8 files changed, 236 insertions, 61 deletions
diff --git a/.github/workflows/check-c.yml b/.github/workflows/check-c.yml
index dcd7bbcc0..5c20f9892 100644
--- a/.github/workflows/check-c.yml
+++ b/.github/workflows/check-c.yml
@@ -67,11 +67,11 @@ jobs:
      run: ./ci/printenv.sh
    - name: configure
      run: >
-        CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor
+        ./configure CC=clang-14 SCAN_BUILD=scan-build-14
-        --enable-selinux
+        --enable-fatal-warnings --enable-apparmor --enable-selinux
        || (cat config.log; exit 1)
    - name: scan-build
-      run: scan-build-14 --status-bugs make
+      run: make scan-build
  cppcheck:
    runs-on: ubuntu-22.04
@@ -93,11 +93,13 @@ jobs:
      run: sudo apt-get update -qy
    - name: install cppcheck
      run: sudo apt-get install -qy cppcheck
+    - name: configure
+      run: >
+        ./configure CPPCHECK='cppcheck -q'
+        || (cat config.log; exit 1)
    - run: cppcheck --version
    - name: cppcheck
-      run: >
+      run: make cppcheck
-        cppcheck -q --force --error-exitcode=1 --enable=warning,performance
-        -i src/firejail/checkcfg.c -i src/firejail/main.c .
  # new cppcheck version currently chokes on checkcfg.c and main.c, therefore
  # scan all files also with older cppcheck version from ubuntu 20.04.
@@ -122,9 +124,13 @@ jobs:
      run: sudo apt-get update -qy
    - name: install cppcheck
      run: sudo apt-get install -qy cppcheck
+    - name: configure
+      run: >
+        ./configure CPPCHECK='cppcheck -q'
+        || (cat config.log; exit 1)
    - run: cppcheck --version
-    - name: cppcheck
+    - name: cppcheck-old
-      run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance .
+      run: make cppcheck-old
  codeql-cpp:
    permissions:
diff --git a/Makefile b/Makefile
index 808a9beac..dcd84b7ab 100644
--- a/Makefile
+++ b/Makefile
@@ -2,6 +2,13 @@
 ROOT = .
 -include config.mk
+# Default programs
+CC ?= cc
+CODESPELL ?= codespell
+CPPCHECK ?= cppcheck
+GAWK ?= gawk
+SCAN_BUILD ?= scan-build
 ifneq ($(HAVE_MAN),no)
 MAN_TARGET = man
 endif
@@ -357,18 +364,24 @@ extras: all
 .PHONY: cppcheck
 cppcheck: clean
-        cppcheck --force --error-exitcode=1 --enable=warning,performance .
+        $(CPPCHECK) --force --error-exitcode=1 --enable=warning,performance \
+          -i src/firejail/checkcfg.c -i src/firejail/main.c .
+# For cppcheck 1.x; see .github/workflows/check-c.yml
+.PHONY: cppcheck-old
+cppcheck-old: clean
+        $(CPPCHECK) --force --error-exitcode=1 --enable=warning,performance .
