GitHub CI: update list of container images

[tinc] / meson.build

diff --git a/meson.build b/meson.build
index 488230e..1554219 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -1,5 +1,5 @@
 project('tinc', 'c',
-  version: run_command([find_program('python3'), 'version.py', 'short'], check: true).stdout(),
+  version: '1.1pre18',
   license: 'GPL-2.0-or-later',
   meson_version: '>=0.51',
   default_options: [
@@ -20,6 +20,7 @@ opt_lz4 = get_option('lz4')
 opt_lzo = get_option('lzo')
 opt_miniupnpc = get_option('miniupnpc')
 opt_readline = get_option('readline')
+opt_sandbox = get_option('sandbox')
 opt_static = get_option('static')
 opt_systemd = get_option('systemd')
 opt_tests = get_option('tests')
@@ -35,11 +36,15 @@ os_name = host_machine.system()
 cpu_family = host_machine.cpu_family()
 cc_name = cc.get_id()
 
-python = find_program('python3')
-if meson_version.version_compare('>=0.55')
-  python_path = python.full_path()
+python = find_program('python3', required: false)
+if python.found()
+  if meson_version.version_compare('>=0.55')
+    python_path = python.full_path()
+  else
+    python_path = python.path()
+  endif
 else
-  python_path = python.path()
+  python_path = ''
 endif
 
 cc_defs = ['-D_GNU_SOURCE']
@@ -50,6 +55,33 @@ endif
 cc_flags = [cc_defs]
 ld_flags = []
 
+if cc_name != 'msvc'
+  cc_flags += [
+    '-Wbad-function-cast',
+    '-Wduplicated-branches',
+    '-Wduplicated-cond',
+    '-Wformat-overflow=2',
+    '-Wformat-truncation=1', # 2 prints too much noise
+    '-Wformat=2',
+    '-Wlogical-op',
+    '-Wmissing-declarations',
+    '-Wmissing-noreturn',
+    '-Wmissing-prototypes',
+    '-Wno-embedded-directive',
+    '-Wold-style-definition',
+    '-Wredundant-decls',
+    '-Wreturn-type',
+    '-Wstrict-prototypes',
+    '-Wswitch-enum',
+    '-Wtrampolines', # may require executable stack which is disabled
+    '-Wvla', # VLAs are not supported by MSVC
+    '-Wwrite-strings',
+    '-fdiagnostics-show-option',
+    '-fno-strict-overflow',
+    '-fstrict-aliasing',
+  ]
+endif
+
 if opt_static.auto()
   static = os_name == 'windows'
 else
@@ -74,26 +106,15 @@ if opt_harden
   else
     cc_flags += [
       '-D_FORTIFY_SOURCE=2',
-      '-fwrapv',
-      '-fno-strict-overflow',
-      '-Wreturn-type',
-      '-Wold-style-definition',
-      '-Wmissing-declarations',
-      '-Wmissing-prototypes',
-      '-Wstrict-prototypes',
-      '-Wredundant-decls',
-      '-Wbad-function-cast',
-      '-Wwrite-strings',
-      '-fdiagnostics-show-option',
-      '-fstrict-aliasing',
-      '-Wmissing-noreturn',
+      '-fcf-protection=full',
+      '-fstack-protector-strong',
     ]
-    if cc_name == 'clang'
-      cc_flags += '-Qunused-arguments'
-    endif
-    ld_flags += ['-Wl,-z,relro', '-Wl,-z,now']
+    ld_flags += ['-Wl,-z,relro', '-Wl,-z,now', '-Wl,-z,noexecstack']
     if os_name == 'windows'
       ld_flags += ['-Wl,--dynamicbase', '-Wl,--nxcompat']
+    else
+      # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90458
+      cc_flags += '-fstack-clash-protection'
     endif
   endif
 endif
@@ -138,7 +159,23 @@ if os_name == 'linux' and not opt_systemd.disabled()
   subdir('systemd')
 endif
 
-run_target('reformat', command: [
-  find_program('python3'),
-  '@SOURCE_ROOT@/reformat.py',
-])
+if python.found()
+  run_target('reformat', command: [
+    python,
+    '@SOURCE_ROOT@/lint.py',
+    '--fix',
+  ])
+
+  run_target('lint', command: [
+    python,
+    '@SOURCE_ROOT@/lint.py',
+  ])
+endif
+
+if meson_version.version_compare('>=0.53')
+  summary({
+    'prefix': prefix,
+    'sandbox': cdata.has('HAVE_SANDBOX'),
+    'watchdog': cdata.has('HAVE_WATCHDOG'),
+  }, bool_yn: true, section: 'System')
+endif