Attached is a port of gmid[1], a secure Gemini server. It forks+execs
multiple processes, with each using a pledge+unveil sandbox. I'm
currently dogfooding this port on my 7.0 box at gemini.sgregoratto.me,
and can confirm it works. This is my first time porting a daemon, so any
comments are appreciated.
[1]: https://github.com/omar-polo/gmid
--
Stephen Gregoratto
Index: infrastructure/db/user.list
===================================================================
RCS file: /cvs/ports/infrastructure/db/user.list,v
retrieving revision 1.390
diff -u -p -r1.390 user.list
--- infrastructure/db/user.list 27 Aug 2021 16:30:16 -0000 1.390
+++ infrastructure/db/user.list 17 Oct 2021 03:38:52 -0000
@@ -378,3 +378,4 @@ id user group port
867 _notify_push www/nextcloud_notify_push
868 _igmpproxy _igmpproxy net/igmpproxy
869 _headscale _headscale net/headscale
+870 _gmid _gmid net/gmid
Index: net/gmid/Makefile
===================================================================
RCS file: net/gmid/Makefile
diff -N net/gmid/Makefile
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/gmid/Makefile 17 Oct 2021 03:38:52 -0000
@@ -0,0 +1,29 @@
+# $OpenBSD: Makefile,v$
+
+COMMENT = A simple and secure Gemini server
+V = 1.7.5
+DISTNAME = gmid-${V}
+
+CATEGORIES = net
+
+HOMEPAGE = https://gmid.omarpolo.com/
+
+# ISC
+PERMIT_PACKAGE = Yes
+
+# uses pledge()
+# uses unveil()
+WANTLIB += c crypto event ssl tls util
+
+MASTER_SITES = https://github.com/omar-polo/gmid/releases/download/$V/
+
+CONFIGURE_STYLE = simple
+
+ALL_TARGET = gmid
+INSTALL_TARGET = install
+TEST_TARGET = regress
+
+post-install:
+ install -c -m 0555 ${WRKSRC}/contrib/gmid
${WRKINST}${SYSCONFDIR}/rc.d/gmid
+
+.include <bsd.port.mk>
Index: net/gmid/distinfo
===================================================================
RCS file: net/gmid/distinfo
diff -N net/gmid/distinfo
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/gmid/distinfo 17 Oct 2021 03:38:52 -0000
@@ -0,0 +1,2 @@
+SHA256 (gmid-1.7.5.tar.gz) = 4bMaE9MgkptwrAMOhAapEh2gn7NARSUmH/diaUrI62E=
+SIZE (gmid-1.7.5.tar.gz) = 82100
Index: net/gmid/pkg/DESCR
===================================================================
RCS file: net/gmid/pkg/DESCR
diff -N net/gmid/pkg/DESCR
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/gmid/pkg/DESCR 17 Oct 2021 03:38:52 -0000
@@ -0,0 +1,14 @@
+gmid is a fast Gemini server written with security in mind.
+It contains the following features:
+
+- sandboxed by default on OpenBSD, Linux and FreeBSD
+- reconfiguration: reload the running configuration without interruption
+- automatic redirect/error pages (see block return)
+- IRI support (RFC3987)
+- automatic certificate generation for config-less mode
+- CGI and FastCGI support
+- virtual hosts
+- location rules
+- event-based asynchronous I/O model
+- low memory footprint
+- small codebase, easily hackable
Index: net/gmid/pkg/PLIST
===================================================================
RCS file: net/gmid/pkg/PLIST
diff -N net/gmid/pkg/PLIST
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/gmid/pkg/PLIST 17 Oct 2021 03:38:52 -0000
@@ -0,0 +1,4 @@
+@comment $OpenBSD: PLIST,v$
+@rcscript ${RCDIR}/gmid
+@bin bin/gmid
+@man man/man1/gmid.1
