Add options to change the 'prefix' and 'sysconfdir' values shown in
documentation, e.g. on config file man pages.
Update CI to set them, so that its produced output doesn't show
/builds/pipewire/... on man pages
SNAP containers have two main "audio" security rules:
* audio-playback: the applications inside the container can
send audio samples into a sink
* audio-record: the applications inside the container can
get audio samples from a source
Also, old SNAP containers had the "pulseaudio" rule, which just
exposed the pulseaudio socket directly, without limits. This
is similar to the current Flatpak audio permissions.
In the pulseaudio days, a specific pulseaudio module was used
that checked the permissions given to the application and
allowed or forbade access to the pulseaudio operations.
With the change to pipewire, this functionality must be
implemented in pipewire-pulse to guarantee the sandbox
security.
This patch adds support for sandboxing permissions in the
pulseaudio module, and implements support for the SNAP audio
security model, thus forbiding a SNAP application to record
audio unless it has permissions to do so.
The current code for pipewire-pulseaudio checks the permissions
of the snap and adds three properties to each new client:
* pipewire.snap.id: contains the Snap ID of the client.
* pipewire.snap.audio.playback: its value is 'true' if the client
has permission to play audio, or 'false' if not.
* pipewire.snap.audio.record: its value is 'true' if the client
has permission to record audio, or 'false' if not.
These properties must be processed by wireplumber to add or
remove access permissions to the corresponding nodes. That
code is available in a separate patch: https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
Change the shellcheck job so that we configure the build and check the
preprocessed versions of the scripts, not the bare ones, which might not
be syntactically valid yet.
The Ubuntu image needs a rebuild, because there's already an image with that
same version which lacks meson. And likewise Fedora needs a rebuild, because
we still need python3-pip for two sub-images and this is (probably) the least
bad way to deal with that.
Signed-off-by: Niklāvs Koļesņikovs <89q1r14hd@relay.firefox.com>
According to gkiagia Fedora 37 is a better choice, because it's newer and its
compatibility with Coverity has been verified by WirePlumber's CI setup already.
Therefore upgrading the CI image to F37 should be safe.
Also fixed a typo in a previous commit's comment introduced by autocompletion.
Signed-off-by: Niklāvs Koļesņikovs <89q1r14hd@relay.firefox.com>
Back when it was added, the latest stable version was used. So it makes sense
to keep using using the latest stable image, which is now 3.17.
Signed-off-by: Niklāvs Koļesņikovs <89q1r14hd@relay.firefox.com>
meson prints the following warning:
WARNING: Running the setup command as `meson [options]` instead
of `meson setup [options]` is ambiguous and deprecated.
SOFA is a file format used for storing and accessing spatial audio data, namely head-related transfer functions. These can be used to create binaural spatial sound using head- or earphones.
This commit introduces libmysofa as an optional dependency for loading SOFA files and creates a spatializer plugin for the filter-chain
ci: install libmysofa-devel for full build
ci: bump FDO_DISTRIBUTION_TAG
...except in the build_session_managers job.
This decouples pipewire's CI from wireplumber's dependencies
and potential failures. The build_session_managers job is supposed
to catch session manager integration errors, not any other job.
This should catch any potential issues with conflicting options, missing
libraries, etc.
We need to disable aptx and roc because Fedora doesn't ship those
libraries, and we disable libcamera because it's a moving target and
shouldn't hold up the pipeline.
We allow those jobs to fail so a theoretical issue in the session
managers doesn't prevent our pipeline from completing.
The failure could however be due to our integration of the session
managers, so failures should still be inspected nonetheless.