On Sun, Dec 20, 2015 at 2:02 PM, Theo Buehler <t...@math.ethz.ch> wrote:
> I understand that pledging a port adds complexity to its maintenance
> and I am not convinced the patch below should be committed to the ports
> tree.
>
> However, since there appears to be a considerable numer of users of i3
> among OpenBSD users, there might be some interest in this patch, so I'd
> like to share it. I'd need some positive test reports to be persuaded
> to try to upstream this.
Please refactor your diff on a very current -current, I've committed
an update for i3 yesterday...
And please also protect the pledge code with "#if defined(__OpenBSD__)"
Ciao!
David
> I'm running variations of this patch for about three weeks now.
>
> Note that i3status is not included. It is not currently possible to
> pledge this program without severly cutting down its features.
>
> Index: x11/i3/Makefile
> ===================================================================
> RCS file: /cvs/ports/x11/i3/Makefile,v
> retrieving revision 1.98
> diff -u -p -r1.98 Makefile
> --- x11/i3/Makefile 4 Oct 2015 08:48:12 -0000 1.98
> +++ x11/i3/Makefile 20 Dec 2015 12:47:01 -0000
> @@ -3,6 +3,7 @@
> COMMENT = improved dynamic tiling window manager
>
> DISTNAME = i3-4.11
> +REVISION = 0
> CATEGORIES = x11
>
> EXTRACT_SUFX = .tar.bz2
> Index: x11/i3/patches/patch-i3-msg_main_c
> ===================================================================
> RCS file: x11/i3/patches/patch-i3-msg_main_c
> diff -N x11/i3/patches/patch-i3-msg_main_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ x11/i3/patches/patch-i3-msg_main_c 20 Dec 2015 12:47:01 -0000
> @@ -0,0 +1,16 @@
> +$OpenBSD$
> +
> +pledge for i3-msg:
> +rpath and unix needed for talking to the i3 socket in /tmp
> +
> +--- i3-msg/main.c.orig Sun Dec 6 01:38:41 2015
> ++++ i3-msg/main.c Sun Dec 6 01:39:44 2015
> +@@ -119,6 +119,8 @@ static yajl_callbacks reply_callbacks = {
> + };
> +
> + int main(int argc, char *argv[]) {
> ++ if (pledge("stdio rpath unix", NULL) == -1)
> ++ err(EXIT_FAILURE, "pledge");
> + char *env_socket_path = getenv("I3SOCK");
> + if (env_socket_path)
> + socket_path = sstrdup(env_socket_path);
> Index: x11/i3/patches/patch-i3-nagbar_main_c
> ===================================================================
> RCS file: /cvs/ports/x11/i3/patches/patch-i3-nagbar_main_c,v
> retrieving revision 1.7
> diff -u -p -r1.7 patch-i3-nagbar_main_c
> --- x11/i3/patches/patch-i3-nagbar_main_c 4 Oct 2015 08:48:12 -0000
> 1.7
> +++ x11/i3/patches/patch-i3-nagbar_main_c 20 Dec 2015 12:47:01 -0000
> @@ -1,6 +1,14 @@
> $OpenBSD: patch-i3-nagbar_main_c,v 1.7 2015/10/04 08:48:12 dcoppa Exp $
> +
> +surprisingly wide pledge for this program
> +
> +wpath cpath for writing a script
> +rpath getpw for checking access permissions
> +proc exec for executing the script
> +unix for talking to the i3 socket
> +
> --- i3-nagbar/main.c.orig Wed Sep 30 08:55:10 2015
> -+++ i3-nagbar/main.c Fri Oct 2 16:58:54 2015
> ++++ i3-nagbar/main.c Sun Dec 6 01:23:02 2015
> @@ -170,7 +170,7 @@ static void handle_button_release(xcb_connection_t *co
> }
>
> @@ -9,4 +17,14 @@ $OpenBSD: patch-i3-nagbar_main_c,v 1.7 2
> + sasprintf(&terminal_cmd, "${X11BASE}/bin/xterm -e %s", link_path);
> printf("argv0 = %s\n", argv0);
> printf("terminal_cmd = %s\n", terminal_cmd);
> +
> +@@ -464,6 +464,9 @@ int main(int argc, char *argv[]) {
> +
> + font = load_font(pattern, true);
> + set_font(&font);
> ++
> ++ if (pledge("stdio rpath wpath cpath getpw proc exec unix", NULL) == -1)
> ++ err(EXIT_FAILURE, "pledge");
> +
> + xcb_rectangle_t win_pos = get_window_position();
>
> Index: x11/i3/patches/patch-i3bar_src_main_c
> ===================================================================
> RCS file: x11/i3/patches/patch-i3bar_src_main_c
> diff -N x11/i3/patches/patch-i3bar_src_main_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ x11/i3/patches/patch-i3bar_src_main_c 20 Dec 2015 12:47:01 -0000
> @@ -0,0 +1,18 @@
> +$OpenBSD$
> +
> +stdio rpath unix for talking to the i3 socket
> +wpath for logging
> +proc exec to execute the bar
> +
> +--- i3bar/src/main.c.orig Sun Dec 6 01:08:28 2015
> ++++ i3bar/src/main.c Sun Dec 6 01:07:08 2015
> +@@ -95,6 +95,9 @@ int main(int argc, char **argv) {
> + char *socket_path = getenv("I3SOCK");
> + char *i3_default_sock_path = "/tmp/i3-ipc.sock";
> +
> ++ if (pledge("stdio rpath wpath proc exec unix", NULL) == -1)
> ++ err(EXIT_FAILURE, "pledge");
> ++
> + /* Initialize the standard config to use 0 as default */
> + memset(&config, '\0', sizeof(config_t));
> +
> Index: x11/i3/patches/patch-src_main_c
> ===================================================================
> RCS file: x11/i3/patches/patch-src_main_c
> diff -N x11/i3/patches/patch-src_main_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ x11/i3/patches/patch-src_main_c 20 Dec 2015 12:47:01 -0000
> @@ -0,0 +1,20 @@
> +$OpenBSD$
> +
> +stdio rpath unix for talking to the i3 socket in /tmp
> +wpath cpath are needed for the restart-in-place functionality
> +proc exec for executing programs
> +
> +--- src/main.c.orig Wed Sep 30 08:55:10 2015
> ++++ src/main.c Sun Dec 6 00:36:10 2015
> +@@ -785,6 +785,11 @@ int main(int argc, char *argv[]) {
> + xcb_free_pixmap(conn, pixmap);
> + }
> +
> ++ /* can't pledge if shm_* calls are used */
> ++ if (shmlog_size == 0)
> ++ if (pledge("stdio rpath wpath cpath proc exec unix", NULL) == -1)
> ++ err(EXIT_FAILURE, "pledge");
> ++
> + struct sigaction action;
> +
> + action.sa_sigaction = handle_signal;