 .PHONY: scan-build
 scan-build: clean
-        scan-build $(MAKE)
+        $(SCAN_BUILD) --status-bugs $(MAKE)
 # TODO: Old codespell versions (such as v2.1.0 in CI) have issues with
 # contrib/syscalls.sh
 .PHONY: codespell
 codespell:
        @printf 'Running %s...\n' $@
-        @codespell --ignore-regex 'Manuel|UE|als|chage|creat|doas|ether|isplay|readby|[Ss]hotcut' \
+        @$(CODESPELL) --ignore-regex 'Manuel|UE|als|chage|creat|doas|ether|isplay|readby|[Ss]hotcut' \
          -S *.d,*.gz,*.o,*.so \
          -S COPYING,m4 \
          -S ./contrib/syscalls.sh \
diff --git a/config.mk.in b/config.mk.in
index 1521a2633..253b86435 100644
--- a/config.mk.in
+++ b/config.mk.in
@@ -75,6 +75,11 @@ MANFLAGS = \
 # the user building the package); see the following for details:
 # https://www.gnu.org/software/automake/manual/1.16.5/html_node/User-Variables.html
 CC=@CC@
+CODESPELL=@CODESPELL@
+CPPCHECK=@CPPCHECK@
+GAWK=@GAWK@
+SCAN_BUILD=@SCAN_BUILD@
 CFLAGS=@CFLAGS@
 CPPFLAGS=@CPPFLAGS@
 LDFLAGS=@LDFLAGS@
diff --git a/configure b/configure
index adcd6162b..61c025a20 100755
--- a/configure
+++ b/configure
@@ -665,7 +665,6 @@ HAVE_GLOBALCFG
 HAVE_CHROOT
 HAVE_PRIVATE_LIB
 HAVE_PRIVATE_HOME
-HAVE_GAWK
 HAVE_MAN
 HAVE_USERTMPFS
 HAVE_OUTPUT
@@ -683,6 +682,10 @@ PKG_CONFIG
 HAVE_APPARMOR
 HAVE_IDS
 DEPS_CFLAGS
+SCAN_BUILD
+GAWK
+CPPCHECK
+CODESPELL
 OBJEXT
 EXEEXT
 ac_ct_CC
@@ -3270,6 +3273,194 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
+for ac_prog in codespell
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CODESPELL+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$CODESPELL"; then
+  ac_cv_prog_CODESPELL="$CODESPELL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CODESPELL="$ac_prog"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+fi
+fi
+CODESPELL=$ac_cv_prog_CODESPELL
+if test -n "$CODESPELL"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CODESPELL" >&5
+printf "%s\n" "$CODESPELL" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+  test -n "$CODESPELL" && break
+done
+for ac_prog in cppcheck
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CPPCHECK+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$CPPCHECK"; then
+  ac_cv_prog_CPPCHECK="$CPPCHECK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CPPCHECK="$ac_prog"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+fi
+fi
+CPPCHECK=$ac_cv_prog_CPPCHECK
+if test -n "$CPPCHECK"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CPPCHECK" >&5
+printf "%s\n" "$CPPCHECK" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+  test -n "$CPPCHECK" && break
+done
+for ac_prog in gawk
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_GAWK+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$GAWK"; then
+  ac_cv_prog_GAWK="$GAWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_GAWK="$ac_prog"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+fi
+fi
+GAWK=$ac_cv_prog_GAWK
+if test -n "$GAWK"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GAWK" >&5
+printf "%s\n" "$GAWK" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+  test -n "$GAWK" && break
+done
+for ac_prog in scan-build
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_SCAN_BUILD+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$SCAN_BUILD"; then
+  ac_cv_prog_SCAN_BUILD="$SCAN_BUILD" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_SCAN_BUILD="$ac_prog"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+fi
+fi
+SCAN_BUILD=$ac_cv_prog_SCAN_BUILD
+if test -n "$SCAN_BUILD"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SCAN_BUILD" >&5
+printf "%s\n" "$SCAN_BUILD" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+  test -n "$SCAN_BUILD" && break
+done
 DEPS_CFLAGS=""
@@ -3901,50 +4092,7 @@ if test "x$enable_man" != "xno"
 then :
        HAVE_MAN="-DHAVE_MAN"
-        # Extract the first word of "gawk", so it can be a program name with args.
