Convert build system to meson

Some notes about the new build systems:
- I don't fully understand the testing system, but I think I understood
  it well enough to implement an equivalent one.
- use_seccomp could be replaced by detecting seccomp support at runtime
  (without support, Linux returns -EINVAL in include/linux/seccomp.h)
- The fuzzing test is broken and seems to have been for a while (see
  commit 67f3ba64c91b5e1ac9fbbd0bc039fb8ca653cae1, it fails to fuzz on
  my machine)
- make-tarball.sh has been replaced with meson dist - hopefully this
  works. meson dist should also call seccomp-bpf.c to update
  seccomp-bpf.h

Signed-off-by: Arsen Arsenović <arsen@aarsen.me>
Signed-off-by: Sam James <sam@gentoo.org>

28 files changed, 295 insertions, 769 deletions

diff --git a/.depend b/.depend
deleted file mode 100644
index aab4f89..0000000
--- a/.depend
+++ /dev/null
@@ -1,18 +0,0 @@
-paxelf.o: paxelf.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \
- macho.h paxmacho.h
-paxmacho.o: paxmacho.c paxinc.h porting.h elf.h xfuncs.h security.h \
- paxelf.h macho.h paxmacho.h
-paxinc.o: paxinc.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \
- macho.h paxmacho.h
-security.o: security.c paxinc.h porting.h elf.h xfuncs.h security.h \
- paxelf.h macho.h paxmacho.h seccomp-bpf.h
-xfuncs.o: xfuncs.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \
- macho.h paxmacho.h
-scanelf.o: scanelf.c paxinc.h porting.h elf.h xfuncs.h security.h \
- paxelf.h macho.h paxmacho.h
-dumpelf.o: dumpelf.c paxinc.h porting.h elf.h xfuncs.h security.h \
- paxelf.h macho.h paxmacho.h
-pspax.o: pspax.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \
- macho.h paxmacho.h
-scanmacho.o: scanmacho.c paxinc.h porting.h elf.h xfuncs.h security.h \
- paxelf.h macho.h paxmacho.h
diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml
index 1b69cc6..04d6fc5 100644
--- a/.github/workflows/build-test-ci.yml
+++ b/.github/workflows/build-test-ci.yml
@@ -22,39 +22,23 @@ jobs:
       CC: ${{ matrix.cc }}
     steps:
     - name: Install dependencies
-      run: sudo apt-get update && sudo apt-get install -y python3-pyelftools
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y python3-pyelftools python3-pip \
+                                libcap-dev libseccomp-dev ninja-build
+        sudo pip3 install meson
     - uses: actions/checkout@v2
-    # Hack up the man pages as installing xmlto is very expensive.
-    # We'll test this in the autotools builder instead.
-    - name: Hack man pages
-      run: echo man/*.docbook | sed s:docbook:1:g | xargs touch
-    - run: make
-    - run: make check
-    - run: make install DESTDIR="${PWD}/root/"
-    - run: make debug
-    - run: make check
-
-  autotools-distcheck-linux:
-    strategy:
-      matrix:
-        os: [ubuntu-latest]
-        cc: [gcc, clang]
-    runs-on: ${{ matrix.os }}
-    env:
-      CC: ${{ matrix.cc }}
-    steps:
-    - name: Install dependencies
-      run: sudo apt-get update && sudo apt-get install -y python3-pyelftools xmlto
-    - name: Checkout gnulib
-      uses: actions/checkout@v2
-      with:
-        repository: coreutils/gnulib
-        path: gnulib
-    - run: mv gnulib ..
-    - uses: actions/checkout@v2
-    - run: make distcheck SHELL_TRACE=-x PV=git PATH="${PWD}/../gnulib:${PATH}"
+    - run: |
+        meson -Duse_libcap=enabled \
+              -Duse_seccomp=true \
+              -Dbuild_manpages=disabled \
+              -Dtests=true \
+              -Duse_fuzzing=true \
+              build
+        ninja -C build
+        ninja -C build test
 
-  autotools-build-macos:
+  build-macos:
     strategy:
       matrix:
         os: [macos-latest]
@@ -64,22 +48,16 @@ jobs:
       CC: ${{ matrix.cc }}
     steps:
     - name: Install dependencies
-      run: brew install autoconf automake docbook libtool xmlto xz
-    - name: Checkout gnulib
-      uses: actions/checkout@v2
-      with:
-        repository: coreutils/gnulib
-        path: gnulib
-    - run: mv gnulib ..
+      run: brew install meson ninja
     - uses: actions/checkout@v2
-    # We don't run the whole distcheck flow because we don't want or need to
-    # rebuild the tarball, and that flow also runs the basic Linux+make which
-    # blows up wonderfully everywhere else.
-    - run: make autotools SHELL_TRACE=-x
-    - run: ./configure
-    - run: make
-    # The unittests generally assume a Linux ELF host, so don't bother making
-    # sure they pass on macOS.  Run them out of morbid curiosity I guess.
     - run: |
-        make -k check || :
-    - run: make install DESTDIR="${PWD}/root/"
+        meson -Duse_libcap=disabled \
+              -Duse_seccomp=false \
+              -Dbuild_manpages=disabled \
+              -Dtests=true \
+              -Duse_fuzzing=true \
+              build
+        ninja -C build
+        # The unittests generally assume a Linux ELF host, so don't bother making
+        # sure they pass on macOS.  Run them out of morbid curiosity I guess.
