git: 0ec03c0b10b1 - main - cross-build: Add secure_getenv() for MacOS cross builds

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Thu, 30 Mar 2023 04:54:24 UTC
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=0ec03c0b10b125f5996d59fee904248978981898

commit 0ec03c0b10b125f5996d59fee904248978981898
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-03-28 12:55:17 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-03-30 04:54:13 +0000

    cross-build: Add secure_getenv() for MacOS cross builds
    
    Reviewed by:    arichardson
    Fixes:          68ca8363c7a1 ("libc: Use secure_getenv(3) where appropriate")
    Differential Revision:  https://reviews.freebsd.org/D39295
---
 tools/build/Makefile                         | 10 ++++++++--
 tools/build/cross-build/include/mac/stdlib.h |  1 +
 tools/build/cross-build/secure_getenv.c      | 16 ++++++++++++++++
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/tools/build/Makefile b/tools/build/Makefile
index 97e0bfe8f4f7..922d86dba7e7 100644
--- a/tools/build/Makefile
+++ b/tools/build/Makefile
@@ -204,7 +204,13 @@ CFLAGS.closefrom.c+=	-DSTDC_HEADERS -DHAVE_SYS_DIR_H -DHAVE_DIRENT_H \
 SRCS+=	progname.c
 # Stub implementations of fflagstostr/strtofflags
 SRCS+=	fflags.c
-.endif
+.endif # ${MAKE.OS} == "Linux"
+
+.if ${.MAKE.OS} == "Darwin"
+# Standalone implementation of secure_getenv(), not available on MacOS.
+SRCS+=	secure_getenv.c
+.endif # ${MAKE.OS} == "Darwin"
+
 # Provide the same arc4random implementation on Linux/macOS
 CFLAGS.arc4random.c+=	-I${SRCTOP}/sys/crypto/chacha20 -D__isthreaded=1
 SRCS+=	arc4random.c arc4random_uniform.c
@@ -227,7 +233,7 @@ subr_capability.c: ${SRCTOP}/sys/kern/subr_capability.c
 	cp ${.ALLSRC} ${.TARGET}
 SRCS+=	subr_capability.c
 CLEANFILES+=	subr_capability.c
-.endif
+.endif # ${MAKE.OS} != "FreeBSD"
 
 CASPERINC+=	${SRCTOP}/lib/libcasper/services/cap_fileargs/cap_fileargs.h
 CASPERINC+=	${SRCTOP}/lib/libcasper/services/cap_net/cap_net.h
diff --git a/tools/build/cross-build/include/mac/stdlib.h b/tools/build/cross-build/include/mac/stdlib.h
index 314ae0d1dca6..c0c82751fb13 100644
--- a/tools/build/cross-build/include/mac/stdlib.h
+++ b/tools/build/cross-build/include/mac/stdlib.h
@@ -42,6 +42,7 @@ __BEGIN_DECLS
 
 int rpmatch(const char *response);
 
+char *secure_getenv(const char *name);
 long long strtonum(const char *numstr, long long minval, long long maxval,
     const char **errstrp);
 
diff --git a/tools/build/cross-build/secure_getenv.c b/tools/build/cross-build/secure_getenv.c
new file mode 100644
index 000000000000..466035f31a40
--- /dev/null
+++ b/tools/build/cross-build/secure_getenv.c
@@ -0,0 +1,16 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2023 Mark Johnston <markj@FreeBSD.org>
+ */
+
+#include <stdlib.h>
+#include <unistd.h>
+
+char *
+secure_getenv(const char *name)
+{
+	if (issetugid() != 0)
+		return (NULL);
+	return (getenv(name));
+}