+        if test "x$GAWK" = "x"
-set dummy gawk; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_HAVE_GAWK+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$HAVE_GAWK"; then
-  ac_cv_prog_HAVE_GAWK="$HAVE_GAWK" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  case $as_dir in #(((
-    '') as_dir=./ ;;
-    */) ;;
-    *) as_dir=$as_dir/ ;;
-  esac
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
-    ac_cv_prog_HAVE_GAWK="yes"
-    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-  test -z "$ac_cv_prog_HAVE_GAWK" && ac_cv_prog_HAVE_GAWK="no"
-fi
-fi
-HAVE_GAWK=$ac_cv_prog_HAVE_GAWK
-if test -n "$HAVE_GAWK"; then
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $HAVE_GAWK" >&5
-printf "%s\n" "$HAVE_GAWK" >&6; }
-else
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-        if test "x$HAVE_GAWK" != "xyes"
 then :
  as_fn_error $? "*** gawk not found ***" "$LINENO" 5
 fi
diff --git a/configure.ac b/configure.ac
index 7a2c379fe..2762c2ef0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -19,6 +19,10 @@ AC_CONFIG_SRCDIR([src/firejail/main.c])
 AC_CONFIG_MACRO_DIR([m4])
 AC_PROG_CC
+AC_CHECK_PROGS([CODESPELL], [codespell])
+AC_CHECK_PROGS([CPPCHECK], [cppcheck])
+AC_CHECK_PROGS([GAWK], [gawk])
+AC_CHECK_PROGS([SCAN_BUILD], [scan-build])
 DEPS_CFLAGS=""
 AC_SUBST([DEPS_CFLAGS])
@@ -139,8 +143,7 @@ AC_ARG_ENABLE([man],
    [AS_HELP_STRING([--disable-man], [disable man pages])])
 AS_IF([test "x$enable_man" != "xno"], [
        HAVE_MAN="-DHAVE_MAN"
-        AC_CHECK_PROG([HAVE_GAWK], [gawk], [yes], [no])
+        AS_IF([test "x$GAWK" = "x"], [AC_MSG_ERROR([*** gawk not found ***])])
-        AS_IF([test "x$HAVE_GAWK" != "xyes"], [AC_MSG_ERROR([*** gawk not found ***])])
 ])
 HAVE_PRIVATE_HOME=""
diff --git a/src/bash_completion/Makefile b/src/bash_completion/Makefile
index 1df030da3..c7ef6afc6 100644
--- a/src/bash_completion/Makefile
+++ b/src/bash_completion/Makefile
@@ -6,7 +6,7 @@ ROOT = ../..
 all: firejail.bash_completion
 firejail.bash_completion: firejail.bash_completion.in $(ROOT)/config.mk
-        gawk -f ../man/preproc.awk -- $(MANFLAGS) < $< > $@.tmp
+        $(GAWK) -f ../man/preproc.awk -- $(MANFLAGS) < $< > $@.tmp
        sed "s|_SYSCONFDIR_|$(sysconfdir)|" < $@.tmp > $@
        rm $@.tmp
diff --git a/src/man/Makefile b/src/man/Makefile
index 526ed7fcb..1c1fd49a5 100644
--- a/src/man/Makefile
+++ b/src/man/Makefile
@@ -13,7 +13,7 @@ all: $(TARGET)
 # foo.1: foo.1.in
 $(MOD_DIR)/%: $(MOD_DIR)/%.in $(ROOT)/config.mk
        @printf 'Generating %s from %s\n' $@ $<
-        @gawk -f $(MOD_DIR)/preproc.awk -- $(MANFLAGS) <$< | \
+        @$(GAWK) -f $(MOD_DIR)/preproc.awk -- $(MANFLAGS) <$< | \
          $(MOD_DIR)/mkman.sh $(VERSION) >$@
 # foo.1.gz: foo.1
diff --git a/src/zsh_completion/Makefile b/src/zsh_completion/Makefile
index bf83877fb..e964d39ec 100644
--- a/src/zsh_completion/Makefile
+++ b/src/zsh_completion/Makefile
@@ -6,7 +6,7 @@ ROOT = ../..
 all: _firejail
 _firejail: _firejail.in $(ROOT)/config.mk
-        gawk -f ../man/preproc.awk -- $(MANFLAGS) < $< > $@.tmp
+        $(GAWK) -f ../man/preproc.awk -- $(MANFLAGS) < $< > $@.tmp
        sed "s|_SYSCONFDIR_|$(sysconfdir)|" < $@.tmp > $@
        rm $@.tmp

diff --git a/.github/workflows/check-c.yml b/.github/workflows/check-c.yml index dcd7bbcc0..5c20f9892 100644 --- a/.github/workflows/check-c.yml +++ b/.github/workflows/check-c.yml
@@ -67,11 +67,11 @@ jobs:
67	run: ./ci/printenv.sh	67	run: ./ci/printenv.sh
68	- name: configure	68	- name: configure
69	run: >	69	run: >
70	CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor	70	./configure CC=clang-14 SCAN_BUILD=scan-build-14
71	--enable-selinux	71	--enable-fatal-warnings --enable-apparmor --enable-selinux
72	\|\| (cat config.log; exit 1)	72	\|\| (cat config.log; exit 1)
73	- name: scan-build	73	- name: scan-build
74	run: scan-build-14 --status-bugs make	74	run: make scan-build
75		75
76	cppcheck:	76	cppcheck:
77	runs-on: ubuntu-22.04	77	runs-on: ubuntu-22.04
@@ -93,11 +93,13 @@ jobs:
93	run: sudo apt-get update -qy	93	run: sudo apt-get update -qy
94	- name: install cppcheck	94	- name: install cppcheck
95	run: sudo apt-get install -qy cppcheck	95	run: sudo apt-get install -qy cppcheck
		96	- name: configure
		97	run: >
		98	./configure CPPCHECK='cppcheck -q'
		99	\|\| (cat config.log; exit 1)
96	- run: cppcheck --version	100	- run: cppcheck --version
97	- name: cppcheck	101	- name: cppcheck
98	run: >	102	run: make cppcheck
99	cppcheck -q --force --error-exitcode=1 --enable=warning,performance
100	-i src/firejail/checkcfg.c -i src/firejail/main.c .