+        ninja -kC build test ||:
diff --git a/Makefile b/Makefile
deleted file mode 100644
index 2585933..0000000
--- a/Makefile
+++ /dev/null
@@ -1,224 +0,0 @@
-# Copyright 2003-2006 Ned Ludd <solar@linbsd.net>
-# Distributed under the terms of the GNU General Public License v2
-####################################################################
-
-check_compiler = \
-	$(shell if $(CC) $(WUNKNOWN) $(1) -S -o /dev/null -xc /dev/null >/dev/null 2>&1; \
-	then echo "$(1)"; else echo "$(2)"; fi)
-check_compiler_many = $(foreach flag,$(1),$(call check_compiler,$(flag)))
-
-####################################################################
-# Avoid CC overhead when installing
-ifneq ($(MAKECMDGOALS),install)
-WUNKNOWN  := $(call check_compiler,-Werror=unknown-warning-option)
-_WFLAGS   := \
-	-Wdeclaration-after-statement \
-	-Wextra \
-	-Wsequence-point \
-	-Wstrict-overflow \
-	-Wmisleading-indentation
-WFLAGS    := -Wall -Wunused -Wimplicit -Wshadow -Wformat=2 \
-             -Wmissing-declarations -Wmissing-prototypes -Wwrite-strings \
-             -Wbad-function-cast -Wnested-externs -Wcomment -Winline \
-             -Wchar-subscripts -Wcast-align -Wno-format-nonliteral \
-             $(call check_compiler_many,$(_WFLAGS))
-endif
-
-CFLAGS    ?= -O2 -pipe
-override CPPFLAGS  += -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
-LDFLAGS   +=
-LIBS      :=
-DESTDIR    =
-PREFIX     = $(DESTDIR)/usr
-DATADIR    = $(PREFIX)/share
-MANDIR     = $(DATADIR)/man
-DOCDIR     = $(DATADIR)/doc
-PKGDOCDIR  = $(DOCDIR)/pax-utils
-STRIP     := strip
-MKDIR     := mkdir -p
-INS_EXE   := install -m755
-INS_DATA  := install -m644
-
-PKG_CONFIG ?= pkg-config
-
-ifeq ($(USE_CAP),yes)
-LIBCAPS_CFLAGS := $(shell $(PKG_CONFIG) --cflags libcap)
-LIBCAPS_LIBS   := $(shell $(PKG_CONFIG) --libs libcap)
-CPPFLAGS-pspax.c += $(LIBCAPS_CFLAGS) -DWANT_SYSCAP
-LIBS-pspax       += $(LIBCAPS_LIBS)
-endif
-
-ifeq ($(USE_DEBUG),yes)
-override CPPFLAGS += -DEBUG
-endif
-
-ifeq ($(BUILD_USE_SECCOMP),yes)
-LIBSECCOMP_CFLAGS := $(shell $(PKG_CONFIG) --cflags libseccomp)
-LIBSECCOMP_LIBS   := $(shell $(PKG_CONFIG) --libs libseccomp)
-override CPPFLAGS += $(LIBSECCOMP_CFLAGS) -DWANT_SECCOMP
-LIBS-seccomp-bpf  += $(LIBSECCOMP_LIBS)
-endif
-ifeq ($(USE_SECCOMP),yes)
-override CPPFLAGS += -DWANT_SECCOMP
-endif
-
-ifdef PV
-override CPPFLAGS  += -DVERSION=\"$(PV)\"
-else
-VCSID     := $(shell git describe --tags HEAD)
-endif
-override CPPFLAGS  += -DVCSID='"$(VCSID)"'
-
-####################################################################
-ELF_TARGETS  = scanelf dumpelf $(shell $(CC) -dM -E - </dev/null | grep -q __svr4__ || echo pspax)
-ELF_OBJS     = paxelf.o paxldso.o
-MACH_TARGETS = scanmacho
-MACH_OBJS    = paxmacho.o
-COMMON_OBJS  = paxinc.o security.o xfuncs.o
-BUILD_OBJS   = $(filter-out security.o,$(COMMON_OBJS))
-TARGETS      = $(ELF_TARGETS) $(MACH_TARGETS)
-TARGETS_OBJS = $(TARGETS:%=%.o)
-BUILD_TARGETS= seccomp-bpf
-SCRIPTS_SH   = lddtree symtree
-SCRIPTS_PY   = lddtree
-_OBJS        = $(ELF_OBJS) $(MACH_OBJS) $(COMMON_OBJS)
-OBJS         = $(_OBJS) $(TARGETS_OBJS)
-# Not all objects support this hack.  Otherwise we'd use $(_OBJS:%.o=%)
-OBJS_TARGETS = paxldso
-MPAGES       = $(TARGETS:%=man/%.1)
-SOURCES      = $(OBJS:%.o=%.c)
-
-all: $(TARGETS)
-	@:
-
-all-dev: all $(OBJS_TARGETS)
-	@:
-
-DEBUG_FLAGS = \
-	-nopie \
-	-fsanitize=address \
-	-fsanitize=leak \
-	-fsanitize=undefined
-debug: clean
-	$(MAKE) CFLAGS="$(CFLAGS) -g3 -ggdb $(call check_compiler_many,$(DEBUG_FLAGS))" all-dev
-	@-chpax  -permsx $(ELF_TARGETS)
-	@-paxctl -permsx $(ELF_TARGETS)
-
-analyze: clean
-	scan-build $(MAKE) all
-
-fuzz:
-	@echo "Pick a fuzzer backend:"
-	@echo "$$ make afl-fuzz"
-	@echo "$$ make libfuzzer"
-	@false
-
-afl-fuzz: clean
-	$(MAKE) AFL_HARDEN=1 CC=afl-gcc all
-	@rm -rf findings
-	@printf '\nNow run:\n%s\n' \
-		"afl-fuzz -t 100 -i tests/fuzz/small/ -o findings/ ./scanelf -s '*' -axetrnibSDIYZB @@"
-
-# Not all objects support libfuzzer.
