mirror of https://github.com/omar-polo/gmid.git
Compare commits
24 Commits
e371817b34
...
20fa7cded6
Author | SHA1 | Date |
---|---|---|
Omar Polo | 20fa7cded6 | |
Omar Polo | 2865452c40 | |
Omar Polo | 1ee636a45c | |
Omar Polo | eabbdf5a10 | |
Omar Polo | 38a0d7ee8f | |
Omar Polo | ad3bf17681 | |
Omar Polo | 398253f3f5 | |
Omar Polo | d8df67565c | |
Omar Polo | 0d5282b647 | |
Omar Polo | e78e2923ea | |
Omar Polo | a08e0451ed | |
Omar Polo | 89b564c312 | |
Omar Polo | 13f900092d | |
Omar Polo | 84285be948 | |
Omar Polo | 3b9388d8d0 | |
Omar Polo | fa3b459472 | |
Omar Polo | a9092d0ee8 | |
Omar Polo | 8d0573e84a | |
Omar Polo | dd40d59659 | |
Omar Polo | 707ec003e5 | |
Omar Polo | c86654c907 | |
Omar Polo | e3dd9e66af | |
Omar Polo | 14d22e8007 | |
Omar Polo | 432c31e6cc |
|
@ -2,8 +2,10 @@
|
||||||
!*.c
|
!*.c
|
||||||
!*.h
|
!*.h
|
||||||
!*.y
|
!*.y
|
||||||
!compat/*.c
|
!*.[1-9]
|
||||||
!compat/*.h
|
!compat
|
||||||
!have/*.c
|
!have/*.c
|
||||||
!Makefile
|
!Makefile
|
||||||
!configure
|
!configure
|
||||||
|
!contrib/Docker.gmid.conf
|
||||||
|
!contrib/gencert
|
||||||
|
|
32
Makefile
32
Makefile
|
@ -43,7 +43,7 @@ GG_OBJS = ${GG_SRCS:.c=.o} ${COBJS}
|
||||||
TITAN_SRCS = titan.c iri.c log.c utf8.c
|
TITAN_SRCS = titan.c iri.c log.c utf8.c
|
||||||
TITAN_OBJS = ${TITAN_SRCS:.c=.o} ${COBJS}
|
TITAN_OBJS = ${TITAN_SRCS:.c=.o} ${COBJS}
|
||||||
|
|
||||||
SRCS = gmid.h landlock_shim.h log.h parse.y proc.h \
|
SRCS = gmid.h iri.h log.h parse.y proc.h \
|
||||||
${GMID_SRCS} ${GEMEXP_SRCS} ${GG_SRCS} ${TITAN_SRCS}
|
${GMID_SRCS} ${GEMEXP_SRCS} ${GG_SRCS} ${TITAN_SRCS}
|
||||||
|
|
||||||
DISTNAME = gmid-${VERSION}
|
DISTNAME = gmid-${VERSION}
|
||||||
|
@ -78,20 +78,24 @@ install: gmid gg gemexp
|
||||||
mkdir -p ${DESTDIR}${MANDIR}/man1
|
mkdir -p ${DESTDIR}${MANDIR}/man1
|
||||||
mkdir -p ${DESTDIR}${MANDIR}/man5
|
mkdir -p ${DESTDIR}${MANDIR}/man5
|
||||||
mkdir -p ${DESTDIR}${MANDIR}/man8
|
mkdir -p ${DESTDIR}${MANDIR}/man8
|
||||||
${INSTALL_PROGRAM} gmid ${DESTDIR}${BINDIR}
|
|
||||||
${INSTALL_PROGRAM} gg ${DESTDIR}${BINDIR}
|
|
||||||
${INSTALL_PROGRAM} gemexp ${DESTDIR}${BINDIR}
|
${INSTALL_PROGRAM} gemexp ${DESTDIR}${BINDIR}
|
||||||
${INSTALL_MAN} gmid.8 ${DESTDIR}${MANDIR}/man8
|
${INSTALL_PROGRAM} gg ${DESTDIR}${BINDIR}
|
||||||
${INSTALL_MAN} gmid.conf.5 ${DESTDIR}${MANDIR}/man5
|
${INSTALL_PROGRAM} gmid ${DESTDIR}${BINDIR}
|
||||||
|
${INSTALL_PROGRAM} titan ${DESTDIR}${BINDIR}
|
||||||
${INSTALL_MAN} gemexp.1 ${DESTDIR}${MANDIR}/man1
|
${INSTALL_MAN} gemexp.1 ${DESTDIR}${MANDIR}/man1
|
||||||
${INSTALL_MAN} gg.1 ${DESTDIR}${MANDIR}/man1
|
${INSTALL_MAN} gg.1 ${DESTDIR}${MANDIR}/man1
|
||||||
|
${INSTALL_MAN} titan.1 ${DESTDIR}${MANDIR}/man1
|
||||||
|
${INSTALL_MAN} gmid.conf.5 ${DESTDIR}${MANDIR}/man5
|
||||||
|
${INSTALL_MAN} gmid.8 ${DESTDIR}${MANDIR}/man8
