From 20405407177f7bb31b6496cc567be1fa23abb2e1 Mon Sep 17 00:00:00 2001
From: John Ericson <John.Ericson@Obsidian.Systems>
Date: Wed, 3 Jul 2024 11:15:56 -0400
Subject: [PATCH 1/3] Ident some CPP in nix daemon

Makes it easier for me to read.

(cherry picked from commit a09360400bc0f43e865273ba1ccb2b513d8a962e)
---
 src/nix/daemon.cc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/nix/daemon.cc b/src/nix/daemon.cc
index 4dada8e0e..1d2ef04f6 100644
--- a/src/nix/daemon.cc
+++ b/src/nix/daemon.cc
@@ -210,9 +210,9 @@ static PeerInfo getPeerInfo(int remote)
 
 #elif defined(LOCAL_PEERCRED)
 
-#if !defined(SOL_LOCAL)
-#define SOL_LOCAL 0
-#endif
+# if !defined(SOL_LOCAL)
+# define SOL_LOCAL 0
+# endif
 
     xucred cred;
     socklen_t credLen = sizeof(cred);

From 4a42535dc0d6f45513ad657f0093e2458d295075 Mon Sep 17 00:00:00 2001
From: kn <kn@openbsd.org>
Date: Sat, 11 Mar 2023 19:43:04 +0000
Subject: [PATCH 2/3] Use proper struct sockpeercred for SO_PEERCRED for
 OpenBSD

getsockopt(2) documents this;  ucred is wrong ("cr_" member prefix, no pid).

(cherry picked from commit 10ccdb7a415aec754dc7f834c5f9944c13241473)
---
 src/nix/daemon.cc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/nix/daemon.cc b/src/nix/daemon.cc
index 1d2ef04f6..ef0be9b13 100644
--- a/src/nix/daemon.cc
+++ b/src/nix/daemon.cc
@@ -202,7 +202,11 @@ static PeerInfo getPeerInfo(int remote)
 
 #if defined(SO_PEERCRED)
 
-    ucred cred;
+# if defined(__OpenBSD__)
+   struct sockpeercred cred;
+# else
+   ucred cred;
+# endif
     socklen_t credLen = sizeof(cred);
     if (getsockopt(remote, SOL_SOCKET, SO_PEERCRED, &cred, &credLen) == -1)
         throw SysError("getting peer credentials");

From c8d2bc72a5ee65143267a170d240308767e7f97d Mon Sep 17 00:00:00 2001
From: John Ericson <John.Ericson@Obsidian.Systems>
Date: Wed, 26 Jun 2024 19:34:57 -0400
Subject: [PATCH 3/3] Remove invalid release notes YAML field

There is no PR for this, since it was an embargoed fix before
disclosure.

(cherry picked from commit 32e67eba8ba297045627cd0259c75a2668eda8df)
---
 doc/manual/rl-next/harden-user-sandboxing.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/doc/manual/rl-next/harden-user-sandboxing.md b/doc/manual/rl-next/harden-user-sandboxing.md
index fa3c49fc0..a647acf25 100644
--- a/doc/manual/rl-next/harden-user-sandboxing.md
+++ b/doc/manual/rl-next/harden-user-sandboxing.md
@@ -2,7 +2,6 @@
 synopsis: Harden the user sandboxing
 significance: significant
 issues:
-prs: <only provided once merged>
 ---
 
 The build directory has been hardened against interference with the outside world by nesting it inside another directory owned by (and only readable by) the daemon user.