This makes breaking changes to add underscores to many non-standard
function names provided by the c library. MODE=tiny is now tinier and
we now use smaller locks that are better for tiny apps in this mode.
Some headers have been renamed to be in the same folder as the build
package, so it'll be easier to know which build dependency is needed.
Certain old misguided interfaces have been removed. Intel intrinsics
headers are now listed in libc/isystem (but not in the amalgamation)
to help further improve open source compatibility. Header complexity
has also been reduced. Lastly, more shell scripts are now available.
DESCRIPTION
Landlock Make is a fork of GNU Make that adds support for automatic
sandboxing, resource limits, and network access restrictions.
ORIGIN
GNU Make 4.3
http://ftp.gnu.org/gnu/make/make-4.3.tar.gz
LICENSE
GNU GPL version 3 or later
http://gnu.org/licenses/gpl.html
LOCAL CHANGES
- .INTERNET variable to allow internet access
- .PLEDGE variable which restricts system calls
- .UNVEIL variable which controls Landlock LSM
- .STRICT variable to disable implicit unveiling
- .UNSANDBOXED variable to disable pledge / unveil
- .CPU variable which tunes CPU rlimit in seconds
- .MEMORY variable for virtual memory limit, e.g. 512m
- .RSS variable for resident memory limit, e.g. 512m
- .FSIZE variable which tunes max file size, e.g. 1g
- .NPROC variable which tunes fork() / clone() limit
- .NOFILE variable which tunes file descriptor limit
- .MAXCORE variable to set upper limit on core dumps
- Do automatic setup and teardown of TMPDIR per rule
- Remove code that forces slow path if not using /bin/sh
- Remove 200,000 lines of VAX/OS2/DOS/AMIGA/etc. code
6f7d0cb1c3