Builds a full dev workstation from a bare Arch Linux install. https://git.cjennings.net/archsetup/atom?h=main 2026-05-21T01:53:58+00:00 2026-05-21T01:53:58+00:00 Craig Jennings c@cjennings.net 2026-05-21T01:53:58+00:00 urn:sha1:cb209a2d01f5c17024738b490c8fa109959b5303 Three rm -rf sites in archsetup delete paths built from variables: $state_dir for --fresh, and $source_dir/$prog_name for the git and AUR clone-retry cleanups. If a path variable were empty or malformed (preflight skipped, a degenerate git URL), the delete could expand to a top-level or otherwise unintended directory. I added a safe_rm_rf <path> <allowed_prefix> helper that refuses to run unless the target is absolute, free of '..', deeper than a bare top-level dir, strictly inside the allowed prefix, and a real directory rather than a symlink. On the happy path it delegates to rm -rf, so successful installs are unchanged. The helper is self-contained and defined before the top-level --fresh handler, which runs before the logging helpers exist. I covered the guard with unit tests under tests/safe-rm-rf/ that source the real function and exercise normal, boundary, and error cases against temp directories.