-LIBFUZZER_TARGETS = dumpelf
-LIBFUZZER_FLAGS = \
-	-fsanitize=fuzzer \
-	-fsanitize-coverage=edge
-libfuzzer: clean
-	$(MAKE) \
-		CC="clang" \
-		CFLAGS="-g3 -ggdb $(call check_compiler_many,$(DEBUG_FLAGS)) $(LIBFUZZER_FLAGS)" \
-		CPPFLAGS="-DPAX_UTILS_LIBFUZZ=1" \
-		$(LIBFUZZER_TARGETS)
-
-compile.c = $(CC) $(CFLAGS) $(CPPFLAGS) $(CPPFLAGS-$<) -o $@ -c $<
-
-ifeq ($(V),)
-Q := @
-else
-Q :=
-endif
-%.o: %.c
-ifeq ($(V),)
-	@echo $(compile.c)
-endif
-	$(Q)$(compile.c) $(WFLAGS)
-
-LINK = $(CC) $(CFLAGS) $(LDFLAGS) $^ -o $@ $(LIBS) $(LIBS-$@)
-
-$(BUILD_TARGETS): %: $(BUILD_OBJS) %.o; $(LINK)
-$(ELF_TARGETS): %: $(ELF_OBJS) $(COMMON_OBJS) %.o; $(LINK)
-$(MACH_TARGETS): %: $(MACH_OBJS) $(COMMON_OBJS) %.o; $(LINK)
-
-$(OBJS_TARGETS): %: $(_OBJS) %.c
-	$(CC) $(CFLAGS) $(CPPFLAGS) -DMAIN $(LDFLAGS) $(filter-out $@.o,$^) -o $@ $(LIBS) $(LIBS-$@)
-
-seccomp-bpf.h: seccomp-bpf.c
-	$(MAKE) BUILD_USE_SECCOMP=yes seccomp-bpf
-	./seccomp-bpf > $@
-
-depend:
-	$(CC) $(CFLAGS) -MM $(SOURCES) > .depend
-
-clean:
-	-rm -f $(OBJS) $(TARGETS) $(OBJS_TARGETS) $(BUILD_TARGETS)
-
-distclean: clean
-	-rm -f *~ core *.o
-	-cd man && $(MAKE) clean
-strip: all
-	$(STRIP) $(TARGETS)
-strip-more:
-	$(STRIP) --strip-unneeded $(TARGETS)
-
-install: all
-	$(MKDIR) $(PREFIX)/bin/ $(MANDIR)/man1/ $(PKGDOCDIR)/
-	for sh in $(SCRIPTS_SH) ; do $(INS_EXE) $$sh.sh $(PREFIX)/bin/$$sh || exit $$? ; done
-ifneq ($(USE_PYTHON),no)
-	for py in $(SCRIPTS_PY) ; do $(INS_EXE) $$py.py $(PREFIX)/bin/$$py || exit $$? ; done
-endif
-	$(INS_EXE) $(TARGETS) $(PREFIX)/bin/
-	$(INS_DATA) README.md BUGS TODO $(PKGDOCDIR)/
-	$(INS_DATA) $(MPAGES) $(MANDIR)/man1/
-
-PN = pax-utils
-P = $(PN)-$(PV)
-dist:
-	./make-tarball.sh $(SHELL_TRACE) $(DISTCHECK) $(PV)
-distcheck:
-	$(MAKE) dist DISTCHECK=--check
-
--include .depend
-
-check test:
-	$(MAKE) -C tests
-
-.PHONY: all check clean dist install test
-
-#
-# All logic related to autotools is below here
-#
-GEN_MARK_START = \# @@@ GEN START @@@ \#
-GEN_MARK_END   = \# @@@ GEN END @@@ \#
-EXTRA_DIST     = $(shell git ls-files | grep -v -E '^(\.github|travis)/')
-autotools-update:
-	$(MAKE) -C man -j
-	sed -i.tmp '/^$(GEN_MARK_START)$$/,/^$(GEN_MARK_END)$$/d' Makefile.am
-	@rm -f Makefile.am.tmp
-	( \
-		echo "$(GEN_MARK_START)"; \
-		printf 'dist_man_MANS +='; \
-		printf ' \\\n\t%s' `printf '%s\n' man/*.1 | LC_ALL=C sort`; \
-		echo; \
-		printf 'EXTRA_DIST +='; \
-		printf ' \\\n\t%s' $(EXTRA_DIST); \
-		echo; \
-		echo "$(GEN_MARK_END)"; \
-	) >> Makefile.am
-autotools:
-ifeq ($(SKIP_AUTOTOOLS_UPDATE),)
-	$(MAKE) autotools-update
-endif
-	./autogen.sh $(SHELL_TRACE) --from=make
-
-.PHONY: autotools autotools-update _autotools-update
