Hi @ports, I have been playing around a bit with pledge(2) in textproc/mupdf after stumbling upon the 'proc exec' promises that are needed in mupdf-x11, mupdf-x11-curl and mupdf-gl to open an external browser on an uri link.
Following the discussion on pledging www/lynx here https://marc.info/?l=openbsd-ports&m=146487363316499&w=2 as well as discussion on pdf-viewers in general here https://marc.info/?l=openbsd-misc&m=142794933016263&w=2 my impression was/is that trading off 'proc exec' promises just for the ability to open an external browser on an uri link is a bad deal. If I am simply wrong here or this feature is in high demand please disregard the rest of this mail. Now if all calls to an external browser could be turned off these promises would not be needed anymore and would also stop the executables from dumping core when an external link is encountered. A (admittedly horrific) way to do this is attached. With this internal links will work but links that would spawn a browser do nothing instead. I am sure there are better ways to achieve this and (only given this idea makes any sense in the first place) would appreciate any input that I can get. Best Gerrit Index: Makefile =================================================================== RCS file: /cvs/ports/textproc/mupdf/Makefile,v retrieving revision 1.72 diff -u -p -r1.72 Makefile --- Makefile 10 Feb 2017 14:51:13 -0000 1.72 +++ Makefile 10 Apr 2017 17:32:22 -0000 @@ -6,7 +6,7 @@ SHARED_LIBS += mupdfthird 0.0 COMMENT = graphic library, pdf parser, viewer and utilities V = 1.10a -REVISION = 0 +REVISION = 1 DISTNAME = mupdf-$V-source PKGNAME = mupdf-$V @@ -21,7 +21,7 @@ MAINTAINER = Stuart Henderson <sthen@ope # droid font: Apache. PERMIT_PACKAGE_CDROM = Yes -# uses pledge(2) +# uses pledge() WANTLIB += GL X11 Xcursor Xext Xinerama Xrandr c crypto curl freetype WANTLIB += harfbuzz jbig2dec jpeg m nghttp2 openjp2 pthread ssl z @@ -35,8 +35,7 @@ MODGCC4_ARCHS = * MASTER_SITES = http://mupdf.com/downloads/ \ http://mupdf.com/downloads/archive/ -RUN_DEPENDS = devel/desktop-file-utils \ - devel/xdg-utils +RUN_DEPENDS = devel/desktop-file-utils LIB_DEPENDS = devel/harfbuzz \ graphics/jbig2dec \ graphics/jpeg \ Index: patches/patch-platform_gl_gl-main_c =================================================================== RCS file: /cvs/ports/textproc/mupdf/patches/patch-platform_gl_gl-main_c,v retrieving revision 1.3 diff -u -p -r1.3 patch-platform_gl_gl-main_c --- patches/patch-platform_gl_gl-main_c 12 Dec 2016 10:54:39 -0000 1.3 +++ patches/patch-platform_gl_gl-main_c 10 Apr 2017 17:32:22 -0000 @@ -1,21 +1,41 @@ -$OpenBSD: patch-platform_gl_gl-main_c,v 1.3 2016/12/12 10:54:39 sthen Exp $ - -add pledge(2) to mupdf-gl: - - drm : opengl stuff - - proc exec : opening a external browser on uri link - ---- platform/gl/gl-main.c.orig Mon Nov 28 13:34:04 2016 -+++ platform/gl/gl-main.c Mon Dec 12 09:39:02 2016 -@@ -1414,6 +1414,12 @@ int main(int argc, char **argv) +--- platform/gl/gl-main.c.orig Mon Nov 28 14:33:38 2016 ++++ platform/gl/gl-main.c Thu Jan 12 02:00:24 2017 +@@ -48,25 +48,6 @@ static void ui_end(void) - glfwMakeContextCurrent(window); + static void open_browser(const char *uri) + { +-#ifdef _WIN32 +- ShellExecuteA(NULL, "open", uri, 0, 0, SW_SHOWNORMAL); +-#else +- const char *browser = getenv("BROWSER"); +- if (!browser) +- { +-#ifdef __APPLE__ +- browser = "open"; +-#else +- browser = "xdg-open"; +-#endif +- } +- if (fork() == 0) +- { +- execlp(browser, browser, uri, (char*)0); +- fprintf(stderr, "cannot exec '%s'\n", browser); +- exit(0); +- } +-#endif + } + + const char *ogl_error_string(GLenum