mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-02-12 01:08:00 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix build rule for pushing cosmo nightlies

Browse source
This commit is contained in:
Justine Tunney 2022-08-13 15:06:00 -07:00
parent e62d7b8789
commit b212f49ef4
2 changed files with 161 additions and 149 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
test/libc/release/test.mk
View file

@ -1,22 +1,21 @@
#-*-mode:makefile-gmake;indent-tabs-mode:t;tab-width:8;coding:utf-8-*-┐ #-*-mode:makefile-gmake;indent-tabs-mode:t;tab-width:8;coding:utf-8-*-┐
#───vi: set et ft=make ts=8 tw=8 fenc=utf-8 :vi───────────────────────┘ #───vi: set et ft=make ts=8 tw=8 fenc=utf-8 :vi───────────────────────┘
o/$(MODE)/test/libc/release/cosmopolitan.zip: \ o/$(MODE)/test/libc/release/cosmopolitan.zip: .UNSANDBOXED = 1
o/cosmopolitan.h \ o/$(MODE)/test/libc/release/cosmopolitan.zip: \
o/$(MODE)/ape/ape.lds \ o/cosmopolitan.h \
o/$(MODE)/libc/crt/crt.o \ o/$(MODE)/ape/ape.lds \
o/$(MODE)/ape/ape.o \ o/$(MODE)/libc/crt/crt.o \
o/$(MODE)/ape/ape-no-modify-self.o \ o/$(MODE)/ape/ape.o \
o/$(MODE)/cosmopolitan.a \ o/$(MODE)/ape/ape-no-modify-self.o \
o/$(MODE)/third_party/zip/zip.com o/$(MODE)/cosmopolitan.a
@$(COMPILE) -wAZIP -T$@ \ mkdir -p $(@D)
o/$(MODE)/third_party/zip/zip.com \ zip -qj $@ \
-qj $@ \ o/cosmopolitan.h \
o/cosmopolitan.h \ o/$(MODE)/ape/ape.lds \
o/$(MODE)/ape/ape.lds \ o/$(MODE)/libc/crt/crt.o \
o/$(MODE)/libc/crt/crt.o \ o/$(MODE)/ape/ape.o \
o/$(MODE)/ape/ape.o \ o/$(MODE)/ape/ape-no-modify-self.o \
o/$(MODE)/ape/ape-no-modify-self.o \
o/$(MODE)/cosmopolitan.a o/$(MODE)/cosmopolitan.a
o/$(MODE)/test/libc/release/smoke.o: \ o/$(MODE)/test/libc/release/smoke.o: \

279
third_party/make/job.c vendored
View file

@ -68,6 +68,7 @@ this program. If not, see <http://www.gnu.org/licenses/>. */
#include "libc/log/rop.h" #include "libc/log/rop.h"
#include "libc/intrin/kprintf.h" #include "libc/intrin/kprintf.h"
#include "libc/sock/sock.h" #include "libc/sock/sock.h"
#include "libc/intrin/kprintf.h"
#include "third_party/make/dep.h" #include "third_party/make/dep.h"
#define GOTO_SLOW \ #define GOTO_SLOW \
@ -1719,6 +1720,7 @@ child_execute_job (struct childbase *child, int good_stdin, char **argv)
{ {
const int fdin = good_stdin ? FD_STDIN : get_bad_stdin (); const int fdin = good_stdin ? FD_STDIN : get_bad_stdin ();
struct dep *d; struct dep *d;
bool sandboxed;
struct child *c; struct child *c;
char pathbuf[PATH_MAX]; char pathbuf[PATH_MAX];
char outpathbuf[PATH_MAX]; char outpathbuf[PATH_MAX];
@ -1759,8 +1761,22 @@ child_execute_job (struct childbase *child, int good_stdin, char **argv)
g_strict = Vartoi (lookup_variable (STRING_SIZE_TUPLE(".STRICT"))); g_strict = Vartoi (lookup_variable (STRING_SIZE_TUPLE(".STRICT")));
intptr_t loc = (intptr_t)child; /* we can cast if it's on the heap ;_; */
if (!(GetStackAddr() < loc && loc < GetStackAddr() + GetStackSize())) {
c = (struct child *)child;
} else {
c = 0;
}
sandboxed = (
!Vartoi (lookup_variable
(STRING_SIZE_TUPLE(".UNSANDBOXED"))) &&
(!c || !Vartoi (lookup_variable_in_set
(STRING_SIZE_TUPLE(".UNSANDBOXED"),
c->file->variables->set))));
/* resolve command into executable path */ /* resolve command into executable path */
