netblue30 · topimiettinen · Oct 29, 2021 · Oct 29, 2021 · Oct 29, 2021 · Oct 29, 2021
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml
@@ -49,9 +49,11 @@ jobs:
         egress-policy: block
         allowed-endpoints: >
           azure.archive.ubuntu.com:80
+          files.pythonhosted.org:443
           github.com:443
           packages.microsoft.com:443
           ppa.launchpadcontent.net:443
+          pypi.org:443
     - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
     - name: update package information
       run: sudo apt-get update -qy
@@ -61,15 +63,14 @@ jobs:
         libapparmor-dev libselinux1-dev
     - name: print env
       run: ./ci/printenv.sh
-    - name: configure
-      run: >
-        ./configure CC=clang-14
-        --prefix=/usr --enable-fatal-warnings
-        --enable-apparmor --enable-selinux
-        || (cat config.log; exit 1)
-    - name: make
-      run: make
-    - name: make install
-      run: sudo make install
-    - name: print version
-      run: make print-version
+    - name: install dependencies
+      run: sudo apt-get install ninja-build
+    - name: Install meson
+      run: pip install --pre meson==0.56.2 # https://packages.debian.org/oldstable/meson
+    - name: meson setup
+      run: CC=clang-14 meson setup _builddir -Dprefix=/usr -Dapparmor=true -Dselinux=true --werror
+    - name: meson compile
+      run: meson compile -C _builddir
+    - name: meson install
+      run: sudo apt-get install meson
+    - run: sudo meson install -C _builddir
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -74,18 +74,12 @@ jobs:
     - name: install dependencies
       run: >
         sudo apt-get install -qy
-        gcc-12 libapparmor-dev libselinux1-dev
+        gcc-12 libapparmor-dev libselinux1-dev ninja-build meson
     - name: print env
       run: ./ci/printenv.sh
-    - name: configure
-      run: >
-        ./configure CC=gcc-12
-        --prefix=/usr --enable-fatal-warnings --enable-analyzer
-        --enable-apparmor --enable-selinux
-        || (cat config.log; exit 1)
-    - name: make
-      run: make
-    - name: make install
-      run: sudo make install
-    - name: print version
-      run: make print-version
+    - name: meson setup
+      run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
+    - name: meson compile
+      run: meson compile -C _builddir
+    - name: meson install
+      run: sudo -E meson install -C _builddir
diff --git a/.github/workflows/check-c.yml b/.github/workflows/check-c.yml
@@ -62,17 +62,15 @@ jobs:
     - name: install clang-tools-14 and dependencies
       run: >
         sudo apt-get install -qy
-        clang-tools-14 libapparmor-dev libselinux1-dev
+        clang-tools-14 libapparmor-dev libselinux1-dev ninja-build meson
     - name: print env
       run: ./ci/printenv.sh
-    - name: configure
-      run: >
-        ./configure CC=clang-14 SCAN_BUILD=scan-build-14
-        --prefix=/usr --enable-fatal-warnings
-        --enable-apparmor --enable-selinux
-        || (cat config.log; exit 1)
+    - name: meson setup
+      run: CC=clang-14 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
+    - name: meson compile
+      run: meson compile -C _builddir
     - name: scan-build
-      run: make scan-build
+      run: ninja -C _builddir scan-build
 
   cppcheck:
     runs-on: ubuntu-22.04
@@ -93,14 +91,12 @@ jobs:
     - name: update package information
       run: sudo apt-get update -qy
     - name: install cppcheck
-      run: sudo apt-get install -qy cppcheck
-    - name: configure
-      run: >
-        ./configure CPPCHECK='cppcheck -q'
-        || (cat config.log; exit 1)
-    - run: cppcheck --version
-    - name: cppcheck
-      run: make cppcheck
+      run: sudo apt-get install -qy cppcheck ninja-build meson
+    - name: meson setup
+      run: CC=clang-14 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
+    - name: meson compile
+      run: cppcheck --version
+    - run: meson compile -C _builddir cppcheck
 
   # new cppcheck version currently chokes on checkcfg.c and main.c, therefore
   # scan all files also with older cppcheck version from ubuntu 20.04.
@@ -124,14 +120,12 @@ jobs:
     - name: update package information
       run: sudo apt-get update -qy
     - name: install cppcheck
-      run: sudo apt-get install -qy cppcheck
-    - name: configure
-      run: >
-        ./configure CPPCHECK='cppcheck -q'
-        || (cat config.log; exit 1)
-    - run: cppcheck --version
-    - name: cppcheck-old
-      run: make cppcheck-old
+      run: sudo apt-get install -qy cppcheck ninja-build meson
+    - name: meson setup
+      run: CC=clang-14 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
+    - name: meson compile
+      run: cppcheck --version
+    - run: meson compile -C _builddir cppcheck
 
   codeql-cpp:
     permissions:
@@ -165,11 +159,11 @@ jobs:
       with:
         languages: cpp
 