code) +@@ -1413,6 +1394,12 @@ int main(int argc, char **argv) + } -+ if (pledge("stdio rpath drm proc exec", NULL) == -1) + glfwMakeContextCurrent(window); ++ ++ if (pledge("stdio rpath drm", NULL) == -1) + { + fprintf(stderr, "pledge: %s\n", strerror(errno)); + exit(1); + } -+ + ctx = fz_new_context(NULL, NULL, 0); fz_register_document_handlers(ctx); - Index: patches/patch-platform_x11_win_main_c =================================================================== RCS file: patches/patch-platform_x11_win_main_c diff -N patches/patch-platform_x11_win_main_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-platform_x11_win_main_c 10 Apr 2017 17:32:22 -0000 @@ -0,0 +1,10 @@ +--- platform/x11/win_main.c.orig Thu Jan 12 02:02:33 2017 ++++ platform/x11/win_main.c Thu Jan 12 02:02:53 2017 +@@ -908,7 +908,6 @@ void winreloadpage(pdfapp_t *app) + + void winopenuri(pdfapp_t *app, char *buf) + { +- ShellExecuteA(hwndframe, "open", buf, 0, 0, SW_SHOWNORMAL); + } + + #define OUR_TIMER_ID 1 Index: patches/patch-platform_x11_x11_main_c =================================================================== RCS file: /cvs/ports/textproc/mupdf/patches/patch-platform_x11_x11_main_c,v retrieving revision 1.2 diff -u -p -r1.2 patch-platform_x11_x11_main_c --- patches/patch-platform_x11_x11_main_c 12 Dec 2016 10:54:39 -0000 1.2 +++ patches/patch-platform_x11_x11_main_c 10 Apr 2017 17:32:22 -0000 @@ -1,11 +1,5 @@ -$OpenBSD: patch-platform_x11_x11_main_c,v 1.2 2016/12/12 10:54:39 sthen Exp $ - -add pledge(2) to mupdf-x11 and mupdf-x11-curl: - - inet dns : with HAVE_CURL only - - proc exec : opening an external browser on uri link - ---- platform/x11/x11_main.c.orig Mon Nov 28 13:34:04 2016 -+++ platform/x11/x11_main.c Mon Dec 12 09:39:02 2016 +--- platform/x11/x11_main.c.orig Mon Nov 28 14:33:38 2016 ++++ platform/x11/x11_main.c Thu Jan 12 02:01:57 2017 @@ -706,7 +706,6 @@ void onselreq(Window requestor, Atom selection, Atom t void winreloadpage(pdfapp_t *app) { @@ -14,7 +8,7 @@ add pledge(2) to mupdf-x11 and mupdf-x11 xev.xclient.type = ClientMessage; xev.xclient.serial = 0; -@@ -717,8 +716,7 @@ void winreloadpage(pdfapp_t *app) +@@ -717,38 +716,11 @@ void winreloadpage(pdfapp_t *app) xev.xclient.data.l[0] = 0; xev.xclient.data.l[1] = 0; xev.xclient.data.l[2] = 0; @@ -24,19 +18,49 @@ add pledge(2) to mupdf-x11 and mupdf-x11 } void winopenuri(pdfapp_t *app, char *buf) -@@ -892,6 +890,20 @@ int main(int argc, char **argv) + { +- char *browser = getenv("BROWSER"); +- pid_t pid; +- if (!browser) +- { +-#ifdef __APPLE__ +- browser = "open"; +-#else +- browser = "xdg-open"; +-#endif +- } +- /* Fork once to start a child process that we wait on. This +- * child process forks again and immediately exits. The +- * grandchild process continues in the background. The purpose +- * of this strange two-step is to avoid zombie processes. See +- * bug 695701 for an explanation. */ +- pid = fork(); +- if (pid == 0) +- { +- if (fork() == 0) +- { +- execlp(browser, browser, buf, (char*)0); +- fprintf(stderr, "cannot exec '%s'\n", browser); +- } +- exit(0); +- } +- waitpid(pid, NULL, 0); + } + + static void onkey(int c, int modifiers) +@@ -892,6 +864,20 @@ int main(int argc, char **argv) tmo_at.tv_sec = 0; tmo_at.tv_usec = 0; timeout = NULL; + +#ifdef HAVE_CURL -+ if (pledge("stdio rpath inet dns proc exec", NULL) == -1) ++ if (pledge("stdio rpath inet dns", NULL) == -1) + { + fprintf(stderr, "pledge: %s\n", strerror(errno)); + exit(1); + } +#else -+ if (pledge("stdio rpath proc exec", NULL) == -1) ++ if (pledge("stdio rpath", NULL) == -1) + { + fprintf(stderr, "pledge: %s\n", strerror(errno)); + exit(1);
