commit - 39c64a6a2cfff98be2b336a33ea1c33d74c1be9d
commit + ee448f5f104f873da32b5aa9139702b0377ebf3f
blob - a4c3339d7e06663040ec5665f146a4766066ced6
blob + 294153fb62870c454e30ddbf7055af7975cc7ae0
--- got/got.c
+++ got/got.c
if (error)
goto done;
+ if (strcmp(proto, "git+ssh") == 0 || strcmp(proto, "ssh") == 0) {
+ if (unveil(GOT_FETCH_PATH_SSH, "x") != 0) {
+ error = got_error_from_errno2("unveil",
+ GOT_FETCH_PATH_SSH);
+ goto done;
+ }
+ }
+ error = apply_unveil(got_repo_get_path(repo), 0, NULL);
+ if (error)
+ goto done;
+
error = got_fetch_connect(&fetchfd, proto, host, port, server_path);
if (error)
goto done;
blob - f81637bef69919b12186fd2f50b4057a22217788
blob + c7d34a72ffb35176dd30e436cdd4254a019ffce7
--- include/got_fetch.h
+++ include/got_fetch.h
#define GOT_DEFAULT_GIT_PORT 9418
#define GOT_DEFAULT_GIT_PORT_STR "9418"
+#ifndef GOT_FETCH_PATH_SSH
+#define GOT_FETCH_PATH_SSH "/usr/bin/ssh"
+#endif
+
/*
* Attempt to parse a URI into the following parts:
* A protocol scheme, hostname, port number (as a string), path on server,
blob - 5ba32f3fcccff288621460ea6a7754a3b239b994
blob + f5838d2c1bad6f108584c87b669ba6ccd51e1ee6
--- lib/fetch.c
+++ lib/fetch.c
n = snprintf(cmd, sizeof(cmd), "git-%s-pack", direction);
if (n < 0 || n >= sizeof(cmd))
err(1, "snprintf");
- if (execlp("ssh", "ssh", host, cmd, path, NULL) == -1)
- err(1, "execlp");
+ if (execl(GOT_FETCH_PATH_SSH, GOT_FETCH_PATH_SSH,
+ host, cmd, path, NULL) == -1)
+ err(1, "execl");
abort(); /* not reached */
} else {
close(pfd[0]);
blob - d271edae5641fdd75539b8140f6d33a7f9ac7edb
blob + d53de8818b0c88fe4d933db6ea92d3a691ec9f2d
--- lib/privsep.c
+++ lib/privsep.c
GOT_PATH_PROG_READ_BLOB,
GOT_PATH_PROG_READ_TAG,
GOT_PATH_PROG_READ_GITCONFIG,
+ GOT_PATH_PROG_FETCH_PACK,
+ GOT_PATH_PROG_INDEX_PACK,
};
int i;
