| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
This reverts commit 54cb3e741e972c754e595d56de0bca0792299f83, reversing
changes made to 97b1e02d5f4dca4261dc9928f8a5ebf8966682d7.
There were many issues and requests for changes raised in the pull
request (both code-wise and design-wise) and most of them are still
unresolved[1].
[1] https://github.com/netblue30/firejail/pull/5315
|
| |
|
|
|
|
| |
This reverts commit c5a052ffa4e2ccaf240635db116a49986808a2b6.
Part of reverting commits with Landlock-related changes.
|
| | |
|
| |
|
|
| |
dependency on tinyLL
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Configure summary: autoconf essentially only parses configure.ac and
generates the configure script (that is, the "./configure" shell
script). The latter is what actually checks what is available on the
system and internally sets the value of the output variables. It then,
for every filename foo in AC_CONFIG_FILES (and for every output variable
name BAR in AC_SUBST), reads foo.in, replaces every occurrence of
`@BAR@` with the value of the shell variable `$BAR` and generates the
file foo from the result. After this, configure is finished and `make`
could be executed to start the build.
Now that (as of #5140) all output variables are only defined on
config.mk.in and on config.sh.in, there is no need to generate any
makefile nor any other mkfile or shell script at configure time. So
rename every "Makefile.in" to "Makefile", mkdeb.sh.in to mkdeb.sh,
src/common.mk.in to src/common.mk and leave just config.mk and config.sh
as the files to be generated at configure time.
This allows editing and committing all makefiles directly, without
potentially having to run ./configure in between.
Commands used to rename the makefiles:
$ git ls-files -z -- '*Makefile.in' | xargs -0 -I '{}' sh -c \
"git mv '{}' \"\$(dirname '{}')/Makefile\""
Additionally, from my (rudimentary) testing, this commit reduces the
time it takes to run ./configure by about 20~25% compared to commit
72ece92ea ("Transmission fixes: drop private-lib (#5213)", 2022-06-22).
Environment: dash 0.5.11.5-1, gcc 12.1.0-2, Artix Linux, ext4 on an HDD.
Commands used for benchmarking each commit:
$ : >time_configure && ./configure && make distclean &&
for i in $(seq 1 10); do
{ time -p ./configure; } 2>>time_configure; done
$ grep real time_configure |
awk '{ total += $2 } END { print total/NR }'
|
| |
|
|
|
|
|
| |
To match the usual usage order.
Relates to commit 222a2d772 ("order options alphabetically in
configure.ac report", 2022-06-13).
|
| |
|
|
|
| |
This amends commit 72ba0b7e5 ("compile time: disable --output",
2021-02-28).
|
| | |
|
| | |
|
| |
|
|
|
| |
For better organization and so that they can be used by other shell
scripts by just sourcing config.sh.
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently, the configure-time variables (that is, the ones that assign
to placeholders, such as "@HAVE_MAN@", which are set/replaced at
configure-time) are defined on multiple files (such as on Makefile.in
and on common.mk.in).
To avoid duplication, centralize these variables on a single file
(config.mk.in) and replace all of the other definitions of them with an
include of config.mk.
|
| | |
|
| |
|
|
|
|
|
| |
An output message and some whitespace were changed on commit 9903aaa9c
("rel 0.9.68rc1 testing", 2022-01-18).
Environment: autoconf 2.69 (with the runstatedir patch) on Artix Linux
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
of new features. Check in everything you have out."
This reverts commit e8cb03cde8a3a7d083a6f539b06c6253d031af82.
More specifically: s/0.9.68.1/0.9.69/.
The current development version contains not only new features, but also
breaking changes (see "modif:" on the RELNOTES). Ensure at least a
minor (rather than only a patch) version bump (to 0.9.70 on the final
version) to avoid breaking user expectations.
|
| |
|
|
| |
features. Check in everything you have out.
|
| |
|
|
| |
at compile time.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the manual of GNU Autoconf (version 2.69):
> -- Macro: AC_PROG_INSTALL
> Set output variable 'INSTALL' to the name of a BSD-compatible
> 'install' program, if one is found in the current 'PATH'.
> Otherwise, set 'INSTALL' to 'DIR/install-sh -c', checking the
> directories specified to 'AC_CONFIG_AUX_DIR' (or its default
> directories) to determine DIR (*note Output::). Also set the
> variables 'INSTALL_PROGRAM' and 'INSTALL_SCRIPT' to '${INSTALL}'
> and 'INSTALL_DATA' to '${INSTALL} -m 644'.