-    - name: configure
-      run: ./configure
+    - name: meson setup
+      run: CC=clang-14 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
 
-    - name: make
-      run: make -j "$(nproc)"
+    - name: meson compile
+      run: meson compile -C _builddir
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@4355270be187e1b672a7a1c7c7bae5afdc1ab94a
diff --git a/.github/workflows/requirements.txt b/.github/workflows/requirements.txt
@@ -0,0 +1,19 @@
+meson==1.3.1 \
+    --hash=sha256:6020568bdede1643d4fb41e28215be38eff5d52da28ac7d125457c59e0032ad7 \
+    --hash=sha256:d5223ecca9564d735d36daaba2571abc6c032c8c3a7ffa0674e803ef0c7e0219
+ninja==1.11.1.1 \
+    --hash=sha256:18302d96a5467ea98b68e1cae1ae4b4fb2b2a56a82b955193c637557c7273dbd \
+    --hash=sha256:185e0641bde601e53841525c4196278e9aaf4463758da6dd1e752c0a0f54136a \
+    --hash=sha256:376889c76d87b95b5719fdd61dd7db193aa7fd4432e5d52d2e44e4c497bdbbee \
+    --hash=sha256:3e0f9be5bb20d74d58c66cc1c414c3e6aeb45c35b0d0e41e8d739c2c0d57784f \
+    --hash=sha256:73b93c14046447c7c5cc892433d4fae65d6364bec6685411cb97a8bcf815f93a \
+    --hash=sha256:7563ce1d9fe6ed5af0b8dd9ab4a214bf4ff1f2f6fd6dc29f480981f0f8b8b249 \
+    --hash=sha256:76482ba746a2618eecf89d5253c0d1e4f1da1270d41e9f54dfbd91831b0f6885 \
+    --hash=sha256:84502ec98f02a037a169c4b0d5d86075eaf6afc55e1879003d6cab51ced2ea4b \
+    --hash=sha256:95da904130bfa02ea74ff9c0116b4ad266174fafb1c707aa50212bc7859aebf1 \
+    --hash=sha256:9d793b08dd857e38d0b6ffe9e6b7145d7c485a42dcfea04905ca0cdb6017cc3c \
+    --hash=sha256:9df724344202b83018abb45cb1efc22efd337a1496514e7e6b3b59655be85205 \
+    --hash=sha256:aad34a70ef15b12519946c5633344bc775a7656d789d9ed5fdb0d456383716ef \
+    --hash=sha256:d491fc8d89cdcb416107c349ad1e3a735d4c4af5e1cb8f5f727baca6350fdaea \
+    --hash=sha256:ecf80cf5afd09f14dcceff28cb3f11dc90fb97c999c89307aea435889cb66877 \
+    --hash=sha256:fa2ba9d74acfdfbfbcf06fad1b8282de8a7a8c481d9dee45c859a8c93fcc1082
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -68,29 +68,17 @@ jobs:
     - name: install dependencies
       run: >
         sudo apt-get install -qy
-        gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils
+        gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils ninja-build meson
     - name: print env
       run: ./ci/printenv.sh
-    - name: configure
-      run: >
-        ./configure CC=gcc-12
-        --prefix=/usr --enable-fatal-warnings --enable-analyzer
-        --enable-apparmor --enable-selinux
-        || (cat config.log; exit 1)
-    - name: make
-      run: make -j "$(nproc)"
-    - name: make install
-      run: sudo make install
-    - name: print version
-      run: make print-version
-    - run: make lab-setup
-    - run: make test-seccomp-extra
-    - run: make test-firecfg
-    - run: make test-capabilities
-    - run: make test-apparmor
-    - run: make test-appimage
-    - run: make test-chroot
-    - run: make test-fcopy
+    - name: meson setup
+      run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
+    - name: meson compile
+      run: meson compile -C _builddir
+    - name: meson install
+      run: sudo -E meson install -C _builddir
+    - name: test main
+      run: meson test -C _builddir seccomp-extra firecfg capabilities apparmor appimage chroot fcopy
 
