| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
To match the usual usage order.
Relates to commit 222a2d772 ("order options alphabetically in
configure.ac report", 2022-06-13).
|
| |
|
|
|
| |
This amends commit 72ba0b7e5 ("compile time: disable --output",
2021-02-28).
|
| | |
|
| | |
|
| |
|
|
|
| |
For better organization and so that they can be used by other shell
scripts by just sourcing config.sh.
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently, the configure-time variables (that is, the ones that assign
to placeholders, such as "@HAVE_MAN@", which are set/replaced at
configure-time) are defined on multiple files (such as on Makefile.in
and on common.mk.in).
To avoid duplication, centralize these variables on a single file
(config.mk.in) and replace all of the other definitions of them with an
include of config.mk.
|
| | |
|
| |
|
|
|
|
|
|
| |
To make it easier to read and edit them and to make the diffs clearer.
vim commands used to search and replace:
:0/AC_CONFIG_FILES/1 | ,+3s/ \\// | -3,+1s/ /\r/g
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
of new features. Check in everything you have out."
This reverts commit e8cb03cde8a3a7d083a6f539b06c6253d031af82.
More specifically: s/0.9.68.1/0.9.69/.
The current development version contains not only new features, but also
breaking changes (see "modif:" on the RELNOTES). Ensure at least a
minor (rather than only a patch) version bump (to 0.9.70 on the final
version) to avoid breaking user expectations.
|
| |
|
|
| |
features. Check in everything you have out.
|
| |
|
|
| |
at compile time.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the manual of GNU Autoconf (version 2.69):
> -- Macro: AC_PROG_INSTALL
> Set output variable 'INSTALL' to the name of a BSD-compatible
> 'install' program, if one is found in the current 'PATH'.
> Otherwise, set 'INSTALL' to 'DIR/install-sh -c', checking the
> directories specified to 'AC_CONFIG_AUX_DIR' (or its default
> directories) to determine DIR (*note Output::). Also set the
> variables 'INSTALL_PROGRAM' and 'INSTALL_SCRIPT' to '${INSTALL}'
> and 'INSTALL_DATA' to '${INSTALL} -m 644'.
> -- Macro: AC_PROG_RANLIB
> Set output variable 'RANLIB' to 'ranlib' if 'ranlib' is found,
> and otherwise to ':' (do nothing).
None of the aforementioned variables are used:
$ git grep -F -e '${INSTALL}' -e INSTALL_PROGRAM -e INSTALL_SCRIPT \
-e INSTALL_DATA -e RANLIB
$
So remove the macros that define them.
Misc: The macros in question have been present on configure.ac since it
was created, on commit 137985136 ("Baseline firejail 0.9.28",
2015-08-08). And while the install command is called multiple times,
ranlib is not used anywhere (and it seems that it was never used):
$ git grep -E '^[[:blank:]]+install ' -- '*Makefile*' '*.mk*' |
wc -l
32
$ git grep -F ranlib | wc -l
0
$ git log --pretty= --name-only -G'RANLIB|ranlib' \
137985136..master | sort -u
README.md
Kind of relates to #4695.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
* fix globalcfg help string
* fix --disable-globalcfg explanation
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Added on commit 8d8686af2 ("Make installation of contrib scripts
configurable", 2017-04-13).
Remove redundant argument to AS_IF and make it look more like the other
nearby AS_IF calls.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
See commit 15d793838 ("Try to fix #2310 -- Can't create run directory
without suid-root", 2021-05-13) / PR #4273.
It is the only "HAVE_" option whose value is set by if/else on a
makefile. Also, it is set in different places to either "yes", "no",
blank or "-DHAVE_SUID". Set the value only on configure.ac and only to
either blank or to "-DHAVE_SUID".
Misc: The `ifeq ($(HAVE_SUID),-DHAVE_SUID)` comparison that this adds is
based on the existing `ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR)`
comparison on Makefile.in.
|
| |
|
|
|
|
|
|
| |
Added on commit d1acb31c9 ("compile time: enable LTS", 2021-02-28).
It only needs to be called once for each variable. See the configure
script diff and the previous commit ("configure*: Move AC_SUBST calls to
more obvious places").
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These macros should always be called regardless of the intended value of
each variable, as even if e.g.: no --enable-apparmor flag is given, the
configure script still has to substitute `@HAVE_APPARMOR@` with blank in
the relevant files.
