My first pledge(2) attempt is below, posted for comments.
This promises "stdio rpath wpath cpath fattr" for the 7za and 7zr
executables. 7z loads codecs through ld.so, and I'm working on
determining if I can add this same promise after codecs are loaded,
but it is not pledged in this early attempt.
With this patch, make test (upstream's all_test target)
successfully completes.
Comments and recommendations are welcome.
Index: Makefile
===================================================================
RCS file: /systems/cvs/ports/archivers/p7zip/Makefile,v
retrieving revision 1.26
diff -u -p -r1.26 Makefile
--- Makefile 16 Nov 2015 22:52:08 -0000 1.26
+++ Makefile 18 Jan 2016 14:04:31 -0000
@@ -6,7 +6,7 @@ COMMENT-main= file archiver with high co
COMMENT-rar= rar modules for p7zip
V= 15.09
-REVISION= 0
+REVISION= 1
DISTNAME= p7zip_${V}_src_all
PKGNAME= p7zip-${V}
PKGNAME-main= p7zip-${V}
Index: patches/patch-CPP_7zip_UI_Console_Main_cpp
===================================================================
RCS file: patches/patch-CPP_7zip_UI_Console_Main_cpp
diff -N patches/patch-CPP_7zip_UI_Console_Main_cpp
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-CPP_7zip_UI_Console_Main_cpp 18 Jan 2016 14:08:19 -0000
@@ -0,0 +1,25 @@
+$OpenBSD$
+
+Pledge archivers/p7zip binaries: 7za and 7zr
+
+--- CPP/7zip/UI/Console/Main.cpp.orig Sat Oct 17 11:20:22 2015
++++ CPP/7zip/UI/Console/Main.cpp Mon Jan 18 08:58:40 2016
+@@ -484,6 +484,18 @@ int Main2(
+ #endif
+ )
+ {
++
++// pledge 7za and 7zr. 7z uses dlopen(3), and defines EXTERNAL_CODECS.
++
++#ifndef EXTERNAL_CODECS
++
++ if (pledge("stdio rpath wpath cpath fattr", NULL) == -1) {
++ perror("pledge");
++ exit(1);
++ }
++
++#endif
++
+ #if defined(_WIN32) && !defined(UNDER_CE)
+ SetFileApisToOEM();
+ #endif
