The python build option can be used to swap to a different interpreter,
for environments like the Steam Runtime where the python3 executable in
the PATH is extremely old but there is a better interpreter available.
This is treated as non-optional, because Meson is written in Python,
so the situation where there is no Python interpreter at build-time
shouldn't arise.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This allows bwrap to be built as a subproject in larger Meson projects.
When built as a subproject, we install into the --libexecdir and
require a program prefix to be specified: for example, Flatpak would use
program_prefix=flatpak- to get /usr/libexec/flatpak-bwrap. Verified to
be backwards-compatible as far as Meson 0.49.0 (Debian 9 backports).
Loosely based on previous work by Jussi Pakkanen (see #133).
Differences between the Autotools and Meson builds:
The Meson build requires a version of libcap that has pkg-config
metadata (introduced in libcap 2.23, in 2013).
The Meson build has no equivalent of --with-priv-mode=setuid. On
distributions like Debian <= 10 and RHEL <= 7 that require a setuid bwrap
executable, the sysadmin or distribution packaging will need to set the
correct permissions on the bwrap executable; Debian already did this via
packaging rather than the upstream build system.
The Meson build supports being used as a subproject, and there is CI
for this. It automatically disables shell completions and man pages,
moves the bubblewrap executable to ${libexecdir}, and renames the
bubblewrap executable according to a program_prefix option that the
caller must specify (for example, Flatpak would use
-Dprogram_prefix=flatpak- to get /usr/libexec/flatpak-bwrap). See the
tests/use-as-subproject/ directory for an example.
Signed-off-by: Simon McVittie <smcv@collabora.com>
AS_IF is best-practice for Autoconf, because it resolves conditional
dependencies correctly; for example, if the first use of
PKG_CHECK_MODULES is inside an if/then/fi block, then
PKG_CHECK_PKG_CONFIG will also be conditional, but if the first use of
PKG_CHECK_MODULES is inside AS_IF, then PKG_CHECK_PKG_CONFIG will be
done unconditionally.
Signed-off-by: Simon McVittie <smcv@collabora.com>
I'm about to add a third linked list, for seccomp programs, which would
seem like too much duplication.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Unfortunately it's possible for argc to be 0, so error out pretty early
on in that case. I don't think this is a security issue in this case.
Signed-off-by: Phaedrus Leeds <mwleeds@protonmail.com>
When building with -Wjump-misses-init as part of a larger project, gcc
reports that we jump past initialization of cover_proc_dirs. This is
technically true, but we only use this variable in the case where it's
initialized, so that's harmless.
However, we can avoid this altogether by making the array static and
constant, which allows it to be moved from initialized data to read-only
data.
Signed-off-by: Simon McVittie <smcv@collabora.com>
When compiled with -Wwrite-strings as part of a larger project, gcc and
clang both warn that we're assigning a string constant to a mutable
struct member. There's actually no reason why it should be mutable, so
make it const.
Signed-off-by: Simon McVittie <smcv@collabora.com>
We need to save errno immediately, otherwise it could be overwritten
by a failing library call somewhere in the implementation of fprintf.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This is a step towards REUSE compliance. Third-party files that we do
not otherwise edit (git.mk, m4/attributes.m4) are excluded here.
Signed-off-by: Simon McVittie <smcv@collabora.com>
These are more time-consuming than the rest of test-run.sh combined due
to their use of a wait loop, and separating them out is helpful for the
possible addition of a Meson build system. The test-case that is moved
into tests/test-specifying-pidns.sh hangs and times out under
"meson dist" on Github Actions CI, but not under "meson test" or
Autotools, and not when tested locally; putting this in its own script
might help to isolate and fix that failure.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The flag file we create and the flag file we check for were not in sync.
Also similarly correct the variable name in an info message.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Cater for strict TAP parsers by not printing random strings on stdout;
either direct them to stderr or to /dev/null, or turn them into TAP
diagnostics by prefixing "# ".
Automake has a relatively lenient TAP parser, but Meson has a more strict
TAP parser, so this is a prerequisite for adding a Meson build system.
Signed-off-by: Simon McVittie <smcv@collabora.com>
