Commit Briefs
reworked seccomp filter
* SECCOMP_AUDIT_ARCH extended to support more architectures * relax fcntl policy: allow the syscall regardless of the flags * wrap every syscall in a ifdef, and add some (statx, fcntl64, ...) used in x86 Some bits were taken from dhcpcd[0], thanks! #4 related [0]: https://roy.marples.name/git/dhcpcd/blob/HEAD:/src/privsep-linux.c
allow to define macros in the config file
Macros can be defined at the top of the configuration file: dir = "/var/gemini" cert = "/etc/keys" and re-used later, for example server "foo" { root "$dir/foo" # -> /var/gemini/foo cert "$cert/foo.pem" # -> /etc/keys/foo.pem }
drop the dependency on lex by implementing yylex by ourselves
The actual implementation is based off doas' parse.y. This gave us various benefits, like cleaner code, \ to break long lines, better handling of quotes etc...
certificate generation (bugfix and improvement)
don't add gmid as organisation when generating the certificate, and set the version to 3, so it's compatible with java/android clients. Found by Gnuserland, thanks!
ensure %p (path) is always absolute
with the recent changes, sometimes the path may not start with a '/'. This ensures that %s is ALWAYS an absolute path.