101		103
102	# new cppcheck version currently chokes on checkcfg.c and main.c, therefore	104	# new cppcheck version currently chokes on checkcfg.c and main.c, therefore
103	# scan all files also with older cppcheck version from ubuntu 20.04.	105	# scan all files also with older cppcheck version from ubuntu 20.04.
@@ -122,9 +124,13 @@ jobs:
122	run: sudo apt-get update -qy	124	run: sudo apt-get update -qy
123	- name: install cppcheck	125	- name: install cppcheck
124	run: sudo apt-get install -qy cppcheck	126	run: sudo apt-get install -qy cppcheck
		127	- name: configure
		128	run: >
		129	./configure CPPCHECK='cppcheck -q'
		130	\|\| (cat config.log; exit 1)
125	- run: cppcheck --version	131	- run: cppcheck --version
126	- name: cppcheck	132	- name: cppcheck-old
127	run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance .	133	run: make cppcheck-old
128		134
129	codeql-cpp:	135	codeql-cpp:
130	permissions:	136	permissions:


diff --git a/Makefile b/Makefile index 808a9beac..dcd84b7ab 100644 --- a/Makefile +++ b/Makefile
@@ -2,6 +2,13 @@
2	ROOT = .	2	ROOT = .
3	-include config.mk	3	-include config.mk
4		4
		5	# Default programs
		6	CC ?= cc
		7	CODESPELL ?= codespell
		8	CPPCHECK ?= cppcheck
		9	GAWK ?= gawk
		10	SCAN_BUILD ?= scan-build
		11
5	ifneq ($(HAVE_MAN),no)	12	ifneq ($(HAVE_MAN),no)
6	MAN_TARGET = man	13	MAN_TARGET = man
7	endif	14	endif
@@ -357,18 +364,24 @@ extras: all
357		364
358	.PHONY: cppcheck	365	.PHONY: cppcheck
359	cppcheck: clean	366	cppcheck: clean
360	cppcheck --force --error-exitcode=1 --enable=warning,performance .	367	$(CPPCHECK) --force --error-exitcode=1 --enable=warning,performance \
		368	-i src/firejail/checkcfg.c -i src/firejail/main.c .
		369
		370	# For cppcheck 1.x; see .github/workflows/check-c.yml
		371	.PHONY: cppcheck-old
		372	cppcheck-old: clean
		373	$(CPPCHECK) --force --error-exitcode=1 --enable=warning,performance .
