After the change to use realpath on loaded features, Solaris CI
started failing in test_no_curdir (which tests behavior for running
ruby without a working directory).
I was able to trace the problem to the following call chain:
rb_call_inits->Init_Thread->Init_thread_sync->rb_provide->
get_loaded_features_index->rb_check_realpath->rb_dir_getwd_ospath->
ruby_getcwd
This will throw an exception, but because Ruby hasn't been fully
initialized at the point the exception is thrown, it just exits
with a status of 1.
The bug here is that rb_check_realpath should not raise an
exception, it should return nil. This bug is hit on Solaris
because Solaris uses the realpath emulation instead of native
realpath, and the realpath emualation raised instead of
returning nil if the mode was RB_REALPATH_CHECK. Use rb_rescue
in the realpath emulation if the mode is RB_REALPATH_CHECK, and
swallow any exceptions raised and return nil.
Fill with the pointer to the root position, instead of zero and
comparing later. Also suppress a false warning by Visual C++.
```
file.c(4759): warning C4090: 'function': different 'const' qualifiers
```
Not every compilers understand that rb_raise does not return. When a
function does not end with a return statement, such compilers can issue
warnings. We would better tell them about reachabilities.
Allow the 'Dir.home' method to reliably locate the user's home directory when
all three of the following are true at the same time:
1. Ruby is running on a Unix-like OS
2. The $HOME environment variable is not set
3. The process is not a descendant of login(1) (or a work-alike)
The prior behavior was that the lookup could only work for login-descended
processes.
This is accomplished by looking up the user's record in the password database
by uid (getpwuid_r(3)) as a fallback to the lookup by name (getpwname_r(3))
which is still attempted first (based on the name, if any, returned by
getlogin_r(3)).
If getlogin_r(3), getpwnam_r(3), and/or getpwuid_r(3) is not available at
compile time, will fallback on using their respective non-*_r() variants:
getlogin(3), getpwnam(3), and/or getpwuid(3).
The rationale for attempting to do the lookup by name prior to doing it by uid
is to accommodate the possibility of multiple login names (each with its own
record in the password database, so each with a potentially different home
directory) being mapped to the same uid (as is explicitly allowed for by
POSIX; see getlogin(3posix)).
Preserves the existing behavior for login-descended processes, and adds the
new capability of having Dir.home being able to find the user's home directory
for non-login-descended processes.
Fixes [Bug #16787]
Related discussion:
https://bugs.ruby-lang.org/issues/16787https://github.com/ruby/ruby/pull/3034
Saves comitters' daily life by avoid #include-ing everything from
internal.h to make each file do so instead. This would significantly
speed up incremental builds.
We take the following inclusion order in this changeset:
1. "ruby/config.h", where _GNU_SOURCE is defined (must be the very
first thing among everything).
2. RUBY_EXTCONF_H if any.
3. Standard C headers, sorted alphabetically.
4. Other system headers, maybe guarded by #ifdef
5. Everything else, sorted alphabetically.
Exceptions are those win32-related headers, which tend not be self-
containing (headers have inclusion order dependencies).
We want to introduce consistency and better compatibility with unixen,
but the Windows APIs doues not have consistency fundamentally and
we can not found any logical way...
This reverts commit 61aff0cd18.
This removes the related tests, and puts the related specs behind
version guards. This affects all code in lib, including some
libraries that may want to support older versions of Ruby.
This removes the security features added by $SAFE = 1, and warns for access
or modification of $SAFE from Ruby-level, as well as warning when calling
all public C functions related to $SAFE.
This modifies some internal functions that took a safe level argument
to no longer take the argument.
rb_require_safe now warns, rb_require_string has been added as a
version that takes a VALUE and does not warn.
One public C function that still takes a safe level argument and that
this doesn't warn for is rb_eval_cmd. We may want to consider
adding an alternative method that does not take a safe level argument,
and warn for rb_eval_cmd.
Some OS-level security features cause these methods to not return
expected results. For example fs.protected_regular sysctl on Linux,
or pledge(2)/unveil(2) on OpenBSD.
Fixes [Bug #16002]