Commits
- Commit:
fdb4572d2f85abeddd9e8318dd2b0c2676c3cfb3
- From:
- Omar Polo <op@omarpolo.com>
- Date:
revamp helper section of the README and mention titan(1)
- Commit:
f59543490d613d2af0c3954879e17ad9f0699c86
- From:
- Omar Polo <op@omarpolo.com>
- Date:
rename ge -> gemexp
gemserv is already taken...
- Commit:
2b0b2661ea2037500c5a4744bc7383ba0c7fd133
- From:
- Omar Polo <op@omarpolo.com>
- Date:
enrich the description of the server process
- Commit:
23f0ac49ed05351aa957837a879af3b1c8491267
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix previous
- Commit:
6a60134c6445c3c3ba4b145245523ef737d7ef03
- From:
- Omar Polo <op@omarpolo.com>
- Date:
mention gg and ge
- Commit:
fea6a856235ddefb5b5168ef20aec79ff367fc0b
- From:
- Omar Polo <op@omarpolo.com>
- Date:
update the README after recent developments
- Commit:
837156014c5dc5746ecfcc00e5b02db16cb90f67
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add a disclaimer
- Commit:
d29a2ee2246e1b1b0c5222a823820e42422c894e
- From:
- Omar Polo <op@omarpolo.com>
- Date:
get rid of the CGI support
I really want to get rid of the `executor' process hack for CGI scripts
and its escalation to allow fastcgi and proxying to work on non-OpenBSD.
This drops the CGI support and the `executor' process entirely and is
the first step towards gmid 2.0. It also allows to have more secure
defaults.
On non-OpenBSD systems this means that the sandbox will be deactivated
as soon as fastcgi or proxying are used: you can't open sockets under
FreeBSD' capsicum(4) and I don't want to go thru the pain of making it
work under linux' seccomp/landlock. Patches are always welcome however.
For folks using CGI scripts (hey, I'm one of you!) not all hope is lost:
fcgiwrap or OpenBSD' slowcgi(8) are ways to run CGI scripts as they were
FastCGI applications.
fixes for the documentation and to the non-OpenBSD sandboxes will
follow.
- Commit:
456a4c6b6e2d1e506816be64dfc7cb36ca0c822a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add a "contributing" section
- Commit:
4252e62cad7a923226723cb2f0f054c12b89b3c2
- From:
- Omar Polo <op@omarpolo.com>
- Date:
"a posix libc" can be left implicit
- Commit:
a68203f089038d253de90759aaf385f79d3ec861
- From:
- Omar Polo <op@omarpolo.com>
- Date:
remove docker section; it's already showed off in the contrib page
- Commit:
ed78e81b9c19d27e0898b28f138f2536a286020d
- From:
- Omar Polo <op@omarpolo.com>
- Date:
remove paragraph "locally installed libressl" + some tweaks
libtls is now widely available, it's at least on gentoo, arch, void,
alpine, fedora and debian sid; there's no need to show how to compile to
a locally installed one.
- Commit:
c3eb759a7906ba3661eff53a1eb660b768316723
- From:
- Omar Polo <op@omarpolo.com>
- Date:
mention the reverse proxying
- Commit:
dcfdb969a267631fc9b787507c6ce6db7e290e48
- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't list the exact pledge promises
It's easy to forgot to update the README after a code change (already
happened in the past) and they're easy to discover by reading
sandbox.c
- Commit:
67c49bc5c794c4375344ea010be608572d6f0070
- From:
- Omar Polo <op@omarpolo.com>
- Date:
mention landlock in the README