WIP: meson build system

Rebased and updated from netblue30#4656 by rusty-snake.

.github/workflows/build-extra.yml

@@ -61,32 +61,13 @@ jobs:
  libapparmor-dev libselinux1-dev
  - name: print env
  run: ./ci/printenv.sh
- - uses: actions/checkout@v2
  - name: install dependencies
  run: sudo apt-get install ninja-build
  - name: Install meson
- run: pip install --pre meson==0.49.2
+ run: pip install --pre meson==0.56.2 # https://packages.debian.org/oldstable/meson
  - name: meson setup
- run: CC=clang-11 meson _builddir --werror
+ run: CC=clang-14 meson setup _builddir -Dprefix=/usr -Dapparmor=true -Dselinux=true --werror
  - name: meson compile
- run: ninja -C _builddir
- scan-build:
- runs-on: ubuntu-20.04
- steps:
- - uses: actions/checkout@v2
- - name: install dependencies
- run: sudo apt-get install clang-tools-11 ninja-build
- - name: Install meson
- run: pip install --pre meson
- - name: meson setup
- run: CC=clang-11 meson _builddir --werror
- - name: scan-build
- run: ninja -C _builddir scan-build
- cppcheck:
- runs-on: ubuntu-20.04
- steps:
- - uses: actions/checkout@v2
- - name: install cppcheck
- run: sudo apt-get install cppcheck
- - name: cppcheck
- run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance .
+ run: meson compile -C _builddir
+ - name: meson install
+ run: meson install -C _builddir

.github/workflows/build.yml

@@ -74,18 +74,14 @@ jobs:
  - name: install dependencies
  run: >
  sudo apt-get install -qy
- gcc-12 libapparmor-dev libselinux1-dev expect ninja-build xzdec
+ gcc-12 libapparmor-dev libselinux1-dev ninja-build
  - name: print env
  run: ./ci/printenv.sh
  - name: Install meson
  run: pip install meson
  - name: meson setup
- run: CC=gcc-11 meson _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
+ run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
  - name: meson compile
- run: ninja -C _builddir
+ run: meson compile -C _builddir
  - name: meson install
- run: sudo -E ninja -C _builddir install
- # TODO: Why do we run this for profile changes?
- # TODO: meson test
- #- name: meson test
- # run: SHELL=/bin/bash meson test
+ run: sudo -E meson install -C _builddir

.github/workflows/requirements.txt

@@ -0,0 +1,19 @@
+meson==1.3.1 \
+ --hash=sha256:6020568bdede1643d4fb41e28215be38eff5d52da28ac7d125457c59e0032ad7 \
+ --hash=sha256:d5223ecca9564d735d36daaba2571abc6c032c8c3a7ffa0674e803ef0c7e0219
+ninja==1.11.1.1 \
+ --hash=sha256:18302d96a5467ea98b68e1cae1ae4b4fb2b2a56a82b955193c637557c7273dbd \
+ --hash=sha256:185e0641bde601e53841525c4196278e9aaf4463758da6dd1e752c0a0f54136a \
+ --hash=sha256:376889c76d87b95b5719fdd61dd7db193aa7fd4432e5d52d2e44e4c497bdbbee \
+ --hash=sha256:3e0f9be5bb20d74d58c66cc1c414c3e6aeb45c35b0d0e41e8d739c2c0d57784f \
+ --hash=sha256:73b93c14046447c7c5cc892433d4fae65d6364bec6685411cb97a8bcf815f93a \
+ --hash=sha256:7563ce1d9fe6ed5af0b8dd9ab4a214bf4ff1f2f6fd6dc29f480981f0f8b8b249 \
+ --hash=sha256:76482ba746a2618eecf89d5253c0d1e4f1da1270d41e9f54dfbd91831b0f6885 \
+ --hash=sha256:84502ec98f02a037a169c4b0d5d86075eaf6afc55e1879003d6cab51ced2ea4b \
+ --hash=sha256:95da904130bfa02ea74ff9c0116b4ad266174fafb1c707aa50212bc7859aebf1 \
+ --hash=sha256:9d793b08dd857e38d0b6ffe9e6b7145d7c485a42dcfea04905ca0cdb6017cc3c \
+ --hash=sha256:9df724344202b83018abb45cb1efc22efd337a1496514e7e6b3b59655be85205 \
+ --hash=sha256:aad34a70ef15b12519946c5633344bc775a7656d789d9ed5fdb0d456383716ef \
+ --hash=sha256:d491fc8d89cdcb416107c349ad1e3a735d4c4af5e1cb8f5f727baca6350fdaea \
+ --hash=sha256:ecf80cf5afd09f14dcceff28cb3f11dc90fb97c999c89307aea435889cb66877 \
+ --hash=sha256:fa2ba9d74acfdfbfbcf06fad1b8282de8a7a8c481d9dee45c859a8c93fcc1082

