diff --git a/rust-bindings/rust/src/repo_checkout_at_options.rs b/rust-bindings/rust/src/repo_checkout_at_options.rs index a1cd37d9..2a570c58 100644 --- a/rust-bindings/rust/src/repo_checkout_at_options.rs +++ b/rust-bindings/rust/src/repo_checkout_at_options.rs @@ -20,6 +20,15 @@ pub struct RepoCheckoutAtOptions { pub force_copy_zerosized: bool, pub subpath: Option, pub devino_to_csum_cache: Option, + /// A callback function to decide which files and directories will be checked out from the + /// repo. See the documentation on [RepoCheckoutFilter](struct.RepoCheckoutFilter.html) for more + /// information on the signature. + /// + /// # Panics + /// This callback may not panic. If it does, `abort()` will be called to avoid unwinding across + /// an FFI boundary and into the libostree C code (which is Undefined Behavior). If you prefer to + /// swallow the panic rather than aborting, you can use `std::panic::catch_unwind` inside your + /// callback to catch and silence any panics that occur. pub filter: Option, pub sepolicy: Option, pub sepolicy_prefix: Option, diff --git a/rust-bindings/rust/src/repo_checkout_at_options/repo_checkout_filter.rs b/rust-bindings/rust/src/repo_checkout_at_options/repo_checkout_filter.rs index cb8190e4..4d2fe731 100644 --- a/rust-bindings/rust/src/repo_checkout_at_options/repo_checkout_filter.rs +++ b/rust-bindings/rust/src/repo_checkout_at_options/repo_checkout_filter.rs @@ -87,6 +87,8 @@ unsafe extern "C" fn filter_trampoline( result.to_glib() } +/// Unwind-safe trampoline to call the Rust filter callback. See [filter_trampoline](fn.filter_trampoline.html). +/// This function additionally catches panics and aborts to avoid unwinding into C code. pub(super) unsafe extern "C" fn filter_trampoline_unwindsafe( repo: *mut OstreeRepo, path: *const c_char, @@ -102,6 +104,9 @@ pub(super) unsafe extern "C" fn filter_trampoline_unwindsafe( }) } +/// Print a panic message and the value to stderr, if we can. +/// +/// If the panic value is either `&str` or `String`, we print it. Otherwise, we don't. fn print_panic(panic: Box) { eprintln!("A Rust callback invoked by C code panicked."); eprintln!("Unwinding across FFI boundaries is Undefined Behavior so abort() will be called.");