Commit b8af3692 for xz
commit b8af36920b0857c0329f61414df5989093386db1
Author: Lasse Collin <lasse.collin@tukaani.org>
Date: Tue Dec 9 12:55:45 2025 +0200
xz: Never translate "Failed to enable the sandbox"
This was already the case in practice because I had forgotten to list
src/xz/sandbox.c in po/POTFILES.in. However, it seems better to never
translate this particular error message. It should almost never occur
and if it does, an untranslated message is should make it easier to
find bug reports about it.
diff --git a/src/xz/sandbox.c b/src/xz/sandbox.c
index 1f040e4a..f1826f7c 100644
--- a/src/xz/sandbox.c
+++ b/src/xz/sandbox.c
@@ -4,6 +4,15 @@
//
/// \file sandbox.c
/// \brief Sandbox support
+///
+/// \note When sandbox_init() is called, gettext hasn't been
+/// initialized yet, and thus wrapping error messages
+/// in _("...") is pointless in that function. In other
+/// functions gettext can be used, but the only error message
+/// we have is "Failed to enable the sandbox" which should
+/// (almost) never occur. If it does occur anyway, leaving
+/// the message untranslated can make it easier to find
+/// bug reports about the issue.
//
// Author: Lasse Collin
//
@@ -71,11 +80,8 @@ prepare_for_strict_sandbox(void)
extern void
sandbox_init(void)
{
- if (pledge("stdio rpath wpath cpath fattr", "")) {
- // gettext hasn't been initialized yet so
- // there's no point to call it here.
+ if (pledge("stdio rpath wpath cpath fattr", ""))
message_fatal("Failed to enable the sandbox");
- }
return;
}
@@ -87,7 +93,7 @@ sandbox_enable_read_only(void)
// We will be opening files for reading but
// won't create or remove any files.
if (pledge("stdio rpath", ""))
- message_fatal(_("Failed to enable the sandbox"));
+ message_fatal("Failed to enable the sandbox");
return;
}
@@ -103,7 +109,7 @@ sandbox_enable_strict_if_allowed(int src_fd lzma_attribute((__unused__)),
// All files that need to be opened have already been opened.
if (pledge("stdio", ""))
- message_fatal(_("Failed to enable the sandbox"));
+ message_fatal("Failed to enable the sandbox");
return;
}
@@ -139,7 +145,7 @@ enable_landlock(uint64_t required_rights)
const int ruleset_fd = my_landlock_create_ruleset(
&attr, sizeof(attr), 0);
if (ruleset_fd < 0)
- message_fatal(_("Failed to enable the sandbox"));
+ message_fatal("Failed to enable the sandbox");
// All files we need should have already been opened. Thus,
// we don't need to add any rules using landlock_add_rule(2)
@@ -154,7 +160,7 @@ enable_landlock(uint64_t required_rights)
// prctl(PR_SET_NO_NEW_PRIVS, ...) was already called in
// sandbox_init() so we don't do it here again.
if (my_landlock_restrict_self(ruleset_fd, 0) != 0)
- message_fatal(_("Failed to enable the sandbox"));
+ message_fatal("Failed to enable the sandbox");
(void)close(ruleset_fd);
return;
@@ -305,7 +311,7 @@ error:
if (errno == ENOSYS)
return;
- message_fatal(_("Failed to enable the sandbox"));
+ message_fatal("Failed to enable the sandbox");
}
#endif