WIP: meson build system

Rebased and updated from netblue30#4656 by rusty-snake.

.github/workflows/build-extra.yml

@@ -52,6 +52,7 @@ jobs:
  github.com:443
  packages.microsoft.com:443
  ppa.launchpadcontent.net:443
+ pypi.org:443
  - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
  - name: update package information
  run: sudo apt-get update -qy
@@ -61,32 +62,13 @@ jobs:
  libapparmor-dev libselinux1-dev
  - name: print env
  run: ./ci/printenv.sh
- - uses: actions/checkout@v2
  - name: install dependencies
  run: sudo apt-get install ninja-build
  - name: Install meson
- run: pip install --pre meson==0.49.2
+ run: pip install --pre meson==0.56.2 # https://packages.debian.org/oldstable/meson
  - name: meson setup
- run: CC=clang-11 meson _builddir --werror
+ run: CC=clang-14 meson setup _builddir -Dprefix=/usr -Dapparmor=true -Dselinux=true --werror
  - name: meson compile
- run: ninja -C _builddir
- scan-build:
- runs-on: ubuntu-20.04
- steps:
- - uses: actions/checkout@v2
- - name: install dependencies
- run: sudo apt-get install clang-tools-11 ninja-build
- - name: Install meson
- run: pip install --pre meson
- - name: meson setup
- run: CC=clang-11 meson _builddir --werror
- - name: scan-build
- run: ninja -C _builddir scan-build
- cppcheck:
- runs-on: ubuntu-20.04
- steps:
- - uses: actions/checkout@v2
- - name: install cppcheck
- run: sudo apt-get install cppcheck
- - name: cppcheck
- run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance .
+ run: meson compile -C _builddir
+ - name: meson install
+ run: meson install -C _builddir

.github/workflows/build.yml

@@ -68,24 +68,21 @@ jobs:
  github.com:443
  packages.microsoft.com:443
  ppa.launchpadcontent.net:443
+ pypi.org:443
  - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
  - name: update package information
  run: sudo apt-get update -qy
  - name: install dependencies
  run: >
  sudo apt-get install -qy
- gcc-12 libapparmor-dev libselinux1-dev expect ninja-build xzdec
+ gcc-12 libapparmor-dev libselinux1-dev ninja-build
  - name: print env
  run: ./ci/printenv.sh
  - name: Install meson
  run: pip install meson
  - name: meson setup
- run: CC=gcc-11 meson _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
+ run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
  - name: meson compile
- run: ninja -C _builddir
+ run: meson compile -C _builddir
  - name: meson install
- run: sudo -E ninja -C _builddir install
- # TODO: Why do we run this for profile changes?
- # TODO: meson test
- #- name: meson test
- # run: SHELL=/bin/bash meson test
+ run: sudo -E meson install -C _builddir

