diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index a9e8105f633..406343ef9b8 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml @@ -49,9 +49,11 @@ jobs: egress-policy: block allowed-endpoints: > azure.archive.ubuntu.com:80 + files.pythonhosted.org:443 github.com:443 packages.microsoft.com:443 ppa.launchpadcontent.net:443 + pypi.org:443 - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 - name: update package information run: sudo apt-get update -qy @@ -61,32 +63,14 @@ jobs: libapparmor-dev libselinux1-dev - name: print env run: ./ci/printenv.sh - - uses: actions/checkout@v2 - name: install dependencies run: sudo apt-get install ninja-build - name: Install meson - run: pip install --pre meson==0.49.2 + run: pip install --pre meson==0.56.2 # https://packages.debian.org/oldstable/meson - name: meson setup - run: CC=clang-11 meson _builddir --werror + run: CC=clang-14 meson setup _builddir -Dprefix=/usr -Dapparmor=true -Dselinux=true --werror - name: meson compile - run: ninja -C _builddir - scan-build: - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v2 - - name: install dependencies - run: sudo apt-get install clang-tools-11 ninja-build - - name: Install meson - run: pip install --pre meson - - name: meson setup - run: CC=clang-11 meson _builddir --werror - - name: scan-build - run: ninja -C _builddir scan-build - cppcheck: - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v2 - - name: install cppcheck - run: sudo apt-get install cppcheck - - name: cppcheck - run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance . + run: meson compile -C _builddir + - name: meson install + run: sudo apt-get install meson + - run: sudo meson install -C _builddir diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 42992b41789..3be25b87671 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -74,18 +74,12 @@ jobs: - name: install dependencies run: > sudo apt-get install -qy - gcc-12 libapparmor-dev libselinux1-dev expect ninja-build xzdec + gcc-12 libapparmor-dev libselinux1-dev ninja-build meson - name: print env run: ./ci/printenv.sh - - name: Install meson - run: pip install meson - name: meson setup - run: CC=gcc-11 meson _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true + run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true - name: meson compile - run: ninja -C _builddir + run: meson compile -C _builddir - name: meson install - run: sudo -E ninja -C _builddir install - # TODO: Why do we run this for profile changes? - # TODO: meson test - #- name: meson test - # run: SHELL=/bin/bash meson test + run: sudo -E meson install -C _builddir diff --git a/.github/workflows/check-c.yml b/.github/workflows/check-c.yml index 307b0c37c69..f7209471f3f 100644 --- a/.github/workflows/check-c.yml +++ b/.github/workflows/check-c.yml @@ -62,17 +62,15 @@ jobs: - name: install clang-tools-14 and dependencies run: > sudo apt-get install -qy - clang-tools-14 libapparmor-dev libselinux1-dev + clang-tools-14 libapparmor-dev libselinux1-dev ninja-build meson - name: print env run: ./ci/printenv.sh - - name: configure - run: > - ./configure CC=clang-14 SCAN_BUILD=scan-build-14 - --prefix=/usr --enable-fatal-warnings - --enable-apparmor --enable-selinux - || (cat config.log; exit 1) + - name: meson setup + run: CC=clang-14 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true + - name: meson compile + run: meson compile -C _builddir - name: scan-build - run: make scan-build + run: ninja -C _builddir scan-build cppcheck: runs-on: ubuntu-22.04 @@ -93,14 +91,12 @@ jobs: - name: update package information run: sudo apt-get update -qy - name: install cppcheck - run: sudo apt-get install -qy cppcheck - - name: configure - run: > - ./configure CPPCHECK='cppcheck -q' - || (cat config.log; exit 1) - - run: cppcheck --version - - name: cppcheck - run: make cppcheck + run: sudo apt-get install -qy cppcheck ninja-build meson + - name: meson setup + run: CC=clang-14 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true + - name: meson compile + run: cppcheck --version + - run: meson compile -C _builddir cppcheck # new cppcheck version currently chokes on checkcfg.c and main.c, therefore # scan all files also with older cppcheck version from ubuntu 20.04. @@ -124,14 +120,12 @@ jobs: - name: update package information run: sudo apt-get update -qy - name: install cppcheck - run: sudo apt-get install -qy cppcheck - - name: configure - run: > - ./configure