allow gotd repo read/write processes to max out data-size resource limits Proccessing large pack files can easily result in out-of-memory errors if the datasize limit is too conservative.

gotwebd: garbage-collect PREVID, removed long time ago This leftover kept QSELEM__MAX bigger than the querystring_keys[] table and causes gotweb_assign_querystring to go out of bounds. Spotted on alpine (thanks to -portable.)

gotwebd: move log_init() call a bit earlier Otherwise the log_warnx() call in the -D case logs to syslog.

gotwebd: clean up sockets_create_socket a bit Instead of hardcoding the flags, keep ai_{family,socktype,protocol} from the getaddrinfo() call and apply them here. ok stsp@

gotadmin: get rid of got_sockaddr.[ch] usage It was added due to gotwebd weird structure sockaddr_storage handling. Instead, save the size reported by getaddrinfo() and not reach into the struct sockaddr_storage at all (except for extracting the port number for diagnostics purposes.) sockets_conf_new_socket_fcgi() gets an hardcoded ipproto to zero (which is the only value it can get in practice, and keeps for the moment the hardcoded SOCK_STREAM. It'll be cleaned in a follow-up. ok stsp@

gotwebd: improve error message in get_addrs(); noticed by stsp@

gotwebd: make get_addrs() take the service name directly This changes how we handle the port number: bubbles up the local portstr added in previous commit and lets getaddrinfo() deals with port numbers and services name. getservice() can be gc. While here add the missing free() in parse.y. ok stsp@

fix typo in previous

gotwebd: merge host() and get_addrs(); use * instead of "" for any addr ok plus tweaks stsp@

gotwebd: disable listening on interfaces ok stsp@

reduce gotwebd pledges to the minimum currently required; with op@

fix gotwebd unveil permissions The main process doesn't need write access anywhere and /tmp is not needed. The sockets process didn't use unveil at all so far, but is happy with just "x" for libexec helpers and "r" for each server's repository path. Input from op@ Tested by myself and Kyle Ackerman who also reviewed the diffs. Prompted by questions from mlarkin@ ok mlarkin@, op@

allow setting variables in gotd.conf; code from gotwebd/parse.y ok op@

gotwebd: remove dead ipproto handling in host() and host_if() ipproto is always -1, so delete the dead code. ok stsp@

use ibuf_fd_set() instead of reaching into the ibuf struct discussed with tb@