ops; pretty big omission among the breaking changes

Install a sample config, include a self-signed cert and setup a
local user and chroot.

.dockerignore

@@ -2,8 +2,10 @@
 !*.c
 !*.h
 !*.y
-!compat/*.c
-!compat/*.h
+!*.[1-9]
+!compat
 !have/*.c
 !Makefile
 !configure
+!contrib/Docker.gmid.conf
+!contrib/gencert

Makefile

@@ -43,7 +43,7 @@ GG_OBJS =	${GG_SRCS:.c=.o} ${COBJS}
 TITAN_SRCS =	titan.c iri.c log.c utf8.c
 TITAN_OBJS =	${TITAN_SRCS:.c=.o} ${COBJS}
 
-SRCS =		gmid.h landlock_shim.h log.h parse.y proc.h \
+SRCS =		gmid.h iri.h log.h parse.y proc.h \
 		${GMID_SRCS} ${GEMEXP_SRCS} ${GG_SRCS} ${TITAN_SRCS}
 
 DISTNAME =	gmid-${VERSION}
@@ -78,20 +78,24 @@ install: gmid gg gemexp
 	mkdir -p ${DESTDIR}${MANDIR}/man1
 	mkdir -p ${DESTDIR}${MANDIR}/man5
 	mkdir -p ${DESTDIR}${MANDIR}/man8
-	${INSTALL_PROGRAM} gmid ${DESTDIR}${BINDIR}
-	${INSTALL_PROGRAM} gg ${DESTDIR}${BINDIR}
 	${INSTALL_PROGRAM} gemexp ${DESTDIR}${BINDIR}
-	${INSTALL_MAN} gmid.8 ${DESTDIR}${MANDIR}/man8
-	${INSTALL_MAN} gmid.conf.5 ${DESTDIR}${MANDIR}/man5
+	${INSTALL_PROGRAM} gg ${DESTDIR}${BINDIR}
+	${INSTALL_PROGRAM} gmid ${DESTDIR}${BINDIR}
+	${INSTALL_PROGRAM} titan ${DESTDIR}${BINDIR}
 	${INSTALL_MAN} gemexp.1 ${DESTDIR}${MANDIR}/man1
 	${INSTALL_MAN} gg.1 ${DESTDIR}${MANDIR}/man1
+	${INSTALL_MAN} titan.1 ${DESTDIR}${MANDIR}/man1
+	${INSTALL_MAN} gmid.conf.5 ${DESTDIR}${MANDIR}/man5
+	${INSTALL_MAN} gmid.8 ${DESTDIR}${MANDIR}/man8
 
 uninstall:
 	rm ${DESTDIR}${BINDIR}/gemexp
 	rm ${DESTDIR}${BINDIR}/gg
 	rm ${DESTDIR}${BINDIR}/gmid
+	rm ${DESTDIR}${BINDIR}/titan
 	rm ${DESTDIR}${MANDIR}/man1/gemexp.1
 	rm ${DESTDIR}${MANDIR}/man1/gg.1
+	rm ${DESTDIR}${MANDIR}/man1/titan.1
 	rm ${DESTDIR}${MANDIR}/man5/gmid.conf.5
 	rm ${DESTDIR}${MANDIR}/man8/gmid.8
 
@@ -127,21 +131,28 @@ y.tab.c: parse.y
 lint:
 	man -Tlint -Wstyle -l gmid.8 gmid.conf.5 gemexp.1 gg.1 titan.1
 
+PUBKEY =	keys/gmid-${VERSION}.pub
+PRIVKEY =	set-PRIVKEY
 DISTFILES =	.cirrus.yml .dockerignore .gitignore ChangeLog LICENSE \
 		Makefile README.md config.c configure crypto.c dirs.c fcgi.c \
 		ge.c gemexp.1 gg.1 gg.c gmid.8 gmid.c gmid.conf.5 gmid.h \
-		iri.c iri.h landlock_shim.h log.c log.h logger.c mime.c \
-		parse.y proc.c proc.h proxy.c puny.c sandbox.c server.c \
-		titan.1 titan.c utf8.c utils.c y.tab.c
+		iri.c iri.h log.c log.h logger.c mime.c parse.y proc.c \
+		proc.h proxy.c puny.c sandbox.c server.c titan.1 titan.c \
+		utf8.c utils.c y.tab.c
 