361		374
362	.PHONY: scan-build	375	.PHONY: scan-build
363	scan-build: clean	376	scan-build: clean
364	scan-build $(MAKE)	377	$(SCAN_BUILD) --status-bugs $(MAKE)
365		378
366	# TODO: Old codespell versions (such as v2.1.0 in CI) have issues with	379	# TODO: Old codespell versions (such as v2.1.0 in CI) have issues with
367	# contrib/syscalls.sh	380	# contrib/syscalls.sh
368	.PHONY: codespell	381	.PHONY: codespell
369	codespell:	382	codespell:
370	@printf 'Running %s...\n' $@	383	@printf 'Running %s...\n' $@
371	@codespell --ignore-regex 'Manuel\|UE\|als\|chage\|creat\|doas\|ether\|isplay\|readby\|[Ss]hotcut' \	384	@$(CODESPELL) --ignore-regex 'Manuel\|UE\|als\|chage\|creat\|doas\|ether\|isplay\|readby\|[Ss]hotcut' \
372	-S .d,.gz,.o,.so \	385	-S .d,.gz,.o,.so \
373	-S COPYING,m4 \	386	-S COPYING,m4 \
374	-S ./contrib/syscalls.sh \	387	-S ./contrib/syscalls.sh \


diff --git a/config.mk.in b/config.mk.in index 1521a2633..253b86435 100644 --- a/config.mk.in +++ b/config.mk.in
@@ -75,6 +75,11 @@ MANFLAGS = \
75	# the user building the package); see the following for details:	75	# the user building the package); see the following for details:
76	# https://www.gnu.org/software/automake/manual/1.16.5/html_node/User-Variables.html	76	# https://www.gnu.org/software/automake/manual/1.16.5/html_node/User-Variables.html
77	CC=@CC@	77	CC=@CC@
		78	CODESPELL=@CODESPELL@
		79	CPPCHECK=@CPPCHECK@
		80	GAWK=@GAWK@
		81	SCAN_BUILD=@SCAN_BUILD@
		82
78	CFLAGS=@CFLAGS@	83	CFLAGS=@CFLAGS@
79	CPPFLAGS=@CPPFLAGS@	84	CPPFLAGS=@CPPFLAGS@
80	LDFLAGS=@LDFLAGS@	85	LDFLAGS=@LDFLAGS@


diff --git a/configure b/configure index adcd6162b..61c025a20 100755 --- a/configure +++ b/configure
@@ -665,7 +665,6 @@ HAVE_GLOBALCFG
665	HAVE_CHROOT	665	HAVE_CHROOT
666	HAVE_PRIVATE_LIB	666	HAVE_PRIVATE_LIB
667	HAVE_PRIVATE_HOME	667	HAVE_PRIVATE_HOME
668	HAVE_GAWK
669	HAVE_MAN	668	HAVE_MAN
670	HAVE_USERTMPFS	669	HAVE_USERTMPFS
671	HAVE_OUTPUT	670	HAVE_OUTPUT
@@ -683,6 +682,10 @@ PKG_CONFIG
683	HAVE_APPARMOR	682	HAVE_APPARMOR
684	HAVE_IDS	683	HAVE_IDS
685	DEPS_CFLAGS	684	DEPS_CFLAGS
		685	SCAN_BUILD
		686	GAWK
		687	CPPCHECK
		688	CODESPELL
686	OBJEXT	689	OBJEXT
687	EXEEXT	690	EXEEXT
688	ac_ct_CC	691	ac_ct_CC
@@ -3270,6 +3273,194 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
3270	ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'	3273	ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
3271	ac_compiler_gnu=$ac_cv_c_compiler_gnu	3274	ac_compiler_gnu=$ac_cv_c_compiler_gnu
3272		3275
		3276	for ac_prog in codespell
		3277	do
		3278	# Extract the first word of "$ac_prog", so it can be a program name with args.
		3279	set dummy $ac_prog; ac_word=$2
		3280	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
		3281	printf %s "checking for $ac_word... " >&6; }
		3282	if test ${ac_cv_prog_CODESPELL+y}
		3283	then :
		3284	printf %s "(cached) " >&6
		3285	else $as_nop
		3286	if test -n "$CODESPELL"; then
		3287	ac_cv_prog_CODESPELL="$CODESPELL" # Let the user override the test.
		3288	else
		3289	as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
		3290	for as_dir in $PATH
		3291	do
		3292	IFS=$as_save_IFS
		3293	case $as_dir in #(((
		3294	'') as_dir=./ ;;
		3295	*/) ;;
		3296	*) as_dir=$as_dir/ ;;
		3297	esac
		3298	for ac_exec_ext in '' $ac_executable_extensions; do
		3299	if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
		3300	ac_cv_prog_CODESPELL="$ac_prog"
		3301	printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
		3302	break 2
		3303	fi
		3304	done
		3305	done
		3306	IFS=$as_save_IFS
		3307
		3308	fi
		3309	fi
		3310	CODESPELL=$ac_cv_prog_CODESPELL
		3311	if test -n "$CODESPELL"; then
		3312	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CODESPELL" >&5
		3313	printf "%s\n" "$CODESPELL" >&6; }
		3314	else
		3315	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
		3316	printf "%s\n" "no" >&6; }
		3317	fi
		3318
		3319
		3320	test -n "$CODESPELL" && break
		3321	done
		3322
		3323	for ac_prog in cppcheck
		3324	do
		3325	# Extract the first word of "$ac_prog", so it can be a program name with args.