|
||||||
|
|
||||||
uninstall:
|
uninstall:
|
||||||
rm ${DESTDIR}${BINDIR}/gemexp
|
rm ${DESTDIR}${BINDIR}/gemexp
|
||||||
rm ${DESTDIR}${BINDIR}/gg
|
rm ${DESTDIR}${BINDIR}/gg
|
||||||
rm ${DESTDIR}${BINDIR}/gmid
|
rm ${DESTDIR}${BINDIR}/gmid
|
||||||
|
rm ${DESTDIR}${BINDIR}/titan
|
||||||
rm ${DESTDIR}${MANDIR}/man1/gemexp.1
|
rm ${DESTDIR}${MANDIR}/man1/gemexp.1
|
||||||
rm ${DESTDIR}${MANDIR}/man1/gg.1
|
rm ${DESTDIR}${MANDIR}/man1/gg.1
|
||||||
|
rm ${DESTDIR}${MANDIR}/man1/titan.1
|
||||||
rm ${DESTDIR}${MANDIR}/man5/gmid.conf.5
|
rm ${DESTDIR}${MANDIR}/man5/gmid.conf.5
|
||||||
rm ${DESTDIR}${MANDIR}/man8/gmid.8
|
rm ${DESTDIR}${MANDIR}/man8/gmid.8
|
||||||
|
|
||||||
|
@ -127,21 +131,28 @@ y.tab.c: parse.y
|
||||||
lint:
|
lint:
|
||||||
man -Tlint -Wstyle -l gmid.8 gmid.conf.5 gemexp.1 gg.1 titan.1
|
man -Tlint -Wstyle -l gmid.8 gmid.conf.5 gemexp.1 gg.1 titan.1
|
||||||
|
|
||||||
|
PUBKEY = keys/gmid-${VERSION}.pub
|
||||||
|
PRIVKEY = set-PRIVKEY
|
||||||
DISTFILES = .cirrus.yml .dockerignore .gitignore ChangeLog LICENSE \
|
DISTFILES = .cirrus.yml .dockerignore .gitignore ChangeLog LICENSE \
|
||||||
Makefile README.md config.c configure crypto.c dirs.c fcgi.c \
|
Makefile README.md config.c configure crypto.c dirs.c fcgi.c \
|
||||||
ge.c gemexp.1 gg.1 gg.c gmid.8 gmid.c gmid.conf.5 gmid.h \
|
ge.c gemexp.1 gg.1 gg.c gmid.8 gmid.c gmid.conf.5 gmid.h \
|
||||||
iri.c iri.h landlock_shim.h log.c log.h logger.c mime.c \
|
iri.c iri.h log.c log.h logger.c mime.c parse.y proc.c \
|
||||||
parse.y proc.c proc.h proxy.c puny.c sandbox.c server.c \
|
proc.h proxy.c puny.c sandbox.c server.c titan.1 titan.c \
|
||||||
titan.1 titan.c utf8.c utils.c y.tab.c
|
utf8.c utils.c y.tab.c
|
||||||
|
|
||||||
release:
|
release:
|
||||||
sed -i -e '/^RELEASE=/s/no/yes' configure
|
sed -i -e '/^RELEASE=/s/no/yes/' configure
|
||||||
${MAKE} dist
|
${MAKE} dist
|
||||||
sed -i -e '/^RELEASE=/s/yes/no' configure
|
sed -i -e '/^RELEASE=/s/yes/no/' configure
|
||||||
|
signify -S -e -m ${DISTNAME}.sha256 -s ${PRIVKEY}
|
||||||
|
|
||||||
|
verify-release:
|
||||||
|
signify -C -p ${PUBKEY} -x ${DISTNAME}.sha256.sig
|
||||||
|
|
||||||
dist: ${DISTNAME}.sha256
|
dist: ${DISTNAME}.sha256
|
||||||
|
|
||||||
${DISTNAME}.sha256: ${DISTNAME}.tar.gz
|
${DISTNAME}.sha256: ${DISTNAME}.tar.gz
|
||||||
|
sha256 ${DISTNAME}.tar.gz > $@
|
||||||
|
|
||||||
${DISTNAME}.tar.gz: ${DISTFILES}
|
${DISTNAME}.tar.gz: ${DISTFILES}
|
||||||
mkdir -p .dist/${DISTNAME}/
|
mkdir -p .dist/${DISTNAME}/
|
||||||
|
@ -150,6 +161,7 @@ ${DISTNAME}.tar.gz: ${DISTFILES}
|
||||||
${MAKE} -C compat DESTDIR=${PWD}/.dist/${DISTNAME}/compat dist
|
${MAKE} -C compat DESTDIR=${PWD}/.dist/${DISTNAME}/compat dist
|
||||||
${MAKE} -C contrib DESTDIR=${PWD}/.dist/${DISTNAME}/contrib dist
|