config.sh.in

@@ -1,4 +1,4 @@
-# @configure_input@
+# configure_input
 #
 # shellcheck shell=sh
 # shellcheck disable=SC2034

contrib/meson.build

@@ -1,5 +1,4 @@
 contrib_scripts = [
- 'firejail-welcome.sh',
  'fix_private-bin.py',
  'fjclip.py',
  'fjdisplay.py',
@@ -19,6 +18,6 @@ install_data(contrib_scripts,
 install_data('vim/ftdetect/firejail.vim',
  install_dir: datadir / 'vim' / 'vimfiles' / 'ftdetect',
 )
-install_data('vim/syntax/firejail.vim',
+install_data('syntax/files/firejail.vim.in',
  install_dir: datadir / 'vim' / 'vimfiles' / 'syntax',
 )

meson.build

@@ -7,8 +7,8 @@ project('firejail', 'c',
  'b_pie=true',
  ],
  # https://packages.debian.org/oldstable/meson
- meson_version: '>=0.49.2',
- version: '0.9.67',
+ meson_version: '>=0.56.2',
+ version: '0.9.73',
 )
 
 # # # # # # # # # #
@@ -75,14 +75,17 @@ foreach option, flag : {
  'firetunnel': '-DHAVE_FIRETUNNEL',
  'force-nonewprivs': '-DHAVE_FORCE_NONEWPRIVS',
  'globalcfg': '-DHAVE_GLOBALCFG',
+ 'ids': '-DHAVE_IDS',
  'lts': '-DHAVE_LTS',
  'network': '-DHAVE_NETWORK',
  'output': '-DHAVE_OUTPUT',
+# 'overlayfs': '-DHAVE_OVERLAYFS',
  'private-home': '-DHAVE_PRIVATE_HOME',
  'selinux': '-DHAVE_SELINUX',
  'suid': '-DHAVE_SUID',
  'userns': '-DHAVE_USERNS',
  'usertmpfs': '-DHAVE_USERTMPFS',
+# 'whitelist': '-DHAVE_WHITELIST',
  'x11': '-DHAVE_X11',
  }
 
@@ -148,13 +151,16 @@ if show_summary and meson.version().version_compare('>=0.53.0')
  summary('firetunnel', get_option('firetunnel'), section: 'Facilities')
  summary('force-nonewprivs', get_option('force-nonewprivs'), section: 'Facilities')
  summary('globalcfg', get_option('globalcfg'), section: 'Facilities')
+ summary('ids', get_option('ids'), section: 'Facilities')
  summary('network', get_option('network'), section: 'Facilities')
  summary('output', get_option('output'), section: 'Facilities')
+ summary('overlayfs', get_option('overlayfs'), section: 'Facilities')
  summary('private-home', get_option('private-home'), section: 'Facilities')
  summary('selinux', get_option('selinux'), section: 'Facilities')
  summary('suid', get_option('suid'), section: 'Facilities')
  summary('userns', get_option('userns'), section: 'Facilities')
  summary('usertmpfs', get_option('usertmpfs'), section: 'Facilities')
+ summary('whitelist', get_option('whitelist'), section: 'Facilities')
  summary('x11', get_option('x11'), section: 'Facilities')
 