		3326	set dummy $ac_prog; ac_word=$2
		3327	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
		3328	printf %s "checking for $ac_word... " >&6; }
		3329	if test ${ac_cv_prog_CPPCHECK+y}
		3330	then :
		3331	printf %s "(cached) " >&6
		3332	else $as_nop
		3333	if test -n "$CPPCHECK"; then
		3334	ac_cv_prog_CPPCHECK="$CPPCHECK" # Let the user override the test.
		3335	else
		3336	as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
		3337	for as_dir in $PATH
		3338	do
		3339	IFS=$as_save_IFS
		3340	case $as_dir in #(((
		3341	'') as_dir=./ ;;
		3342	*/) ;;
		3343	*) as_dir=$as_dir/ ;;
		3344	esac
		3345	for ac_exec_ext in '' $ac_executable_extensions; do
		3346	if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
		3347	ac_cv_prog_CPPCHECK="$ac_prog"
		3348	printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
		3349	break 2
		3350	fi
		3351	done
		3352	done
		3353	IFS=$as_save_IFS
		3354
		3355	fi
		3356	fi
		3357	CPPCHECK=$ac_cv_prog_CPPCHECK
		3358	if test -n "$CPPCHECK"; then
		3359	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CPPCHECK" >&5
		3360	printf "%s\n" "$CPPCHECK" >&6; }
		3361	else
		3362	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
		3363	printf "%s\n" "no" >&6; }
		3364	fi
		3365
		3366
		3367	test -n "$CPPCHECK" && break
		3368	done
		3369
		3370	for ac_prog in gawk
		3371	do
		3372	# Extract the first word of "$ac_prog", so it can be a program name with args.
		3373	set dummy $ac_prog; ac_word=$2
		3374	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
		3375	printf %s "checking for $ac_word... " >&6; }
		3376	if test ${ac_cv_prog_GAWK+y}
		3377	then :
		3378	printf %s "(cached) " >&6
		3379	else $as_nop
		3380	if test -n "$GAWK"; then
		3381	ac_cv_prog_GAWK="$GAWK" # Let the user override the test.
		3382	else
		3383	as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
		3384	for as_dir in $PATH
		3385	do
		3386	IFS=$as_save_IFS
		3387	case $as_dir in #(((
		3388	'') as_dir=./ ;;
		3389	*/) ;;
		3390	*) as_dir=$as_dir/ ;;
		3391	esac
		3392	for ac_exec_ext in '' $ac_executable_extensions; do
		3393	if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
		3394	ac_cv_prog_GAWK="$ac_prog"
		3395	printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
		3396	break 2
		3397	fi
		3398	done
		3399	done
		3400	IFS=$as_save_IFS
		3401
		3402	fi
		3403	fi
		3404	GAWK=$ac_cv_prog_GAWK
		3405	if test -n "$GAWK"; then
		3406	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GAWK" >&5
		3407	printf "%s\n" "$GAWK" >&6; }
		3408	else
		3409	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
		3410	printf "%s\n" "no" >&6; }
		3411	fi
		3412
		3413
		3414	test -n "$GAWK" && break
		3415	done
		3416
		3417	for ac_prog in scan-build
		3418	do
		3419	# Extract the first word of "$ac_prog", so it can be a program name with args.
		3420	set dummy $ac_prog; ac_word=$2
		3421	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
		3422	printf %s "checking for $ac_word... " >&6; }
		3423	if test ${ac_cv_prog_SCAN_BUILD+y}
		3424	then :
		3425	printf %s "(cached) " >&6
		3426	else $as_nop
		3427	if test -n "$SCAN_BUILD"; then
		3428	ac_cv_prog_SCAN_BUILD="$SCAN_BUILD" # Let the user override the test.
