From 2fb6b03582c3d4f3c1a165d0a9c850da119aaf33 Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Thu, 19 Sep 2024 13:21:09 +0200
Subject: [PATCH 1/2] upgrade Go module to 1.22

This paves the way for using go.netsend.nl/ossec.Pledge.
---
 .github/workflows/go.yml | 2 +-
 go.mod                   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 0065213..7768af8 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -19,7 +19,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v4
       with:
-        go-version: '1.20'
+        go-version: '1.22'
 
     - name: Build
       run: go build -v ./...
diff --git a/go.mod b/go.mod
index 89f6e85..fbf7912 100644
--- a/go.mod
+++ b/go.mod
@@ -1,5 +1,5 @@
 module github.com/poolpOrg/filter-spfgreylist
 
-go 1.20
+go 1.22
 
 require blitiri.com.ar/go/spf v1.5.1

From 58759f9ecbd023840b9667252f0a892a91c9013e Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Thu, 19 Sep 2024 13:22:37 +0200
Subject: [PATCH 2/2] pledge stdio, inet and dns on OpenBSD

---
 filter-spfgreylist.go | 8 ++++++++
 go.mod                | 7 ++++++-
 go.sum                | 4 ++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/filter-spfgreylist.go b/filter-spfgreylist.go
index a54fad2..af3b16a 100644
--- a/filter-spfgreylist.go
+++ b/filter-spfgreylist.go
@@ -29,6 +29,7 @@ import (
 	"log"
 
 	"blitiri.com.ar/go/spf"
+	"go.netsend.nl/ossec"
 )
 
 type session struct {
@@ -479,6 +480,13 @@ func main() {
 	whiteexp = int64(*flagWhiteexp / time.Second)
 
 	loadWhitelists()
+
+	err := ossec.PledgePromises("stdio inet dns")
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "pledge failed: %v\n", err)
+		os.Exit(1)
+	}
+
 	go listsManager()
 
 	scanner := bufio.NewScanner(os.Stdin)
diff --git a/go.mod b/go.mod
index fbf7912..0b19c11 100644
--- a/go.mod
+++ b/go.mod
@@ -2,4 +2,9 @@ module github.com/poolpOrg/filter-spfgreylist
 
 go 1.22
 
-require blitiri.com.ar/go/spf v1.5.1
+require (
+	blitiri.com.ar/go/spf v1.5.1
+	go.netsend.nl/ossec v1.2.0
+)
+
+require golang.org/x/sys v0.19.0 // indirect
diff --git a/go.sum b/go.sum
index 77ba69b..79f2c0d 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,9 @@
 blitiri.com.ar/go/spf v1.5.1 h1:CWUEasc44OrANJD8CzceRnRn1Jv0LttY68cYym2/pbE=
 blitiri.com.ar/go/spf v1.5.1/go.mod h1:E71N92TfL4+Yyd5lpKuE9CAF2pd4JrUq1xQfkTxoNdk=
+go.netsend.nl/ossec v1.2.0 h1:f7Ap54USa5OY44BDv6n3JF5tTgiuuySYHrPa7pUfCzU=
+go.netsend.nl/ossec v1.2.0/go.mod h1:PzDWSHzvriA64F1b3CKE2EpZ3VBupcfUf3Z6usag5c4=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=