git_index

Generates arguments to pass to stagit-index in descending order by commit date.
git clone https://git.philomathiclife.com/repos/git_index
Log | Files | Refs | README
commit 6dd8f45720068f544818a5d6648308a2268073aa
parent caefed0f6c86b272a8a010a651590080bd536915
Author: Zack Newman <zack@philomathiclife.com>
Date:   Sat,  6 Jun 2026 11:47:25 -0600

unveil /dev/null

Diffstat:

Msrc/main.rs | 52++++++++++++++++++++++------------------------------


1 file changed, 22 insertions(+), 30 deletions(-)

diff --git a/src/main.rs b/src/main.rs
@@ -184,24 +184,15 @@ fn veil_all() -> Result<(), Errno> {
 const fn veil_all() -> Result<(), Infallible> {
     Ok(())
 }
-/// Calls `unveil`_on `GIT_CSTR` with `Permissions::EXECUTE`.
+/// Calls `unveil` on `GIT_CSTR` with `Permissions::EXECUTE`, `DEV_NULL` with `Permissions::READ`, and `path`
+/// with `Permissions::READ`.
 #[cfg(target_os = "openbsd")]
-fn unveil_git() -> Result<(), Errno> {
-    Permissions::EXECUTE.unveil(GIT_CSTR)
-}
-/// No-op that returns `Ok`.
-#[expect(
-    clippy::unnecessary_wraps,
-    reason = "consistent API as openbsd feature"
-)]
-#[cfg(not(target_os = "openbsd"))]
-const fn unveil_git() -> Result<(), Infallible> {
-    Ok(())
-}
-/// Calls `unveil`_on `path` with `Permissions::READ`.
-#[cfg(target_os = "openbsd")]
-fn unveil_read(path: &AbsDirPath) -> Result<(), Errno> {
-    Permissions::READ.unveil(path.as_cstr())
+fn unveil_git(path: &AbsDirPath) -> Result<(), Errno> {
+    Permissions::READ.unveil(path.as_cstr()).and_then(|()| {
+        Permissions::READ
+            .unveil(DEV_NULL)
+            .and_then(|()| Permissions::EXECUTE.unveil(GIT_CSTR))
+    })
 }
 /// No-op that returns `Ok`.
 #[expect(
@@ -209,7 +200,7 @@ fn unveil_read(path: &AbsDirPath) -> Result<(), Errno> {
     reason = "consistent API as openbsd feature"
 )]
 #[cfg(not(target_os = "openbsd"))]
-const fn unveil_read(_: &AbsDirPath) -> Result<(), Infallible> {
+const fn unveil_git(_: &AbsDirPath) -> Result<(), Infallible> {
     Ok(())
 }
 /// For each entry in `dir`, `git` is forked and invoked with `-C <dir><entry_in_dir> log -1 --date=iso-strict --pretty=format:"%cd"`.
@@ -263,23 +254,24 @@ const GIT: &str = match GIT_CSTR.to_str() {
     Ok(val) => val,
     Err(_) => panic!("/usr/local/bin/git is not a valid str"),
 };
+/// The absolute path to `/dev/null`.
+#[cfg(target_os = "openbsd")]
+const DEV_NULL: &CStr = c"/dev/null";
 fn main() -> Result<(), E> {
     pledge_init().map_err(E::Pledge).and_then(|mut promises| {
         veil_all().map_err(E::Unveil).and_then(|()| {
             args::from_env_args().map_err(E::Args).and_then(|git_dir| {
-                unveil_read(&git_dir).map_err(E::Unveil).and_then(|()| {
-                    unveil_git().map_err(E::Unveil).and_then(|()| {
-                        pledge_away_unveil(&mut promises)
-                            .map_err(E::Pledge)
-                            .and_then(|()| {
-                                let mut map = BTreeMap::new();
-                                get_git_data(&mut map, git_dir.into_path_buf()).and_then(|()| {
-                                    pledge_away_all_but_stdio(&mut promises)
-                                        .map_err(E::Pledge)
-                                        .and_then(|()| write_results(map).map_err(E::Io))
-                                })
+                unveil_git(&git_dir).map_err(E::Unveil).and_then(|()| {
+                    pledge_away_unveil(&mut promises)
+                        .map_err(E::Pledge)
+                        .and_then(|()| {
+                            let mut map = BTreeMap::new();
+                            get_git_data(&mut map, git_dir.into_path_buf()).and_then(|()| {
+                                pledge_away_all_but_stdio(&mut promises)
+                                    .map_err(E::Pledge)
+                                    .and_then(|()| write_results(map).map_err(E::Io))
                             })
-                    })
+                        })
                 })
             })
         })