commit 39c64a6a2cfff98be2b336a33ea1c33d74c1be9d
from: Stefan Sperling <stsp@stsp.name>
date: Wed Mar 18 16:13:47 2020 UTC

pledge 'got clone'

commit - fd039d723836364a61e9194461370607da3da76d
commit + 39c64a6a2cfff98be2b336a33ea1c33d74c1be9d
blob - 89d0a736349e9b59122a957037cec7fb02fe70e1
blob + a4c3339d7e06663040ec5665f146a4766066ced6
--- got/got.c
+++ got/got.c
@@ -1042,7 +1042,7 @@ fetch_progress(void *arg, const char *message, off_t p
 static const struct got_error *
 cmd_clone(int argc, char *argv[])
 {
-	const struct got_error *err = NULL;
+	const struct got_error *error = NULL;
 	const char *uri, *dirname;
 	char *proto, *host, *port, *repo_name, *server_path;
 	char *default_destdir = NULL, *id_str = NULL;
@@ -1066,6 +1066,7 @@ cmd_clone(int argc, char *argv[])
 	}
 	argc -= optind;
 	argv += optind;
+
 	uri = argv[0];
 
 	if (argc == 1)
@@ -1075,34 +1076,53 @@ cmd_clone(int argc, char *argv[])
 	else
 		usage_clone();
 
-	err = got_fetch_parse_uri(&proto, &host, &port, &server_path,
+	error = got_fetch_parse_uri(&proto, &host, &port, &server_path,
 	    &repo_name, argv[0]);
-	if (err)
+	if (error)
 		goto done;
 
+#ifndef PROFILE
+	if (strcmp(proto, "git") == 0) {
+		if (pledge("stdio rpath wpath cpath fattr flock proc exec "
+		    "sendfd dns inet unveil", NULL) == -1)
+			err(1, "pledge");
+	} else if (strcmp(proto, "git+ssh") == 0 ||
+	    strcmp(proto, "ssh") == 0) {
+		if (pledge("stdio rpath wpath cpath fattr flock proc exec "
+		    "sendfd unveil", NULL) == -1)
+			err(1, "pledge");
+	} else if (strcmp(proto, "http") == 0 ||
+	    strcmp(proto, "git+http") == 0) {
+		error = got_error_path(proto, GOT_ERR_NOT_IMPL);
+		goto done;
+	} else {
+		error = got_error_path(proto, GOT_ERR_BAD_PROTO);
+		goto done;
+	}
+#endif
 	if (dirname == NULL) {
 		if (asprintf(&default_destdir, "%s.git", repo_name) == -1) {
-			err = got_error_from_errno("asprintf");
+			error = got_error_from_errno("asprintf");
 			goto done;
 		}
 		repo_path = default_destdir;
 	} else
 		repo_path = dirname;
 
-	err = got_path_mkdir(repo_path);
-	if (err)
+	error = got_path_mkdir(repo_path);
+	if (error)
 		goto done;
 
-	err = got_repo_init(repo_path);
-	if (err)
+	error = got_repo_init(repo_path);
+	if (error)
 		goto done;
 
-	err = got_repo_open(&repo, repo_path, NULL);
-	if (err)
+	error = got_repo_open(&repo, repo_path, NULL);
+	if (error)
 		goto done;
 
-	err = got_fetch_connect(&fetchfd, proto, host, port, server_path);
-	if (err)
+	error = got_fetch_connect(&fetchfd, proto, host, port, server_path);
+	if (error)
 		goto done;
 
 	printf("Connected to %s:%s\n", host, port);
@@ -1110,13 +1130,13 @@ cmd_clone(int argc, char *argv[])
 	fpa.last_scaled_size[0] = '\0';
 	fpa.last_p_indexed = -1;
 	fpa.last_p_resolved = -1;
-	err = got_fetch_pack(&pack_hash, &refs, &symrefs, fetchfd,
+	error = got_fetch_pack(&pack_hash, &refs, &symrefs, fetchfd,
 	    repo, fetch_progress, &fpa);
-	if (err)
+	if (error)
 		goto done;
 
-	err = got_object_id_str(&id_str, pack_hash);
-	if (err)
+	error = got_object_id_str(&id_str, pack_hash);
+	if (error)
 		goto done;
 	printf("Fetched %s.pack\n", id_str);
 	free(id_str);
@@ -1128,20 +1148,20 @@ cmd_clone(int argc, char *argv[])
 		struct got_reference *ref;
 
 
-		err = got_ref_alloc(&ref, refname, id);
-		if (err)
+		error = got_ref_alloc(&ref, refname, id);
+		if (error)
 			goto done;
 
 		#if 0
-		err = got_object_id_str(&id_str, id);
-		if (err)
+		error = got_object_id_str(&id_str, id);
+		if (error)
 			goto done;
 		printf("%s: %s\n", got_ref_get_name(ref), id_str);
 		free(id_str);
 		#endif
-		err = got_ref_write(ref, repo);
+		error = got_ref_write(ref, repo);
 		got_ref_close(ref);
-		if (err)
+		if (error)
 			goto done;
 	}
 
@@ -1154,29 +1174,29 @@ cmd_clone(int argc, char *argv[])
 		if (strcmp(refname, GOT_REF_HEAD) != 0)
 			continue;
 
-		err = got_ref_open(&target_ref, repo, target, 0);
-		if (err) {
-			if (err->code == GOT_ERR_NOT_REF)
+		error = got_ref_open(&target_ref, repo, target, 0);
+		if (error) {
+			if (error->code == GOT_ERR_NOT_REF)
 				continue;
 			goto done;
 		}
 
-		err = got_ref_alloc_symref(&symref, GOT_REF_HEAD, target_ref);
+		error = got_ref_alloc_symref(&symref, GOT_REF_HEAD, target_ref);
 		got_ref_close(target_ref);
-		if (err)
+		if (error)
 			goto done;
 
 		printf("Setting %s to %s\n", GOT_REF_HEAD,
 		    got_ref_get_symref_target(symref));
 
-		err = got_ref_write(symref, repo);
+		error = got_ref_write(symref, repo);
 		got_ref_close(symref);
 		break;
 	}
 
 done:
-	if (fetchfd != -1 && close(fetchfd) == -1 && err == NULL)
-		err = got_error_from_errno("close");
+	if (fetchfd != -1 && close(fetchfd) == -1 && error == NULL)
+		error = got_error_from_errno("close");
 	if (repo)
 		got_repo_close(repo);
 	TAILQ_FOREACH(pe, &refs, entry) {
@@ -1196,7 +1216,7 @@ done:
 	free(server_path);
 	free(repo_name);
 	free(default_destdir);
-	return err;
+	return error;
 }
 
 static const struct got_error *