From: Ed Maste <emaste@freebsd.org>
Subject: Experiments with got in the FreeBSD base system
To: gameoftrees@openbsd.org
Date: Fri, 30 Oct 2020 13:02:37 -0400

I've started looking at what would be involved to include got in the
FreeBSD base system, based on naddy's work in the FreeBSD ports tree.
Here are some notes on what I've done so far.

I started with openbsd-compat from the 0.41 port, along with the
port's patches, and have been rebasing that since. The current wip is
here: https://github.com/emaste/got/tree/freebsd-main

I made some changes for miscellaneous Mk differences - MAN= instead of
NOMAN=yes, LIBADD instead of LDADD/DPADD. These changes are not
reasonable for upstream, of course.

I've added a .cirrus.yml config to build on FreeBSD and later test in
Cirrus-CI; the test suite is not yet being run. Example Cirrus run:
https://cirrus-ci.com/build/5352361658941440

I encountered many warnings when I inserted this repo into the FreeBSD
tree and built with a higher WARNS= setting; some of these are
addressed in the repo linked above. A number are changes to the port's
openbsd-compat. There were many signedness comparison warnings from
int loop indices; I've changed them to be size_t. This is the first
change reasonable for upstream; I can post the patches here shortly.

Finally, I have some interns working on FreeBSD until the end of the
year and one of them is looking at applying Capsicum to got. I hope
that we can make some relatively small changes in an
upstream-palatable way that we can then build on with local changes.
At a high level we will want to open directory fds for each of the
paths currently being unveil()ed, and make all file access relative to
one of those via openat, readlinkat, etc.