commit a37db38a47c02ad652a2043e90d3e8994175260f (patch)
parent 5929d2c5a34c326051b7769a2e44d0f63cc315b9
Author: Alex Karle <alex@alexkarle.com>
Date: Sun, 25 Apr 2021 23:29:41 -0400
kiosk: Replace mandoc(1) usage with less(1) on prebuilt files
Here we go again with runtime optimization at the cost of build time!
This patch removes the usage of `mandoc -l` on the contents of the
site and replaces it with straight less(1).
This is done by generating the kiosk-facing content at build time.
The *real* win here is that it allows us to add unveil(2) calls to
the kiosk, hiding all but the exported files from the field of view
of the process!
I was _tempted_ to replace less(1) with just straight printing the
file line by line to stdout... but I thought that was a bit drastic!
It would give us a super tight pledge though... hmm
Diffstat:
3 files changed, 25 insertions(+), 20 deletions(-)
diff --git a/.gitignore b/.gitignore
@@ -7,5 +7,6 @@ atom.xml
# jam-tuesday hits generated by jam-tuesday/stats.sh
jam-tuesday/greatest-hits
-# kiosk binary
+# kiosk binary and files
bin/kiosk
+kiosk/
diff --git a/Makefile b/Makefile
@@ -33,7 +33,7 @@ jam-tuesday/greatest-hits: $(SETS) bin/jam-stats.sh
(date; echo; ./bin/jam-stats.sh) > $@
bin/kiosk: src/kiosk.c
- $(CC) $(CFLAGS) -DMANDIR="\"`pwd`\"" src/kiosk.c -o $@
+ $(CC) $(CFLAGS) -DMANDIR="\"`pwd`/kiosk\"" src/kiosk.c -o $@
$(HTML): bin/genpost.sh
@@ -42,3 +42,5 @@ $(HTML): bin/genpost.sh
@echo "mandoc $<"
$(HIDE)mandoc -Tlint -Werror $<
$(HIDE)./bin/genpost.sh < $< > $@
+ $(HIDE)mkdir -p kiosk
+ $(HIDE)mandoc $< > kiosk/`basename $@ .html`
diff --git a/src/kiosk.c b/src/kiosk.c
@@ -11,11 +11,8 @@ int list(void) {
struct dirent *dp;
int n = 0;
while ((dp = readdir(dirp)) != NULL) {
- size_t len = strlen(dp->d_name);
- if (len < 3)
- continue;
- if (strcmp(dp->d_name + (len - 2), ".7") == 0) {
- dp->d_name[len - 2] = '\0'; /* truncate extension */
+ /* ignore hidden files (and, conveniently, . and ..) */
+ if (dp->d_name[0] != '.') {
printf("%2d: %s(7)\n", ++n, dp->d_name);
}
}
@@ -48,17 +45,12 @@ void mandoc(int choice) {
struct dirent *dp;
int i = 0;
while ((dp = readdir(dirp)) != NULL) {
- size_t len = strlen(dp->d_name);
- if (len < 3)
- continue;
- if (strcmp(dp->d_name + (len - 2), ".7") == 0) {
- if (++i == choice) {
- char *cmd_base = "mandoc -l";
- char cmd[sizeof(cmd_base) + PATH_MAX + 2];
- sprintf(cmd, "%s %s/%s", cmd_base, MANDIR, dp->d_name);
- system(cmd);
- break;
- }
+ if (dp->d_name[0] != '.' && ++i == choice) {
+ char *cmd_base = "less";
+ char cmd[sizeof(cmd_base) + PATH_MAX + 2];
+ sprintf(cmd, "%s %s/%s", cmd_base, MANDIR, dp->d_name);
+ system(cmd);
+ break;
}
}
closedir(dirp);
@@ -103,10 +95,20 @@ void prompt(int n) {
int main(void) {
#ifdef __OpenBSD__
- pledge("stdio rpath proc exec", NULL);
+ /* All unveils for this proc only (not for less) */
+ if (unveil(MANDIR, "r") == -1)
+ err(1, "unveil");
+ if (unveil("/usr/bin/less", "rx") == -1)
+ err(1, "unveil");
+ if (unveil("/dev/tty", "r") == -1)
+ err(1, "unveil");
+ if (unveil("/bin/sh", "rx") == -1) /* for system(3) */
+ err(1, "unveil");
+ /* no more unveil's past here! requires pledge*/
+ if (pledge("stdio rpath proc exec", NULL) == -1)
+ err(1, "pledge");
#endif
int n = list();
- setenv("MANPAGER", "less", 0);
setenv("LESSSECURE", "1", 1);
for(;;)
prompt(n);