		3429	else
		3430	as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
		3431	for as_dir in $PATH
		3432	do
		3433	IFS=$as_save_IFS
		3434	case $as_dir in #(((
		3435	'') as_dir=./ ;;
		3436	*/) ;;
		3437	*) as_dir=$as_dir/ ;;
		3438	esac
		3439	for ac_exec_ext in '' $ac_executable_extensions; do
		3440	if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
		3441	ac_cv_prog_SCAN_BUILD="$ac_prog"
		3442	printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
		3443	break 2
		3444	fi
		3445	done
		3446	done
		3447	IFS=$as_save_IFS
		3448
		3449	fi
		3450	fi
		3451	SCAN_BUILD=$ac_cv_prog_SCAN_BUILD
		3452	if test -n "$SCAN_BUILD"; then
		3453	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SCAN_BUILD" >&5
		3454	printf "%s\n" "$SCAN_BUILD" >&6; }
		3455	else
		3456	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
		3457	printf "%s\n" "no" >&6; }
		3458	fi
		3459
		3460
		3461	test -n "$SCAN_BUILD" && break
		3462	done
		3463
3273		3464
3274	DEPS_CFLAGS=""	3465	DEPS_CFLAGS=""
3275		3466
@@ -3901,50 +4092,7 @@ if test "x$enable_man" != "xno"
3901	then :	4092	then :
3902		4093
3903	HAVE_MAN="-DHAVE_MAN"	4094	HAVE_MAN="-DHAVE_MAN"
3904	# Extract the first word of "gawk", so it can be a program name with args.	4095	if test "x$GAWK" = "x"
3905	set dummy gawk; ac_word=$2
3906	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
3907	printf %s "checking for $ac_word... " >&6; }
3908	if test ${ac_cv_prog_HAVE_GAWK+y}
3909	then :
3910	printf %s "(cached) " >&6
3911	else $as_nop
3912	if test -n "$HAVE_GAWK"; then
3913	ac_cv_prog_HAVE_GAWK="$HAVE_GAWK" # Let the user override the test.
3914	else
3915	as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
3916	for as_dir in $PATH
3917	do
3918	IFS=$as_save_IFS
3919	case $as_dir in #(((
3920	'') as_dir=./ ;;
3921	*/) ;;
3922	*) as_dir=$as_dir/ ;;
3923	esac
3924	for ac_exec_ext in '' $ac_executable_extensions; do
3925	if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
3926	ac_cv_prog_HAVE_GAWK="yes"
3927	printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
3928	break 2
3929	fi
3930	done
3931	done
3932	IFS=$as_save_IFS
3933
3934	test -z "$ac_cv_prog_HAVE_GAWK" && ac_cv_prog_HAVE_GAWK="no"
3935	fi
3936	fi
3937	HAVE_GAWK=$ac_cv_prog_HAVE_GAWK
3938	if test -n "$HAVE_GAWK"; then
3939	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $HAVE_GAWK" >&5
3940	printf "%s\n" "$HAVE_GAWK" >&6; }
3941	else
3942	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
3943	printf "%s\n" "no" >&6; }
3944	fi
3945
3946
3947	if test "x$HAVE_GAWK" != "xyes"
3948	then :	4096	then :
3949	as_fn_error $? "* gawk not found *" "$LINENO" 5	4097	as_fn_error $? "* gawk not found *" "$LINENO" 5
3950	fi	4098	fi


diff --git a/configure.ac b/configure.ac index 7a2c379fe..2762c2ef0 100644 --- a/configure.ac +++ b/configure.ac
@@ -19,6 +19,10 @@ AC_CONFIG_SRCDIR([src/firejail/main.c])
