CMake: Add sandboxing support.
This commit is contained in:
parent
2e2cd11535
commit
3f53870c24
|
@ -10,7 +10,6 @@
|
||||||
# On some platforms this builds also xz and xzdec, but these are
|
# On some platforms this builds also xz and xzdec, but these are
|
||||||
# highly experimental and meant for testing only:
|
# highly experimental and meant for testing only:
|
||||||
# - No large file support on those 32-bit platforms that need it
|
# - No large file support on those 32-bit platforms that need it
|
||||||
# - No sandboxing support
|
|
||||||
# - No translations
|
# - No translations
|
||||||
#
|
#
|
||||||
# Other missing things:
|
# Other missing things:
|
||||||
|
@ -1241,6 +1240,55 @@ if(NOT MSVC OR MSVC_VERSION GREATER_EQUAL 1900)
|
||||||
endif()
|
endif()
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
|
# Sandboxing:
|
||||||
|
# ON Use sandboxing if a supported method is available in the OS.
|
||||||
|
# OFF Disable sandboxing.
|
||||||
|
# capsicum Require Capsicum (FreeBSD >= 10.2) and fail if not found.
|
||||||
|
# pledge Require pledge(2) (OpenBSD >= 5.9) and fail if not found.
|
||||||
|
set(SUPPORTED_SANDBOX_METHODS ON OFF capsicum pledge)
|
||||||
|
|
||||||
|
set(ENABLE_SANDBOX ON CACHE STRING "Sandboxing method to use in 'xz'")
|
||||||
|
|
||||||
|
set_property(CACHE ENABLE_SANDBOX
|
||||||
|
PROPERTY STRINGS "${SUPPORTED_SANDBOX_METHODS}")
|
||||||
|
|
||||||
|
if(NOT ENABLE_SANDBOX IN_LIST SUPPORTED_SANDBOX_METHODS)
|
||||||
|
message(FATAL_ERROR "'${ENABLE_SANDBOX}' is not a supported "
|
||||||
|
"sandboxing method")
|
||||||
|
endif()
|
||||||
|
|
||||||
|
# When autodetecting, the search order is fixed and we must not find
|
||||||
|
# more than one method.
|
||||||
|
if(ENABLE_SANDBOX STREQUAL "OFF")
|
||||||
|
set(SANDBOX_FOUND ON)
|
||||||
|
else()
|
||||||
|
set(SANDBOX_FOUND OFF)
|
||||||
|
endif()
|
||||||
|
|
||||||
|
# Sandboxing: Capsicum
|
||||||
|
if(NOT SANDBOX_FOUND AND ENABLE_SANDBOX MATCHES "^ON$|^capsicum$")
|
||||||
|
check_symbol_exists(cap_rights_limit sys/capsicum.h
|
||||||
|
HAVE_CAP_RIGHTS_LIMIT)
|
||||||
|
if(HAVE_CAP_RIGHTS_LIMIT)
|
||||||
|
target_compile_definitions(xz PRIVATE HAVE_CAP_RIGHTS_LIMIT)
|
||||||
|
set(SANDBOX_FOUND ON)
|
||||||
|
endif()
|
||||||
|
endif()
|
||||||
|
|
||||||
|
# Sandboxing: pledge(2)
|
||||||
|
if(NOT SANDBOX_FOUND AND ENABLE_SANDBOX MATCHES "^ON$|^pledge$")
|
||||||
|
check_symbol_exists(pledge unistd.h HAVE_PLEDGE)
|
||||||
|
if(HAVE_PLEDGE)
|
||||||
|
target_compile_definitions(xz PRIVATE HAVE_PLEDGE)
|
||||||
|
set(SANDBOX_FOUND ON)
|
||||||
|
endif()
|
||||||
|
endif()
|
||||||
|
|
||||||
|
if(NOT SANDBOX_FOUND AND NOT ENABLE_SANDBOX MATCHES "^ON$|^OFF$")
|
||||||
|
message(SEND_ERROR "ENABLE_SANDBOX=${ENABLE_SANDBOX} was used but "
|
||||||
|
"support for the sandboxing method wasn't found.")
|
||||||
|
endif()
|
||||||
|
|
||||||
install(TARGETS xz
|
install(TARGETS xz
|
||||||
RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}"
|
RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}"
|
||||||
COMPONENT xz)
|
COMPONENT xz)
|
||||||
|
|
Loading…
Reference in New Issue