923 Commits

Author SHA1 Message Date
Christian Blichmann
cef861a0f2 CMake: Properly inherit sapi_base propterties
- `SKIP_BUILD_RPATH` needs to be set per directory (not allow-listed for
  `INTERFACE` properties)
- Use correct name for position independent code
- `-pie`/`-fPIE` will only propagate fully on 3.14+

PiperOrigin-RevId: 428986266
Change-Id: Idf9d7fc184fbeec8ec1b77505246e262d9b8d880
2022-02-16 01:48:13 -08:00
Christian Blichmann
aefdb94575 Update zlib examples
- Link `zipe.c` statically (safe)
- Update policy to allow any use of `stat()`

PiperOrigin-RevId: 428971638
Change-Id: Ib0f5f496ea2389582986b41a8830592e6c1d4390
2022-02-16 00:08:28 -08:00
Copybara-Service
ddef30148c Merge pull request #117 from DemiMarie:add-idn2-and-turbojpeg
PiperOrigin-RevId: 428763952
Change-Id: I0b958540213052d87a59d5605014fb82c8ac137b
2022-02-15 06:22:29 -08:00
Christian Blichmann
e8cadf8f7d Allow mprotect(_, _, PROT_READ) for all static binaries
Newer toolchains/libcs will use this syscall on x86-64 as well.

PiperOrigin-RevId: 428705078
Change-Id: I705efe37db9ebdd922036b39e4fb3c22dc749a1a
2022-02-15 00:14:25 -08:00
Demi Marie Obenour
b2f4e0068e Add libidn2 and TurboJPEG sandboxes to the build
This exposed a compilation error and an incorrect TEST_FILES_DIR.  Fix
both.
2022-02-14 12:51:22 -05:00
Copybara-Service
38eea151a6 Merge pull request #116 from DemiMarie:fix-syntax-error
PiperOrigin-RevId: 428501046
Change-Id: I5114b7f1ab79cc90b0a3ee9a06495a2ee9752955
2022-02-14 07:20:40 -08:00
Christian Blichmann
789c436a3e CI: Run tests in VM based builders
This adds a first basic test to be run using GitHub Actions on push and pull
request for the CMake build (internally we run everything on Bazel/Blaze).

The Ubuntu runners are implemented as full VMs, so we can run tests directly.

In order to run Sandboxed API/Sandbox2 tests inside a container, it must be
started as privileged, unconfined and retain its capabilities.
Since GitHub does not support modifying the Docker invocation for container
based workflows, we need to manually run the `docker` command.

Until #118 is fixed, this change makes GitHub ignore the test failure on
Fedora.

PiperOrigin-RevId: 428485354
Change-Id: I6b55c5441c4c27b018d19498d2296c7d3da65846
2022-02-14 05:57:19 -08:00
Demi Marie Obenour
544d438e71 Fix a syntax error in the zstd example
It breaks the SAPI_ENABLE_CONTRIB_TESTS build.
2022-02-12 21:43:49 -05:00
Christian Blichmann
d1ed8ac66e Avoid compiler crash with Clang 6.0
Instead of C++17 structured bindings, use a plain `const auto&` and annotate
arguments with comments instead.

We still support Clang 6.0, as that is the compiler that ships with Ubuntu
18.04 LTS by default.

PiperOrigin-RevId: 428016214
Change-Id: I3a43b2d47c6825ac4425d22018750282cfe23c1b
2022-02-11 09:09:01 -08:00
Christian Blichmann
36d0f928c6 Apply page offset during stack unwinding/symbolization
This fixes a couple of tests in the open source version of the code.
Internally, since we are using a different ELF loader, the page offset
will always be zero. Hence we never notices this was broken.

