WIP: add meson build system

[elmarco]

I used Claude Code for the initial project scaffolding, but it struggled with tests and SELinux (and I struggled too, I even went down the rabbit hole and worked on proper SELinux integration in meson, although perhaps I need to revise my approach)

There is still some tests failing. Obviously testing/reviewing required.

TODO: installed-tests

[elmarco]

@stefanberger any idea what might be wrong?

=================================== 50/70 ====================================
test:         swtpm:tpm2 / test_tpm2_swtpm_setup_overwrite
start time:   14:13:52 
duration:     0.04s
result:       exit status 1
command:      MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MESON_TEST_ITERATION=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=225 abs_top_builddir=/home/elmarco/src/swtpm/builddir abs_top_srcdir=/home/elmarco/src/swtpm abs_top_testdir=/home/elmarco/src/swtpm/tests LD_LIBRARY_PATH=/home/elmarco/src/swtpm/builddir/src/swtpm /home/elmarco/src/swtpm/tests/test_tpm2_swtpm_setup_overwrite
----------------------------------- stdout -----------------------------------
Test 1 passed
TPM is listening on Unix socket.
Test 2 failed: Error: Could not run /home/elmarco/src/swtpm/builddir/src/swtpm_setup/swtpm_setup.
Setup Logfile:
Starting vTPM manufacturing as elmarco:elmarco @ Sun 10 Aug 2025 06:13:52 PM +04
Apply profile: {"Name": "default-v1"} 
Warning: Profile-enabled algorithms contain disabled 'RSA-1024-sign(SHA1, pkcs1-pss)'
Warning: Setting OPENSSL_ENABLE_SHA1_SIGNATURES=1
Active profile: {"Name":"default-v1","StateFormatLevel":7,"Commands":"0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197,0x199-0x19c","Algorithms":"rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,ecc-sm2-p256,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb","Description":"This profile enables all libtpms v0.10-supported commands and algorithms. This profile is compatible with libtpms >= v0.10."}
No PCR banks could be allocated. None of the selected algorithms are supported.  
An error occurred. Authoring the TPM state failed.
Error getting next filename: No child processes
Ending vTPM manufacturing @ Sun 10 Aug 2025 06:13:52 PM +04
==============================================================================

[stefanberger]

Is this supported?

DEFAULT_PCR_BANKS="sha256"
AC_ARG_ENABLE([default-pcr-banks],
              AS_HELP_STRING(
                  [--enable-default-pcr-banks=list of PCR banks],
                  [Have swtpm_setup activate the given PCR banks by default;
                  default is sha256]
              ),
              [],
              []
)

[elmarco]

Is this supported?

DEFAULT_PCR_BANKS="sha256"

yes, this was related, it was was defining it with extra quotes. thanks!

[stefanberger]

I would expect errors from this because shellcheck needs to sometimes see source'd scripts as well. Therefore, collecting all of them in a command line and invoking shellcheck once with all of them would probably lead to better results.

[elmarco]

-x does that. Passing the file list from meson is tricky, because it doesn't change cwd and use absolute paths. Trying to split the run_target() in the various directories is also complicated, because you can't make dependencies between them.. I found this trade-off, seems to pass (and also run on previously unchecked scripts)

[stefanberger]

split off in separate patch?

[stefanberger]

split off in separate patch?