Some tests - for example test-fmt-ops - are compute heavy. Since tests
in non-x86 builds are run inside qemu, they can be significantly slower,
exceeding the default 30 second timeout.
So set the timeout multiplier to 2 to allow for slower execution.
Debian supports many architectures, and it is relatively easy to work
with multiarch packages, and finally `meson env2mfile` supports
generating cross files with the `--debarch` option.
Previously only native builds were done in the CI, so use debian to
build pipewire for multiple architectures.
Some packages are unfortunately not multiarch compatible, so a separate
container is built for every architecture.
Fairly minimal for now to save time, but we can add more deps and cover
more code as needed. We don't test or install as this isn't a native
build and we just want to make sure it builds for now.
Use `needs` to specify job dependencies explicitly instead of relying on
stages for ordering. This allows jobs from multiple stages to run concurrently
without having to wait for unrelated jobs in earlier stages.
See https://docs.gitlab.com/ci/yaml/#needs for more information.
The `build_all` job enables most features, including the ebur128
filter-graph plugin. However, the dependency is currently not
installed, which leads to meson failing to set up the build.
Fixes: df271d13f3 ("filter-chain: add ebur128 filter")
Latest alpine has gstreamer 1.24, which we should be compiling against because
the DMA_DRM code paths are not compiled with older versions. Unfortunately,
this is yet not in fedora 40.
Latest fedora is bumped just because. We should always test against latest
fedora and the previous ubuntu LTS, to make sure we support a relatively wide
range of system versions.
Add options to change the 'prefix' and 'sysconfdir' values shown in
documentation, e.g. on config file man pages.
Update CI to set them, so that its produced output doesn't show
/builds/pipewire/... on man pages
SNAP containers have two main "audio" security rules:
* audio-playback: the applications inside the container can
send audio samples into a sink
* audio-record: the applications inside the container can
get audio samples from a source
Also, old SNAP containers had the "pulseaudio" rule, which just
exposed the pulseaudio socket directly, without limits. This
is similar to the current Flatpak audio permissions.
In the pulseaudio days, a specific pulseaudio module was used
that checked the permissions given to the application and
allowed or forbade access to the pulseaudio operations.
With the change to pipewire, this functionality must be
implemented in pipewire-pulse to guarantee the sandbox
security.
This patch adds support for sandboxing permissions in the
pulseaudio module, and implements support for the SNAP audio
security model, thus forbiding a SNAP application to record
audio unless it has permissions to do so.
The current code for pipewire-pulseaudio checks the permissions
of the snap and adds three properties to each new client:
* pipewire.snap.id: contains the Snap ID of the client.
* pipewire.snap.audio.playback: its value is 'true' if the client
has permission to play audio, or 'false' if not.
* pipewire.snap.audio.record: its value is 'true' if the client
has permission to record audio, or 'false' if not.
These properties must be processed by wireplumber to add or
remove access permissions to the corresponding nodes. That
code is available in a separate patch: https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
Change the shellcheck job so that we configure the build and check the
preprocessed versions of the scripts, not the bare ones, which might not
be syntactically valid yet.
The Ubuntu image needs a rebuild, because there's already an image with that
same version which lacks meson. And likewise Fedora needs a rebuild, because
we still need python3-pip for two sub-images and this is (probably) the least
bad way to deal with that.
Signed-off-by: Niklāvs Koļesņikovs <89q1r14hd@relay.firefox.com>
According to gkiagia Fedora 37 is a better choice, because it's newer and its
compatibility with Coverity has been verified by WirePlumber's CI setup already.
Therefore upgrading the CI image to F37 should be safe.
Also fixed a typo in a previous commit's comment introduced by autocompletion.
Signed-off-by: Niklāvs Koļesņikovs <89q1r14hd@relay.firefox.com>
Back when it was added, the latest stable version was used. So it makes sense
to keep using using the latest stable image, which is now 3.17.
Signed-off-by: Niklāvs Koļesņikovs <89q1r14hd@relay.firefox.com>
