portable: add back drop_privs

allow gotd repo read/write processes to max out data-size resource limits Proccessing large pack files can easily result in out-of-memory errors if the datasize limit is too conservative.

gotwebd: garbage-collect PREVID, removed long time ago This leftover kept QSELEM__MAX bigger than the querystring_keys[] table and causes gotweb_assign_querystring to go out of bounds. Spotted on alpine (thanks to -portable.)

portable: remove sockaddr-linux code Now that socket handling is being done in a portable way upstream, there's no need to carry -portable specific code.

gotwebd: move log_init() call a bit earlier Otherwise the log_warnx() call in the -D case logs to syslog.

gotwebd: clean up sockets_create_socket a bit Instead of hardcoding the flags, keep ai_{family,socktype,protocol} from the getaddrinfo() call and apply them here. ok stsp@

gotadmin: get rid of got_sockaddr.[ch] usage It was added due to gotwebd weird structure sockaddr_storage handling. Instead, save the size reported by getaddrinfo() and not reach into the struct sockaddr_storage at all (except for extracting the port number for diagnostics purposes.) sockets_conf_new_socket_fcgi() gets an hardcoded ipproto to zero (which is the only value it can get in practice, and keeps for the moment the hardcoded SOCK_STREAM. It'll be cleaned in a follow-up. ok stsp@

gotwebd: improve error message in get_addrs(); noticed by stsp@

gotwebd: make get_addrs() take the service name directly This changes how we handle the port number: bubbles up the local portstr added in previous commit and lets getaddrinfo() deals with port numbers and services name. getservice() can be gc. While here add the missing free() in parse.y. ok stsp@

fix typo in previous

gotwebd: merge host() and get_addrs(); use * instead of "" for any addr ok plus tweaks stsp@

gotwebd: disable listening on interfaces ok stsp@

reduce gotwebd pledges to the minimum currently required; with op@

fix gotwebd unveil permissions The main process doesn't need write access anywhere and /tmp is not needed. The sockets process didn't use unveil at all so far, but is happy with just "x" for libexec helpers and "r" for each server's repository path. Input from op@ Tested by myself and Kyle Ackerman who also reviewed the diffs. Prompted by questions from mlarkin@ ok mlarkin@, op@

allow setting variables in gotd.conf; code from gotwebd/parse.y ok op@

gotwebd: remove dead ipproto handling in host() and host_if() ipproto is always -1, so delete the dead code. ok stsp@

use ibuf_fd_set() instead of reaching into the ibuf struct discussed with tb@

don't redundantly set wbuf->fd to -1 ibuf_dynamic() (called by imsg_create()) already initializes fd to -1.

fix some fd leaks in error paths and avoid some double close Sweep done after a few were spotted by tb@, thanks! ok stsp@

gotwebd TODO: category grouping support

simplify usage of the 'mesg' histedit script command The 'mesg' script command now requires a commit ID as its argument, rather than being tied to a preceding 'pick' or 'edit' command. The old model was too confusing for new users, in particular for people used to Git's rebase -i squash semantics. The 'mesg' command is now semantically equivalent to the 'pick' command and additionally opens the log message in an editor. The new syntax is simpler to use but also requires that we drop support for one-line log messages inside the histedit script, with a commit ID taking its place in the argument space. We don't believe this feature was used much, and that a simplified usage model is more beneficial overall. Patch by Lorenz (xha) ok jamsek

style

patch: handle NULs in lines got patch assumes that lines can be encoded as strings, so embedded NUL bytes truncates what got sees of the line. While here, add some minor semplification to the logic by splitting the type out of the line string and change linecmp into lines_eq (name suggested by stsp@) ok stsp@

i can't count

fix gotadmin cleanup -a documentation: it also removes pack files ok stsp@