Commits
- Commit:
c3d502d4556b4174bcd748fdd4c136ba9867ba20
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add a `lint' maintainer target to check the manpages
- Commit:
5a345722826201a4da926abc096aed76de3cdaa4
- From:
- Omar Polo <op@omarpolo.com>
- Date:
use REGRESS_HOST to specify the host to listen to; use in CI
some CI envs don't like `listen on localhost' but tolerate INADDR_ANY
or IN6ADDR_ANY_INIT.
- Commit:
f29d705e04b5fdb74980622803ddff3adb9fb09d
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add missing -include of *.d files
- Commit:
5dad390015970eb1e35f6e6fd9f8f28bf6e6db0e
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add `release' target
- Commit:
1610f9541d742906f7f683e9ad1ad2a29225ae8a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rework the configure script
now it resembles less oconfigure and more the configure scripts I'm
using in my recent projects. I'd argue it's more easy to use it.
- Commit:
86693a33abd5e8c31530adb3045c9f4664d4d6c9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add a privsep crypto engine
Incorporate the OpenSMTPD' privsep crypto engine. The idea behind
it is to never load the certificate' private keys in a networked
process, instead they are loaded in a separate process (the `crypto'
one) which signs payloads on the behalf of the server processes.
This way, we greatly reduce the risk of leaking the certificate'
private key should the server process be compromised.
This currently compiles only on LibreSSL (portable fix is in the
way).
- Commit:
cbb7f9fc28abffd18642b83eeb8fe22e8931540f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move logger() prototype to gmid.h and delete logger.h
- Commit:
797c4609a9b9923e8d15413f7412cf2bf4bb6ce5
- From:
- Omar Polo <op@omarpolo.com>
- Date:
make ge work again
- Commit:
846842e138e3d859fe6a9bce05c991972e1426cb
- From:
- Omar Polo <op@omarpolo.com>
- Date:
sync DISTFILES
- Commit:
68e38f49b234474bdd123120de004de96fae8715
- From:
- Omar Polo <op@omarpolo.com>
- Date:
use -MMD if the compiler supports it
it's better than the previous Makefile.depend approach since this
automatically adapts to the included headers without requiring
manual intervention to regen the list.
- Commit:
34836095937077a427c4810d21833a2b21000a86
- From:
- Omar Polo <op@omarpolo.com>
- Date:
remove Makefile.depend
- Commit:
c727f8dd7582528f506e3695e4ec4acbfa67edbf
- From:
- Omar Polo <op@omarpolo.com>
- Date:
reformat
- Commit:
c26f2460e42aa0822c283c805958989f339e7d8b
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rework the daemon to do fork+exec
It uses the 'common' proc.c from various OpenBSD-daemons.
gmid grew organically bit by bit and it was also the first place where I
tried to implement privsep. It wasn't done very well, in fact the
parent process (that retains root privileges) just fork()s a generation
of servers, all sharing *exactly* the same address space. No good!
Now, we fork() and re-exec() ourselves, so that each process has a fresh
address space.
Some features (require client ca for example) are temporarly disabled,
will be fixed in subsequent commits. The "ge" program is also
temporarly disabled as it needs tweaks to do privsep too.
- Commit:
eae52ad493f582222b4f2b748c0043c42bb851cb
- From:
- Omar Polo <op@omarpolo.com>
- Date:
switch to the more usual log.c
- Commit:
281a8852b3a2d76c10d2fb6476a706746d05509b
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rename log.[ch] to logger.[ch]