diff --git a/Makefile.am b/Makefile.am
deleted file mode 100644
index 2626b37..0000000
--- a/Makefile.am
+++ /dev/null
@@ -1,114 +0,0 @@
-ACLOCAL_AMFLAGS = -I autotools/m4
-
-SUBDIRS = autotools/gnulib
-
-AM_CPPFLAGS = \
-	-I$(top_builddir)/autotools/gnulib \
-	-I$(top_srcdir)/autotools/gnulib
-
-noinst_LTLIBRARIES = libpaxutils.la
-libpaxutils_la_LDFLAGS = -no-undefined
-libpaxutils_la_SOURCES = \
-	paxelf.c \
-	paxinc.c \
-	paxldso.c \
-	paxmacho.c \
-	security.c \
-	xfuncs.c
-LDADD = libpaxutils.la $(top_builddir)/autotools/gnulib/libgnu.a $(LIB_EACCESS)
-
-bin_SCRIPTS = lddtree symtree
-bin_PROGRAMS = scanelf dumpelf pspax scanmacho
-CLEANFILES = $(bin_SCRIPTS)
-
-if USE_PYTHON
-lddtree: lddtree.py
-else
-lddtree: lddtree.sh
-endif
-	cp $< $@
-
-symtree: symtree.sh
-	cp $< $@
-
-TMAKE = \
-	$(MAKE) -C $(abs_top_srcdir)/tests \
-		AUTOTOOLS=true \
-		abs_top_builddir="$(abs_top_builddir)" \
-		abs_top_srcdir="$(abs_top_srcdir)"
-check-hook:
-	$(TMAKE) check
-check: check-hook
-
-# Start off with base values which we append below
-dist_man_MANS =
-EXTRA_DIST = autotools/m4/gnulib-cache.m4
-
-# @@@ GEN START @@@ #
-dist_man_MANS += \
-	man/dumpelf.1 \
-	man/pspax.1 \
-	man/scanelf.1 \
-	man/scanmacho.1
-EXTRA_DIST += \
-	.depend \
-	.gitignore \
-	.pylintrc \
-	BUGS \
-	COPYING \
-	Makefile \
-	Makefile.am \
-	README.md \
-	TODO \
-	autogen.sh \
-	configure.ac \
-	dumpelf.c \
-	elf.h \
-	lddtree.py \
-	lddtree.sh \
-	macho.h \
-	make-tarball.sh \
-	man/Makefile \
-	man/custom.xsl \
-	man/dumpelf.docbook \
-	man/fragment/date \
-	man/fragment/reftail \
-	man/fragment/version \
-	man/pax-utils.docbook \
-	man/pspax.docbook \
-	man/scanelf.docbook \
-	man/scanmacho.docbook \
-	paxelf.c \
-	paxelf.h \
-	paxinc.c \
-	paxinc.h \
-	paxldso.c \
-	paxldso.h \
-	paxmacho.c \
-	paxmacho.h \
-	porting.h \
-	pspax.c \
-	pylint \
-	scanelf.c \
-	scanmacho.c \
-	seccomp-bpf.c \
-	seccomp-bpf.h \
-	security.c \
-	security.h \
-	symtree.sh \
-	tests/Makefile \
-	tests/lddtree/Makefile \
-	tests/lddtree/dotest-cmp \
-	tests/lddtree/dotest-py \
-	tests/lddtree/dotest-sfx \
-	tests/lddtree/dotest-sh \
-	tests/lib.sh \
-	tests/scanelf/Makefile \
-	tests/scanelf/dotest \
-	tests/scanelf/scanelf.simple.good \
-	tests/source/Makefile \
-	tests/source/dotest \
-	tests/source/space \
-	xfuncs.c \
-	xfuncs.h
-# @@@ GEN END @@@ #
diff --git a/autogen.sh b/autogen.sh
deleted file mode 100755
index 734596a..0000000
--- a/autogen.sh
+++ /dev/null
@@ -1,94 +0,0 @@
-#!/bin/bash -e
-
-# NB: This script is normally run in a GNU environment (e.g. Linux), but we also run it on other
-# systems (e.g. macOS) as part of our automated CI.  So a little care must be taken.