CPPCHECK='cppcheck -q' - || (cat config.log; exit 1) - - run: cppcheck --version - - name: cppcheck-old - run: make cppcheck-old + run: sudo apt-get install -qy cppcheck ninja-build meson + - name: meson setup + run: CC=clang-14 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true + - name: meson compile + run: cppcheck --version + - run: meson compile -C _builddir cppcheck codeql-cpp: permissions: @@ -165,11 +159,11 @@ jobs: with: languages: cpp - - name: configure - run: ./configure + - name: meson setup + run: CC=clang-14 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true - - name: make - run: make -j "$(nproc)" + - name: meson compile + run: meson compile -C _builddir - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@4355270be187e1b672a7a1c7c7bae5afdc1ab94a diff --git a/.github/workflows/requirements.txt b/.github/workflows/requirements.txt new file mode 100644 index 00000000000..0c41a98fef9 --- /dev/null +++ b/.github/workflows/requirements.txt @@ -0,0 +1,19 @@ +meson==1.3.1 \ + --hash=sha256:6020568bdede1643d4fb41e28215be38eff5d52da28ac7d125457c59e0032ad7 \ + --hash=sha256:d5223ecca9564d735d36daaba2571abc6c032c8c3a7ffa0674e803ef0c7e0219 +ninja==1.11.1.1 \ + --hash=sha256:18302d96a5467ea98b68e1cae1ae4b4fb2b2a56a82b955193c637557c7273dbd \ + --hash=sha256:185e0641bde601e53841525c4196278e9aaf4463758da6dd1e752c0a0f54136a \ + --hash=sha256:376889c76d87b95b5719fdd61dd7db193aa7fd4432e5d52d2e44e4c497bdbbee \ + --hash=sha256:3e0f9be5bb20d74d58c66cc1c414c3e6aeb45c35b0d0e41e8d739c2c0d57784f \ + --hash=sha256:73b93c14046447c7c5cc892433d4fae65d6364bec6685411cb97a8bcf815f93a \ + --hash=sha256:7563ce1d9fe6ed5af0b8dd9ab4a214bf4ff1f2f6fd6dc29f480981f0f8b8b249 \ + --hash=sha256:76482ba746a2618eecf89d5253c0d1e4f1da1270d41e9f54dfbd91831b0f6885 \ + --hash=sha256:84502ec98f02a037a169c4b0d5d86075eaf6afc55e1879003d6cab51ced2ea4b \ + --hash=sha256:95da904130bfa02ea74ff9c0116b4ad266174fafb1c707aa50212bc7859aebf1 \ + --hash=sha256:9d793b08dd857e38d0b6ffe9e6b7145d7c485a42dcfea04905ca0cdb6017cc3c \ + --hash=sha256:9df724344202b83018abb45cb1efc22efd337a1496514e7e6b3b59655be85205 \ + --hash=sha256:aad34a70ef15b12519946c5633344bc775a7656d789d9ed5fdb0d456383716ef \ + --hash=sha256:d491fc8d89cdcb416107c349ad1e3a735d4c4af5e1cb8f5f727baca6350fdaea \ + --hash=sha256:ecf80cf5afd09f14dcceff28cb3f11dc90fb97c999c89307aea435889cb66877 \ + --hash=sha256:fa2ba9d74acfdfbfbcf06fad1b8282de8a7a8c481d9dee45c859a8c93fcc1082 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index fb10f2b7feb..8b8e41fa940 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -68,29 +68,17 @@ jobs: - name: install dependencies run: > sudo apt-get install -qy - gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils + gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils ninja-build meson - name: print env run: ./ci/printenv.sh - - name: configure - run: > - ./configure CC=gcc-12 - --prefix=/usr --enable-fatal-warnings --enable-analyzer - --enable-apparmor --enable-selinux - || (cat config.log; exit 1) - - name: make - run: make -j "$(nproc)" - - name: make install - run: sudo make install - - name: print version - run: make print-version - - run: make lab-setup - - run: make test-seccomp-extra - - run: make test-firecfg - - run: make test-capabilities - - run: make test-apparmor - - run: make test-appimage - - run: make test-chroot - - run: make test-fcopy + - name: meson setup + run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true + - name: meson compile + run: meson compile -C _builddir + - name: meson install + run: sudo -E meson install -C _builddir + - name: test main + run: meson test -C _builddir seccomp-extra firecfg capabilities apparmor appimage chroot fcopy # # Slower tests @@ -117,24 +105,17 @@ jobs: - name: install dependencies run: > sudo apt-get install -qy - gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils + gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils ninja-build meson - name: print env run: ./ci/printenv.sh - - name: configure - run: > - ./configure CC=gcc-12 - --prefix=/usr --enable-fatal-warnings --enable-analyzer - --enable-apparmor --enable-selinux - || (cat config.log; exit 1) - - name: make - run: make -j "$(nproc)" - - name: make install - run: sudo make install - - name: print version - run: make print-version - - run: make lab-setup - - run: make test-private-etc - - run: make test-fs + - name: meson setup + run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true + - name: meson compile + run: meson compile -C _builddir + - name: meson install + run: sudo -E meson install -C _builddir + - name: test fs + run: meson test -C _builddir private-etc fs test-environment: runs-on: ubuntu-22.04 @@ -157,24 +138,17 @@ jobs: - name: install dependencies run: > sudo apt-get install -qy - gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils + gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils ninja-build meson - name: print env run: ./ci/printenv.sh - - name: configure - run: > - ./configure CC=gcc-12 - --prefix=/usr --enable-fatal-warnings --enable-analyzer - --enable-apparmor --enable-selinux - || (cat config.log; exit 1) - - name: make - run: make -j "$(nproc)" - - name: make install - run: sudo make install - - name: print version - run: make print-version - - run: make lab-setup - - run: make test-environment - - run: make test-profiles + - name: meson setup + run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true + - name: meson compile + run: meson compile -C _builddir + - name: meson install + run: sudo -E meson install -C _builddir + - name: test environment + run: meson test -C _builddir environment profiles test-utils: runs-on: ubuntu-22.04 @@ -200,23 +174,17 @@ jobs: - name: install dependencies run: > sudo apt-get install -qy - gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils + gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils ninja-build meson - name: print env run: ./ci/printenv.sh - - name: configure - run: > - ./configure CC=gcc-12 - --prefix=/usr --enable-fatal-warnings --enable-analyzer - --enable-apparmor --enable-selinux - || (cat config.log; exit 1) - - name: make - run: make -j "$(nproc)" - - name: make install - run: sudo make install - - name: print version - run: make print-version - - run: make lab-setup - - run: make test-utils + - name: meson setup + run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true + - name: meson compile + run: meson compile -C _builddir + - name: meson install + run: sudo -E meson install -C _builddir + - name: test utils + run: meson test -C _builddir utils test-network: runs-on: ubuntu-22.04 @@ -247,22 +215,14 @@ jobs: run: > sudo apt-get install -qy gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois - bridge-utils + bridge-utils ninja-build meson - name: print env run: ./ci/printenv.sh - - name: configure - run: > - ./configure CC=gcc-12 - --prefix=/usr --enable-fatal-warnings --enable-analyzer - --enable-apparmor --enable-selinux - || (cat config.log; exit 1) - - name: make - run: make -j "$(nproc)" - - name: make install - run: sudo make install - - name: print version - run: make print-version - - run: make lab-setup - - run: make test-fnetfilter - - run: make test-sysutils - - run: make test-network + - name: meson setup + run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true + - name: meson compile + run: meson compile -C _builddir + - name: meson install + run: sudo -E meson install -C _builddir + - name: test network + run: meson test -C _builddir fnetfilter sysutils network diff --git a/config.sh.in b/config.sh.in index 0a91c68f273..9883e20b35b 100644 --- a/config.sh.in +++ b/config.sh.in @@ -1,4 +1,4 @@ -# @configure_input@ +# configure_input # # shellcheck shell=sh # shellcheck disable=SC2034 diff --git a/contrib/meson.build b/contrib/meson.build index 78f7f7a081c..7f1052643f4 100644 --- a/contrib/meson.build +++ b/contrib/meson.build @@ -1,5 +1,4 @@ contrib_scripts = [ - 'firejail-welcome.sh', 'fix_private-bin.py', 'fjclip.py', 'fjdisplay.py', @@ -19,6 +18,6 @@ install_data(contrib_scripts, install_data('vim/ftdetect/firejail.vim', install_dir: datadir / 'vim' / 'vimfiles' / 'ftdetect', ) -install_data('vim/syntax/firejail.vim', +install_data('syntax/files/firejail.vim.in', install_dir: datadir / 'vim' / 'vimfiles' / 'syntax', ) diff --git a/meson.build b/meson.build index f3d18825540..b08d40ef037 100644 --- a/meson.build +++ b/meson.build @@ -7,8 +7,8 @@ project('firejail', 'c', 'b_pie=true', ], # https://packages.debian.org/oldstable/meson - meson_version: '>=0.49.2', - version: '0.9.67', + meson_version: '>=0.56.2', + version: '0.9.73', ) # # # # # # # # # # @@ -75,14 +75,17 @@ foreach option, flag : { 'firetunnel': '-DHAVE_FIRETUNNEL', 'force-nonewprivs': '-DHAVE_FORCE_NONEWPRIVS', 'globalcfg': '-DHAVE_GLOBALCFG', + 'ids': '-DHAVE_IDS', 'lts': '-DHAVE_LTS', 