Make build hermetically sealed again

It turned out that Landlock Make hasn't been applying sandboxing for a while, due to a mistyped if statement for `$(USE_SYSTEM_TOOLCHAIN)` it should have had the opposite meaning. Regressions in the build configs have been fixed. The rmrf() function works better now. The rm.com tool works according to POSIX with the exception of supporting prompts.
2025-06-30 16:28:30 +00:00 · 2023-07-08 06:58:21 -07:00 · 2023-07-08 06:58:21 -07:00 · a75175fe94
commit a75175fe94
parent 0c43c98de1
14 changed files with 202 additions and 93 deletions
--- a/third_party/musl/ftw.c
+++ b/third_party/musl/ftw.c
@ -31,19 +31,23 @@ asm(".ident\t\"\\n\\n\
 Musl libc (MIT License)\\n\
 Copyright 2005-2014 Rich Felker, et. al.\"");
 asm(".include \"libc/disclaimer.inc\"");
-
-/* clang-format off */
+// clang-format off

 /**
 * Walks file tree.
 *
+ * @return 0 on success, -1 on error, or non-zero `fn` result
 * @see examples/walk.c for example
 * @see nftw()
 */
-int ftw(const char *path, int (*fn)(const char *, const struct stat *, int), int fd_limit)
+int ftw(const char *dirpath,
+	int fn(const char *fpath,
+	       const struct stat *st,
+	       int typeflag),
+	int fd_limit)
 {
 	/* The following cast assumes that calling a function with one
 	 * argument more than it needs behaves as expected. This is
 	 * actually undefined, but works on all real-world machines. */
-	return nftw(path, (int (*)())fn, fd_limit, FTW_PHYS);
+	return nftw(dirpath, (int (*)())fn, fd_limit, FTW_PHYS);
 }
--- a/third_party/musl/ftw.h
+++ b/third_party/musl/ftw.h
@ -4,21 +4,79 @@
 #if !(__ASSEMBLER__ + __LINKER__ + 0)
 COSMOPOLITAN_C_START_

-#define FTW_F   1 /* file */
-#define FTW_D   2 /* directory */
-#define FTW_DNR 3 /* directory that cannot be read */
-#define FTW_NS  4 /* not a symbolic link and stat failed */
-#define FTW_SL  5 /* symbolic link */
-#define FTW_DP  6 /* directory and FTW_DEPTH was specified */
-#define FTW_SLN 7 /* symbolic link pointing to nonexistent file */
+/**
+ * Type for file.
+ */
+#define FTW_F 1

-#define FTW_PHYS  1
+/**
+ * Type for directory.
+ */
+#define FTW_D 2
+
+/**
+ * Type for directory that cannot be read.
+ */
+#define FTW_DNR 3
+
+/**
+ * Type for stat() failed and not a symbolic link.
+ */
+#define FTW_NS 4
+
+/**
+ * Type for symbolic link when `FTW_PHYS` is in flags.
+ */
+#define FTW_SL 5
+
+/**
+ * Directory and `FTW_DEPTH` in flags.
+ */
+#define FTW_DP 6
+
+/**
+ * Type for broken symbolic link when `FTW_PHYS` is not in flags.
+ */
+#define FTW_SLN 7
+
+/**
+ * Flag to prevent following symbolic links (recommended).
+ * @see nftw() flags
+ */
+#define FTW_PHYS 1
+
+/**
+ * Flag to prevent crossing mount points.
+ * @see nftw() flags
+ */
 #define FTW_MOUNT 2
+
+/**
+ * Unsupported.
+ * @see nftw() flags
+ */
 #define FTW_CHDIR 4
+
+/**
+ * Flag for post-order traversal.
+ *
+ * 1. Will use `FTW_DP` instead of `FTW_D` as type.
+ * 2. Directory callback happens *after* rather than before.
+ *
+ * @see nftw() flags
+ */
 #define FTW_DEPTH 8

 struct FTW {
+
+  /**
+   * Byte offset of basename component in `fpath` passed to callback.
+   */
  int base;
+
+  /**
+   * Depth relative to `dirpath` whose level is zero.
+   */
  int level;
 };

--- a/third_party/musl/nftw.c
+++ b/third_party/musl/nftw.c
@ -35,17 +35,13 @@
 #include "libc/thread/thread.h"
 #include "third_party/musl/ftw.h"

+#define PATH_MAXIMUS 4096
+
 asm(".ident\t\"\\n\\n\
 Musl libc (MIT License)\\n\
 Copyright 2005-2014 Rich Felker, et. al.\"");
 asm(".include \"libc/disclaimer.inc\"");
-
-/* no reason to impose windows limit
-   small enough to fit in stack frame
-   should be changed to use realloc */
-#define PATH_MAX2 2048
-
-/* clang-format off */
+// clang-format off

 struct history
 {
@ -56,7 +52,11 @@ struct history
 	int base;
 };

-static int do_nftw(char *path, int (*fn)(const char *, const struct stat *, int, struct FTW *), int fd_limit, int flags, struct history *h)
+static int do_nftw(char *path,
+		   int fn(const char *, const struct stat *, int, struct FTW *),
+		   int fd_limit,
+		   int flags,
+		   struct history *h)
 {
 	size_t l = strlen(path), j = l && path[l-1]=='/' ? l-1 : l;
 	struct stat st;
@ -128,7 +128,7 @@ static int do_nftw(char *path, int (*fn)(const char *, const struct stat *, int,
 				 && (!de->d_name[1]
 				  || (de->d_name[1]=='.'
 				   && !de->d_name[2]))) continue;
-				if (strlen(de->d_name) >= PATH_MAX2-l) {
+				if (strlen(de->d_name) >= PATH_MAXIMUS-l) {
 					errno = ENAMETOOLONG;
 					closedir(d);
 					return -1;
@ -157,25 +157,33 @@ static int do_nftw(char *path, int (*fn)(const char *, const struct stat *, int,
 /**
 * Walks file tree.
 *
+ * @return 0 on success, -1 on error, or non-zero `fn` result
 * @see examples/walk.c for example
 */
-int nftw(const char *path, int (*fn)(const char *, const struct stat *, int, struct FTW *), int fd_limit, int flags)
+int nftw(const char *dirpath,
+	 int fn(const char *fpath,
+		const struct stat *st,
+		int typeflag,
+		struct FTW *ftwbuf),
+	 int fd_limit,
+	 int flags)
 {
 	int r, cs;
 	size_t l;
-	char pathbuf[PATH_MAX2+1];
+	char pathbuf[PATH_MAXIMUS+1];

 	if (fd_limit <= 0) return 0;

-	l = strlen(path);
-	if (l > PATH_MAX2) {
+	l = strlen(dirpath);
+	if (l > PATH_MAXIMUS) {
 		errno = ENAMETOOLONG;
 		return -1;
 	}
-	memcpy(pathbuf, path, l+1);
+	memcpy(pathbuf, dirpath, l+1);

 	pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
 	r = do_nftw(pathbuf, fn, fd_limit, flags, NULL);
 	pthread_setcancelstate(cs, 0);
+
 	return r;
 }