Make build hermetically sealed again

It turned out that Landlock Make hasn't been applying sandboxing for a while, due to a mistyped if statement for `$(USE_SYSTEM_TOOLCHAIN)` it should have had the opposite meaning. Regressions in the build configs have been fixed. The rmrf() function works better now. The rm.com tool works according to POSIX with the exception of supporting prompts.
2025-05-23 05:42:29 +00:00 · 2023-07-08 06:58:21 -07:00 · 2023-07-08 06:58:21 -07:00 · a75175fe94
commit a75175fe94
parent 0c43c98de1
14 changed files with 202 additions and 93 deletions
--- a/libc/calls/remove.c
+++ b/libc/calls/remove.c
@ -18,6 +18,7 @@
 ╚─────────────────────────────────────────────────────────────────────────────*/
 #include "libc/calls/calls.h"
 #include "libc/errno.h"
+#include "libc/sysv/consts/at.h"

 /**
 * Deletes "file" or empty directory associtaed with name.
@ -26,5 +27,9 @@
 * @see unlink() and rmdir() which this abstracts
 */
 int remove(const char *name) {
-  return unlink(name) != -1 || (errno == EISDIR && rmdir(name) != -1) ? 0 : -1;
+  int e = errno;
+  if (!unlinkat(AT_FDCWD, name, 0)) return 0;
+  if (errno != EISDIR) return -1;
+  errno = e;
+  return unlinkat(AT_FDCWD, name, AT_REMOVEDIR);
 }
--- a/libc/nexgen32e/nexgen32e.mk
+++ b/libc/nexgen32e/nexgen32e.mk
@ -85,9 +85,9 @@ o/$(MODE)/libc/nexgen32e/gclongjmp.o: libc/nexgen32e/gclongjmp.S
 	@$(COMPILE) -AOBJECTIFY.S $(OBJECTIFY.S) $(OUTPUT_OPTION) -c $<
 o/$(MODE)/libc/nexgen32e/checkstackalign.o: libc/nexgen32e/checkstackalign.S
 	@$(COMPILE) -AOBJECTIFY.S $(OBJECTIFY.S) $(OUTPUT_OPTION) -c $<
-o/$(MODE)/libc/nexgen32e/blink_xnu_aarch64.o: libc/nexgen32e/blink_xnu_aarch64.S
+o/$(MODE)/libc/nexgen32e/blink_xnu_aarch64.o: libc/nexgen32e/blink_xnu_aarch64.S ape/blink-xnu-aarch64.gz
 	@$(COMPILE) -AOBJECTIFY.S $(OBJECTIFY.S) $(OUTPUT_OPTION) -c $<
-o/$(MODE)/libc/nexgen32e/blink_linux_aarch64.o: libc/nexgen32e/blink_linux_aarch64.S
+o/$(MODE)/libc/nexgen32e/blink_linux_aarch64.o: libc/nexgen32e/blink_linux_aarch64.S ape/blink-linux-aarch64.gz
 	@$(COMPILE) -AOBJECTIFY.S $(OBJECTIFY.S) $(OUTPUT_OPTION) -c $<

 LIBC_NEXGEN32E_LIBS = $(foreach x,$(LIBC_NEXGEN32E_ARTIFACTS),$($(x)))
--- a/libc/x/rmrf.c
+++ b/libc/x/rmrf.c
@ -16,66 +16,38 @@
 │ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR             │
 │ PERFORMANCE OF THIS SOFTWARE.                                                │
 ╚─────────────────────────────────────────────────────────────────────────────*/
-#include "libc/assert.h"
 #include "libc/calls/calls.h"
-#include "libc/calls/struct/dirent.h"
-#include "libc/calls/struct/stat.h"
 #include "libc/errno.h"
-#include "libc/mem/mem.h"
-#include "libc/runtime/runtime.h"
-#include "libc/stdio/stdio.h"
-#include "libc/str/str.h"
-#include "libc/sysv/consts/dt.h"
-#include "libc/sysv/consts/s.h"
+#include "libc/sysv/errfuns.h"
 #include "libc/x/x.h"
+#include "third_party/musl/ftw.h"

-static int rmrfdir(const char *dirpath) {
+static int rmrf_callback(const char *fpath,      //
+                         const struct stat *st,  //
+                         int typeflag,           //
+                         struct FTW *ftwbuf) {   //
  int rc;
-  DIR *d;
-  char *path;
-  struct dirent *e;
-  if (!(d = opendir(dirpath))) return -1;
-  while ((e = readdir(d))) {
-    if (!strcmp(e->d_name, ".")) continue;
-    if (!strcmp(e->d_name, "..")) continue;
-    _npassert(!strchr(e->d_name, '/'));
-    path = xjoinpaths(dirpath, e->d_name);
-    if (e->d_type == DT_DIR) {
-      rc = rmrfdir(path);
-    } else {
-      rc = unlink(path);
-    }
-    free(path);
-    if (rc == -1) {
-      closedir(d);
-      return -1;
+  if (typeflag == FTW_DNR) {
+    if (!(rc = chmod(fpath, 0700))) {
+      return nftw(fpath, rmrf_callback, 128 - ftwbuf->level,
+                  FTW_PHYS | FTW_DEPTH);
    }
+  } else if (typeflag == FTW_DP) {
+    rc = rmdir(fpath);
+  } else {
+    rc = unlink(fpath);
+  }
+  if (rc == -1 && errno == ENOENT) {
+    rc = 0;
  }
-  rc = closedir(d);
-  rc |= rmdir(dirpath);
  return rc;
 }

 /**
 * Recursively removes file or directory.
- *
 * @return 0 on success, or -1 w/ errno
 */
 int rmrf(const char *path) {
-  int e;
-  struct stat st;
-  e = errno;
-  if (stat(path, &st) == -1) {
-    if (errno == ENOENT) {
-      errno = e;
-      return 0;
-    } else {
-      return -1;
-    }
-  }
-  if (!S_ISDIR(st.st_mode)) {
-    return unlink(path);
-  } else {
-    return rmrfdir(path);
-  }
+  if (path[0] == '/' && !path[1]) return enotsup();
+  return nftw(path, rmrf_callback, 128, FTW_PHYS | FTW_DEPTH);
 }
--- a/libc/x/x.mk
+++ b/libc/x/x.mk
@ -35,6 +35,7 @@ LIBC_X_A_DIRECTDEPS =				\
 	LIBC_STR				\
 	LIBC_SYSV				\
 	THIRD_PARTY_GDTOA			\
+	THIRD_PARTY_MUSL			\
 	THIRD_PARTY_ZLIB

 LIBC_X_A_DEPS :=				\