> -- Macro: AC_PROG_RANLIB
> Set output variable 'RANLIB' to 'ranlib' if 'ranlib' is found,
> and otherwise to ':' (do nothing).
None of the aforementioned variables are used:
$ git grep -F -e '${INSTALL}' -e INSTALL_PROGRAM -e INSTALL_SCRIPT \
-e INSTALL_DATA -e RANLIB
$
So remove the macros that define them.
Misc: The macros in question have been present on configure.ac since it
was created, on commit 137985136 ("Baseline firejail 0.9.28",
2015-08-08). And while the install command is called multiple times,
ranlib is not used anywhere (and it seems that it was never used):
$ git grep -E '^[[:blank:]]+install ' -- '*Makefile*' '*.mk*' |
wc -l
32
$ git grep -F ranlib | wc -l
0
$ git log --pretty= --name-only -G'RANLIB|ranlib' \
137985136..master | sort -u
README.md
Kind of relates to #4695.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
* fix globalcfg help string
* fix --disable-globalcfg explanation
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Added on commit 8d8686af2 ("Make installation of contrib scripts
configurable", 2017-04-13).
Remove redundant argument to AS_IF and make it look more like the other
nearby AS_IF calls.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
See commit 15d793838 ("Try to fix #2310 -- Can't create run directory
without suid-root", 2021-05-13) / PR #4273.
It is the only "HAVE_" option whose value is set by if/else on a
makefile. Also, it is set in different places to either "yes", "no",
blank or "-DHAVE_SUID". Set the value only on configure.ac and only to
either blank or to "-DHAVE_SUID".
Misc: The `ifeq ($(HAVE_SUID),-DHAVE_SUID)` comparison that this adds is
based on the existing `ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR)`
comparison on Makefile.in.
|
| |
|
|
|
|
|
|
| |
Added on commit d1acb31c9 ("compile time: enable LTS", 2021-02-28).
It only needs to be called once for each variable. See the configure
script diff and the previous commit ("configure*: Move AC_SUBST calls to
more obvious places").
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These macros should always be called regardless of the intended value of
each variable, as even if e.g.: no --enable-apparmor flag is given, the
configure script still has to substitute `@HAVE_APPARMOR@` with blank in
the relevant files.
Something similar is already being done for HAVE_OVERLAYFS since commit
fb9f2a5fb ("disabled overlayfs, fixes pending; added video channels to
README* files", 2021-02-06).
Note that each AC_SUBST is not immediately converted into search/replace
code when generating the configure script. It appears that the
variables are handled only after parsing all of configure.ac (or until a
specific command is found), as all arguments passed to every AC_SUBST
call are defined at once on the `ac_subst_vars` list. The actual
substitutions are also done all at once (while iterating through the
list) and that happens much later in the script (see both occurrences of
`ac_subs_vars` on the current script).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For increased safety and consistency. In addition, this should make it
clearer where each argument starts and ends.
See also the following item from autoconf NEWS[1]:
> * Noteworthy changes in release 2.70 (2020-12-08) [stable]
[...]
> *** Many macros have become pickier about argument quotation.
>
> If you get a shell syntax error from your generated configure
> script, or seemingly impossible misbehavior (e.g. entire blocks of
> the configure script not getting executed), check first that all
> macro arguments are properly quoted. The “M4 Quotation” section of
> the manual explains how to quote macro arguments properly.
>
> It is unfortunately not possible for autoupdate to correct
> quotation errors.
[1] https://git.savannah.gnu.org/gitweb/?p=autoconf.git;a=blob;f=NEWS;h=ba418d1af5da752de77a2c388f9af56f8f1bf6a4;hb=97fbc5c184acc6fa591ad094eae86917f03459fa
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Square brackets are used as quotes in autoconf.
From Section 8.1.1, Active Characters of the Autoconf manual[1]:
> To fully understand where proper quotation is important, you first
> need to know what the special characters are in Autoconf: ‘#’
> introduces a comment inside which no macro expansion is performed, ‘,’
> separates arguments, ‘[’ and ‘]’ are the quotes themselves, ‘(’ and
> ‘)’ (which M4 tries to match by pairs), and finally ‘$’ inside a macro
> definition.
[1] https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.70/autoconf.html#Active-Characters
|
| |
|
|
|
|
| |
Command used to find them:
grep ' "$' configure.ac
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Added on commit 137985136 ("Baseline firejail 0.9.28", 2015-08-08). See
also commit ad6bb83fa ("consolidate makefiles", 2018-03-31).