.github/workflows/requirements.txt

@@ -0,0 +1,19 @@
+meson==1.3.1 \
+ --hash=sha256:6020568bdede1643d4fb41e28215be38eff5d52da28ac7d125457c59e0032ad7 \
+ --hash=sha256:d5223ecca9564d735d36daaba2571abc6c032c8c3a7ffa0674e803ef0c7e0219
+ninja==1.11.1.1 \
+ --hash=sha256:18302d96a5467ea98b68e1cae1ae4b4fb2b2a56a82b955193c637557c7273dbd \
+ --hash=sha256:185e0641bde601e53841525c4196278e9aaf4463758da6dd1e752c0a0f54136a \
+ --hash=sha256:376889c76d87b95b5719fdd61dd7db193aa7fd4432e5d52d2e44e4c497bdbbee \
+ --hash=sha256:3e0f9be5bb20d74d58c66cc1c414c3e6aeb45c35b0d0e41e8d739c2c0d57784f \
+ --hash=sha256:73b93c14046447c7c5cc892433d4fae65d6364bec6685411cb97a8bcf815f93a \
+ --hash=sha256:7563ce1d9fe6ed5af0b8dd9ab4a214bf4ff1f2f6fd6dc29f480981f0f8b8b249 \
+ --hash=sha256:76482ba746a2618eecf89d5253c0d1e4f1da1270d41e9f54dfbd91831b0f6885 \
+ --hash=sha256:84502ec98f02a037a169c4b0d5d86075eaf6afc55e1879003d6cab51ced2ea4b \
+ --hash=sha256:95da904130bfa02ea74ff9c0116b4ad266174fafb1c707aa50212bc7859aebf1 \
+ --hash=sha256:9d793b08dd857e38d0b6ffe9e6b7145d7c485a42dcfea04905ca0cdb6017cc3c \
+ --hash=sha256:9df724344202b83018abb45cb1efc22efd337a1496514e7e6b3b59655be85205 \
+ --hash=sha256:aad34a70ef15b12519946c5633344bc775a7656d789d9ed5fdb0d456383716ef \
+ --hash=sha256:d491fc8d89cdcb416107c349ad1e3a735d4c4af5e1cb8f5f727baca6350fdaea \
+ --hash=sha256:ecf80cf5afd09f14dcceff28cb3f11dc90fb97c999c89307aea435889cb66877 \
+ --hash=sha256:fa2ba9d74acfdfbfbcf06fad1b8282de8a7a8c481d9dee45c859a8c93fcc1082

.github/workflows/test.yml

@@ -62,35 +62,25 @@ jobs:
  github.com:443
  packages.microsoft.com:443
  ppa.launchpadcontent.net:443
+ pypi.org:443
  - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
  - name: update package information
  run: sudo apt-get update -qy
  - name: install dependencies
  run: >
  sudo apt-get install -qy
- gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils
+ gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils ninja-build
  - name: print env
  run: ./ci/printenv.sh
- - name: configure
- run: >
- ./configure CC=gcc-12
- --prefix=/usr --enable-fatal-warnings --enable-analyzer
- --enable-apparmor --enable-selinux
- || (cat config.log; exit 1)
- - name: make
- run: make -j "$(nproc)"
- - name: make install
- run: sudo make install
- - name: print version
- run: make print-version
- - run: make lab-setup
- - run: make test-seccomp-extra
- - run: make test-firecfg
- - run: make test-capabilities
- - run: make test-apparmor
- - run: make test-appimage
- - run: make test-chroot
- - run: make test-fcopy
+ - name: Install meson
+ run: pip install meson
+ - name: meson setup
+ run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
+ - name: meson compile
+ run: meson compile -C _builddir
+ - name: meson install
+ run: sudo -E meson install -C _builddir
+ - run: meson test -C _builddir seccomp-extra firecfg capabilities apparmor appimage chroot fcopy
 
 #
 # Slower tests
@@ -111,30 +101,25 @@ jobs:
  github.com:443
  packages.microsoft.com:443
  ppa.launchpadcontent.net:443
+ pypi.org:443
  - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
  - name: update package information
  run: sudo apt-get update -qy
  - name: install dependencies
  run: >
  sudo apt-get install -qy
- gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils
+ gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils ninja-build
  - name: print env
  run: ./ci/printenv.sh
- - name: configure
- run: >
- ./configure CC=gcc-12
- --prefix=/usr --enable-fatal-warnings --enable-analyzer
- --enable-apparmor --enable-selinux
- || (cat config.log; exit 1)
- - name: make
- run: make -j "$(nproc)"
- - name: make install
- run: sudo make install
- - name: print version
- run: make print-version
- - run: make lab-setup
- - run: make test-private-etc
- - run: make test-fs
+ - name: Install meson
+ run: pip install meson
+ - name: meson setup
+ run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
+ - name: meson compile
+ run: meson compile -C _builddir
+ - name: meson install
+ run: sudo -E meson install -C _builddir
+ - run: meson test -C _builddir private-etc fs
 