${MAKE} -C contrib DESTDIR=${PWD}/.dist/${DISTNAME}/contrib dist
|
||||||
${MAKE} -C have DESTDIR=${PWD}/.dist/${DISTNAME}/have dist
|
${MAKE} -C have DESTDIR=${PWD}/.dist/${DISTNAME}/have dist
|
||||||
|
${MAKE} -C keys DESTDIR=${PWD}/.dist/${DISTNAME}/keys dist
|
||||||
${MAKE} -C regress DESTDIR=${PWD}/.dist/${DISTNAME}/regress dist
|
${MAKE} -C regress DESTDIR=${PWD}/.dist/${DISTNAME}/regress dist
|
||||||
cd .dist/ && tar zcf ../$@ ${DISTNAME}
|
cd .dist/ && tar zcf ../$@ ${DISTNAME}
|
||||||
rm -rf .dist/
|
rm -rf .dist/
|
||||||
|
|
19
README.md
19
README.md
|
@ -1,10 +1,5 @@
|
||||||
# gmid
|
# gmid
|
||||||
|
|
||||||
> **Warning**
|
|
||||||
> The `master` branch is WIP: it's what gmid 2.0 will be, with
|
|
||||||
> breaking changes et al. Please use the latest release from the 1.8
|
|
||||||
> branch for a stable and documented experience, thank you.
|
|
||||||
|
|
||||||
gmid is a full-featured Gemini server written with security in mind.
|
gmid is a full-featured Gemini server written with security in mind.
|
||||||
It can serve static files, has optional FastCGI and proxying support,
|
It can serve static files, has optional FastCGI and proxying support,
|
||||||
and a rich configuration syntax.
|
and a rich configuration syntax.
|
||||||
|
@ -89,9 +84,7 @@ server "example.com" {
|
||||||
|
|
||||||
## Building
|
## Building
|
||||||
|
|
||||||
gmid depends on libevent2, OpenSSL/LibreSSL and libtls (provided
|
gmid depends on libevent2, LibreSSL or OpenSSL, and yacc or GNU bison.
|
||||||
either by LibreSSL or libretls). At build time, yacc (or GNU bison)
|
|
||||||
is also needed.
|
|
||||||
|
|
||||||
The build is as simple as
|
The build is as simple as
|
||||||
|
|
||||||
|
@ -135,20 +128,20 @@ to the `contrib` directory.
|
||||||
## Architecture/Security considerations
|
## Architecture/Security considerations
|
||||||
|
|
||||||
The internal architecture was revisited for the 2.0 release. For
|
The internal architecture was revisited for the 2.0 release. For
|
||||||
previous releases, please refer to previous revision of this file.
|
earlier releases, please refer to previous revision of this file.
|
||||||
|
|
||||||
gmid has a privsep design, where the operations done by the daemon are
|
gmid has a privsep design, where the operations done by the daemon are
|
||||||
splitted into multiple processes:
|
splitted into multiple processes:
|
||||||
|
|
||||||
- main: the main process is the only one that keeps the original
|
- main: the main process is the only one that keeps the original
|
||||||
privileges. It opens the TLS certificates on the behalf of the
|
privileges. It opens the TLS certificates on the behalf of the
|
||||||
`server` and `crypto` processes and reloads the configuration upon
|
`server` and `crypto` processes, reloads the configuration upon
|
||||||
`SIGHUP`.