 #
 # Slower tests
@@ -117,24 +105,17 @@ jobs:
     - name: install dependencies
       run: >
         sudo apt-get install -qy
-        gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils
+        gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils ninja-build meson
     - name: print env
       run: ./ci/printenv.sh
-    - name: configure
-      run: >
-        ./configure CC=gcc-12
-        --prefix=/usr --enable-fatal-warnings --enable-analyzer
-        --enable-apparmor --enable-selinux
-        || (cat config.log; exit 1)
-    - name: make
-      run: make -j "$(nproc)"
-    - name: make install
-      run: sudo make install
-    - name: print version
-      run: make print-version
-    - run: make lab-setup
-    - run: make test-private-etc
-    - run: make test-fs
+    - name: meson setup
+      run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
+    - name: meson compile
+      run: meson compile -C _builddir
+    - name: meson install
+      run: sudo -E meson install -C _builddir
+    - name: test fs
+      run: meson test -C _builddir private-etc fs
 
   test-environment:
     runs-on: ubuntu-22.04
@@ -157,24 +138,17 @@ jobs:
     - name: install dependencies
       run: >
         sudo apt-get install -qy
-        gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils
+        gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils ninja-build meson
     - name: print env
       run: ./ci/printenv.sh
-    - name: configure
-      run: >
-        ./configure CC=gcc-12
-        --prefix=/usr --enable-fatal-warnings --enable-analyzer
-        --enable-apparmor --enable-selinux
-        || (cat config.log; exit 1)
-    - name: make
-      run: make -j "$(nproc)"
-    - name: make install
-      run: sudo make install
-    - name: print version
-      run: make print-version
-    - run: make lab-setup
-    - run: make test-environment
-    - run: make test-profiles
+    - name: meson setup
+      run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
+    - name: meson compile
+      run: meson compile -C _builddir
+    - name: meson install
+      run: sudo -E meson install -C _builddir
+    - name: test environment
+      run: meson test -C _builddir environment profiles
 
   test-utils:
     runs-on: ubuntu-22.04
@@ -200,23 +174,17 @@ jobs:
     - name: install dependencies
       run: >
         sudo apt-get install -qy
-        gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils
+        gcc-12 libapparmor-dev libselinux1-dev expect xzdec bridge-utils ninja-build meson
     - name: print env
       run: ./ci/printenv.sh
-    - name: configure
-      run: >
-        ./configure CC=gcc-12
-        --prefix=/usr --enable-fatal-warnings --enable-analyzer
-        --enable-apparmor --enable-selinux
-        || (cat config.log; exit 1)
-    - name: make
-      run: make -j "$(nproc)"
-    - name: make install
-      run: sudo make install
-    - name: print version
-      run: make print-version
-    - run: make lab-setup
-    - run: make test-utils
+    - name: meson setup
+      run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
+    - name: meson compile
+      run: meson compile -C _builddir
+    - name: meson install
+      run: sudo -E meson install -C _builddir
+    - name: test utils
+      run: meson test -C _builddir utils
 
   test-network:
     runs-on: ubuntu-22.04
@@ -247,22 +215,14 @@ jobs:
       run: >
         sudo apt-get install -qy
         gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois
-        bridge-utils
+        bridge-utils ninja-build meson
     - name: print env
       run: ./ci/printenv.sh
-    - name: configure
-      run: >
-        ./configure CC=gcc-12
-        --prefix=/usr --enable-fatal-warnings --enable-analyzer
-        --enable-apparmor --enable-selinux
-        || (cat config.log; exit 1)
-    - name: make
-      run: make -j "$(nproc)"
-    - name: make install
-      run: sudo make install
-    - name: print version
-      run: make print-version
-    - run: make lab-setup
-    - run: make test-fnetfilter
-    - run: make test-sysutils
-    - run: make test-network
+    - name: meson setup
+      run: CC=gcc-12 meson setup _builddir --werror --prefix=/usr -Danalyzer=true -Dapparmor=true -Dselinux=true
+    - name: meson compile
+      run: meson compile -C _builddir
+    - name: meson install
+      run: sudo -E meson install -C _builddir
+    - name: test network
+      run: meson test -C _builddir fnetfilter sysutils network
diff --git a/config.sh.in b/config.sh.in
@@ -1,4 +1,4 @@
-# @configure_input@
+# configure_input
 #
 # shellcheck shell=sh
 # shellcheck disable=SC2034

diff --git a/contrib/meson.build b/contrib/meson.build
@@ -0,0 +1,23 @@
+contrib_scripts = [
+  'fix_private-bin.py',
+  'fjclip.py',
+  'fjdisplay.py',
+  'fj-mkdeb.py',
+  'fjresize.py',
+  'gdb-firejail.sh',
+  'jail_prober.py',
+  'sort.py',
+  'syscalls.sh',
+  'update_deb.sh',
+]
+install_data(contrib_scripts,
+  install_dir: libdir_firejail,
+  install_mode: 'rwxr-xr-x',
+)
+
+install_data('vim/ftdetect/firejail.vim',
+  install_dir: datadir / 'vim' / 'vimfiles' / 'ftdetect',
+)
+install_data('syntax/files/firejail.vim.in',
+  install_dir: datadir / 'vim' / 'vimfiles' / 'syntax',
+)