  test-environment:
  runs-on: ubuntu-22.04
@@ -151,30 +136,26 @@ jobs:
  github.com:443
  packages.microsoft.com:443
  ppa.launchpadcontent.net:443
+ pypi.org:443
  - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
  - name: update package information
  run: sudo apt-get update -qy
  - name: install dependencies
  run: >
  sudo apt-get install -qy
- gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils
+ gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils ninja-build
  - name: print env
  run: ./ci/printenv.sh
- - name: configure
- run: >
- ./configure CC=gcc-12
- --prefix=/usr --enable-fatal-warnings --enable-analyzer
- --enable-apparmor --enable-selinux
- || (cat config.log; exit 1)
- - name: make
- run: make -j "$(nproc)"
- - name: make install
- run: sudo make install
+ - name: Install meson
+ run: pip install meson
+ - name: meson setup
+ run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
+ - name: meson compile
+ run: meson compile -C _builddir
+ - name: meson install
+ run: sudo -E meson install -C _builddir
  - name: print version
- run: make print-version
- - run: make lab-setup
- - run: make test-environment
- - run: make test-profiles
+ - run: meson test -C _builddir environment profiles
 
  test-utils:
  runs-on: ubuntu-22.04
@@ -192,6 +173,7 @@ jobs:
  github.com:443
  packages.microsoft.com:443
  ppa.launchpadcontent.net:443
+ pypi.org:443
  www.debian.org:443
  www.debian.org:80
  - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
@@ -200,23 +182,19 @@ jobs:
  - name: install dependencies
  run: >
  sudo apt-get install -qy
- gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils
+ gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils ninja-build
  - name: print env
  run: ./ci/printenv.sh
- - name: configure
- run: >
- ./configure CC=gcc-12
- --prefix=/usr --enable-fatal-warnings --enable-analyzer
- --enable-apparmor --enable-selinux
- || (cat config.log; exit 1)
- - name: make
- run: make -j "$(nproc)"
- - name: make install
- run: sudo make install
+ - name: Install meson
+ run: pip install meson
+ - name: meson setup
+ run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
+ - name: meson compile
+ run: meson compile -C _builddir
+ - name: meson install
+ run: sudo -E meson install -C _builddir
  - name: print version
- run: make print-version
- - run: make lab-setup
- - run: make test-utils
+ - run: meson test -C _builddir utils
 
  test-network:
  runs-on: ubuntu-22.04
@@ -236,6 +214,7 @@ jobs:
  github.com:443
  packages.microsoft.com:443
  ppa.launchpadcontent.net:443
+ pypi.org:443
  whois.pir.org:43
  www.debian.org:443
  www.debian.org:80
@@ -247,22 +226,16 @@ jobs:
  run: >
  sudo apt-get install -qy
  gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois
- bridge-utils
+ bridge-utils ninja-build
  - name: print env
  run: ./ci/printenv.sh
- - name: configure
- run: >
- ./configure CC=gcc-12
- --prefix=/usr --enable-fatal-warnings --enable-analyzer
- --enable-apparmor --enable-selinux
- || (cat config.log; exit 1)
- - name: make
- run: make -j "$(nproc)"
- - name: make install
- run: sudo make install
+ - name: Install meson
+ run: pip install meson
+ - name: meson setup
+ run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
+ - name: meson compile
+ run: meson compile -C _builddir
+ - name: meson install
+ run: sudo -E meson install -C _builddir
  - name: print version
- run: make print-version
- - run: make lab-setup
- - run: make test-fnetfilter
- - run: make test-sysutils
- - run: make test-network
+ - run: meson test -C _builddir fnetfilter sysutils network

config.sh.in

@@ -1,4 +1,4 @@
-# @configure_input@
+# configure_input
 #
 # shellcheck shell=sh
 # shellcheck disable=SC2034