PiperOrigin-RevId: 427996428
Change-Id: I44c5b5610b074cf69b9f0c5eeb051be50923e351
2022-02-11 07:19:34 -08:00
Copybara-Service
1b816e9dce Merge pull request #105 from DemiMarie:turbojpeg
PiperOrigin-RevId: 427991276
Change-Id: I66fa4fcb16b18f38a3ec0dfce46863269606d5e8
2022-02-11 06:44:49 -08:00
Christian Blichmann
7004d59150 Remove pffft submodule entry
PiperOrigin-RevId: 427686350
Change-Id: If75bb7e094f8a1c14b3e0c8f26d0f21b1e45a6dc
2022-02-10 01:41:12 -08:00
Demi Marie Obenour
e613bdfaeb Sandbox TurboJPEG
Took a few tries to get everything implemented.
2022-02-09 11:37:43 -05:00
Copybara-Service
585e55a1e0 Merge pull request #108 from oshogbo:zstd_fd_pr
PiperOrigin-RevId: 427469394
Change-Id: I789b45066800af5a29cbf33313cd7a4fabd56be3
2022-02-09 07:47:35 -08:00
Sandboxed API Team
59b942b256 Add a little more logging to failure cases.
PiperOrigin-RevId: 427459159
Change-Id: I34b6027cccfc4b3903ef4deeb9c133598b6667d4
2022-02-09 06:54:07 -08:00
Christian Blichmann
7e5a398164 Migrate the pffft sandbox to contrib/
PiperOrigin-RevId: 427443359
Change-Id: I852a818ae302a86abe32a2820f349f67861e342e
2022-02-09 05:20:29 -08:00
Christian Blichmann
fdc38d58c6 CMake: Quiet config of libhunspell, quote sources
PiperOrigin-RevId: 427418932
Change-Id: Ie8992176ed29437a7eb7550e7ec6628103a447ff
2022-02-09 02:32:20 -08:00
Christian Blichmann
0576efe994 Update jsonnet README
PiperOrigin-RevId: 427415134
Change-Id: Ib6a729331bde4e29d89a24298dc9d7ce47c356f3
2022-02-09 02:10:49 -08:00
Christian Blichmann
4ad8484e63 Tag additional test as not compatible with QEMU user-mode emulation
PiperOrigin-RevId: 427409251
Change-Id: I5d853908353923b5b31c8bbb6152bc4f94219b45
2022-02-09 01:41:38 -08:00
Mariusz Zaborski
1beba0b3ad ZStandard: use long includes 2022-02-08 13:11:16 -05:00
Mariusz Zaborski
e3da4da69b ZStandard: Simplify creation of paths 2022-02-08 13:11:16 -05:00
Mariusz Zaborski
44088bb7d5 ZStandard: Fix the order of headers 2022-02-08 13:11:16 -05:00
Mariusz Zaborski
5c154af744 ZStandard: introduce a wrapper
The goal is to use a file descriptor as an input for ZStandard
library. Thanks to that we shouldn't send a chunk of memory over
expensive protocol.
2022-02-08 13:11:13 -05:00
Christian Blichmann
dc03c38df1 Enable stack traces on AArch64
Note that `//sandboxed_api/sandbox2:stack_trace_test` may still fail for
unrelated reasons, as we are linking libc statically, which is brittle. A
follow-up change will fix this.

PiperOrigin-RevId: 427175045
Change-Id: Ifb5ec2ac3d60f4bcc9708f26c834c83b75e769d7
2022-02-08 06:23:52 -08:00
Copybara-Service
d76a0e959e Merge pull request #100 from oshogbo:zopfli
PiperOrigin-RevId: 426911996
Change-Id: Ib257a94b6f5cbe932766d2c25c21ad082e0369a4
2022-02-07 07:30:51 -08:00
Christian Blichmann
5c98e30ef2 CMake: Force inclusion of exported functions in add_sapi_library()
Newer versions of the GNU gold linkers sometimes omit the symbols for
sandboxed functions, leading to errors like `function not found` when
Sandboxed API tries to call them at runtime.

The fix is simple: Do what Bazel does and wrap the static library in
a `-Wl,--whole-archive`/`-Wl,--no-whole-archive` pair.

PiperOrigin-RevId: 426910732
Change-Id: Id4183f2964a2dea4fc1dfd8c409bc0b1af9db170
2022-02-07 07:23:34 -08:00
Mariusz Zaborski
0b877243be Sandbox zopfli 2022-02-06 16:33:07 -05:00
Copybara-Service
0f78eb4c59 Merge pull request #103 from oshogbo:hunspell
PiperOrigin-RevId: 426372638
Change-Id: Ia15b7bb6772cdae0f3f44097d3ff66ef2527f927
2022-02-04 04:45:04 -08:00
Copybara-Service
b07d250b76 Merge pull request #107 from oshogbo:zstd_flags
PiperOrigin-RevId: 426330355
Change-Id: I106af783553daf3f64b18dc7c9bd28fd5a67084e
2022-02-04 00:08:15 -08:00
Copybara-Service
c1fbdebeb8 Merge pull request #106 from oshogbo:zstd_minor
PiperOrigin-RevId: 426328587
Change-Id: I22def7bb65ce0ec0f085bf3c44c7320026fb21d7
2022-02-03 23:56:16 -08:00
Sandboxed API Team
b7cb7132a2 Delete deprecated ::sandbox2::Sandbox2::WaitForTsan and its remaining call sites.
PiperOrigin-RevId: 426195145
Change-Id: Ia7c8116a0fb08e2f425d9b89406b446edcf7850a
2022-02-03 11:23:56 -08:00
Wiktor Garbacz
943c74827b Internal change
PiperOrigin-RevId: 426180225
Change-Id: Id7ea6118a6403221451d6db22d30ae8b29ef42bf
2022-02-03 10:26:45 -08:00
Mariusz Zaborski
e505a9712f Sandbox hunspell 2022-02-03 13:03:00 -05:00
Mariusz Zaborski
7af8f58e48 ZStandard: Move includes to the file they are actually used in 2022-02-03 12:08:06 -05:00
Sandboxed API Team
1e5e426e70 Remove comment on licenses() rule as per Google guidance.
PiperOrigin-RevId: 426136170
Change-Id: I341a2d962637b53f9cfa475fbbfe3e6938ee3a95
2022-02-03 07:10:12 -08:00
Demi Marie Obenour
24ad0cc108 Copybara import of the project:
--
55de8f7fd70f6e14771f55077ae6385c8c7f8cc5 by Demi Marie Obenour <demi@invisiblethingslab.com>:

Simple libidn2 wrapper

This adds a simple libidn2 wrapper, including unit tests via GTest.

