Commits


sync .d includes and DISTFILES


add support for the proxy protocol v1 This allows to use proxies like nginx or haproxy in front of gmid and still have the correct information about the originating client. This will need explicit opt-in via the `proxy-v1' listen flag which will be added in a follow-up commit. Merges https://github.com/omar-polo/gmid/pull/30


align


change the default PUBKEY for the verify-release target doesn't play well with minor releases such as 2.0.1 since for them I reuse the 2.0 key.


install titan too while here, sort the binaries and the manpages by section and name.


fix release target; add verify-release


add signify pubkeys


fix SRCS and DISTFILES; forgot iri.h, landlock is long gone


`make lint' to check titan.1 too


pass LDFLAGS before LIBS


remove configure.local{,.example} unused, un-updated and ignored for quite some time now.


resurrect landlock support this time targetting ABI level 3; partially based on how claudio@ handled it in rpki-client. Fun how this bit of code has come full circle (gmid inspired what I wrote for got, which inspired what was written for rpki-client, which has come back.)


bundle libtls gmid (like all other daemons that want to do privsep crypto) has a very close relationship with libtls and need to stay in sync with it. OpenBSD' libtls was recently changed to use OpenSSL' EC_KEY_METHOD instead of the older ECDSA_METHOD, on the gmid side we have to do the same otherwise failures happens at runtime. In a similar manner, privsep crypto is silently broken in the current libretls (next version should fix it.) The proper solution would be to complete the signer APIs so that applications don't need to dive into the library' internals, but that's a mid-term goal, for the immediate bundling the 'little' libtls is the lesser evil. The configure script has gained a new (undocumented for the time being) flag `--with-libtls=bundled|system' to control which libtls to use. It defaults to `bundled' except for OpenBSD where it uses the `system' one. Note that OpenBSD versions before 7.3 (inclusive) ought to use --with-libtls=bundled too since they still do ECDSA_METHOD.


sync DISTFILES


two more missing ge -> gemexp