contrib/meson.build

@@ -1,5 +1,4 @@
 contrib_scripts = [
- 'firejail-welcome.sh',
  'fix_private-bin.py',
  'fjclip.py',
  'fjdisplay.py',
@@ -19,6 +18,6 @@ install_data(contrib_scripts,
 install_data('vim/ftdetect/firejail.vim',
  install_dir: datadir / 'vim' / 'vimfiles' / 'ftdetect',
 )
-install_data('vim/syntax/firejail.vim',
+install_data('syntax/files/firejail.vim.in',
  install_dir: datadir / 'vim' / 'vimfiles' / 'syntax',
 )

meson.build

@@ -7,8 +7,8 @@ project('firejail', 'c',
  'b_pie=true',
  ],
  # https://packages.debian.org/oldstable/meson
- meson_version: '>=0.49.2',
- version: '0.9.67',
+ meson_version: '>=0.56.2',
+ version: '0.9.73',
 )
 
 # # # # # # # # # #
@@ -75,14 +75,17 @@ foreach option, flag : {
  'firetunnel': '-DHAVE_FIRETUNNEL',
  'force-nonewprivs': '-DHAVE_FORCE_NONEWPRIVS',
  'globalcfg': '-DHAVE_GLOBALCFG',
+ 'ids': '-DHAVE_IDS',
  'lts': '-DHAVE_LTS',
  'network': '-DHAVE_NETWORK',
  'output': '-DHAVE_OUTPUT',
+# 'overlayfs': '-DHAVE_OVERLAYFS',
  'private-home': '-DHAVE_PRIVATE_HOME',
  'selinux': '-DHAVE_SELINUX',
  'suid': '-DHAVE_SUID',
  'userns': '-DHAVE_USERNS',
  'usertmpfs': '-DHAVE_USERTMPFS',
+# 'whitelist': '-DHAVE_WHITELIST',
  'x11': '-DHAVE_X11',
  }
 
@@ -148,13 +151,16 @@ if show_summary and meson.version().version_compare('>=0.53.0')
  summary('firetunnel', get_option('firetunnel'), section: 'Facilities')
  summary('force-nonewprivs', get_option('force-nonewprivs'), section: 'Facilities')
  summary('globalcfg', get_option('globalcfg'), section: 'Facilities')
+ summary('ids', get_option('ids'), section: 'Facilities')
  summary('network', get_option('network'), section: 'Facilities')
  summary('output', get_option('output'), section: 'Facilities')
+ summary('overlayfs', get_option('overlayfs'), section: 'Facilities')
  summary('private-home', get_option('private-home'), section: 'Facilities')
  summary('selinux', get_option('selinux'), section: 'Facilities')
  summary('suid', get_option('suid'), section: 'Facilities')
  summary('userns', get_option('userns'), section: 'Facilities')
  summary('usertmpfs', get_option('usertmpfs'), section: 'Facilities')
+ summary('whitelist', get_option('whitelist'), section: 'Facilities')
  summary('x11', get_option('x11'), section: 'Facilities')
 
  summary('lts', get_option('lts'), section: 'LTS')
@@ -163,3 +169,17 @@ if show_summary and meson.version().version_compare('>=0.53.0')
  summary('contrib', get_option('contrib'), section: 'Misc')
  summary('manpage', get_option('manpage'), section: 'Misc')
 endif
+
+conf = configuration_data()
+conf.set('PACKAGE_BUGREPORT', '[email protected]')
+conf.set('PACKAGE_NAME', 'firejail')
+conf.set('PACKAGE_STRING', 'firejail ' + meson.project_version())
+conf.set('PACKAGE_TARNAME', 'firejail')
+conf.set('PACKAGE_VERSION', meson.project_version())
+conf.set_quoted('PACKAGE_URL', 'https://firejail.wordpress.com')
+
+test_config_sh = configure_file(
+ configuration: conf,
+ input: 'config.sh.in',
+ output: '@BASENAME@',
+)