 release:
-	sed -i -e '/^RELEASE=/s/no/yes' configure
+	sed -i -e '/^RELEASE=/s/no/yes/' configure
 	${MAKE} dist
-	sed -i -e '/^RELEASE=/s/yes/no' configure
+	sed -i -e '/^RELEASE=/s/yes/no/' configure
+	signify -S -e -m ${DISTNAME}.sha256 -s ${PRIVKEY}
+
+verify-release:
+	signify -C -p ${PUBKEY} -x ${DISTNAME}.sha256.sig
 
 dist: ${DISTNAME}.sha256
 
 ${DISTNAME}.sha256: ${DISTNAME}.tar.gz
+	sha256 ${DISTNAME}.tar.gz > $@
 
 ${DISTNAME}.tar.gz: ${DISTFILES}
 	mkdir -p .dist/${DISTNAME}/
@@ -150,6 +161,7 @@ ${DISTNAME}.tar.gz: ${DISTFILES}
 	${MAKE} -C compat	DESTDIR=${PWD}/.dist/${DISTNAME}/compat dist
 	${MAKE} -C contrib	DESTDIR=${PWD}/.dist/${DISTNAME}/contrib dist
 	${MAKE} -C have		DESTDIR=${PWD}/.dist/${DISTNAME}/have dist
+	${MAKE} -C keys		DESTDIR=${PWD}/.dist/${DISTNAME}/keys dist
 	${MAKE} -C regress	DESTDIR=${PWD}/.dist/${DISTNAME}/regress dist
 	cd .dist/ && tar zcf ../$@ ${DISTNAME}
 	rm -rf .dist/

README.md

@@ -1,10 +1,5 @@
 # gmid
 
-> **Warning**
-> The `master` branch is WIP: it's what gmid 2.0 will be, with
-> breaking changes et al.  Please use the latest release from the 1.8
-> branch for a stable and documented experience, thank you.
-
 gmid is a full-featured Gemini server written with security in mind.
 It can serve static files, has optional FastCGI and proxying support,
 and a rich configuration syntax.
@@ -89,9 +84,7 @@ server "example.com" {
 
 ## Building
 
-gmid depends on libevent2, OpenSSL/LibreSSL and libtls (provided
-either by LibreSSL or libretls).  At build time, yacc (or GNU bison)
-is also needed.
+gmid depends on libevent2, LibreSSL or OpenSSL, and yacc or GNU bison.
 
 The build is as simple as
 
@@ -135,20 +128,20 @@ to the `contrib` directory.
 ## Architecture/Security considerations
 
 The internal architecture was revisited for the 2.0 release.  For
-previous releases, please refer to previous revision of this file.
+earlier releases, please refer to previous revision of this file.
 
 gmid has a privsep design, where the operations done by the daemon are
 splitted into multiple processes:
 
  - main: the main process is the only one that keeps the original
    privileges.  It opens the TLS certificates on the behalf of the
-   `server` and `crypto` processes and reloads the configuration upon
-   `SIGHUP`.
+   `server` and `crypto` processes, reloads the configuration upon
+   `SIGHUP` and re-opens the log files upon `SIGUSR1`.
 
  - logger: handles the logging with syslog and/or local files.
 
- - server: listen on the binded ports and serves the request.  This
-   also include speaking FastCGI and proxying requests.
+ - server: listens for connections and serves the request.  It also
+   speaks FastCGI and do the proxying.
 
  - crypto: holds the TLS private keys to avoid a compromised `server`
    process to disclose them.

configure

@@ -19,7 +19,7 @@
 set -e
 
 RELEASE=no
-VERSION=2.0-alpha1
+VERSION=2.0-current
 
 usage()
 {
@@ -50,6 +50,7 @@ fi
 
 INSTALL=${INSTALL-install}
 PREFIX=${PREFIX-/usr/local}
+SYSCONFDIR=${SYSCONFDIR-/etc}
 
 CDIAGFLAGS=
 CDIAGFLAGS="${CDIAGFLAGS} -W -Wall -Wextra -Wpointer-arith -Wuninitialized"
@@ -100,6 +101,7 @@ while [ $# -gt 0 ]; do
 	--bindir)	key=BINDIR ;;
 	--mandir)	key=MANDIR ;;
 	--prefix)	key=PREFIX ;;
+	--sysconfdir)	key=SYSCONFDIR ;;
 	--with-libtls)	key=LIBTLS ;;
 	esac
 