|
`SIGHUP` and re-opens the log files upon `SIGUSR1`.
|
||||||
|
|
||||||
- logger: handles the logging with syslog and/or local files.
|
- logger: handles the logging with syslog and/or local files.
|
||||||
|
|
||||||
- server: listen on the binded ports and serves the request. This
|
- server: listens for connections and serves the request. It also
|
||||||
also include speaking FastCGI and proxying requests.
|
speaks FastCGI and do the proxying.
|
||||||
|
|
||||||
- crypto: holds the TLS private keys to avoid a compromised `server`
|
- crypto: holds the TLS private keys to avoid a compromised `server`
|
||||||
process to disclose them.
|
process to disclose them.
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
RELEASE=no
|
RELEASE=no
|
||||||
VERSION=2.0-alpha1
|
VERSION=2.0-current
|
||||||
|
|
||||||
usage()
|
usage()
|
||||||
{
|
{
|
||||||
|
@ -50,6 +50,7 @@ fi
|
||||||
|
|
||||||
INSTALL=${INSTALL-install}
|
INSTALL=${INSTALL-install}
|
||||||
PREFIX=${PREFIX-/usr/local}
|
PREFIX=${PREFIX-/usr/local}
|
||||||
|
SYSCONFDIR=${SYSCONFDIR-/etc}
|
||||||
|
|
||||||
CDIAGFLAGS=
|
CDIAGFLAGS=
|
||||||
CDIAGFLAGS="${CDIAGFLAGS} -W -Wall -Wextra -Wpointer-arith -Wuninitialized"
|
CDIAGFLAGS="${CDIAGFLAGS} -W -Wall -Wextra -Wpointer-arith -Wuninitialized"
|
||||||
|
@ -100,6 +101,7 @@ while [ $# -gt 0 ]; do
|
||||||
--bindir) key=BINDIR ;;
|
--bindir) key=BINDIR ;;
|
||||||
--mandir) key=MANDIR ;;
|
--mandir) key=MANDIR ;;
|
||||||
--prefix) key=PREFIX ;;
|
--prefix) key=PREFIX ;;
|
||||||
|
--sysconfdir) key=SYSCONFDIR ;;
|
||||||
--with-libtls) key=LIBTLS ;;
|
--with-libtls) key=LIBTLS ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
@ -120,6 +122,7 @@ while [ $# -gt 0 ]; do
|
||||||
LDFLAGS) LDFLAGS="$val" ;;
|
LDFLAGS) LDFLAGS="$val" ;;
|
||||||
PKG_CONFIG) PKG_CONFIG="$val" ;;
|
PKG_CONFIG) PKG_CONFIG="$val" ;;
|
||||||
PREFIX) PREFIX="$val" ;;
|
PREFIX) PREFIX="$val" ;;
|
||||||
|
SYSCONFDIR) SYSCONFDIR="$val" ;;
|
||||||
YACC) YACC="$val" ;;
|
YACC) YACC="$val" ;;
|
||||||
*) usage
|
*) usage
|
||||||
esac
|
esac
|
||||||
|
@ -437,6 +440,10 @@ cat <<__HEREDOC__
|
||||||
#define DISABLE_SANDBOX ${DISABLE_SANDBOX}
|
#define DISABLE_SANDBOX ${DISABLE_SANDBOX}
|
||||||
#define HAVE_LANDLOCK ${HAVE_LANDLOCK}
|
#define HAVE_LANDLOCK ${HAVE_LANDLOCK}
|
||||||
|
|
||||||
|
#ifndef SYSCONFDIR
|
||||||
|
# define SYSCONFDIR "${SYSCONFDIR}"
|
||||||
|
#endif
|
||||||
|
|
||||||
__HEREDOC__
|
__HEREDOC__
|
||||||
|
|
||||||
if [ ${HAVE_ENDIAN_H} -eq 1 ]; then
|
if [ ${HAVE_ENDIAN_H} -eq 1 ]; then
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
user gmid
|
||||||
|
chroot "/var/gemini"
|
||||||
|
|
||||||
|
server "localhost" {
|
||||||
|
listen on * port 1965
|
||||||
|
cert "/etc/ssl/localhost.pem"
|
||||||
|
key "/etc/ssl/private/localhost.key"
|
||||||
|
root "/"
|
||||||
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
FROM alpine as builder
|
FROM alpine
|
||||||
WORKDIR /build
|
WORKDIR /build
|
||||||
RUN apk update && \
|
RUN apk update && \
|
||||||
apk upgrade && \
|
apk upgrade && \
|
||||||
|
@ -6,14 +6,14 @@ RUN apk update && \
|
||||||
alpine-sdk \
|
alpine-sdk \
|
||||||
linux-headers \
|
linux-headers \
|
||||||
bison \
|
bison \
|
||||||
libretls-dev \
|
libevent-dev \
|
||||||
libretls-static \
|
openssl-dev
|
||||||
libevent-dev \
|
|
||||||
libevent-static
|
|
||||||
COPY . .
