From: Omar Polo Subject: Re: add gitwrapper To: Stefan Sperling Cc: gameoftrees@openbsd.org Date: Tue, 28 Mar 2023 12:05:10 +0200 On 2023/03/28 11:56:59 +0200, Stefan Sperling wrote: > On Tue, Mar 28, 2023 at 11:33:29AM +0200, Omar Polo wrote: > > On 2023/03/28 11:18:40 +0200, Stefan Sperling wrote: > > > This improved version has been tested more thoroughly and fixes > > > a few bugs such that gitwrapper actually works as advertised. > > > It also makes use of unveil(2) to restrict the set of programs > > > which can be run (even though a user who ends up running this > > > tool probably has shell access anyway). > > > > I haven't run-tested it yet but reads fine; let's get it in and > > continue hacking in tree. > > Thanks, done. > > Here is a tweak we should make to ensure that native git tooling > doesn't end up running on gotd-managed repositories accidentally > even if the repository is listed in gotd.conf. > > Ok? Yeah, seems a good idea to abort if gotd.conf is found and has an entry for the repo but gotsh is not available. Alternatively, we might require GITWRAPPER_MY_SERVER_PROG to be an absolute path in the first place so that we can avoid scraping $PATH. ok for me whatever option you prefer.