19	AC_CONFIG_MACRO_DIR([m4])	19	AC_CONFIG_MACRO_DIR([m4])
20		20
21	AC_PROG_CC	21	AC_PROG_CC
		22	AC_CHECK_PROGS([CODESPELL], [codespell])
		23	AC_CHECK_PROGS([CPPCHECK], [cppcheck])
		24	AC_CHECK_PROGS([GAWK], [gawk])
		25	AC_CHECK_PROGS([SCAN_BUILD], [scan-build])
22		26
23	DEPS_CFLAGS=""	27	DEPS_CFLAGS=""
24	AC_SUBST([DEPS_CFLAGS])	28	AC_SUBST([DEPS_CFLAGS])
@@ -139,8 +143,7 @@ AC_ARG_ENABLE([man],
139	[AS_HELP_STRING([--disable-man], [disable man pages])])	143	[AS_HELP_STRING([--disable-man], [disable man pages])])
140	AS_IF([test "x$enable_man" != "xno"], [	144	AS_IF([test "x$enable_man" != "xno"], [
141	HAVE_MAN="-DHAVE_MAN"	145	HAVE_MAN="-DHAVE_MAN"
142	AC_CHECK_PROG([HAVE_GAWK], [gawk], [yes], [no])	146	AS_IF([test "x$GAWK" = "x"], [AC_MSG_ERROR([* gawk not found *])])
143	AS_IF([test "x$HAVE_GAWK" != "xyes"], [AC_MSG_ERROR([* gawk not found *])])
144	])	147	])
145		148
146	HAVE_PRIVATE_HOME=""	149	HAVE_PRIVATE_HOME=""


diff --git a/src/bash_completion/Makefile b/src/bash_completion/Makefile index 1df030da3..c7ef6afc6 100644 --- a/src/bash_completion/Makefile +++ b/src/bash_completion/Makefile
@@ -6,7 +6,7 @@ ROOT = ../..
6	all: firejail.bash_completion	6	all: firejail.bash_completion
7		7
8	firejail.bash_completion: firejail.bash_completion.in $(ROOT)/config.mk	8	firejail.bash_completion: firejail.bash_completion.in $(ROOT)/config.mk
9	gawk -f ../man/preproc.awk -- $(MANFLAGS) < $< > $@.tmp	9	$(GAWK) -f ../man/preproc.awk -- $(MANFLAGS) < $< > $@.tmp
10	sed "s\|_SYSCONFDIR_\|$(sysconfdir)\|" < $@.tmp > $@	10	sed "s\|_SYSCONFDIR_\|$(sysconfdir)\|" < $@.tmp > $@
11	rm $@.tmp	11	rm $@.tmp
12		12


diff --git a/src/man/Makefile b/src/man/Makefile index 526ed7fcb..1c1fd49a5 100644 --- a/src/man/Makefile +++ b/src/man/Makefile
@@ -13,7 +13,7 @@ all: $(TARGET)
13	# foo.1: foo.1.in	13	# foo.1: foo.1.in
14	$(MOD_DIR)/%: $(MOD_DIR)/%.in $(ROOT)/config.mk	14	$(MOD_DIR)/%: $(MOD_DIR)/%.in $(ROOT)/config.mk
15	@printf 'Generating %s from %s\n' $@ $<	15	@printf 'Generating %s from %s\n' $@ $<
16	@gawk -f $(MOD_DIR)/preproc.awk -- $(MANFLAGS) <$< \| \	16	@$(GAWK) -f $(MOD_DIR)/preproc.awk -- $(MANFLAGS) <$< \| \
17	$(MOD_DIR)/mkman.sh $(VERSION) >$@	17	$(MOD_DIR)/mkman.sh $(VERSION) >$@
18		18
19	# foo.1.gz: foo.1	19	# foo.1.gz: foo.1


diff --git a/src/zsh_completion/Makefile b/src/zsh_completion/Makefile index bf83877fb..e964d39ec 100644 --- a/src/zsh_completion/Makefile +++ b/src/zsh_completion/Makefile
@@ -6,7 +6,7 @@ ROOT = ../..
6	all: _firejail	6	all: _firejail
7		7
8	_firejail: _firejail.in $(ROOT)/config.mk	8	_firejail: _firejail.in $(ROOT)/config.mk
9	gawk -f ../man/preproc.awk -- $(MANFLAGS) < $< > $@.tmp	9	$(GAWK) -f ../man/preproc.awk -- $(MANFLAGS) < $< > $@.tmp
10	sed "s\|_SYSCONFDIR_\|$(sysconfdir)\|" < $@.tmp > $@	10	sed "s\|_SYSCONFDIR_\|$(sysconfdir)\|" < $@.tmp > $@
11	rm $@.tmp	11	rm $@.tmp
12		12