-
-cd "${0%/*}" || exit 1
-
-m4dir="autotools/m4"
-
-: ${MAKE:=make}
-
-FROM_TOOL=
-while [[ $# -gt 0 ]] ;do
-	case $1 in
-	--from=*) FROM_TOOL=${1#*=};;
-	-x|--debug) set -x;;
-	*) break;;
-	esac
-	shift
-done
-
-if [[ $# -ne 0 ]] ; then
-	echo "Usage: $0" >&2
-	exit 1
-fi
-
-rm -rf autotools
-if [[ ${FROM_TOOL} != "make" ]] ; then
-	${MAKE} autotools-update
-fi
-
-# reload the gnulib code if possible
-PATH="${PWD}/gnulib:${PWD}/../gnulib:/usr/local/src/gnu/gnulib:${PATH}"
-mods="
-	alloca
-	euidaccess
-	faccessat
-	fdopendir
-	fstatat
-	futimens
-	getline
-	getopt-posix
-	mkdirat
-	openat
-	progname
-	readlinkat
-	renameat
-	stat-time
-	stpcpy
-	strcasestr-simple
-	strncat
-	symlinkat
-	sys_stat
-	unlinkat
-	utimensat
-	vasprintf-posix
-"
-gnulib-tool \
-	--source-base=autotools/gnulib --m4-base=autotools/m4 \
-	--import \
-	${mods}
-
-# not everyone has sys-devel/autoconf-archive installed
-tar xf travis/autotools.tar.xz
-has() { [[ " ${*:2} " == *" $1 "* ]] ; }
-import_ax() {
-	local macro content m4 lm4s=()
-	content=$(sed -e '/^[[:space:]]*#/d' -e 's:\<dnl\>.*::' "$@")
-	for macro in $(echo "${content}" | grep -o '\<AX[A-Z_]*\>' | sort -u) ; do
-		for m4 in $(grep -rl "\[${macro}\]" /usr/share/aclocal/) ; do
-			has ${m4} "${m4s[@]}" || lm4s+=( ${m4} )
-		done
-	done
-	if [[ ${#lm4s[@]} -gt 0 ]] ; then
-		cp -v `printf '%s\n' ${lm4s[@]} | sort -u` autotools/m4/
-		m4s+=( "${lm4s[@]}" )
-	fi
-}
-m4s=()
-import_ax configure.ac
-curr=1
-new=0
-while [[ ${curr} -ne ${new} ]] ; do
-	curr=${#m4s[@]}
-	import_ax autotools/m4/ax_*.m4
-	new=${#m4s[@]}
-done
-
-export AUTOMAKE="automake --foreign"
-autoreconf -i -f
-
-if [[ -x ./test.sh ]] ; then
-	exec ./test.sh "$@"
-fi
diff --git a/configure.ac b/configure.ac
deleted file mode 100644
index 9b96090..0000000
--- a/configure.ac
+++ /dev/null
@@ -1,72 +0,0 @@
-AC_PREREQ([2.65])
-AC_INIT([pax-utils], [git])
-AC_CONFIG_AUX_DIR([autotools])
-AM_INIT_AUTOMAKE([1.11 dist-xz no-dist-gzip silent-rules -Wall])
-AM_SILENT_RULES([yes]) # AM_INIT_AUTOMAKE([silent-rules]) is broken atm
-AC_CONFIG_HEADER([config.h])
-AC_CONFIG_MACRO_DIR([autotools/m4])
-
-AC_USE_SYSTEM_EXTENSIONS
-AC_PROG_CC_C99
-AM_PROG_CC_C_O
-AM_PROG_AR
-LT_INIT
-PKG_PROG_PKG_CONFIG
-
-gl_EARLY
-gl_INIT
-
-AC_ARG_WITH([caps], [AS_HELP_STRING([--with-caps], [build with capabilities])])
-AS_IF([test "x$with_caps" = "xyes"], [
-	PKG_CHECK_MODULES(LIBCAP, libcap)
-	CPPFLAGS="$CPPFLAGS $LIBCAP_CFLAGS -DWANT_SYSCAP"
-	LIBS="$LIBS $LIBCAP_LIBS"
-])
-
-AC_ARG_WITH([debug], [AS_HELP_STRING([--with-debug], [enable debug code])])
-AS_IF([test "x$with_debug" = "xyes"], [
-	CPPFLAGS="$CPPFLAGS -DEBUG"
-])
-
-AC_ARG_WITH([python], [AS_HELP_STRING([--with-python], [use lddtree.py])])
-AM_CONDITIONAL([USE_PYTHON], [test "x$with_python" = "xyes"])
-
-AC_ARG_WITH([seccomp], [AS_HELP_STRING([--with-seccomp], [build with seccomp])])
-AS_IF([test "x$with_seccomp" = "xyes"], [
-	CPPFLAGS="$CPPFLAGS -DWANT_SECCOMP"
-])
-
-AX_CFLAGS_WARN_ALL
-AC_DEFUN([PT_CHECK_CFLAG],[AX_CHECK_COMPILER_FLAGS([$1],[CFLAGS="$CFLAGS $1"])])
-m4_foreach_w([flag], [
-	-Wunused
-	-Wimplicit
-	-Wshadow
-	-Wformat=2
-	-Wmissing-declarations
-	-Wno-missing-prototypes
-	-Wwrite-strings
-	-Wbad-function-cast
-	-Wnested-externs
-	-Wcomment
-	-Winline
-	-Wchar-subscripts
-	-Wcast-align
-	-Wno-format-nonliteral
-	-Wsequence-point
-	-Wold-style-definition
-	-Wextra
-], [
-	AX_CHECK_COMPILE_FLAG(flag, AS_VAR_APPEND([CFLAGS], " flag"))
-])
-
-AC_CHECK_HEADERS_ONCE(m4_flatten([
-	linux/seccomp.h
-	linux/securebits.h
-]))
-
-AC_CONFIG_FILES([
-	Makefile
-	autotools/gnulib/Makefile
-])
-AC_OUTPUT
diff --git a/make-seccomp-filters.sh b/make-seccomp-filters.sh
new file mode 100755
index 0000000..124646a
--- /dev/null
+++ b/make-seccomp-filters.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -ufe
+>&2 echo THIS IS A DEVELOPER SCRIPT
+>&2 echo YOU DO NOT NEED TO RUN IT UNLESS YOU EDITED seccomp-bpf.c
+
+: "${CC:=gcc}"
+: "${CCFLAGS:=$(pkg-config --cflags --libs libseccomp)}"
+
+generator="$(mktemp)"
+trap 'rm "${generator}"' EXIT
+
+"${CC}" -o "${generator}" -D_GNU_SOURCE ${CCFLAGS} seccomp-bpf.c && \
+	"${generator}" > seccomp-bpf.h
diff --git a/make-tarball.sh b/make-tarball.sh
deleted file mode 100755
index 8f357b5..0000000
--- a/make-tarball.sh
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/bin/bash
-
-# NB: This script is expected to be run in a GNU environment (e.g. Linux).
-# So it is not written to be completely POSIX compliant.
