💾 Archived View for hacktivis.me › server.sh captured on 2021-12-04 at 18:04:22.
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
#!/bin/sh # shellcheck disable=SC1017 # Copyright 2020-2021 Haelwenn (lanodan) Monnier <contact+gemini@hacktivis.me> # Distributed under the terms of the GNU Affero General Public License version 3 # AGPL-3 because it's a service on the internet, screw permissive licences for these # Notes: # - URLs are barely parsed and mostly taken as-is, which could be dangerous # - Recognised hostnames are directories in $GEMDIR, they must also have a $host:1965 symlink # - stunnel chroot ability is untested for now # - Lastest known version of the specification: v0.14.3, November 29th 2020 export GEMDIR="/srv/gemini" bubblewrap() { bwrap \ --unshare-user --uid 65534 --gid 65534 \ --unshare-ipc --unshare-pid --unshare-uts --unshare-cgroup-try \ --ro-bind /bin /bin \ --ro-bind /lib /lib \ --ro-bind /lib64 /lib64 \ --ro-bind /usr /usr \ --ro-bind /git /git \ --ro-bind /etc /etc \ --ro-bind "${GEMDIR}" "${GEMDIR}" \ --chdir "${GEMDIR}" \ --proc /proc \ --dev /dev \ --die-with-parent \ "$@" } IFS=#' ' read -r line # ' hack for vis editor to reset hightlighting… query="${line#gemini://}" query="${query%%../*}" query="${query//%20/ }" path="$GEMDIR/${query//\?*}" status="--" if echo "$path" | grep -Eq '.gmi