|
COPY . .
|
||||||
RUN make static
|
RUN ./configure && make && make install
|
||||||
|
RUN adduser -H -S -s /sbin/nologin gmid
|
||||||
FROM alpine
|
RUN mkdir /var/gemini
|
||||||
RUN apk update && apk upgrade
|
RUN ./contrib/gencert -e localhost && \
|
||||||
COPY --from=builder /build/gmid /bin/gmid
|
mv localhost.pem /etc/ssl && \
|
||||||
ENTRYPOINT ["gmid"]
|
mv localhost.key /etc/ssl/private
|
||||||
|
RUN mv contrib/Docker.gmid.conf /etc/gmid.conf
|
||||||
|
ENTRYPOINT ["gmid", "-f"]
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
DISTFILES = Makefile \
|
DISTFILES = Makefile \
|
||||||
|
Docker.gmid.conf \
|
||||||
Dockerfile \
|
Dockerfile \
|
||||||
README \
|
README \
|
||||||
gencert \
|
gencert \
|
||||||
|
|
2
gmid.c
2
gmid.c
|
@ -68,7 +68,7 @@ int pidfd = -1;
|
||||||
|
|
||||||
int debug, verbose;
|
int debug, verbose;
|
||||||
|
|
||||||
const char *config_path = "/etc/gmid.conf";
|
const char *config_path = SYSCONFDIR "/gmid.conf";
|
||||||
const char *pidfile;
|
const char *pidfile;
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
|
11
gmid.conf.5
11
gmid.conf.5
|
@ -1,4 +1,4 @@
|
||||||
.\" Copyright (c) 2022, 2023 Omar Polo <op@omarpolo.com>
|
.\" Copyright (c) 2022, 2023, 2024 Omar Polo <op@omarpolo.com>
|
||||||
.\"
|
.\"
|
||||||
.\" Permission to use, copy, modify, and distribute this software for any
|
.\" Permission to use, copy, modify, and distribute this software for any
|
||||||
.\" purpose with or without fee is hereby granted, provided that the above
|
.\" purpose with or without fee is hereby granted, provided that the above
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
.Dd October 20, 2023
|
.Dd January 11, 2024
|
||||||
.Dt GMID.CONF 5
|
.Dt GMID.CONF 5
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -321,7 +321,10 @@ If not specified defaults to 9000.
|
||||||
.It Ic strip Ar number
|
.It Ic strip Ar number
|
||||||
Strip
|
Strip
|
||||||
.Ar number
|
.Ar number
|
||||||
leading path components from the
|
leading path components from the request URL before splitting it in
|
||||||
|
.Ev SCRIPT_NAME
|
||||||
|
and
|
||||||
|
.Ev PATH_INFO .
|
||||||
.El
|
.El
|
||||||
.Pp
|
.Pp
|
||||||
The FastCGI handler will be given the following variables by default:
|
The FastCGI handler will be given the following variables by default:
|
||||||
|
@ -381,7 +384,7 @@ The port the server is listening on.
|
||||||
.Dq GEMINI
|
.Dq GEMINI
|
||||||
.It Ev SERVER_SOFTWARE
|
.It Ev SERVER_SOFTWARE
|
||||||
The name and version of the server, i.e.
|
The name and version of the server, i.e.
|
||||||
.Dq gmid/1.8.4
|
.Dq gmid/2.0
|
||||||
.It Ev REMOTE_USER
|
.It Ev REMOTE_USER
|
||||||
The subject of the client certificate if provided, otherwise unset.
|
The subject of the client certificate if provided, otherwise unset.
