www/ungoogled-chromium: configurable cdm pledges

[Renato Aguiar]

Hi,

I'd like to propose changing ungoogled-chromium port to read pledge
configuration for CDN sandbox from a config file instead of having it
hardcoded to what openvw needs.

That would make it easier for any alternative implementations that may
require a different set of pledges.

Here is a diff with the proposed change, default pledge remains the
same:

diff --git a/www/ungoogled-chromium/Makefile b/www/ungoogled-chromium/Makefile
index c05aa6c00e4..498db5eafc2 100644
--- a/www/ungoogled-chromium/Makefile
+++ b/www/ungoogled-chromium/Makefile
@@ -16,7 +16,7 @@ COMMENT=              Chromium browser sans integration with 
Google
 V=                     145.0.7632.159
 UGV=                   ${V}-1
 
-REVISION=              0
+REVISION=              1
 
 DISTNAME=              ungoogled-chromium-${V}
 
@@ -372,7 +372,7 @@ do-install:
        ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/ungoogled-chromium
 .for f in pledge.main pledge.utility_audio pledge.utility_network 
pledge.utility_video \
     unveil.gpu unveil.main unveil.utility_audio unveil.utility_network 
unveil.utility_video \
-    unveil.cdm
+    unveil.cdm pledge.cdm
        ${INSTALL_DATA} ${FILESDIR}/${f} 
${PREFIX}/share/examples/ungoogled-chromium
 .endfor
 
diff --git a/www/ungoogled-chromium/files/pledge.cdm 
b/www/ungoogled-chromium/files/pledge.cdm
new file mode 100644
index 00000000000..32639079cb6
--- /dev/null
+++ b/www/ungoogled-chromium/files/pledge.cdm
@@ -0,0 +1 @@
+stdio rpath flock recvfd sendfd
diff --git a/www/ungoogled-chromium/files/unveil.cdm 
b/www/ungoogled-chromium/files/unveil.cdm
index 76d04d3e5fc..176175200f9 100644
--- a/www/ungoogled-chromium/files/unveil.cdm
+++ b/www/ungoogled-chromium/files/unveil.cdm
@@ -1,6 +1,7 @@
 /dev/null rw
 
 /etc/openwv r
+/etc/ungoogled-chromium/pledge.cdm r
 /usr/local/lib/openwv r
 
 # needed for IPC communication, X.Org, etc.
diff --git 
a/www/ungoogled-chromium/patches/patch-sandbox_policy_openbsd_sandbox_openbsd_cc
 
b/www/ungoogled-chromium/patches/patch-sandbox_policy_openbsd_sandbox_openbsd_cc
index 81e0bf7434a..132e95e08c0 100644
--- 
a/www/ungoogled-chromium/patches/patch-sandbox_policy_openbsd_sandbox_openbsd_cc
+++ 
b/www/ungoogled-chromium/patches/patch-sandbox_policy_openbsd_sandbox_openbsd_cc
@@ -360,7 +360,7 @@ Index: sandbox/policy/openbsd/sandbox_openbsd.cc
 +      SetPledge(NULL, "/etc/ungoogled-chromium/pledge.utility_video");
 +      break;
 +    case sandbox::mojom::Sandbox::kCdm:
-+      SetPledge("stdio rpath flock recvfd sendfd", NULL);
++      SetPledge(NULL, "/etc/ungoogled-chromium/pledge.cdm");
 +      break;
 +    case sandbox::mojom::Sandbox::kUtility:
 +    case sandbox::mojom::Sandbox::kService:
diff --git a/www/ungoogled-chromium/pkg/PLIST b/www/ungoogled-chromium/pkg/PLIST
index 769b4df33b2..917fe1ff657 100644
--- a/www/ungoogled-chromium/pkg/PLIST
+++ b/www/ungoogled-chromium/pkg/PLIST
@@ -5,6 +5,8 @@ share/applications/ungoogled-chromium.desktop
 share/doc/pkg-readmes/${PKGSTEM}
 share/examples/ungoogled-chromium/
 @sample ${SYSCONFDIR}/ungoogled-chromium/
+share/examples/ungoogled-chromium/pledge.cdm
+@sample ${SYSCONFDIR}/ungoogled-chromium/pledge.cdm
 share/examples/ungoogled-chromium/pledge.main
 @sample ${SYSCONFDIR}/ungoogled-chromium/pledge.main
 share/examples/ungoogled-chromium/pledge.utility_audio