'network': '-DHAVE_NETWORK', 'output': '-DHAVE_OUTPUT', +# 'overlayfs': '-DHAVE_OVERLAYFS', 'private-home': '-DHAVE_PRIVATE_HOME', 'selinux': '-DHAVE_SELINUX', 'suid': '-DHAVE_SUID', 'userns': '-DHAVE_USERNS', 'usertmpfs': '-DHAVE_USERTMPFS', +# 'whitelist': '-DHAVE_WHITELIST', 'x11': '-DHAVE_X11', } @@ -148,13 +151,16 @@ if show_summary and meson.version().version_compare('>=0.53.0') summary('firetunnel', get_option('firetunnel'), section: 'Facilities') summary('force-nonewprivs', get_option('force-nonewprivs'), section: 'Facilities') summary('globalcfg', get_option('globalcfg'), section: 'Facilities') + summary('ids', get_option('ids'), section: 'Facilities') summary('network', get_option('network'), section: 'Facilities') summary('output', get_option('output'), section: 'Facilities') + summary('overlayfs', get_option('overlayfs'), section: 'Facilities') summary('private-home', get_option('private-home'), section: 'Facilities') summary('selinux', get_option('selinux'), section: 'Facilities') summary('suid', get_option('suid'), section: 'Facilities') summary('userns', get_option('userns'), section: 'Facilities') summary('usertmpfs', get_option('usertmpfs'), section: 'Facilities') + summary('whitelist', get_option('whitelist'), section: 'Facilities') summary('x11', get_option('x11'), section: 'Facilities') summary('lts', get_option('lts'), section: 'LTS') @@ -163,3 +169,17 @@ if show_summary and meson.version().version_compare('>=0.53.0') summary('contrib', get_option('contrib'), section: 'Misc') summary('manpage', get_option('manpage'), section: 'Misc') endif + +conf = configuration_data() +conf.set('PACKAGE_BUGREPORT', 'netblue30@protonmail.com') +conf.set('PACKAGE_NAME', 'firejail') +conf.set('PACKAGE_STRING', 'firejail ' + meson.project_version()) +conf.set('PACKAGE_TARNAME', 'firejail') +conf.set('PACKAGE_VERSION', meson.project_version()) +conf.set_quoted('PACKAGE_URL', 'https://firejail.wordpress.com') + +test_config_sh = configure_file( + configuration: conf, + input: 'config.sh.in', + output: '@BASENAME@', +) diff --git a/meson_options.txt b/meson_options.txt index c7e2ed1cd11..b6cfe40be06 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -17,10 +17,14 @@ option('force-nonewprivs', type: 'boolean', value: true, description: 'force nonewprivs') option('globalcfg', type: 'boolean', value: true, description: 'Abort execution if the global config is not present') +option('ids', type: 'boolean', value: false, + description: 'IDS support') option('network', type: 'boolean', value: true, description: 'network') option('output', type: 'boolean', value: true, description: '--output logging') +option('overlayfs', type: 'boolean', value: true, + description: 'overlayfs support') option('private-home', type: 'boolean', value: true, description: 'private home feature') option('selinux', type: 'boolean', value: false, @@ -31,6 +35,8 @@ option('userns', type: 'boolean', value: true, description: 'user namespace') option('usertmpfs', type: 'boolean', value: true, description: 'tmpfs as regular user') +option('whitelist', type: 'boolean', value: true, + description: 'whitelist support') option('x11', type: 'boolean', value: true, description: 'X11 sandboxing support') diff --git a/src/firejail/meson.build b/src/firejail/meson.build index 8f9306613d7..71001ea8b20 100644 --- a/src/firejail/meson.build +++ b/src/firejail/meson.build @@ -5,7 +5,6 @@ firejail_sources = [ 'arp.c', 'bandwidth.c', 'caps.c', - 'cgroup.c', 'checkcfg.c', 'chroot.c', 'cmdline.c', @@ -28,6 +27,7 @@ firejail_sources = [ 'fs_whitelist.c', 'ids.c', 'join.c', + 'landlock.c', 'ls.c', 'macros.c', 'mountinfo.c', @@ -36,9 +36,11 @@ firejail_sources = [ 'network.c', 'network_main.c', 'no_sandbox.c', + 'oom.c', 'output.c', 'paths.c', 'preproc.c', + 'process.c', 'profile.c', 'protocol.c', 'pulseaudio.c', diff --git a/src/firemon/meson.build b/src/firemon/meson.build index de3e2bbc98c..73126199619 100644 --- a/src/firemon/meson.build +++ b/src/firemon/meson.build @@ -3,9 +3,7 @@ firemon_sources = [ 'apparmor.c', 'arp.c', 'caps.c', - 'cgroup.c', 'cpu.c', - 'interface.c', 'list.c', 'netstats.c', 'procevent.c', diff --git a/src/fseccomp/meson.build b/src/fseccomp/meson.build index 1518c5be8b2..b0a7751d512 100644 --- a/src/fseccomp/meson.build +++ b/src/fseccomp/meson.build @@ -1,6 +1,7 @@ fseccomp_sources = [ 'main.c', 'protocol.c', + 'namespaces.c', 'seccomp.c', 'seccomp_file.c', 'seccomp_secondary.c', diff --git a/src/man/meson.build b/src/man/meson.build index 1a6b44dac5f..a6b9571d023 100644 --- a/src/man/meson.build +++ b/src/man/meson.build @@ -23,7 +23,7 @@ foreach manpage : manpages section = manpage.split('.')