == 0) || (strcmp(argv[1], "--version") == 0))) { | +@@ -2102,6 +2108,16 @@ int main(int argc, char **argv) { | + // parse arguments into config -- needed to locate pid_dir | + int audio_arg = parse_options(argc, argv); | + | ++#if defined(__OpenBSD__) | ++ /* Any command to be executed at runtime? */ | ++ int run_cmds = | ++ config.cmd_active_start != NULL || | ++ config.cmd_active_stop != NULL || | ++ config.cmd_set_volume != NULL || | ++ config.cmd_start != NULL || | ++ config.cmd_stop != NULL; | ++#endif | ++ | + // mDNS supports maximum of 63-character names (we append 13). | + if (strlen(config.service_name) > 50) { | + warn("The service name \"%s\" is too long (max 50 characters) and has been truncated.", | +@@ -2237,6 +2253,16 @@ int main(int argc, char **argv) { | + | + #endif | + | ++#if defined(__OpenBSD__) | ++ /* Past daemon(3)'s double fork(2). */ | ++ | ++ /* Only user-defined commands are executed. */ | ++ if (!run_cmds) | ++ /* Drop "proc exec". */ | ++ if (pledge("stdio rpath wpath cpath dpath inet unix dns audio", NULL) == -1) | ++ die("pledge: %s", strerror(errno)); | ++#endif | ++ | + #ifdef CONFIG_AIRPLAY_2 | + | + if (has_fltp_capable_aac_decoder() == 0) { | +@@ -2351,6 +2377,24 @@ int main(int argc, char **argv) { | + config.output_name == NULL ? "<unspecified>" : config.output_name); | + } | + config.output->init(argc - audio_arg, argv + audio_arg); | ++ | ++#if defined(__OpenBSD__) | ++ /* Past first and last sio_open(3), sndio(7) only needs "audio". */ | ++ | ++# ifdef CONFIG_METADATA | ++ /* Only coverart cache is created. | ++ * Only metadata pipe is special. */ | ++ if (!config.metadata_enabled) | ++# endif | ++ /* Drop "cpath dpath". */ | ++ if (run_cmds) { | ++ if (pledge("stdio rpath wpath inet unix dns proc exec audio", NULL) == -1) | ++ die("pledge: %s", strerror(errno)); | ++ } else { | ++ if (pledge("stdio rpath wpath inet unix dns audio", NULL) == -1) | ++ die("pledge: %s", strerror(errno)); | ++ } | ++#endif | + | + // pthread_cleanup_push(main_cleanup_handler, NULL); | + -- >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] http://www.weirdnet.nl/