shithub: rc-gemd

Download patch

ref: f20fa4e014b29f293169bdacf99af0d372bbd71b
parent: 28f8522e82af8bc65cb9dbf5e99ebf02433c42e1
author: Moody <[email protected]>
date: Wed Aug 19 18:41:55 EDT 2020

Add tlsshim for handling running as 'none'
Set index file if $location is /
Handle no trailing slash and ports in url
Mention tlsshim in readme

--- a/README
+++ b/README
@@ -10,7 +10,17 @@
 
 or one can change the rc_gemd_dir setting in the script.
 
-The server can be started with a combination of listen(8) and tlssrv(8):
-aux/listen1 tcp!*!1965 tlssrv -c /lib/ssl/gem.pem /rc/bin/rc-gemd/rc-gemd
+The serve can be started with a combination of listen(8) and tlssrv(8),
+however the requirments of tlssrv to have the tls key be in factotum can be
+a bit tricky to deal when running as 'none'. To fix this there is an example
+start script, tlsshim, which starts factotum and populates it with the private
+key on each listen1 connection.
 
-The instructions for generating TLS certificates can be found in rsa(8).
+Using the tlsshim and assuming the tls files are /lib/ssl^(gem.key gem.cert):
+aux/listen1 tcp!*!1965 /rc/bin/rc-gemd/tlsshim
+
+The tls files can be generated by running the following commands:
+mkdir -p /lib/ssl
+auth/rsagen -t 'service=tls owner=*' >/lib/ssl/gem.key
+auth/rsa2x509 'C=US CN=your.domain.here' gem.key |
+	auth/pemencode CERTIFICATE >/lib/ssl/gem.cert
--- a/rc-gemd
+++ b/rc-gemd
@@ -12,6 +12,8 @@
 	scheme='gemini://'
 
 server_name=`{echo $url | sed 's,/.*,,'}
-location=`{echo $url | sed 's,[a-zA-Z0-9.]+/,/,'}
+location=`{echo $url | sed 's,[a-zA-Z0-9.:]+/?,/,'}
+
+echo request from `{sed 's/!.*//' $net/remote} to $url >[1=2]
 
 . $rc_gemd_dir/select-handler
--- a/select-handler
+++ b/select-handler
@@ -1,3 +1,5 @@
 #!/bin/rc
+if(~ $location /)
+	location=/index.gem
 fs_root=/lib/gem
 exec serve-static
--- /dev/null
+++ b/tlsshim
@@ -1,0 +1,4 @@
+#!/bin/rc
+auth/factotum -n
+cat /lib/ssl/gemini.key > /mnt/factotum/ctl
+exec tlssrv -c /lib/ssl/gemini.cert /rc/bin/rc-gemd/rc-gemd