|
||||||
.It Ev TLS_CLIENT_ISSUER
|
.It Ev TLS_CLIENT_ISSUER
|
||||||
|
|
|
@ -6,6 +6,7 @@ DISTFILES = ASN1_time_parse.c \
|
||||||
SSL_CTX_use_certificate_chain_mem.c \
|
SSL_CTX_use_certificate_chain_mem.c \
|
||||||
X509_LOOKUP_mem.c \
|
X509_LOOKUP_mem.c \
|
||||||
arc4random.c \
|
arc4random.c \
|
||||||
|
arc4random_buf.c \
|
||||||
endian_h.c \
|
endian_h.c \
|
||||||
err.c \
|
err.c \
|
||||||
explicit_bzero.c \
|
explicit_bzero.c \
|
||||||
|
@ -19,6 +20,7 @@ DISTFILES = ASN1_time_parse.c \
|
||||||
libevent.c \
|
libevent.c \
|
||||||
libevent2.c \
|
libevent2.c \
|
||||||
libtls.c \
|
libtls.c \
|
||||||
|
machine_endian.c \
|
||||||
memmem.c \
|
memmem.c \
|
||||||
noop.c \
|
noop.c \
|
||||||
openssl.c \
|
openssl.c \
|
||||||
|
@ -33,6 +35,7 @@ DISTFILES = ASN1_time_parse.c \
|
||||||
strlcat.c \
|
strlcat.c \
|
||||||
strlcpy.c \
|
strlcpy.c \
|
||||||
strtonum.c \
|
strtonum.c \
|
||||||
|
sys_endian_h.c \
|
||||||
timingsafe_memcmp.c \
|
timingsafe_memcmp.c \
|
||||||
tree_h.c \
|
tree_h.c \
|
||||||
vasprintf.c \
|
vasprintf.c \
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
DISTFILES = Makefile gmid-1.7.pub gmid-1.8.pub gmid-2.0.pub
|
||||||
|
|
||||||
|
all: false
|
||||||
|
|
||||||
|
dist: ${DISTFILES}
|
||||||
|
mkdir -p ${DESTDIR}
|
||||||
|
${INSTALL} -m 0644 ${DISTFILES} ${DESTDIR}/
|
||||||
|
|
||||||
|
.PHONY: all dist
|
||||||
|
include ../config.mk
|
|
@ -0,0 +1,2 @@
|
||||||
|
untrusted comment: signify public key
|
||||||
|
RWSK+qgSqgu20CEZZQTAExCxaGaOwGO7AWqru6BKLqQhQDy8Iz1tjXNE
|
|
@ -0,0 +1,2 @@
|
||||||
|
untrusted comment: signify public key
|
||||||
|
RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC
|
|
@ -0,0 +1,2 @@
|
||||||
|
untrusted comment: signify public key
|
||||||
|
RWQ+Bm0F0FtPLtTnpRe09x/Z6Fiodk4toTZe2TJ4yCqDZ6l0c5wiU9te
|
2
parse.y
2
parse.y
|
@ -354,7 +354,7 @@ vhost : SERVER string {
|
||||||
fatal("snprintf");
|
fatal("snprintf");
|
||||||
|
|
||||||
yywarn("missing `listen on' in server %s,"
|
yywarn("missing `listen on' in server %s,"
|
||||||
" assuming %s port %d", $2,
|
" assuming %s port %d", host->domain,
|
||||||
default_host ? default_host : "*",
|
default_host ? default_host : "*",
|
||||||
default_port);
|
default_port);
|
||||||
listen_on(default_host, portno);
|
listen_on(default_host, portno);
|
||||||
|
|
|
@ -20,9 +20,9 @@ REPOLOGY_BANNER = https://repology.org/badge/vertical-allrepos/gmid.svg
|
||||||
REPOLOGY_URL = https://repology.org/project/gmid/versions
|
REPOLOGY_URL = https://repology.org/project/gmid/versions
|
||||||
|
|
||||||
SUBST = ./subst GITHUB=https://github.com/omar-polo/gmid \
|
SUBST = ./subst GITHUB=https://github.com/omar-polo/gmid \
|
||||||
VERS=1.8.6 \
|
SITE=https://ftp.omarpolo.com \
|
||||||
CURV=1.8 \
|
VERS=2.0 \
|
||||||
NEXTV=1.9 \
|
PUBKEY=gmid-2.0.pub \
|
||||||
TREE=https://github.com/omar-polo/gmid/blob/master
|
TREE=https://github.com/omar-polo/gmid/blob/master
|
||||||
|
|
||||||
SUBST_GEM = ${SUBST} MANEXT=txt EXT=gmi REPOLOGY=${REPOLOGY_URL}
|
SUBST_GEM = ${SUBST} MANEXT=txt EXT=gmi REPOLOGY=${REPOLOGY_URL}
|
||||||
|
|
|
@ -1,5 +1,46 @@
|
||||||
# change log
|
# change log
|
||||||
|
|
||||||
|
## 2024/01/11 - 2.0 “Lady Stardust”
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
* added `listen on' to specify per-server the list of addresses from where connections are to be accepted.
