- `SKIP_BUILD_RPATH` needs to be set per directory (not allow-listed for
`INTERFACE` properties)
- Use correct name for position independent code
- `-pie`/`-fPIE` will only propagate fully on 3.14+
PiperOrigin-RevId: 428986266
Change-Id: Idf9d7fc184fbeec8ec1b77505246e262d9b8d880
- Link `zipe.c` statically (safe)
- Update policy to allow any use of `stat()`
PiperOrigin-RevId: 428971638
Change-Id: Ib0f5f496ea2389582986b41a8830592e6c1d4390
This adds a first basic test to be run using GitHub Actions on push and pull
request for the CMake build (internally we run everything on Bazel/Blaze).
The Ubuntu runners are implemented as full VMs, so we can run tests directly.
In order to run Sandboxed API/Sandbox2 tests inside a container, it must be
started as privileged, unconfined and retain its capabilities.
Since GitHub does not support modifying the Docker invocation for container
based workflows, we need to manually run the `docker` command.
Until #118 is fixed, this change makes GitHub ignore the test failure on
Fedora.
PiperOrigin-RevId: 428485354
Change-Id: I6b55c5441c4c27b018d19498d2296c7d3da65846
Instead of C++17 structured bindings, use a plain `const auto&` and annotate
arguments with comments instead.
We still support Clang 6.0, as that is the compiler that ships with Ubuntu
18.04 LTS by default.
PiperOrigin-RevId: 428016214
Change-Id: I3a43b2d47c6825ac4425d22018750282cfe23c1b
This fixes a couple of tests in the open source version of the code.
Internally, since we are using a different ELF loader, the page offset
will always be zero. Hence we never notices this was broken.
PiperOrigin-RevId: 427996428
Change-Id: I44c5b5610b074cf69b9f0c5eeb051be50923e351
Note that `//sandboxed_api/sandbox2:stack_trace_test` may still fail for
unrelated reasons, as we are linking libc statically, which is brittle. A
follow-up change will fix this.
PiperOrigin-RevId: 427175045
Change-Id: Ifb5ec2ac3d60f4bcc9708f26c834c83b75e769d7
Newer versions of the GNU gold linkers sometimes omit the symbols for
sandboxed functions, leading to errors like `function not found` when
Sandboxed API tries to call them at runtime.
The fix is simple: Do what Bazel does and wrap the static library in
a `-Wl,--whole-archive`/`-Wl,--no-whole-archive` pair.
PiperOrigin-RevId: 426910732
Change-Id: Id4183f2964a2dea4fc1dfd8c409bc0b1af9db170
--
55de8f7fd7 by Demi Marie Obenour <demi@invisiblethingslab.com>:
Simple libidn2 wrapper
This adds a simple libidn2 wrapper, including unit tests via GTest.
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/sandboxed-api/pull/96 from DemiMarie:libidn2 55de8f7fd7
PiperOrigin-RevId: 426121420
Change-Id: I79b23560ba23c0c2f1da063bfaa85eac13b2f517
Addresses #104 and also fixes a TODO to use `target_link_options()`
and the `LINKER:` prefix in the SAPI build defs.
PiperOrigin-RevId: 426113536
Change-Id: I5322ab975986ceccedfab030cd4610287d297c35
Add a new option `SAPI_ENABLE_CONTRIB_TESTS` that builds the sandboxes
in `contrib/` if set.
The new `contrib/CMakeLists.txt` should be extended each time we add a
new sandbox to `contrib/`.
This is in preparation of a follow-up change that should test the
sandboxes using GitHub Actions.
Drive-by:
- Rename the tests in `jsonnet_tests.cc` to conform to the style guide.
PiperOrigin-RevId: 425874289
Change-Id: I5b31546ccf84444c2480287220ef88abbd78a235
This change starts with Jsonnet as the canonical, ready-made sandboxed library
example. Follow-up changes should similarly migrate the OSS Internship
sandboxes.
- Add an `add_sapi_subdirectory()` which sets up source and binary directories
correctly when consuming SAPI as sub-project
- Restructure the Jsonnet `CMakeLists.txt` and simplify header inclusions
- Update the Jsonnet README file
PiperOrigin-RevId: 425818479
Change-Id: Iba9e83201863b4ad8a91914397b310d9d4230423
This never worked properly worked anyways.
The root of the problem is likely ninja issue [#1330](https://github.com/ninja-build/ninja/issues/1330)
PiperOrigin-RevId: 425610824
Change-Id: I53415be6ea6169b420964ba1a7365160167a4f89