While this still doesn't affect the behavior of the daemon, the
configuration option can at least be set to check the correct privsep
directory for permissions. Revisit in 5.8 as a possible extension to the
runtime check instead to remove the 'knob'.
This has effectively been a no-op during the 5.7 release series and
nobody has yelped (other than being slightly confused about its
purpose). Remove it as an option, since the home dir of the privsep user
is always used as the actual privsep directory anyway.
- add closefrom fallback for OS X / Linux systems, extracted from sudo,
but without the optimized versions, since they cannot work in a
chroot environment (and we're not performance critical here.)
- enable detecting libtls
- conditionally enable https constraint support
Make a copy of __progname on start to avoid setproctitle clobbering it
later. Check if the OS supports __progname and emulate if unavailable.
- from OpenSSH.
Thanks to Paul B. Henson for reporting the setproctitle emulation issue
and Jonas 'Sortie' Termansen for suggesting __progname emulation.
Allow overriding the user and the config file paths for ntpd.
This also adds back --privsep-path from OpenNTPD, which really only
changes the installation instructions from 'make install', since ntpd
always uses the home directory of the ntpd user.
This borrows from the Darren's portable OpenNTPD and from OpenSSL, add
credits and a license.
Well, support may be too concrete of a term. There is a lot that is
missing in OS X, and not everything can be implemented with portability
shims. The time APIs in OS X seem to have frozen with NeXTSTEP and never
advanced with POSIX.