@@ -120,6 +122,7 @@ while [ $# -gt 0 ]; do
 	LDFLAGS)	LDFLAGS="$val" ;;
 	PKG_CONFIG)	PKG_CONFIG="$val" ;;
 	PREFIX)		PREFIX="$val" ;;
+	SYSCONFDIR)	SYSCONFDIR="$val" ;;
 	YACC)		YACC="$val" ;;
 	*)		usage
 	esac
@@ -437,6 +440,10 @@ cat <<__HEREDOC__
 #define DISABLE_SANDBOX		${DISABLE_SANDBOX}
 #define HAVE_LANDLOCK		${HAVE_LANDLOCK}
 
+#ifndef SYSCONFDIR
+# define SYSCONFDIR		"${SYSCONFDIR}"
+#endif
+
 __HEREDOC__
 
 if [ ${HAVE_ENDIAN_H} -eq 1 ]; then

contrib/Docker.gmid.conf

@@ -0,0 +1,9 @@
+user gmid
+chroot "/var/gemini"
+
+server "localhost" {
+	listen on * port 1965
+	cert "/etc/ssl/localhost.pem"
+	key  "/etc/ssl/private/localhost.key"
+	root "/"
+}

contrib/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine as builder
+FROM alpine
 WORKDIR /build
 RUN apk update &&	\
 	apk upgrade &&	\
@@ -6,14 +6,14 @@ RUN apk update &&	\
 		alpine-sdk	\
 		linux-headers	\
 		bison		\
-		libretls-dev	\
-		libretls-static	\
-		libevent-dev	\
-		libevent-static
+		libevent-dev 	\
+		openssl-dev
 COPY . .
-RUN make static
-
-FROM alpine
-RUN apk update && apk upgrade
-COPY --from=builder /build/gmid /bin/gmid
-ENTRYPOINT ["gmid"]
+RUN ./configure && make && make install
+RUN adduser -H -S -s /sbin/nologin gmid
+RUN mkdir /var/gemini
+RUN ./contrib/gencert -e localhost && \
+	mv localhost.pem /etc/ssl && \
+	mv localhost.key /etc/ssl/private
+RUN mv contrib/Docker.gmid.conf /etc/gmid.conf
+ENTRYPOINT ["gmid", "-f"]

contrib/Makefile

@@ -1,4 +1,5 @@
 DISTFILES =	Makefile \
+		Docker.gmid.conf \
 		Dockerfile \
 		README \
 		gencert \

gmid.c

@@ -68,7 +68,7 @@ int pidfd = -1;
 
 int debug, verbose;
 
-const char *config_path = "/etc/gmid.conf";
+const char *config_path = SYSCONFDIR "/gmid.conf";
 const char *pidfile;
 
 static void

gmid.conf.5

@@ -1,4 +1,4 @@
-.\" Copyright (c) 2022, 2023 Omar Polo <op@omarpolo.com>
+.\" Copyright (c) 2022, 2023, 2024 Omar Polo <op@omarpolo.com>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -11,7 +11,7 @@
 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd October 20, 2023
+.Dd January 11, 2024
 .Dt GMID.CONF 5
 .Os
 .Sh NAME
@@ -321,7 +321,10 @@ If not specified defaults to 9000.
 .It Ic strip Ar number
 Strip
 .Ar number
-leading path components from the
+leading path components from the request URL before splitting it in
+.Ev SCRIPT_NAME
+and
+.Ev PATH_INFO .
 .El
 .Pp
 The FastCGI handler will be given the following variables by default:
@@ -381,7 +384,7 @@ The port the server is listening on.
 .Dq GEMINI
 .It Ev SERVER_SOFTWARE
 The name and version of the server, i.e.
-.Dq gmid/1.8.4
+.Dq gmid/2.0
 .It Ev REMOTE_USER
 The subject of the client certificate if provided, otherwise unset.
 .It Ev TLS_CLIENT_ISSUER

