šŸ’¾ Archived View for gemini.omarpolo.com ā€ŗ post ā€ŗ gmid-1.5.gmi captured on 2022-04-29 at 12:25:06. Gemini links have been rewritten to link to archived content

View Raw

More Information

ā¬…ļø Previous capture (2022-01-08)

āž”ļø Next capture (2022-06-03)

-=-=-=-=-=-=-

ā†© back to the index

gmid ā€œInterstellar Overdriveā€ v1.5 update

Written while listening to ā€œInterstellar Overdriveā€ by Pink Floyd.

Published: 2021-01-30

Tagged with:

#gemini

#gmid

These last twenty days were pretty productive on the gmid front: I ended up doing way more things that I had planned for this v1.5 release.

The headlines are the automatic sandboxing on OpenBSD, FreeBSD and linux and the introduction of the configuration file, but youā€™ll find the whole change log at the end of this entry.

On OpenBSD pledge and unveil were already in place, but their usage has been improved during this release cycle: the daemon was split into two processes that run with different pledges. This enabled also the usage of capsicum on FreeBSD and seccomp on linux. Always in the same spirit, support for chroot and privilege dropping has been added, so itā€™s safe to start the daemon with root privileges.

Read ā€œComparing sandboxing techniquesā€ for more information.

With this release gmid has two modes: a daemon mode and a config-less mode. The config-less mode is similar to how gmid operated until now (i.e. running from the command line) and has been improved with an automatic certificate generation, while the daemon more is more akin to ā€œnormalā€ network daemons and needs a configuration file.

The configuration file syntax has been inspired from OpenBSDā€™ httpd and is quite flexible. It supports a wide range of customizable parameters and location blocks to alter the behaviour per matching path.

v1.5 ā€œInterstellar Overdriveā€ Changelog

New features

Improvements

Bugfixes

Breaking changes

-- text: CC-BY-SA-4.0; code: public domain unless specified otherwise

For comments, write at < blog at omarpolo dot com > or @op@bsd.network in the fediverse.

Capsule proudly assembled with Clojure