if (!g_strict) if (!g_strict || !sandboxed)
{ {
if ((s = commandv (argv[0], pathbuf, sizeof (pathbuf)))) if ((s = commandv (argv[0], pathbuf, sizeof (pathbuf))))
argv[0] = s; argv[0] = s;
@ -1773,144 +1789,141 @@ child_execute_job (struct childbase *child, int good_stdin, char **argv)
} }
/* [jart] sandbox command based on prerequisites */ /* [jart] sandbox command based on prerequisites */
intptr_t loc = (intptr_t)child; /* we can cast if it's on the heap ;_; */ if (c)
if (!(GetStackAddr() < loc && loc < GetStackAddr() + GetStackSize())) { {
c = (struct child *)child; errno = 0;
errno = 0; if (sandboxed)
if (!Vartoi (lookup_variable (STRING_SIZE_TUPLE(".UNSANDBOXED"))) && {
!Vartoi (lookup_variable_in_set (STRING_SIZE_TUPLE(".UNSANDBOXED"), if (!g_strict && argv[0][0] == '/' && IsDynamicExecutable (argv[0]))
c->file->variables->set))) {
{ /*
if (!g_strict && argv[0][0] == '/' && IsDynamicExecutable (argv[0])) * weaken sandbox if user is using dynamic shared lolbjects
{ */
/* RETURN_ON_ERROR (Unveil ("/bin", "rx"));
* weaken sandbox if user is using dynamic shared lolbjects RETURN_ON_ERROR (Unveil ("/lib", "rx"));
*/ RETURN_ON_ERROR (Unveil ("/lib64", "rx"));
RETURN_ON_ERROR (Unveil ("/bin", "rx")); RETURN_ON_ERROR (Unveil ("/usr/bin", "rx"));
RETURN_ON_ERROR (Unveil ("/lib", "rx")); RETURN_ON_ERROR (Unveil ("/usr/lib", "rx"));
RETURN_ON_ERROR (Unveil ("/lib64", "rx")); RETURN_ON_ERROR (Unveil ("/usr/lib64", "rx"));
RETURN_ON_ERROR (Unveil ("/usr/bin", "rx")); RETURN_ON_ERROR (Unveil ("/usr/local/lib", "rx"));
RETURN_ON_ERROR (Unveil ("/usr/lib", "rx")); RETURN_ON_ERROR (Unveil ("/usr/local/lib64", "rx"));
RETURN_ON_ERROR (Unveil ("/usr/lib64", "rx")); RETURN_ON_ERROR (Unveil ("/etc/ld-musl-x86_64.path", "r"));
RETURN_ON_ERROR (Unveil ("/usr/local/lib", "rx")); RETURN_ON_ERROR (Unveil ("/etc/ld.so.conf", "r"));
RETURN_ON_ERROR (Unveil ("/usr/local/lib64", "rx")); RETURN_ON_ERROR (Unveil ("/etc/ld.so.cache", "r"));
RETURN_ON_ERROR (Unveil ("/etc/ld-musl-x86_64.path", "r")); RETURN_ON_ERROR (Unveil ("/etc/ld.so.conf.d", "r"));
RETURN_ON_ERROR (Unveil ("/etc/ld.so.conf", "r")); RETURN_ON_ERROR (Unveil ("/etc/ld.so.preload", "r"));
RETURN_ON_ERROR (Unveil ("/etc/ld.so.cache", "r")); RETURN_ON_ERROR (Unveil ("/usr/include", "r"));
RETURN_ON_ERROR (Unveil ("/etc/ld.so.conf.d", "r")); RETURN_ON_ERROR (Unveil ("/usr/share/locale", "r"));
RETURN_ON_ERROR (Unveil ("/etc/ld.so.preload", "r")); RETURN_ON_ERROR (Unveil ("/usr/share/locale-langpack", "r"));
RETURN_ON_ERROR (Unveil ("/usr/include", "r")); }
RETURN_ON_ERROR (Unveil ("/usr/share/locale", "r")); else
RETURN_ON_ERROR (Unveil ("/usr/share/locale-langpack", "r")); {
} /*
else * permit launching actually portable executables
{ *
/* * we assume launching make.com already did the expensive
* permit launching actually portable executables * work of extracting the ape loader program, via /bin/sh
* * and we won't need to do that again, since sys_execve()
* we assume launching make.com already did the expensive * will pass ape binaries directly to the ape loader, but
* work of extracting the ape loader program, via /bin/sh * only if the ape loader exists on a well-known path.
