switch to suah.dev/protect

2020-05-08 16:47:16 -06:00 · 2020-05-08 16:47:16 -06:00 · bd60a4b1dc
commit bd60a4b1dc
parent 1c3946bb60
5 changed files with 13 additions and 33 deletions
--- a/go.mod
+++ b/go.mod
@ -10,5 +10,6 @@ require (
 	github.com/peterbourgon/diskv v2.0.1+incompatible
 	golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d
 	golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3
-	golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9
+	golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3
+	suah.dev/protect v0.0.0-20200508135532-408f86d55f26
 )
--- a/go.sum
+++ b/go.sum
@ -18,4 +18,8 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9 h1:1/DFK4b7JH8DmkqhUk48onnSfrPzImPoVxuomtbT2nk=
 golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3 h1:5B6i6EAiSYyejWfvc5Rc9BbI3rzIsrrXfAQBWnYfn+w=
+golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+suah.dev/protect v0.0.0-20200508135532-408f86d55f26 h1:trB+FkW4IPwmiON5ipshh3y/7imr0Y+KRP1PRIne5k0=
+suah.dev/protect v0.0.0-20200508135532-408f86d55f26/go.mod h1:ZSgyBM30JUwhVPWJzVHh0jlu5W6Qz1VR6tIhAzqJZ9Y=
--- a/main.go
+++ b/main.go
@ -13,6 +13,7 @@ import (

 	"github.com/matrix-org/gomatrix"
 	"suah.dev/mcchunkie/plugins"
+	"suah.dev/protect"
 )

 const header = `
@ -40,11 +41,11 @@ func main() {

 	flag.Parse()

-	pledge("stdio unveil rpath wpath cpath flock dns inet tty")
-	unveil("/etc/resolv.conf", "r")
-	unveil("/etc/ssl/cert.pem", "r")
-	unveil(db, "rwc")
-	unveilBlock()
+	protect.Pledge("stdio unveil rpath wpath cpath flock dns inet tty")
+	protect.Unveil("/etc/resolv.conf", "r")
+	protect.Unveil("/etc/ssl/cert.pem", "r")
+	protect.Unveil(db, "rwc")
+	protect.UnveilBlock()

 	var help = `^help: (\w+)$`
 	var helpRE = regexp.MustCompile(help)
@ -122,7 +123,7 @@ func main() {
 		}

 		// No longer need tty now that we have our info
-		pledge("stdio unveil rpath wpath cpath flock dns inet")
+		protect.Pledge("stdio unveil rpath wpath cpath flock dns inet")

 		store.Set("username", username)
 		store.Set("access_token", resp.AccessToken)
--- a/protect.go
+++ b/protect.go
@ -1,7 +0,0 @@
-//+build !openbsd
-
-package main
-
-func unveil(path string, flags string) {}
-func unveilBlock()                     {}
-func pledge(promises string)           {}
--- a/protect_openbsd.go
+++ b/protect_openbsd.go
@ -1,19 +0,0 @@
-//+build openbsd
-
-package main
-
-import (
-	"golang.org/x/sys/unix"
-)
-
-func unveil(path string, flags string) {
-	unix.Unveil(path, flags)
-}
-
-func unveilBlock() {
-	unix.UnveilBlock()
-}
-
-func pledge(promises string) {
-	unix.PledgePromises(promises)
-}