Something similar is already being done for HAVE_OVERLAYFS since commit
fb9f2a5fb ("disabled overlayfs, fixes pending; added video channels to
README* files", 2021-02-06).
Note that each AC_SUBST is not immediately converted into search/replace
code when generating the configure script. It appears that the
variables are handled only after parsing all of configure.ac (or until a
specific command is found), as all arguments passed to every AC_SUBST
call are defined at once on the `ac_subst_vars` list. The actual
substitutions are also done all at once (while iterating through the
list) and that happens much later in the script (see both occurrences of
`ac_subs_vars` on the current script).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For increased safety and consistency. In addition, this should make it
clearer where each argument starts and ends.
See also the following item from autoconf NEWS[1]:
> * Noteworthy changes in release 2.70 (2020-12-08) [stable]
[...]
> *** Many macros have become pickier about argument quotation.
>
> If you get a shell syntax error from your generated configure
> script, or seemingly impossible misbehavior (e.g. entire blocks of
> the configure script not getting executed), check first that all
> macro arguments are properly quoted. The “M4 Quotation” section of
> the manual explains how to quote macro arguments properly.
>
> It is unfortunately not possible for autoupdate to correct
> quotation errors.
[1] https://git.savannah.gnu.org/gitweb/?p=autoconf.git;a=blob;f=NEWS;h=ba418d1af5da752de77a2c388f9af56f8f1bf6a4;hb=97fbc5c184acc6fa591ad094eae86917f03459fa
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Square brackets are used as quotes in autoconf.
From Section 8.1.1, Active Characters of the Autoconf manual[1]:
> To fully understand where proper quotation is important, you first
> need to know what the special characters are in Autoconf: ‘#’
> introduces a comment inside which no macro expansion is performed, ‘,’
> separates arguments, ‘[’ and ‘]’ are the quotes themselves, ‘(’ and
> ‘)’ (which M4 tries to match by pairs), and finally ‘$’ inside a macro
> definition.
[1] https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.70/autoconf.html#Active-Characters
|
| |
|
|
|
|
| |
Command used to find them:
grep ' "$' configure.ac
|
| |
|
|
|
|
|
|
|
|
|
| |
For increased consistency and readability.
This restores the spaces removed on commit bf81cd6ad ("configure.ac: run
autoupdate to fix autoconf warning") / PR #4316.
Command used to check for the lack of whitespace:
grep ',[^ ]' configure.ac
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Added on commit 137985136 ("Baseline firejail 0.9.28", 2015-08-08). See
also commit ad6bb83fa ("consolidate makefiles", 2018-03-31).
It is not used anywhere. And it looks like it has never been used
anywhere:
$ git log --oneline -Gpthread.h 137985136..master
$
Issue mentioned by @rusty-snake:
https://github.com/netblue30/firejail/issues/4642#issuecomment-955795463
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
For simplicity and increased portability.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following warning:
$ autoconf
configure.ac:306: warning: AC_OUTPUT should be used without arguments.
configure.ac:306: You should run autoupdate.
Environment:
$ grep '^NAME' /etc/os-release
NAME="Artix Linux"
$ pacman -Q autoconf
autoconf 2.71-1
Though keep `AC_PREREQ` at 2.68 (released on 2010-09-23[1]), as version
2.71 (which autoupdate automatically bumps to) is rather recent
(released on 2021-01-28[2]) and the changes do not appear to require a
version bump, as on `AC_INIT` it only adds some quotes, and the rest of
the changes are consistent with the autoconf 2.68 manual. From Section
18.4, Obsolete Macros[3]:
> — Macro: AC_OUTPUT ([file]..., [extra-cmds], [init-cmds])
>
> The use of AC_OUTPUT with arguments is deprecated. This obsoleted
> interface is equivalent to:
>
> AC_CONFIG_FILES(file...)
> AC_CONFIG_COMMANDS([default],
> extra-cmds, init-cmds)
> AC_OUTPUT
>
> See AC_CONFIG_FILES, AC_CONFIG_COMMANDS, and AC_OUTPUT.
Note: The usage of the above format has been present since the inception
of configure.ac, on commit 137985136 ("Baseline firejail 0.9.28").
Misc: This is a continuation of #4293.
