Commits


get rid of the CGI support I really want to get rid of the `executor' process hack for CGI scripts and its escalation to allow fastcgi and proxying to work on non-OpenBSD. This drops the CGI support and the `executor' process entirely and is the first step towards gmid 2.0. It also allows to have more secure defaults. On non-OpenBSD systems this means that the sandbox will be deactivated as soon as fastcgi or proxying are used: you can't open sockets under FreeBSD' capsicum(4) and I don't want to go thru the pain of making it work under linux' seccomp/landlock. Patches are always welcome however. For folks using CGI scripts (hey, I'm one of you!) not all hope is lost: fcgiwrap or OpenBSD' slowcgi(8) are ways to run CGI scripts as they were FastCGI applications. fixes for the documentation and to the non-OpenBSD sandboxes will follow.


add a "contributing" section


"a posix libc" can be left implicit


remove docker section; it's already showed off in the contrib page


remove paragraph "locally installed libressl" + some tweaks libtls is now widely available, it's at least on gentoo, arch, void, alpine, fedora and debian sid; there's no need to show how to compile to a locally installed one.


mention the reverse proxying


don't list the exact pledge promises It's easy to forgot to update the README after a code change (already happened in the past) and they're easy to discover by reading sandbox.c


mention landlock in the README


gmid.1: document logging


point to contrib.html


sync readme.md with sandbox.c


show macro usage in the example


drop the dependency on lex by implementing yylex by ourselves The actual implementation is based off doas' parse.y. This gave us various benefits, like cleaner code, \ to break long lines, better handling of quotes etc...


mention FastCGI in the README.md


reword last sentence