[1] configured_manpage = configure_file( configuration: manconf, - input: manpage.split('.')[0] + '.txt', + input: manpage + '.in', output: '@PLAINNAME@', ) custom_target(manpage, diff --git a/src/meson.build b/src/meson.build index 7a6c4e3d402..dbcd1c71966 100644 --- a/src/meson.build +++ b/src/meson.build @@ -21,7 +21,9 @@ subdir('profstats') # SBOX_APPS subdir('fbuilder') -subdir('fids') +if get_option('ids') + subdir('fids') +endif subdir('ftee') # SBOX_APPS_NON_DUMPABLE diff --git a/test/build-test.sh b/test/build-test.sh new file mode 100644 index 00000000000..b631640fa6c --- /dev/null +++ b/test/build-test.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e +src=$1 +dir=$2 +build=$3 +log=test/${dir}.log + +echo src:$src +echo dir:$dir +echo log:$log +echo build:$build + +(cd $src/$dir && BUILD_ROOT=$build ./${dir}.sh 2>&1) | tee $log +grep -a TESTING $log && ! grep -a -q "TESTING ERROR" $log + +exit 0 diff --git a/test/compile/compile.sh b/test/compile/compile.sh index f3e5c4f33a2..d52d1451a9b 100755 --- a/test/compile/compile.sh +++ b/test/compile/compile.sh @@ -12,7 +12,8 @@ # --enable-analyzer enable GCC 10 static analyzer # shellcheck source=config.sh -. "$(dirname "$0")/../../config.sh" || exit 1 +echo PWD: $PWD +. "$BUILD_ROOT/config.sh" || exit 1 arr[1]="TEST 1: standard compilation" arr[2]="TEST 2: compile dbus proxy disabled" @@ -77,14 +78,15 @@ cleanup #***************************************************************** print_title "${arr[1]}" echo "$DIST" -tar -xJvf ../../"$DIST.tar.xz" +(cd "$BUILD_ROOT" && meson dist --allow-dirty --no-tests) +tar -xJvf "$BUILD_ROOT"/meson-dist/"$DIST.tar.xz" mv "$DIST" firejail cd firejail || exit 1 -./configure --prefix=/usr --enable-fatal-warnings \ +meson setup _builddir --prefix=/usr --werror \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test1 grep Error output-configure output-make >> ./report-test1 @@ -99,12 +101,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[2]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-dbusproxy \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Ddbusproxy=false \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test2 grep Error output-configure output-make >> ./report-test2 @@ -119,12 +121,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[3]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-chroot \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Dchroot=false \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test3 grep Error output-configure output-make >> ./report-test3 @@ -139,12 +141,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[4]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-firetunnel \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Dfiretunnel=false \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test4 grep Error output-configure output-make >> ./report-test4 @@ -159,12 +161,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[5]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-userns \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Duserns=false \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test5 grep Error output-configure output-make >> ./report-test5 @@ -180,12 +182,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[6]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-network \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Dnetwork=false \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test6 grep Error output-configure output-make >> ./report-test6 @@ -200,12 +202,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[7]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-x11 \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Dx11=false \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test7 grep Error output-configure output-make >> ./report-test7 @@ -220,12 +222,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[8]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --enable-selinux \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Dselinux=true \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test8 grep Error output-configure output-make >> ./report-test8 @@ -240,12 +242,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[9]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-file-transfer \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Dfile-transfer=false \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test9 grep Error output-configure output-make >> ./report-test9 @@ -260,12 +262,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[10]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-whitelist \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Dwhitelist=false \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test10 grep Error output-configure output-make >> ./report-test10 @@ -280,12 +282,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[11]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-globalcfg \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Dglobalcfg=false \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test11 grep Error output-configure output-make >> ./report-test11 @@ -300,12 +302,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[12]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --enable-apparmor \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Dapparmor=true \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test12 grep Error output-configure output-make >> ./report-test12 @@ -320,12 +322,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[13]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --enable-busybox-workaround \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Dbusybox-workaround=true \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test13 grep Error output-configure output-make >> ./report-test13 @@ -340,12 +342,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[14]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-overlayfs \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Doverlayfs=false \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test14 grep Error output-configure output-make >> ./report-test14 @@ -360,12 +362,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[15]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-private-home \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Dprivate-home=false \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test15 grep Error output-configure output-make >> ./report-test15 @@ -380,12 +382,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[16]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-man \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Dmanpage=false \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test16 grep Error output-configure output-make >> ./report-test16 @@ -400,12 +402,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[17]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-usertmpfs \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Dusertmpfs=false \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test17 grep Error output-configure output-make >> ./report-test17 @@ -420,12 +422,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[18]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-private-home \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Dprivate-home=false \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test18 grep Error output-configure output-make >> ./report-test18 @@ -440,12 +442,12 @@ rm output-configure output-make #***************************************************************** print_title "${arr[19]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --enable-ids \ +rm -rf _builddir +meson setup --reconfigure _builddir --prefix=/usr --werror \ + -Dids=true \ 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +ninja -C _builddir 2>&1 | tee ../output-make cd .. grep Warning output-configure output-make > ./report-test19 grep Error output-configure output-make >> ./report-test19 diff --git a/test/meson.build b/test/meson.build index 464090415c4..8d867210949 100644 --- a/test/meson.build +++ b/test/meson.build @@ -1 +1,27 @@ -# TODO +test_dirs = [ + 'apparmor', + 'appimage', + 'apps', + 'apps-x11', + 'apps-x11-xorg', + 'capabilities', + 'chroot', + 'compile', + 'environment', + 'fcopy', + 'filters', + 'firecfg', + 'fnetfilter', + 'fs', + 'network', + 'private-etc', + 'private-lib', + 'profiles', + 'seccomp-extra', + 'sysutils', + 'utils', +] +build_test_sh = files('build-test.sh') +foreach test_dir : test_dirs + test(test_dir, build_test_sh, args: [meson.current_source_dir(), test_dir, meson.project_build_root()], timeout: 600) +endforeach