alexkarle.com

Source for alexkarle.com
git clone git://git.alexkarle.com/alexkarle.com.git
Log | Files | Refs | README | LICENSE

commit a37db38a47c02ad652a2043e90d3e8994175260f (patch)
parent 5929d2c5a34c326051b7769a2e44d0f63cc315b9
Author: Alex Karle <alex@alexkarle.com>
Date:   Sun, 25 Apr 2021 23:29:41 -0400

kiosk: Replace mandoc(1) usage with less(1) on prebuilt files

Here we go again with runtime optimization at the cost of build time!
This patch removes the usage of `mandoc -l` on the contents of the
site and replaces it with straight less(1).

This is done by generating the kiosk-facing content at build time.

The *real* win here is that it allows us to add unveil(2) calls to
the kiosk, hiding all but the exported files from the field of view
of the process!

I was _tempted_ to replace less(1) with just straight printing the
file line by line to stdout... but I thought that was a bit drastic!

It would give us a super tight pledge though... hmm

Diffstat:
M.gitignore | 3++-
MMakefile | 4+++-
Msrc/kiosk.c | 38++++++++++++++++++++------------------
3 files changed, 25 insertions(+), 20 deletions(-)

diff --git a/.gitignore b/.gitignore @@ -7,5 +7,6 @@ atom.xml # jam-tuesday hits generated by jam-tuesday/stats.sh jam-tuesday/greatest-hits -# kiosk binary +# kiosk binary and files bin/kiosk +kiosk/ diff --git a/Makefile b/Makefile @@ -33,7 +33,7 @@ jam-tuesday/greatest-hits: $(SETS) bin/jam-stats.sh (date; echo; ./bin/jam-stats.sh) > $@ bin/kiosk: src/kiosk.c - $(CC) $(CFLAGS) -DMANDIR="\"`pwd`\"" src/kiosk.c -o $@ + $(CC) $(CFLAGS) -DMANDIR="\"`pwd`/kiosk\"" src/kiosk.c -o $@ $(HTML): bin/genpost.sh @@ -42,3 +42,5 @@ $(HTML): bin/genpost.sh @echo "mandoc $<" $(HIDE)mandoc -Tlint -Werror $< $(HIDE)./bin/genpost.sh < $< > $@ + $(HIDE)mkdir -p kiosk + $(HIDE)mandoc $< > kiosk/`basename $@ .html` diff --git a/src/kiosk.c b/src/kiosk.c @@ -11,11 +11,8 @@ int list(void) { struct dirent *dp; int n = 0; while ((dp = readdir(dirp)) != NULL) { - size_t len = strlen(dp->d_name); - if (len < 3) - continue; - if (strcmp(dp->d_name + (len - 2), ".7") == 0) { - dp->d_name[len - 2] = '\0'; /* truncate extension */ + /* ignore hidden files (and, conveniently, . and ..) */ + if (dp->d_name[0] != '.') { printf("%2d: %s(7)\n", ++n, dp->d_name); } } @@ -48,17 +45,12 @@ void mandoc(int choice) { struct dirent *dp; int i = 0; while ((dp = readdir(dirp)) != NULL) { - size_t len = strlen(dp->d_name); - if (len < 3) - continue; - if (strcmp(dp->d_name + (len - 2), ".7") == 0) { - if (++i == choice) { - char *cmd_base = "mandoc -l"; - char cmd[sizeof(cmd_base) + PATH_MAX + 2]; - sprintf(cmd, "%s %s/%s", cmd_base, MANDIR, dp->d_name); - system(cmd); - break; - } + if (dp->d_name[0] != '.' && ++i == choice) { + char *cmd_base = "less"; + char cmd[sizeof(cmd_base) + PATH_MAX + 2]; + sprintf(cmd, "%s %s/%s", cmd_base, MANDIR, dp->d_name); + system(cmd); + break; } } closedir(dirp); @@ -103,10 +95,20 @@ void prompt(int n) { int main(void) { #ifdef __OpenBSD__ - pledge("stdio rpath proc exec", NULL); + /* All unveils for this proc only (not for less) */ + if (unveil(MANDIR, "r") == -1) + err(1, "unveil"); + if (unveil("/usr/bin/less", "rx") == -1) + err(1, "unveil"); + if (unveil("/dev/tty", "r") == -1) + err(1, "unveil"); + if (unveil("/bin/sh", "rx") == -1) /* for system(3) */ + err(1, "unveil"); + /* no more unveil's past here! requires pledge*/ + if (pledge("stdio rpath proc exec", NULL) == -1) + err(1, "pledge"); #endif int n = list(); - setenv("MANPAGER", "less", 0); setenv("LESSSECURE", "1", 1); for(;;) prompt(n);