It is not used anywhere. And it looks like it has never been used
anywhere:
$ git log --oneline -Gpthread.h 137985136..master
$
Issue mentioned by @rusty-snake:
https://github.com/netblue30/firejail/issues/4642#issuecomment-955795463
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
For simplicity and increased portability.
|
| |
|
|
|
|
|
|
|
| |
this fixes a new false positive memory leak (#4297), but unfortunately
opens a few new false positives (#4274).
therefore let it ignore memleak checks for now, until the detection
is a bit more stable in GCC.
Fixes: #4274, #4297
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The configure script happens to work if /bin/sh supports the non-POSIX
"+=" operator (e.g.: bash) and fails otherwise (e.g.: dash).
This usage first appeared on configure.ac on commit 66a476419 ("gcov
support"), which is from 2016.
If the --enable-apparmor flag is passed to ./configure (which is the
default on Arch Linux), running `make` fails due to the missing
-lapparmor LDFLAG. Thus, building firejail-git from the AUR does not
work if /bin/sh is e.g.: dash.
Errors when running the build commands below from makepkg:
$ ./configure --prefix=/usr --enable-apparmor >/dev/null
./configure: 3174: EXTRA_CFLAGS+= -mindirect-branch=thunk: not found
./configure: 3246: EXTRA_CFLAGS+= -fstack-clash-protection: not found
./configure: 3282: EXTRA_CFLAGS+= -fstack-protector-strong: not found
./configure: 3518: EXTRA_CFLAGS+= : not found
$ make >/dev/null
/usr/bin/ld: apparmor.o: in function `apparmor_test':
/tmp/firejail-git/src/firejail-git/src/jailcheck/apparmor.c:28: undefined reference to `aa_gettaskcon'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:10: jailcheck] Error 1
make: *** [Makefile:42: src/jailcheck/jailcheck] Error 2
make: *** Waiting for unfinished jobs....
/usr/bin/ld: apparmor.o: in function `print_apparmor':
/tmp/firejail-git/src/firejail-git/src/firemon/apparmor.c:28: undefined reference to `aa_gettaskcon'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:10: firemon] Error 1
make: *** [Makefile:42: src/firemon/firemon] Error 2
/usr/bin/ld: join.o: in function `extract_apparmor':
/tmp/firejail-git/src/firejail-git/src/firejail/join.c:65: undefined reference to `aa_is_enabled'
/usr/bin/ld: sandbox.o: in function `set_apparmor':
/tmp/firejail-git/src/firejail-git/src/firejail/sandbox.c:133: undefined reference to `aa_change_onexec'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:10: firejail] Error 1
make: *** [Makefile:42: src/firejail/firejail] Error 2
Without the apparmor flag, the CFLAGS related to HAVE_SPECTRE do not get
applied either, but `make` does not error out, so the problem is harder
to detect in this case.
Diff comparing the output of `./configure 2>&1` when running without and
then with this patch:
$ git --no-pager diff --no-index configure_current.log configure_patch.log
diff --git a/configure_current.log b/configure_patch.log
index f5e814f..099d836 100644
--- a/configure_current.log
+++ b/configure_patch.log
@@ -10,12 +10,9 @@ checking for gcc option to accept ISO C89... none needed
checking for a BSD-compatible install... /usr/bin/install -c
checking for ranlib... ranlib
checking whether C compiler accepts -mindirect-branch=thunk... yes
-./configure: 3174: EXTRA_CFLAGS+= -mindirect-branch=thunk: not found
checking whether C compiler accepts -mretpoline... no
checking whether C compiler accepts -fstack-clash-protection... yes
-./configure: 3246: EXTRA_CFLAGS+= -fstack-clash-protection: not found
checking whether C compiler accepts -fstack-protector-strong... yes
-./configure: 3282: EXTRA_CFLAGS+= -fstack-protector-strong: not found
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for gawk... yes
@@ -88,7 +85,7 @@ Configuration options:
busybox workaround: no
Spectre compiler patch: yes
EXTRA_LDFLAGS:
- EXTRA_CFLAGS:
+ EXTRA_CFLAGS: -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong
fatal warnings:
Gcov instrumentation:
Install contrib scripts: yes
|
| | |
|
| | |
|
Kelvin M. Klann
netblue30
Азалия Смарагдова
netblue
Dmitry Chestnykh
glitsj16
Reiner Herrmann
a1346054