[1] https://lists.gnu.org/archive/html/info-gnu/2010-09/msg00013.html
[2] https://lists.gnu.org/archive/html/autoconf/2021-01/msg00126.html
[3] https://www.gnu.org/software/autoconf/manual/autoconf-2.68/html_node/Obsolete-Macros.html#index-AC_005fOUTPUT-2058
|
| |
|
|
|
|
|
|
|
| |
this fixes a new false positive memory leak (#4297), but unfortunately
opens a few new false positives (#4274).
therefore let it ignore memleak checks for now, until the detection
is a bit more stable in GCC.
Fixes: #4274, #4297
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The configure script happens to work if /bin/sh supports the non-POSIX
"+=" operator (e.g.: bash) and fails otherwise (e.g.: dash).
This usage first appeared on configure.ac on commit 66a476419 ("gcov
support"), which is from 2016.
If the --enable-apparmor flag is passed to ./configure (which is the
default on Arch Linux), running `make` fails due to the missing
-lapparmor LDFLAG. Thus, building firejail-git from the AUR does not
work if /bin/sh is e.g.: dash.
Errors when running the build commands below from makepkg:
$ ./configure --prefix=/usr --enable-apparmor >/dev/null
./configure: 3174: EXTRA_CFLAGS+= -mindirect-branch=thunk: not found
./configure: 3246: EXTRA_CFLAGS+= -fstack-clash-protection: not found
./configure: 3282: EXTRA_CFLAGS+= -fstack-protector-strong: not found
./configure: 3518: EXTRA_CFLAGS+= : not found
$ make >/dev/null
/usr/bin/ld: apparmor.o: in function `apparmor_test':
/tmp/firejail-git/src/firejail-git/src/jailcheck/apparmor.c:28: undefined reference to `aa_gettaskcon'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:10: jailcheck] Error 1
make: *** [Makefile:42: src/jailcheck/jailcheck] Error 2
make: *** Waiting for unfinished jobs....
/usr/bin/ld: apparmor.o: in function `print_apparmor':
/tmp/firejail-git/src/firejail-git/src/firemon/apparmor.c:28: undefined reference to `aa_gettaskcon'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:10: firemon] Error 1
make: *** [Makefile:42: src/firemon/firemon] Error 2
/usr/bin/ld: join.o: in function `extract_apparmor':
/tmp/firejail-git/src/firejail-git/src/firejail/join.c:65: undefined reference to `aa_is_enabled'
/usr/bin/ld: sandbox.o: in function `set_apparmor':
/tmp/firejail-git/src/firejail-git/src/firejail/sandbox.c:133: undefined reference to `aa_change_onexec'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:10: firejail] Error 1
make: *** [Makefile:42: src/firejail/firejail] Error 2
Without the apparmor flag, the CFLAGS related to HAVE_SPECTRE do not get
applied either, but `make` does not error out, so the problem is harder
to detect in this case.
Diff comparing the output of `./configure 2>&1` when running without and
then with this patch:
$ git --no-pager diff --no-index configure_current.log configure_patch.log
diff --git a/configure_current.log b/configure_patch.log
index f5e814f..099d836 100644
--- a/configure_current.log
+++ b/configure_patch.log
@@ -10,12 +10,9 @@ checking for gcc option to accept ISO C89... none needed
checking for a BSD-compatible install... /usr/bin/install -c
checking for ranlib... ranlib
checking whether C compiler accepts -mindirect-branch=thunk... yes
-./configure: 3174: EXTRA_CFLAGS+= -mindirect-branch=thunk: not found
checking whether C compiler accepts -mretpoline... no
checking whether C compiler accepts -fstack-clash-protection... yes
-./configure: 3246: EXTRA_CFLAGS+= -fstack-clash-protection: not found
checking whether C compiler accepts -fstack-protector-strong... yes
-./configure: 3282: EXTRA_CFLAGS+= -fstack-protector-strong: not found
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for gawk... yes
@@ -88,7 +85,7 @@ Configuration options:
busybox workaround: no
Spectre compiler patch: yes
EXTRA_LDFLAGS:
- EXTRA_CFLAGS:
+ EXTRA_CFLAGS: -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong
fatal warnings:
Gcov instrumentation:
Install contrib scripts: yes
|
| | |
|
| | |
|
| |
|
|
| |
This will always set 'nonewprivs', 'caps.drop all' and 'nogroups'.
|
| | |
|
| | |
|
| | |
|
Kelvin M. Klann
netblue30
netblue
Dmitry Chestnykh
glitsj16
Reiner Herrmann
a1346054
rusty-snake
startx2017