-
-set -e
-
-einfo() { printf ' * %b\n' "$*"; }
-eerror() { einfo "$@" 1>&2; }
-die() { eerror "$@"; exit 1; }
-v() { printf '\t%s\n' "$*"; "$@"; }
-
-: ${MAKE:=make}
-
-CHECK=false
-while [[ $# -gt 0 ]] ;do
-	case $1 in
-	--check) CHECK=true;;
-	-x|--debug) set -x;;
-	*) break;;
-	esac
-	shift
-done
-
-if [[ $# -ne 1 ]] ; then
-	die "Usage: $0 <ver>"
-fi
-
-case $1 in
-snap) ver=$(date -u +%Y%m%d) ;;
-git) ver="HEAD" ;;
-*)
-	ver="v${1#v}"
-	if ! git describe --tags "${ver}" >&/dev/null ; then
-		die "Please create the tag first: git tag ${ver}"
-	fi
-	;;
-esac
-p="pax-utils-${ver#v}"
-
-rm -rf "${p}"
-mkdir "${p}"
-
-einfo "Checking out clean git sources ..."
-git archive "${ver}" | tar xf - -C "${p}"
-
-pushd "${p}" >/dev/null
-
-einfo "Building docs ..."
-echo "<releaseinfo>${ver#v}</releaseinfo>" > man/fragment/version
-make -C man
-
-einfo "Building autotools ..."
-sed -i "/^AC_INIT/s:git:${ver}:" configure.ac
-sed -i "1iPV := ${ver}" Makefile
-SKIP_AUTOTOOLS_UPDATE=true LC_ALL=C ${MAKE} -s autotools >/dev/null
-rm -rf autom4te.cache
-
-popd >/dev/null
-
-einfo "Generating tarball ..."
-# The archive is small enough that -6 & -9 produce the same size.
-tar cf - "${p}" | xz > "${p}".tar.xz
-rm -r "${p}"
-
-if ${CHECK} ; then
-
-einfo "Checking tarball (simple) ..."
-tar xf "${p}".tar.*
-pushd "${p}" >/dev/null
-v ${MAKE} -s
-v ${MAKE} -s check
-popd >/dev/null
-rm -rf "${p}"
-
-einfo "Checking tarball (autotools) ..."
-tar xf "${p}".tar.*
-pushd "${p}" >/dev/null
-v ./configure -q
-v ${MAKE} -s
-v ${MAKE} -s check
-popd >/dev/null
-rm -rf "${p}"
-
-fi
-
-echo
-einfo "All ready for distribution!"
-du -b "${p}".tar.*
-
-exit 0
diff --git a/man/Makefile b/man/Makefile
deleted file mode 100644
index 6f1f185..0000000
--- a/man/Makefile
+++ /dev/null
@@ -1,13 +0,0 @@
-all: man
-
-XMLTO_FLAGS_man = -x custom.xsl --skip-validation
-man pdf txt xhtml xhtml-nochunks:
-	@xmlto $@ $(XMLTO_FLAGS_$@) pax-utils.docbook || echo "If this failed, you probably need to emerge ~app-text/docbook-xml-dtd-4.4 app-text/xmlto dev-tex/xmltex"
-	@# scanelf.1 has funky indented lists ... hack it back
-	@sed -i.tmp 's:^[.]TP 4:.TP 2:' scanelf.1
-	@rm scanelf.1.tmp
-clean distclean:
-	rm -f *.1 *.html
-
-.PHONY: all clean distclean \
-        man pdf txt xhtml xhtml-nochunks
diff --git a/man/custom.xsl b/man/custom.xsl
index bf01b14..c1ab12d 100644
--- a/man/custom.xsl
+++ b/man/custom.xsl
@@ -12,8 +12,7 @@ xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
       <xsl:text>.sp -1&#10;</xsl:text>
       <xsl:text>.TP</xsl:text>
       <xsl:if test="not($list-indent = '')">
-        <xsl:text> </xsl:text>
-        <xsl:value-of select="$list-indent"/>
+        <xsl:text> 2</xsl:text>
       </xsl:if>
       <xsl:text>&#10;</xsl:text>
     </xsl:if>
diff --git a/man/fragment/date b/man/fragment/date
deleted file mode 100644
index e69de29..0000000
--- a/man/fragment/date
+++ /dev/null
diff --git a/man/fragment/version b/man/fragment/version
deleted file mode 100644
index 69ba922..0000000
--- a/man/fragment/version
+++ /dev/null
@@ -1 +0,0 @@
-<releaseinfo>git</releaseinfo>
diff --git a/man/meson.build b/man/meson.build
new file mode 100644
index 0000000..fc8d183
--- /dev/null
+++ b/man/meson.build
@@ -0,0 +1,37 @@
+xmlto = find_program('xmlto', required : get_option('build_manpages'))
+
+if not xmlto.found()
+  subdir_done()
+endif
+
+docbook_conf = configuration_data()
+docbook_conf.set('version', meson.project_version())
+docbook_conf.set('man_dir', meson.current_source_dir())
+
+book = configure_file(
+  input : 'pax-utils.docbook.in',
+  output : 'pax-utils.docbook',
+  configuration : docbook_conf
+)
+
+pages = [
+    'dumpelf.docbook', 'pspax.docbook', 'scanelf.docbook', 'scanmacho.docbook'
+]
+
+out_pages = []
+foreach page : pages
+  out_pages += page.replace('.docbook', '.1')
+endforeach
+
+custom_target('docbook_to_man',
+  command : [
+    xmlto, 'man', '-x', files('custom.xsl'), '--skip-validation', book,
+    '-o', meson.current_build_dir()
+  ],
+  input : [
