When updating timestamps, make sure that the corresponding
microsecond value fits in a single signed 64-bit integer,
so that it won't result in an integer overflow, which is UB.
Also forbid timestamps before the Unix epoch, since working with
negative time_t is problematic.
This check does not apply to current timestamp, however,
add a check on backend startup to ensure sane system time.
There's no need to validate `tv_nsec`, since the kernel already
does that for us.
Do not expose UTIME_OMIT to backends, but instead specify
which timestamps to update with flags.
This allows us to further refactor backend code, especially
the Chromium backend.
- Follow the "best practice" in the SQLite manual, where calls to
sqlite3_column_bytes() should come after sqlite3_column_text().
This change does not affect the values returned.
- Other misc updates.
If a bookmark is assigned SYNC_STATUS_NORMAL (value 2),
a "tombstone" has to be inserted upon deletion,
so that the browser could purge it from remote.
- `hashmap_insert()` no longer takes key as argument, and
takes the pointer to be associated with the entry as argument.
- Rename `hashmap_entry_delete` -> `hashmap_delete`.
- Make `user_data` the first argument for `hashmap_walk_func`.
- Other misc renames.
That part of code in configure.ac look stupid, remove it.
If we _do_ try to run BookmarkFS on such an exotic platform with
non-zero null pointers, the breakage should be detected by the tests
(if it can run or even build at all).
This is meant to be a workaround for a limitation of Autotest,
where `set -e` has no effect in AT_CHECK().
Also we don't want to use `trap ... ERR`, since it is not portable.
- Workaround a glibc issue for filtering negative syscall arguments.
- Allow unlinkat() syscall.
- Add extra filter for openat() in read-only mode when Landlock
is not available.
- The initial `impl_rearm()` should always be performed by the
worker thread, so that we won't get spurious zero returns from
`watcher_poll()`.
- Sandboxing should not be implicitly disabled if not implemented.
- Shift internal watcher flags, to save space for public ones
if we wish to add any in the future.
- Address sanitizer may call sigaltstack().
Add it to the syscall whitelist (debug only).
- Fix args count checking for `check-bookmarkfs-util watcher`.
- Use negated errno as return value.
- Do not consider deletion of the watched file as a fatal error,
and use a separate error code to distinguish between them.
- Lazy-init worker: Starts watching upon the first call to
watcher_poll().