* and we won't need to do that again, since sys_execve() */
* will pass ape binaries directly to the ape loader, but e = errno;
* only if the ape loader exists on a well-known path. if (unveil ("/usr/bin/ape", "rx") == -1)
*/ {
e = errno; char *s, *t;
if (unveil ("/usr/bin/ape", "rx") == -1) errno = e;
{ if ((s = getenv ("TMPDIR")))
char *s, *t; {
errno = e; t = xjoinpaths (s, ".ape");
if ((s = getenv ("TMPDIR"))) RETURN_ON_ERROR (Unveil (t, "rx"));
{ free (t);
t = xjoinpaths (s, ".ape"); }
RETURN_ON_ERROR (Unveil (t, "rx")); if ((s = getenv ("HOME")))
free (t); {
} t = xjoinpaths (s, ".ape");
if ((s = getenv ("HOME"))) RETURN_ON_ERROR (Unveil (t, "rx"));
{ free (t);
t = xjoinpaths (s, ".ape"); }
RETURN_ON_ERROR (Unveil (t, "rx")); }
free (t); }
}
}
}
/* unveil executable */ /* unveil executable */
RETURN_ON_ERROR (Unveil (argv[0], "rx")); RETURN_ON_ERROR (Unveil (argv[0], "rx"));
if (!g_strict) if (!g_strict)
{ {
RETURN_ON_ERROR (Unveil ("/tmp", "rwc")); RETURN_ON_ERROR (Unveil ("/tmp", "rwc"));
RETURN_ON_ERROR (Unveil ("o/tmp", "rwcx")); RETURN_ON_ERROR (Unveil ("o/tmp", "rwcx"));
RETURN_ON_ERROR (Unveil ("/dev/zero", "r")); RETURN_ON_ERROR (Unveil ("/dev/zero", "r"));
RETURN_ON_ERROR (Unveil ("/dev/null", "rw")); RETURN_ON_ERROR (Unveil ("/dev/null", "rw"));
RETURN_ON_ERROR (Unveil ("/dev/full", "rw")); RETURN_ON_ERROR (Unveil ("/dev/full", "rw"));
RETURN_ON_ERROR (Unveil ("/dev/stdin", "rw")); RETURN_ON_ERROR (Unveil ("/dev/stdin", "rw"));
RETURN_ON_ERROR (Unveil ("/dev/stdout", "rw")); RETURN_ON_ERROR (Unveil ("/dev/stdout", "rw"));
RETURN_ON_ERROR (Unveil ("/dev/stderr", "rw")); RETURN_ON_ERROR (Unveil ("/dev/stderr", "rw"));
RETURN_ON_ERROR (Unveil ("/etc/hosts", "r")); RETURN_ON_ERROR (Unveil ("/etc/hosts", "r"));
} }
/* /*
* unveils target output file * unveils target output file
* *
* landlock operates per inode so it can't whitelist missing * landlock operates per inode so it can't whitelist missing
* paths. so we create the output file manually, and prevent * paths. so we create the output file manually, and prevent
* creation so that it can't be deleted by the command which * creation so that it can't be deleted by the command which
* must truncate when writing its output. * must truncate when writing its output.
*/ */
if (!c->file->phony && if (!c->file->phony &&
strlen(c->file->name) < PATH_MAX) strlen(c->file->name) < PATH_MAX)
{ {
int fd, rc, err = errno; int fd, rc, err = errno;
strcpy (outpathbuf, c->file->name); strcpy (outpathbuf, c->file->name);
if (makedirs (dirname (outpathbuf), 0777) == -1) if (makedirs (dirname (outpathbuf), 0777) == -1)
errno = err; errno = err;
fd = open (c->file->name, O_RDWR | O_CREAT, 0777); fd = open (c->file->name, O_RDWR | O_CREAT, 0777);
if (fd != -1) if (fd != -1)
close (fd); close (fd);
else if (errno == EEXIST) else if (errno == EEXIST)
errno = err; errno = err;
else else
{ {
OSS (error, NILF, "%s: touch target failed %s", OSS (error, NILF, "%s: touch target failed %s",
c->file->name, strerror (errno)); c->file->name, strerror (errno));
return -1; return -1;
} }
if (unveil (c->file->name, "rwx") && errno != ENOSYS) if (unveil (c->file->name, "rwx") && errno != ENOSYS)
{ {
OSS (error, NILF, "%s: unveil target failed %s", OSS (error, NILF, "%s: unveil target failed %s",
c->file->name, strerror (errno)); c->file->name, strerror (errno));
return -1; return -1;
} }
} }
/* unveil target prerequisites */ /* unveil target prerequisites */
for (d = c->file->deps; d; d = d->next) for (d = c->file->deps; d; d = d->next)
{ {
RETURN_ON_ERROR (Unveil (d->file->name, "rx")); RETURN_ON_ERROR (Unveil (d->file->name, "rx"));
if (endswith (d->file->name, ".com")) if (endswith (d->file->name, ".com"))
{ {
s = xstrcat (d->file->name, ".dbg"); s = xstrcat (d->file->name, ".dbg");
RETURN_ON_ERROR (Unveil (s, "rx")); RETURN_ON_ERROR (Unveil (s, "rx"));
free (s); free (s);
} }
} }
/* unveil explicit .UNVEIL entries */ /* unveil explicit .UNVEIL entries */
RETURN_ON_ERROR RETURN_ON_ERROR
(UnveilVariable (UnveilVariable
(lookup_variable (lookup_variable
(STRING_SIZE_TUPLE (".UNVEIL")))); (STRING_SIZE_TUPLE (".UNVEIL"))));
RETURN_ON_ERROR RETURN_ON_ERROR
(UnveilVariable (UnveilVariable
(lookup_variable_in_set (lookup_variable_in_set
(STRING_SIZE_TUPLE (".UNVEIL"), (STRING_SIZE_TUPLE (".UNVEIL"),
c->file->variables->set))); c->file->variables->set)));
/* commit sandbox */ /* commit sandbox */
RETURN_ON_ERROR (Unveil (0, 0)); RETURN_ON_ERROR (Unveil (0, 0));
} }
} }
/* Run the command. */ /* Run the command. */
exec_command (argv, child->environment); exec_command (argv, child->environment);