gotwebd: print commit message too in gotweb_render_commits Regression from 156a1144 spotted by stsp, thanks!

gotwebd is a Web daemon

farewell, gotweb. you served us well. rm gotweb, ok stsp@

enforce a per-uid connection limit in the gotd listen process For now the limit is set at compile-time. It will become configurable via gotd.conf soon. ok op@

gotwebd: drop redundant NULL check qs is guaranteed to be not NULL reached that point.

gotwebd: remove useless comment should be placed further down, after BLOB and RSS are handled, but the call to `gotweb_render_header' is successfully clear on its own.

fmt

gotd listen process forgot to initialize its client table siphash key

convert gotd repo_read.c and repo_write.c to single-client Because these processes are now started on demand per client connection there is no need to keep track of multiple clients anymore. Also, these processes can now exit when a disconnect event is received. ok op, jamsek

gotd: nix trailing whitespace and indentation fix ok op@, stsp@

remove filesystem access via bind(2) from gotd auth process op@ pointed out a problem in my initial patch where I forgot to call unveil(2) with a path before unveil(NULL, NULL). ok op, jamsek

move "unix" pledge promise from gotd parent to auth process The listen process now communicates the client UID/GID to the parent, and the auth process verifies this on behalf of the parent. This allows us to remove the "unix" pledge promise from the parent, removing parent access to syscalls such as listen() and accept() in the AF_UNIX domain. ok tracey@ op@

fix gotd authentication timeout The authentication timeout was accidentally overriden by the request timeout. Fix this and set both timeouts in the same place for clarity. ok op@

run gotd authentication in a separate child process ok op@

fork gotd repo_read/repo_write children on demand ok op, jamsek