+    'pax-utils.docbook.in', 'custom.xsl', 'fragment/reftail',
+  ] + pages,
+  output : out_pages,
+  install : true,
+  install_dir : get_option('mandir') / 'man1'
+)
diff --git a/man/pax-utils.docbook b/man/pax-utils.docbook.in
index 79e6c12..a8fd7df 100644
--- a/man/pax-utils.docbook
+++ b/man/pax-utils.docbook.in
@@ -2,16 +2,14 @@
 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
 	"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
 
-	<!ENTITY date SYSTEM "fragment/date">
-	<!ENTITY version SYSTEM "fragment/version">
-	<!ENTITY reftail SYSTEM "fragment/reftail">
+	<!ENTITY reftail SYSTEM "@man_dir@/fragment/reftail">
 
 	<!ENTITY project "pax-utils">
 
-	<!ENTITY dumpelf   SYSTEM   "dumpelf.docbook">
-	<!ENTITY pspax     SYSTEM     "pspax.docbook">
-	<!ENTITY scanelf   SYSTEM   "scanelf.docbook">
-	<!ENTITY scanmacho SYSTEM "scanmacho.docbook">
+	<!ENTITY dumpelf   SYSTEM   "@man_dir@/dumpelf.docbook">
+	<!ENTITY pspax     SYSTEM     "@man_dir@/pspax.docbook">
+	<!ENTITY scanelf   SYSTEM   "@man_dir@/scanelf.docbook">
+	<!ENTITY scanmacho SYSTEM "@man_dir@/scanmacho.docbook">
 ]>
 
 <book id="pax-utils" lang="en">
@@ -40,8 +38,7 @@
   </author>
  </authorgroup>
 
- &version;
- &date;
+ <releaseinfo>@version@</releaseinfo>
 </bookinfo>
 
 &dumpelf;
diff --git a/meson.build b/meson.build
new file mode 100644
index 0000000..6a5dd66
--- /dev/null
+++ b/meson.build
@@ -0,0 +1,169 @@
+project('pax-utils', 'c',
+  version : '1.3.5-pre',
+  license : 'GPL-2.0-only',
+  default_options : [
+    'warning_level=2',
+    'c_std=gnu11',
+  ],
+)
+
+cc = meson.get_compiler('c')
+
+libcap = dependency('libcap', required : get_option('use_libcap'))
+if libcap.found()
+  add_project_arguments('-DWANT_SYSCAP', language : 'c')
+endif
+
+if get_option('use_seccomp')
+  add_project_arguments('-DWANT_SECCOMP', language : 'c')
+endif
+
+if get_option('buildtype') in ['debug', 'debugoptimized']
+  add_project_arguments('-DEBUG', language : 'c')
+endif
+
+# generate VCSID
+version_h = vcs_tag(input : 'version.h.in', output : 'pax_utils_version.h')
+# tell paxinc.h to use it
+add_project_arguments('-DINCLUDE_GENERATE_VERSION_H', language : 'c')
+add_project_arguments('-DVERSION="' + meson.project_version() + '"', language : 'c')
+
+add_project_arguments('-D_GNU_SOURCE', language : 'c')
+add_project_arguments('-D_FILE_OFFSET_BITS=64', language : 'c')
+
+# probe the platform...
+probe_results = configuration_data()
+
+## first, we check a bunch of headers
+foreach x : [
+  'endian.h', 'byteswap.h', # GNU-likes
+  'sys/endian.h', # BSDs,
+  'sys/isa_defs.h', # Sun/Illumios
+  'machine/endian.h', # Mach
+
+  'linux/seccomp.h',
+  'linux/securebits.h',
+  'sys/prctl.h',
+  'alloca.h',
+  'elf-hints.h',
+  'glob.h',
+]
+  x_exists = 0
+  if cc.has_header(x)
+    x_exists = 1
+  endif
+  probe_results.set('HAS_' + x.to_upper().underscorify(), x_exists)
+endforeach
+
+configure_file(
+  output : 'probes.h',
+  configuration : probe_results,
+)
+
+
+# common code
+common_src = [
+  'paxinc.c',
+  'security.c',
+  'xfuncs.c',
+  version_h,
+]
+common = static_library('common',
+  common_src,
+  install : false
+)
+
+if cc.get_define('__svr4__') == ''
+  executable('pspax',
+    'paxelf.c',
+    'paxldso.c',
+    'pspax.c',
+    version_h,
+    dependencies : [libcap],
+    link_with : common,
+    install : true
+  )
+endif
+
+executable('scanelf',
+  'paxelf.c',
+  'paxldso.c',
+  'scanelf.c',
+  version_h,
+  dependencies : [libcap],
+  link_with : common,
+  install : true
+)
+
+# dumpelf code (without the common code above)
+dumpelf_src = [
+  'paxelf.c',
+  'paxldso.c',
+  'dumpelf.c',
+  version_h,
+]
+
+executable('dumpelf',
+  dumpelf_src,
+  dependencies : [libcap],
+  link_with : common,
+  install : true
+)
+
+executable('scanmacho',
+  'paxmacho.c',
+  'scanmacho.c',
+  version_h,
+  dependencies : [libcap],
+  link_with : common,
+  install : true
+)
+
+lddtree_impl = get_option('lddtree_implementation')
+if lddtree_impl != 'none'
+  if lddtree_impl == 'python'
+    suffix = '.py'
+  else
+    suffix = '.sh'
