When a bookmark is deleted, if there are no other bookmarks
referencing the corresponding `moz_place` entry, tag and keyword
references to that entry are considered "dangling" references,
and shall be automatically removed.
Also reverts commit b5fa6960ef,
since the NULL title check is no longer necessary.
When a bookmark associated with a keyword is deleted,
there may still be dangling references (e.g., tags) to the
corresponding `moz_places` entry.
By filtering out NULL titles, `bookmark_lookup()` and
`bookmark_list()` now only give keywords associated with
valid bookmarks.
This allows users to quickly discover which keyword is
associated with a given bookmark.
Updating keywords via xattr is not implemented,
since it can be done trivially using existing API.
There is a chance that rehash may fail,
even with a decent hash function, and no collision attack.
Allow the hashmap to be rehashed for a second time during insert,
and ignore rehash failures during delete.
- Move common defs and helper functions to check_util.h/check_utils.c.
- Add a prepare script argument for ATX_CHECK_FS* macros.
- ASSERT_EXPR_INT(): Use long int as expression result type.
- Other misc updates.
Now the built-in fsck handler and `bookmarkctl fsck` produces
output that is both parsable and human-readable.
Also document the output format in the user manual.
Unlike distros using systemd, FUSE is not enabled by default on Alpine.
To setup FUSE manually:
1. modprobe fuse
2. mount -t fusectl fusectl /sys/fs/fuse/connections
3. chmod 666 /dev/fuse
Normal users may prefer using OpenRC services to automate these steps,
which is what we do in this patch.
Also install the umount program from util-linux, since the busybox one
does not support unprivileged dismount for FUSE.
- Apply workaround for libiconv on FreeBSD.
- Disable tcc bounds checking (`tcc -b`) on Alpine, since it requires
manually linking to /usr/lib/tcc/bcheck.o (in package tcc-dev).
No need to bother with it. Such checks are better covered with ASAN
on Debian and Arch Linux builds.
In commit 348f13df02, we replaced
`length(url)` with `octet_length(url)`.
However, `octet_length` was added in SQLite 3.43, while we claim to
support SQLite 3.35 and later.
Stable GNU/Linux distros like Debian may still be using pre-3.43
releases of SQLite, so don't bump that version too soon.
Instead, use `length(CAST(url AS BLOB))`, which is a bit less
efficient than `octet_length(url)`, but O(1) nonetheless.
Following commit 2e3685f217,
make sure all backends check this flag and return correct error codes.
Normally this is not mandatory, since the kernel looks up
the directory entry to be removed, and fails if the system call
is inappropriate (e.g., calling rmdir() on a regular file).
This happens before FUSE_UNLINK or FUSE_RMDIR is sent to the server.
However, when not in exclusive mode, there is a short window that
TOCTOU problem may occur, which may lead to undesired behavior
(e.g., deletion of a non-empty directory) or even the corruption of
bookmark storage if not properly checked.
Also explain this flag in the user manual.
- Do not exit with status 99. It is considered a "hard failure"
in Autotest, and cleanup script won't be executed.
- Fix ATX_FEAT_PREREQ().
- Remove unneeded helper macros.
- Add more log output.
In readonly mode, we're not using the current time as timestamp,
thus a bad system time won't hurt.
Also in Chromium backend, use zero timestamp for the bookmark root
dir, to accomodate this change (no one cares about it anyway).
When updating timestamps, make sure that the corresponding
microsecond value fits in a single signed 64-bit integer,
so that it won't result in an integer overflow, which is UB.
Also forbid timestamps before the Unix epoch, since working with
negative time_t is problematic.
This check does not apply to current timestamp, however,
add a check on backend startup to ensure sane system time.
There's no need to validate `tv_nsec`, since the kernel already
does that for us.
Do not expose UTIME_OMIT to backends, but instead specify
which timestamps to update with flags.
This allows us to further refactor backend code, especially
the Chromium backend.
