Merge remote-tracking branch 'refs/remotes/ArrayBolt3/arraybolt3/trixie'

Author: adrelanos

agents/bash.md

@@ -0,0 +1,4 @@
+Scripts use set -o errexit (set -e). Arithmetic pitfall: (( 0 ))
+returns exit code 1, which triggers errexit. Avoid (( var += 1 ))
+in favor of var=$((var + 1)), which is an assignment and always
+succeeds regardless of the computed value.

agents/sandbox.md

@@ -0,0 +1,14 @@
+sandbox-update-torbrowser runs under torsocks'd apt during postinst.
+torsocks breaks sudo. Use setpriv-tb-updater instead for privilege
+changes inside this script.
+
+Do not use inotifywait or other inotify-based file watchers. The
+kernel's fs.inotify.max_user_watches pool is limited and easily
+exhausted on desktop systems (IDEs, file managers, etc.). Use polling
+with light_sleep instead.
+
+Multi-browser architecture: the sandbox script is shared by Tor
+Browser, Mullvad Browser, and I2P Browser. Browser-specific paths
+come from variables set by the /usr/bin wrapper (tb_install_folder,
+tb_install_folder_dot, tb_browser_name, tb_global_binary_dir,
+SCRIPTNAME). Do not hardcode Tor Browser paths.

usr/libexec/tb-updater/sandbox-update-torbrowser

@@ -99,7 +99,7 @@ cleanup() {
     cgroup_empty_str="populated 0
 frozen 0"
     if printf '%s\n' '1' > "${tb_updater_cgroup}/cgroup.kill"; then
-      ## Poll cgroup.events until the cgropu is empty, rather than using
+      ## Poll cgroup.events until the cgroup is empty, rather than using
       ## inotifywait. This avoids consuming inotify watches, which are more
       ## resource-constrained than CPU power in this scenario.
       cgroup_drained='false'
@@ -113,7 +113,7 @@ frozen 0"
         fi
 
         light_sleep 0.1
-        (( poll_count += 1 )) || true
+        poll_count=$((poll_count + 1))
       done
 
       if [ "${cgroup_drained}" = 'false' ]; then