|
||||||
|
* added titan(1), a simple titan client.
|
||||||
|
* splitted the "configless" version of gmid as a standalone executable gemexp(1)
|
||||||
|
* added ability to log to files with `log access <path>`
|
||||||
|
* added ability to change the syslog(3) facility with `log syslog facility <facility>`
|
||||||
|
* added ability to change the logging style with `log style <style>`
|
||||||
|
* added `fastcgi strip'
|
||||||
|
* reworked the privsep implementation and added a privsep crypto engine
|
||||||
|
* implemented `SCRIPT_NAME' and `PATH_INFO' splitting for fastcgi
|
||||||
|
|
||||||
|
### Bug fixes
|
||||||
|
|
||||||
|
* fixed handling of TLS handshake failures
|
||||||
|
|
||||||
|
### Improvements
|
||||||
|
|
||||||
|
* contrib/gencert: added -e to generate EC keys
|
||||||
|
* use default prefork (3) in regress
|
||||||
|
* removed the sha256 dependency of the regress suite
|
||||||
|
* parse and log the fastcgi reply
|
||||||
|
* revamped the fastcgi configuration, now it's per-location
|
||||||
|
* attempt to load the TLS certificates, mimes and virtual hosts root as part of the configtest (-n) instead of verifying the syntax only.
|
||||||
|
* synced the parameters with RFC3875 (CGI)
|
||||||
|
* gg: exit with the gemini response code unless it's 2X
|
||||||
|
* gemexp: generate EC certificates too (it's also the new default)
|
||||||
|
* (contrib/vim) added an ALE linter and updated the Vim syntax file; thanks Anna “CyberTailor”
|
||||||
|
|
||||||
|
### Breaking Changes
|
||||||
|
|
||||||
|
* removed CGI support
|
||||||
|
* gg now warns when the server doesn't use TLS' close_notify
|
||||||
|
* deprecated the global `ipv6' and `port' settings in favour of the per-server `listen on` directive
|
||||||
|
* removed the already deprecated config options `mime' and `map'
|
||||||
|
* droped seccomp and capsicum support
|
||||||
|
* FastCGI: set REQUEST_METHOD to "GET" instead of the empty string
|
||||||
|
|
||||||
|
|
||||||
## 2022/12/02 - 1.8.6 “Lightbulb Sun” bugfix release
|
## 2022/12/02 - 1.8.6 “Lightbulb Sun” bugfix release
|
||||||
|
|
||||||
* add tests and compat for setresuid setresgid
|
* add tests and compat for setresuid setresgid
|
||||||
|
|
|
@ -6,7 +6,7 @@ This directory is for additional contributed files which may be useful.
|
||||||
|
|
||||||
=> TREE/contrib/Dockerfile contrib/Dockerfile
|
=> TREE/contrib/Dockerfile contrib/Dockerfile
|
||||||
|
|
||||||
A sample Dockerfile that builds an alpine linux-based image with a statically linked gmid installed as /bin/gmid. To build the image:
|
A sample Dockerfile that builds an alpine linux-based image. To build the image:
|
||||||
|
|
||||||
```instructions to build the image
|
```instructions to build the image
|
||||||
# docker build -f contrib/Dockerfile -t gmid .
|
# docker build -f contrib/Dockerfile -t gmid .
|
||||||
|
@ -15,13 +15,14 @@ A sample Dockerfile that builds an alpine linux-based image with a statically li
|
||||||
and then run it with something along the lines of:
|
and then run it with something along the lines of:
|
||||||
|
|
||||||
```instruction to run the image
|
```instruction to run the image
|
||||||
# docker run --rm -it -p 1965:1965 \
|
# docker run --rm -it -p 1965:1965 \
|
||||||
-v gmid.conf:/etc/gmid.conf:ro \
|
-v /var/gemini:/path/to/gemini/root:ro \
|
||||||
-v path/to/keys:/tls:ro \
|
gmid
|
||||||
-v /var/gemini:/var/gemini:ro \
|
|
||||||
gmid -c /etc/gmid.conf
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
By default a sample config that serves the content of /var/gemini using a self-signed certificate is included.
