From: Klemens Nanni Subject: Re: textproc/dialect: use pledge and unveil To: ports@openbsd.org Date: Wed, 10 Jan 2024 21:47:58 +0000 On Wed, Jan 03, 2024 at 07:48:56PM +0000, Klemens Nanni wrote: > This is the relaxed version where clicking links in the About window > does open them in your browser. > > I personally run without unveil and "proc exec" dropped, meaning a click > on any of those links will abort, but I prefer that trade off. > > Either way, all features work just fine without regressions so far in > daily usage (reason why I prefer this internet facing, text and audio > parsing, long running python app to get some seatbelts): > > - both Google and Yandex API > - Text-to-Speech > - clipboard handling > - key bindings > - config load/safe (GUI settings persist) > - CLI args, e.g. 'dialect --source de --dest en --text hallo' > > Feedback? OK? Ping. Index: Makefile =================================================================== RCS file: /cvs/ports/textproc/dialect/Makefile,v diff -u -p -r1.2 Makefile --- Makefile 3 Jan 2024 01:59:29 -0000 1.2 +++ Makefile 3 Jan 2024 01:59:35 -0000 @@ -3,7 +3,7 @@ V = 2.2.0 DIST_TUPLE = github dialect-app dialect ${V} . \ github dialect-app po ${V} po CATEGORIES = textproc x11 -REVISION = 0 +REVISION = 1 MAINTAINER = Klemens Nanni @@ -12,6 +12,8 @@ HOMEPAGE = https://dialectapp.org/ # GPLv3.0 PERMIT_PACKAGE = Yes +# uses pledge() and unveil() + MODULES = devel/dconf \ devel/meson \ lang/python @@ -31,6 +33,7 @@ RUN_DEPENDS = devel/glib2 \ devel/desktop-file-utils \ devel/libsoup3 \ devel/py-gobject3${MODPY_FLAVOR} \ + devel/py-openbsd${MODPY_FLAVOR} \ multimedia/gstreamer1/core \ textproc/py-gTTS${MODPY_FLAVOR} \ www/py-beautifulsoup4${MODPY_FLAVOR} \ Index: patches/patch-dialect_main_py =================================================================== RCS file: patches/patch-dialect_main_py diff -N patches/patch-dialect_main_py --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-dialect_main_py 3 Jan 2024 19:49:39 -0000 @@ -0,0 +1,14 @@ +Use pledge(2) and unveil(2) + +Index: dialect/main.py +--- dialect/main.py.orig ++++ dialect/main.py +@@ -168,6 +168,8 @@ class Dialect(Adw.Application): + + + def main(): ++ from openbsd import unveil, pledge ++ pledge("stdio rpath wpath cpath inet unix dns sendfd prot_exec audio drm") + # Run the Application + app = Dialect() + return app.run(sys.argv)