COPYBARA_INTEGRATE_REVIEW=https://github.com/google/sandboxed-api/pull/96 from DemiMarie:libidn2 55de8f7fd70f6e14771f55077ae6385c8c7f8cc5
PiperOrigin-RevId: 426121420
Change-Id: I79b23560ba23c0c2f1da063bfaa85eac13b2f517
2022-02-03 05:43:33 -08:00
Christian Blichmann
b6d65ef244 CMake: Use PARSE_ARGV for argument parsing, LINKER: for linking
Addresses #104 and also fixes a TODO to use `target_link_options()`
and the `LINKER:` prefix in the SAPI build defs.

PiperOrigin-RevId: 426113536
Change-Id: I5322ab975986ceccedfab030cd4610287d297c35
2022-02-03 04:42:35 -08:00
Mariusz Zaborski
d2a8c8a1ea ZStandard: minor style fixes 2022-02-02 16:53:47 -05:00
Mariusz Zaborski
fa08080f06 ZStandard: Use flags from absl 2022-02-02 16:41:30 -05:00
Mariusz Zaborski
74c32625bf ZStandard: fix descirption of test 2022-02-02 15:54:54 -05:00
Mariusz Zaborski
d0ce037fa2 ZStandard: Add additional check of error code 2022-02-02 15:54:54 -05:00
Mariusz Zaborski
7cb3f4a04d ZStandard: deduplicate the list of functions
The ZSTD_compressBound is twice on the list.
2022-02-02 15:54:54 -05:00
Mariusz Zaborski
05102f2c41 ZStandard: use seprate structure for (de)compression 2022-02-02 15:54:54 -05:00
Sandboxed API Team
9ee3a26e8b Delete deprecated ::sandbox2::Sandbox2::GetPid and its remaining call sites.
PiperOrigin-RevId: 425910086
Change-Id: I2938ce589e83b5441c084994edde6a22c2007642
2022-02-02 09:57:11 -08:00
Copybara-Service
570898542b Merge pull request #95 from oshogbo:zstd
PiperOrigin-RevId: 425893255
Change-Id: I6760fe1ab7734f1a27dd65e4c761c57961306a85
2022-02-02 08:38:34 -08:00
Christian Blichmann
e21afae5a7 CMake: Build contrib sandboxes if requested
Add a new option `SAPI_ENABLE_CONTRIB_TESTS` that builds the sandboxes
in `contrib/` if set.

The new `contrib/CMakeLists.txt` should be extended each time we add a
new sandbox to `contrib/`.

This is in preparation of a follow-up change that should test the
sandboxes using GitHub Actions.

Drive-by:
- Rename the tests in `jsonnet_tests.cc` to conform to the style guide.
PiperOrigin-RevId: 425874289
Change-Id: I5b31546ccf84444c2480287220ef88abbd78a235
2022-02-02 07:02:28 -08:00
Mariusz Zaborski
d1889dcde4 Sandbox ZStandard 2022-02-02 09:34:25 -05:00
Christian Blichmann
ee5ebaa48f CMake: Make it easier for projects to consume sandboxed libraries
This change starts with Jsonnet as the canonical, ready-made sandboxed library
example. Follow-up changes should similarly migrate the OSS Internship
sandboxes.

- Add an `add_sapi_subdirectory()` which sets up source and binary directories
  correctly when consuming SAPI as sub-project
- Restructure the Jsonnet `CMakeLists.txt` and simplify header inclusions
- Update the Jsonnet README file

PiperOrigin-RevId: 425818479
Change-Id: Iba9e83201863b4ad8a91914397b310d9d4230423
2022-02-02 01:09:56 -08:00
Christian Blichmann
2a8fca56fd CMake: Remove Ninja workaround
This never worked properly worked anyways.

The root of the problem is likely ninja issue [#1330](https://github.com/ninja-build/ninja/issues/1330)

PiperOrigin-RevId: 425610824
Change-Id: I53415be6ea6169b420964ba1a7365160167a4f89
2022-02-01 06:37:04 -08:00
Christian Blichmann
87177dec25 Update README.md with current year
PiperOrigin-RevId: 425365813
Change-Id: I8b41d0a1fc120becad9e36bcc8509d5465d2db2e
2022-01-31 07:54:57 -08:00