On Tue 25/09/2018 09:07, Gonzalo L. Rodriguez wrote:
> Hello,
>
> Upstream Spectrwm is working on a pledge version, test are welcome.
>
> Diff attached.
I think you missed a pledge:
Sep 26 15:54:30 zeus /bsd: spectrwm[24210]: pledge "getpw", syscall 33
> +@@ -12499,6 +12508,9 @@ main(int argc, char *argv[])
> + pwd = getpwuid(getuid());
> + if (pwd == NULL)
> + errx(1, "invalid user: %d", getuid());
> ++
> ++ if (pledge("stdio rpath proc exec", NULL) == -1)
I believe it should be added here ^^^
Also, Makefile should mention that the port uses pledge().
I've been running with the diff below (your diff + fixes for above
mentioned issues) for the last couple of hours without any issues so
far.
diff --git Makefile Makefile
index d7f8c5cf637..d481b33b520 100644
--- Makefile
+++ Makefile
@@ -10,6 +10,7 @@ GH_ACCOUNT= conformal
GH_PROJECT= spectrwm
DISTNAME= ${GH_PROJECT}-${V}
CATEGORIES= x11
+REVISION= 0
HOMEPAGE= https://github.com/conformal/spectrwm/
MAINTAINER= Gonzalo L. R. <gonz...@openbsd.org>
@@ -17,8 +18,9 @@ MAINTAINER= Gonzalo L. R. <gonz...@openbsd.org>
# BSD
PERMIT_PACKAGE_CDROM= Yes
-WANTLIB += X11 X11-xcb Xcursor Xft c util xcb xcb-util xcb-icccm
-WANTLIB += xcb-keysyms xcb-randr xcb-xtest
+# uses pledge()
+WANTLIB += X11 X11-xcb Xcursor Xft c util xcb xcb-icccm xcb-keysyms
+WANTLIB += xcb-randr xcb-util xcb-xinput xcb-xtest
NO_TEST= Yes
diff --git patches/patch-Makefile patches/patch-Makefile
index 238f490df4f..f1141d885ee 100644
--- patches/patch-Makefile
+++ patches/patch-Makefile
@@ -8,7 +8,7 @@ Index: Makefile
#CFLAGS+=-DSWM_DENY_CLOCK_FORMAT
CPPFLAGS+= -I${X11BASE}/include -I${X11BASE}/include/freetype2
-LDADD+=-lutil -L${X11BASE}/lib -lX11 -lX11-xcb -lxcb-util -lxcb-icccm
-lxcb-keysyms -lxcb-randr -lxcb-xtest -lXft -lXcursor
-+LDADD+=-lutil -L${X11BASE}/lib -lX11 -lX11-xcb -lxcb -lxcb-util -lxcb-icccm
-lxcb-keysyms -lxcb-randr -lxcb-xtest -lXft -lXcursor
++LDADD+=-lutil -L${X11BASE}/lib -lX11 -lX11-xcb -lxcb-util -lxcb-icccm
-lxcb-keysyms -lxcb-randr -lxcb-xinput -lxcb-xtest -lXft -lXcursor
BUILDVERSION != sh "${.CURDIR}/buildver.sh"
.if !${BUILDVERSION} == ""
CPPFLAGS+= -DSPECTRWM_BUILDSTR=\"$(BUILDVERSION)\"
diff --git patches/patch-spectrwm_c patches/patch-spectrwm_c
index 9a28b0131bb..71c99bbbdc0 100644
--- patches/patch-spectrwm_c
+++ patches/patch-spectrwm_c
@@ -2,7 +2,26 @@ $OpenBSD: patch-spectrwm_c,v 1.9 2018/09/09 14:00:00 gonzalo
Exp $
Index: spectrwm.c
--- spectrwm.c.orig
+++ spectrwm.c
-@@ -291,7 +291,7 @@ uint32_t swm_debug = 0
+@@ -54,6 +54,9 @@
+ #include <fcntl.h>
+ #include <locale.h>
+ #include <paths.h>
++#if !defined(__OpenBSD__)
++#include "pledge.h"
++#endif
+ #include <pwd.h>
+ #include <regex.h>
+ #include <signal.h>
+@@ -75,7 +78,7 @@
+ #include <xcb/xcb_event.h>
+ #include <xcb/xcb_icccm.h>
+ #include <xcb/xcb_keysyms.h>
+-#if defined(__linux__) || defined(__FreeBSD__)
++#if defined(__linux__) || defined(__FreeBSD__) || defined(__OpenBSD__)
+ #include <xcb/xinput.h>
+ #define SWM_XCB_HAS_XINPUT
+ #endif
+@@ -291,7 +294,7 @@ uint32_t swm_debug = 0
#define SWM_CONF_KEYMAPPING (1)
#ifndef SWM_LIB
@@ -11,3 +30,33 @@ Index: spectrwm.c
#endif
char **start_argv;
+@@ -3880,6 +3883,9 @@ spawn(int ws_idx, union arg *args, bool close_fd)
+ if (args == NULL || args->argv[0] == NULL)
+ return;
+
++ if (pledge("stdio proc exec", NULL) == -1)
++ err(1, "pledge");
++
+ DNPRINTF(SWM_D_MISC, "%s\n", args->argv[0]);
+
+ close(xcb_get_file_descriptor(conn));
+@@ -12469,6 +12475,9 @@ main(int argc, char *argv[])
+ if (setlocale(LC_CTYPE, "") == NULL || setlocale(LC_TIME, "") == NULL)
+ warnx("no locale support");
+
++ if (pledge("stdio rpath proc exec getpw dns unix", NULL) == -1)
++ err(1, "pledge");
++
+ /* handle some signals */
+ bzero(&sact, sizeof(sact));
+ sigemptyset(&sact.sa_mask);
+@@ -12499,6 +12508,9 @@ main(int argc, char *argv[])
+ pwd = getpwuid(getuid());
+ if (pwd == NULL)
+ errx(1, "invalid user: %d", getuid());
++
++ if (pledge("stdio rpath proc exec getpw", NULL) == -1)
++ err(1, "pledge");
+
+ xcb_grab_server(conn);
+ xcb_aux_sync(conn);
