Re: [NEW]: net/hopm - open-proxy monitor irc bot

Mon, 06 Jan 2025 02:51:34 -0800 

On Mon, Jan 06, 2025 at 09:34:06AM +0000, Stuart Henderson wrote:
> On 2025/01/05 15:12, Chaz Kettleson wrote:
> > 
> > Good to commit?
> 
> I think so, here it is as a ports diff, with the patch re-generated with
> "make patch" and "make update-patches" because there was some offset,
> does that look right to you?
> 
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/net/hopm/Makefile,v
> diff -u -p -r1.3 Makefile
> --- Makefile  4 Sep 2024 13:32:04 -0000       1.3
> +++ Makefile  6 Jan 2025 09:32:54 -0000
> @@ -1,7 +1,7 @@
>  COMMENT=             open-proxy monitor irc bot
>  
>  DIST_TUPLE=          github ircd-hybrid hopm 1.1.10 .
> -REVISION=            1
> +REVISION=            2
>  
>  CATEGORIES=          net
>  
> Index: patches/patch-src_main_c
> ===================================================================
> RCS file: patches/patch-src_main_c
> diff -N patches/patch-src_main_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_main_c  6 Jan 2025 09:32:54 -0000
> @@ -0,0 +1,103 @@
> +add pledge/unveil
> +
> +Index: src/main.c
> +--- src/main.c.orig
> ++++ src/main.c
> +@@ -30,6 +30,9 @@
> + #include <fcntl.h>
> + #include <stdlib.h>
> + #include <string.h>
> ++#if defined(__OpenBSD__)
> ++#include <err.h>
> ++#endif
> + 
> + #include "config.h"
> + #include "irc.h"
> +@@ -39,6 +42,9 @@
> + #include "options.h"
> + #include "memory.h"
> + #include "main.h"
> ++#if defined(__OpenBSD__)
> ++#include "match.h"
> ++#endif
> + 
> + 
> + static int RESTART;  /* Flagged to restart on next cycle */
> +@@ -70,7 +76,66 @@ setup_corelimit(void)
> +   }
> + }
> + 
> ++#if defined(__OpenBSD__)
> + static void
> ++setup_pledge(void) {
> ++  int needr = 0;
> ++  int needp = 0;
> ++
> ++  if (unveil(HOPM_BINPATH, "x") == -1) {
> ++    err(1, "unveil");
> ++  }
> ++
> ++  if (IRCItem.tls) {
> ++    if (unveil("/etc/ssl/cert.pem", "r") == -1) {
> ++      err(1, "unveil");
> ++    }
> ++
> ++    if (!EmptyString(IRCItem.rsa_private_key_file) &&
> ++        !EmptyString(IRCItem.tls_certificate_file)) {
> ++      if (unveil("IRCItem.rsa_private_key", "r") == -1) {
> ++        err(1, "unveil");
> ++      }
> ++
> ++      if (unveil("IRCItem.tls_certificate_file", "r") == -1) {
> ++        err(1, "unveil");
> ++      }
> ++    }
> ++
> ++    needr = 1;
> ++  }
> ++
> ++  if (!EmptyString(OpmItem.dnsbl_to) &&
> ++      !EmptyString(OpmItem.dnsbl_from) &&
> ++      !EmptyString(OpmItem.sendmail)) {
> ++    if (unveil("/bin/sh", "x") == -1) {
> ++    err(1, "unveil");
> ++    }
> ++
> ++    needp = 1;
> ++  }
> ++
> ++  if (needr && needp) {
> ++    if (pledge("stdio rpath inet dns proc exec", NULL) == -1) {
> ++      err(1, "pledge");
> ++    }
> ++  } else if (needr) {
> ++    if (pledge("stdio rpath inet dns exec", NULL) == -1) {
> ++      err(1, "pledge");
> ++    }
> ++  } else if (needp) {
> ++    if (pledge("stdio inet dns proc exec", NULL) == -1) {
> ++      err(1, "pledge");
> ++    }
> ++  } else {
> ++    if (pledge("stdio inet dns exec", NULL) == -1) {
> ++      err(1, "pledge");
> ++    }
> ++  }
> ++}
> ++#endif
> ++
> ++static void
> + do_signal(int signum)
> + {
> +   switch (signum)
> +@@ -198,6 +263,10 @@ main(int argc, char *argv[])
> +                strerror(errno));
> +     exit(EXIT_FAILURE);
> +   }
> ++
> ++#if defined(__OpenBSD__)
> ++  setup_pledge();
> ++#endif
> + 
> +   /* Setup alarm & int handlers. */
> +   ALARMACTION.sa_handler = &do_signal;
> 

Looks great. Thank you!

-- 
Chaz

Reply via email to