  summary('lts', get_option('lts'), section: 'LTS')
@@ -163,3 +169,17 @@ if show_summary and meson.version().version_compare('>=0.53.0')
  summary('contrib', get_option('contrib'), section: 'Misc')
  summary('manpage', get_option('manpage'), section: 'Misc')
 endif
+
+conf = configuration_data()
+conf.set('PACKAGE_BUGREPORT', '[email protected]')
+conf.set('PACKAGE_NAME', 'firejail')
+conf.set('PACKAGE_STRING', 'firejail ' + meson.project_version())
+conf.set('PACKAGE_TARNAME', 'firejail')
+conf.set('PACKAGE_VERSION', meson.project_version())
+conf.set_quoted('PACKAGE_URL', 'https://firejail.wordpress.com')
+
+test_config_sh = configure_file(
+ configuration: conf,
+ input: 'config.sh.in',
+ output: '@BASENAME@',
+)

meson_options.txt

@@ -17,10 +17,14 @@ option('force-nonewprivs', type: 'boolean', value: true,
  description: 'force nonewprivs')
 option('globalcfg', type: 'boolean', value: true,
  description: 'Abort execution if the global config is not present')
+option('ids', type: 'boolean', value: false,
+ description: 'IDS support')
 option('network', type: 'boolean', value: true,
  description: 'network')
 option('output', type: 'boolean', value: true,
  description: '--output logging')
+option('overlayfs', type: 'boolean', value: true,
+ description: 'overlayfs support')
 option('private-home', type: 'boolean', value: true,
  description: 'private home feature')
 option('selinux', type: 'boolean', value: false,
@@ -31,6 +35,8 @@ option('userns', type: 'boolean', value: true,
  description: 'user namespace')
 option('usertmpfs', type: 'boolean', value: true,
  description: 'tmpfs as regular user')
+option('whitelist', type: 'boolean', value: true,
+ description: 'whitelist support')
 option('x11', type: 'boolean', value: true,
  description: 'X11 sandboxing support')
 

src/firejail/meson.build

@@ -5,7 +5,6 @@ firejail_sources = [
  'arp.c',
  'bandwidth.c',
  'caps.c',
- 'cgroup.c',
  'checkcfg.c',
  'chroot.c',
  'cmdline.c',
@@ -28,6 +27,7 @@ firejail_sources = [
  'fs_whitelist.c',
  'ids.c',
  'join.c',
+ 'landlock.c',
  'ls.c',
  'macros.c',
  'mountinfo.c',
@@ -36,9 +36,11 @@ firejail_sources = [
  'network.c',
  'network_main.c',
  'no_sandbox.c',
+ 'oom.c',
  'output.c',
  'paths.c',
  'preproc.c',
+ 'process.c',
  'profile.c',
  'protocol.c',
  'pulseaudio.c',

src/firemon/meson.build

@@ -3,9 +3,7 @@ firemon_sources = [
  'apparmor.c',
  'arp.c',
  'caps.c',
- 'cgroup.c',
  'cpu.c',
- 'interface.c',
  'list.c',
  'netstats.c',
  'procevent.c',

src/fseccomp/meson.build

@@ -1,6 +1,7 @@
 fseccomp_sources = [
  'main.c',
  'protocol.c',
+ 'namespaces.c',
  'seccomp.c',
  'seccomp_file.c',
  'seccomp_secondary.c',

src/man/meson.build

@@ -23,7 +23,7 @@ foreach manpage : manpages
  section = manpage.split('.')[1]
  configured_manpage = configure_file(
  configuration: manconf,
- input: manpage.split('.')[0] + '.txt',
+ input: manpage + '.in',
  output: '@PLAINNAME@',
  )
  custom_target(manpage,

src/meson.build

@@ -21,7 +21,9 @@ subdir('profstats')
 
 # SBOX_APPS
 subdir('fbuilder')
-subdir('fids')
+if get_option('ids')
+ subdir('fids')
+endif
 subdir('ftee')
 
 # SBOX_APPS_NON_DUMPABLE

test/build-test.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+src=$1
+dir=$2
+build=$3
+log=test/${dir}.log
+
+echo src:$src
+echo dir:$dir
+echo log:$log
+echo build:$build
+
+(cd $src/$dir && BUILD_ROOT=$build ./${dir}.sh 2>&1) | tee $log
+grep -a TESTING $log && ! grep -a -q "TESTING ERROR" $log
+
+exit 0