have/Makefile

@@ -6,6 +6,7 @@ DISTFILES =	ASN1_time_parse.c \
 		SSL_CTX_use_certificate_chain_mem.c \
 		X509_LOOKUP_mem.c \
 		arc4random.c \
+		arc4random_buf.c \
 		endian_h.c \
 		err.c \
 		explicit_bzero.c \
@@ -19,6 +20,7 @@ DISTFILES =	ASN1_time_parse.c \
 		libevent.c \
 		libevent2.c \
 		libtls.c \
+		machine_endian.c \
 		memmem.c \
 		noop.c \
 		openssl.c \
@@ -33,6 +35,7 @@ DISTFILES =	ASN1_time_parse.c \
 		strlcat.c \
 		strlcpy.c \
 		strtonum.c \
+		sys_endian_h.c \
 		timingsafe_memcmp.c \
 		tree_h.c \
 		vasprintf.c \

keys/Makefile

@@ -0,0 +1,10 @@
+DISTFILES =	Makefile gmid-1.7.pub gmid-1.8.pub gmid-2.0.pub
+
+all: false
+
+dist: ${DISTFILES}
+	mkdir -p ${DESTDIR}
+	${INSTALL} -m 0644 ${DISTFILES} ${DESTDIR}/
+
+.PHONY: all dist
+include ../config.mk

keys/gmid-1.7.pub

@@ -0,0 +1,2 @@
+untrusted comment: signify public key
+RWSK+qgSqgu20CEZZQTAExCxaGaOwGO7AWqru6BKLqQhQDy8Iz1tjXNE

keys/gmid-1.8.pub

@@ -0,0 +1,2 @@
+untrusted comment: signify public key
+RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC

keys/gmid-2.0.pub

@@ -0,0 +1,2 @@
+untrusted comment: signify public key
+RWQ+Bm0F0FtPLtTnpRe09x/Z6Fiodk4toTZe2TJ4yCqDZ6l0c5wiU9te

parse.y

@@ -354,7 +354,7 @@ vhost		: SERVER string {
 					fatal("snprintf");
 
 				yywarn("missing `listen on' in server %s,"
-				    " assuming %s port %d", $2,
+				    " assuming %s port %d", host->domain,
 				    default_host ? default_host : "*",
 				    default_port);
 				listen_on(default_host, portno);

site/Makefile

@@ -20,9 +20,9 @@ REPOLOGY_BANNER =	https://repology.org/badge/vertical-allrepos/gmid.svg
 REPOLOGY_URL =		https://repology.org/project/gmid/versions
 
 SUBST =		./subst GITHUB=https://github.com/omar-polo/gmid \
-			VERS=1.8.6 \
-			CURV=1.8 \
-			NEXTV=1.9 \
+			SITE=https://ftp.omarpolo.com \
+			VERS=2.0 \
+			PUBKEY=gmid-2.0.pub \
 			TREE=https://github.com/omar-polo/gmid/blob/master
 
 SUBST_GEM =	${SUBST} MANEXT=txt  EXT=gmi  REPOLOGY=${REPOLOGY_URL}

site/changelog.gmi

@@ -1,5 +1,46 @@
 # change log
 
+## 2024/01/11 - 2.0 “Lady Stardust”
+
+### New Features
+
+* added `listen on' to specify per-server the list of addresses from where connections are to be accepted.
+* added titan(1), a simple titan client.
+* splitted the "configless" version of gmid as a standalone executable gemexp(1)
+* added ability to log to files with `log access <path>`
+* added ability to change the syslog(3) facility with `log syslog facility <facility>`
+* added ability to change the logging style with `log style <style>`
+* added `fastcgi strip'
+* reworked the privsep implementation and added a privsep crypto engine
+* implemented `SCRIPT_NAME' and `PATH_INFO' splitting for fastcgi
+
+### Bug fixes
+
+* fixed handling of TLS handshake failures
+
+### Improvements
+
+* contrib/gencert: added -e to generate EC keys
+* use default prefork (3) in regress
+* removed the sha256 dependency of the regress suite
+* parse and log the fastcgi reply
+* revamped the fastcgi configuration, now it's per-location
+* attempt to load the TLS certificates, mimes and virtual hosts root as part of the configtest (-n) instead of verifying the syntax only.
+* synced the parameters with RFC3875 (CGI)
+* gg: exit with the gemini response code unless it's 2X
+* gemexp: generate EC certificates too (it's also the new default)
+* (contrib/vim) added an ALE linter and updated the Vim syntax file; thanks Anna “CyberTailor”
+
+### Breaking Changes
+
+* removed CGI support
+* gg now warns when the server doesn't use TLS' close_notify
+* deprecated the global `ipv6' and `port' settings in favour of the per-server `listen on` directive
+* removed the already deprecated config options `mime' and `map'
+* droped seccomp and capsicum support
+* FastCGI: set REQUEST_METHOD to "GET" instead of the empty string
+
+
 ## 2022/12/02 - 1.8.6 “Lightbulb Sun” bugfix release
 
 * add tests and compat for setresuid setresgid

site/contrib.gmi

@@ -6,7 +6,7 @@ This directory is for additional contributed files which may be useful.
 