|
||||||
|
|
||||||
|
|
||||||
## gencert
|
## gencert
|
||||||
|
|
||||||
=> TREE/contrib/gencert contrib/gencert
|
=> TREE/contrib/gencert contrib/gencert
|
||||||
|
|
|
@ -20,7 +20,7 @@ Some distros provide a package — thanks to the maintainers!
|
||||||
|
|
||||||
Otherwise, compile it from source: it’s easy and takes less than a minute on a raspberry pi 3
|
Otherwise, compile it from source: it’s easy and takes less than a minute on a raspberry pi 3
|
||||||
|
|
||||||
=> GITHUB/releases/download/VERS/gmid-VERS.tar.gz gmid-VERS.tar.gz
|
=> SITE/gmid-VERS.tar.gz gmid-VERS.tar.gz
|
||||||
|
|
||||||
=> https://git.omarpolo.com/?action=summary&path=gmid.git git repository
|
=> https://git.omarpolo.com/?action=summary&path=gmid.git git repository
|
||||||
=> https://codeberg.org/op/gmid/ Codeberg mirror
|
=> https://codeberg.org/op/gmid/ Codeberg mirror
|
||||||
|
@ -35,7 +35,7 @@ The dependencies are:
|
||||||
Once all the dependencies are installed, building is as easy as:
|
Once all the dependencies are installed, building is as easy as:
|
||||||
|
|
||||||
```Example of how to compile from source
|
```Example of how to compile from source
|
||||||
$ curl -LO GITHUB/releases/download/VERS/gmid-VERS.tar.gz
|
$ curl -LO SITE/gmid-VERS.tar.gz
|
||||||
$ tar xzvf gmid-VERS.tar.gz
|
$ tar xzvf gmid-VERS.tar.gz
|
||||||
$ cd gmid-VERS
|
$ cd gmid-VERS
|
||||||
$ ./configure
|
$ ./configure
|
||||||
|
@ -43,17 +43,21 @@ $ make
|
||||||
$ sudo make install # eventually
|
$ sudo make install # eventually
|
||||||
```
|
```
|
||||||
|
|
||||||
A SHA256 file is available. However, it only checks for accidental corruption. You can use signify (SHA256.sig and the public key gmid-CURV.pub) to cryptographically verify the downloaded tarball. The signify public key for the next release ‘gmid-NEXTV.pub’ is also included.
|
A SHA256 file is available. However, it only checks for accidental corruption. You can use signify (gmid-VERS.sha256.sig) and the public key PUBKEY to cryptographically verify the downloaded tarball. The signify public key for the previous and the next release is included in the tarball.
|
||||||
|
|
||||||
=> GITHUB/releases/download/VERS/SHA256 SHA256
|
=> SITE/gmid-VERS.sha256 gmid-VERS.sha256
|
||||||
=> GITHUB/releases/download/VERS/SHA256.sig SHA256.sig
|
=> SITE/gmid-VERS.sha256.sig gmid-VERS.sha256.sig
|
||||||
|
|
||||||
To verify the signatures with signify(1)
|
To verify the signatures with signify(1):
|
||||||
|
|
||||||
```Example of how to verify the signature with signify
|
```Example of how to verify the signature with signify
|
||||||
% signify -C -p gmid-1.8.pub -x SHA256.sig
|
% signify -C -p PUBKEY -x gmid-VERS.sha256.sig
|
||||||
Signature Verified
|
Signature Verified
|
||||||
gmid-VERS.tar.gz: OK
|
gmid-VERS.tar.gz: OK
|
||||||
gmid-CURV.pub: OK
|
```
|
||||||
gmid-NEXTV.pub: OK
|
|
||||||
|
Git tags are signed with the following ssh key:
|
||||||
|
|
||||||
|
```
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0nD5I8BNVJknT87gnpLIJWK0fXTayDktQOlS38CGj4 op@omarpolo.com
|
||||||
```
|
```
|
||||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 31 KiB After Width: | Height: | Size: 21 KiB |
Loading…
Reference in New Issue