 => TREE/contrib/Dockerfile contrib/Dockerfile
 
-A sample Dockerfile that builds an alpine linux-based image with a statically linked gmid installed as /bin/gmid.  To build the image:
+A sample Dockerfile that builds an alpine linux-based image.  To build the image:
 
 ```instructions to build the image
 # docker build -f contrib/Dockerfile -t gmid .
@@ -15,13 +15,14 @@ A sample Dockerfile that builds an alpine linux-based image with a statically li
 and then run it with something along the lines of:
 
 ```instruction to run the image
-# docker run --rm -it -p 1965:1965      \
-        -v gmid.conf:/etc/gmid.conf:ro  \
-        -v path/to/keys:/tls:ro         \
-        -v /var/gemini:/var/gemini:ro   \
-        gmid -c /etc/gmid.conf
+# docker run --rm -it -p 1965:1965 \
+        -v /var/gemini:/path/to/gemini/root:ro \
+	gmid
 ```
 
+By default a sample config that serves the content of /var/gemini using a self-signed certificate is included.
+
+
 ## gencert
 
 => TREE/contrib/gencert contrib/gencert

site/index.gmi

@@ -20,7 +20,7 @@ Some distros provide a package — thanks to the maintainers!
 
 Otherwise, compile it from source: it’s easy and takes less than a minute on a raspberry pi 3
 
-=> GITHUB/releases/download/VERS/gmid-VERS.tar.gz	gmid-VERS.tar.gz
+=> SITE/gmid-VERS.tar.gz	gmid-VERS.tar.gz
 
 => https://git.omarpolo.com/?action=summary&path=gmid.git git repository
 => https://codeberg.org/op/gmid/		Codeberg mirror
@@ -35,7 +35,7 @@ The dependencies are:
 Once all the dependencies are installed, building is as easy as:
 
 ```Example of how to compile from source
-$ curl -LO GITHUB/releases/download/VERS/gmid-VERS.tar.gz
+$ curl -LO SITE/gmid-VERS.tar.gz
 $ tar xzvf gmid-VERS.tar.gz
 $ cd gmid-VERS
 $ ./configure
@@ -43,17 +43,21 @@ $ make
 $ sudo make install # eventually
 ```
 
-A SHA256 file is available.  However, it only checks for accidental corruption.  You can use signify (SHA256.sig and the public key gmid-CURV.pub) to cryptographically verify the downloaded tarball.  The signify public key for the next release ‘gmid-NEXTV.pub’ is also included.
+A SHA256 file is available.  However, it only checks for accidental corruption.  You can use signify (gmid-VERS.sha256.sig) and the public key PUBKEY to cryptographically verify the downloaded tarball.  The signify public key for the previous and the next release is included in the tarball.
 
-=> GITHUB/releases/download/VERS/SHA256		SHA256
-=> GITHUB/releases/download/VERS/SHA256.sig	SHA256.sig
+=> SITE/gmid-VERS.sha256	gmid-VERS.sha256
+=> SITE/gmid-VERS.sha256.sig	gmid-VERS.sha256.sig
 
-To verify the signatures with signify(1)
+To verify the signatures with signify(1):
 
 ```Example of how to verify the signature with signify
-% signify -C -p gmid-1.8.pub -x SHA256.sig
+% signify -C -p PUBKEY -x gmid-VERS.sha256.sig
 Signature Verified
 gmid-VERS.tar.gz: OK
-gmid-CURV.pub: OK
-gmid-NEXTV.pub: OK
+```
+
+Git tags are signed with the following ssh key:
+
+```
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0nD5I8BNVJknT87gnpLIJWK0fXTayDktQOlS38CGj4 op@omarpolo.com
 ```