+  endif
+  install_data('lddtree' + suffix,
+    rename : 'lddtree',
+    install_dir : get_option('bindir')
+  )
+endif
+install_data('symtree.sh',
+  rename : 'symtree',
+  install_dir : get_option('bindir')
+)
+
+subdir('man')
+
+do_tests = get_option('tests')
+if do_tests
+  subdir('tests/lddtree')
+  subdir('tests/scanelf')
+  subdir('tests/source')
+endif
+
+if do_tests and get_option('use_fuzzing')
+  ncc = meson.get_compiler('c', native : true)
+  fuzz_flags = [
+    '-g3', '-ggdb',
+    '-fsanitize=fuzzer', '-fsanitize-coverage=edge',
+    '-DPAX_UTILS_LIBFUZZ=1',
+  ]
+  if ncc.get_id() != 'clang'
+    warning('use_fuzzing requires Clang, due to LibFuzzer. Not building fuzzers')
+  else
+    dumpelf_fuzzer = executable('dumpelf.fuzz',
+      common_src + dumpelf_src,
+      override_options : [
+        'buildtype=debug',
+      ],
+      c_args : fuzz_flags,
+      link_args : fuzz_flags,
+      install : false
+    )
+    test('fuzz-dumpelf', dumpelf_fuzzer)
+  endif
+endif
diff --git a/meson_options.txt b/meson_options.txt
new file mode 100644
index 0000000..62adc35
--- /dev/null
+++ b/meson_options.txt
@@ -0,0 +1,9 @@
+option('lddtree_implementation', type : 'combo', choices : ['python', 'sh', 'none'], value : 'python')
+option('use_libcap', type : 'feature', value : 'auto')
+option('use_seccomp', type : 'boolean', value : 'true',
+  description : 'Enable seccomp filters at runtime (does *not* require libseccomp)'
+)
+option('build_manpages', type : 'feature', value : 'auto',
+  description : 'Build manuals via DocBook (requires xmlto)')
+option('tests', type : 'boolean', value : 'true')
+option('use_fuzzing', type : 'boolean', description : 'Also build LibFuzzer fuzzers', value : 'true')
diff --git a/paxinc.h b/paxinc.h
index aaff2e5..3dd163a 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -18,6 +18,9 @@
 #ifndef VERSION
 # define VERSION "git"
 #endif
+#ifdef INCLUDE_GENERATE_VERSION_H
+# include "pax_utils_version.h"
+#endif
 #ifndef VCSID
 # define VCSID "<unknown>"
 #endif
diff --git a/tests/Makefile b/tests/Makefile
deleted file mode 100644
index f4b81e8..0000000
--- a/tests/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
-SUBDIRS = $(patsubst %/Makefile,%,$(wildcard */Makefile))
-abs_top_srcdir = $(realpath $(PWD)/..)
-abs_top_builddir = $(realpath $(PWD)/..)
-# DO NOT STARE AT THE SUN
-all:
-%:; $(MAKE) `printf '%s_$@_ ' $(SUBDIRS)`
-_words = $(subst _, ,$1)
-_dir = $(firstword $(call _words,$@))
-_targ = $(lastword $(call _words,$@))
-%_:; $(MAKE) -C $(_dir) $(_targ) srcdir=$(abs_top_srcdir)/tests/$(_dir) builddir=$(abs_top_builddir)/tests/$(_dir)
diff --git a/tests/lddtree/Makefile b/tests/lddtree/Makefile
deleted file mode 100644
index 3a13e28..0000000
--- a/tests/lddtree/Makefile
+++ /dev/null
@@ -1,13 +0,0 @@
-all: check
-
-%.check:
-	./dotest-$(@:.check=)
-
-test check: sh.check
-ifneq ($(USE_PYTHON),no)
-test check: py.check cmp.check
-endif
-
-clean:
-
-.PHONY: all check clean test
diff --git a/tests/lddtree/meson.build b/tests/lddtree/meson.build
new file mode 100644
index 0000000..256998e
--- /dev/null
+++ b/tests/lddtree/meson.build
@@ -0,0 +1,10 @@
+foreach sfx : ['sh', 'py', 'cmp']
+  test('lddtree-' + sfx, files('dotest-' + sfx),
+    workdir : meson.current_source_dir(),
+    env : {
+      'builddir' : meson.project_build_root(),
+      'srcdir' : meson.project_source_root(),
+      'current_srcdir' : meson.current_source_dir(),
+    }
+  )
+endforeach
diff --git a/tests/lib.sh b/tests/lib.sh
index 03d9f2a..0dab3fa 100644
--- a/tests/lib.sh
+++ b/tests/lib.sh
@@ -1,19 +1,8 @@
-if [[ -z ${abs_top_builddir} ]] ; then
-	srcdir=$(cd "${0%/*}" && pwd)
-	top_srcdir=$(cd "${srcdir}/../.." && pwd)
-	builddir=${srcdir}
-	top_builddir=${top_srcdir}
-else
-	mkdir -p "${builddir}"
-	top_srcdir=${abs_top_srcdir}
-	top_builddir=${abs_top_builddir}
-fi
-
 GOOD=$'\e[32;1m'
 BAD=$'\e[31;1m'
 NORMAL=$'\e[m'
 
-PATH="${top_srcdir}:${top_builddir}:${PATH}"
+PATH="$(realpath "${srcdir}" "${builddir}" | tr '\n' ':'):${PATH}"
 unset ROOT # who knows!
 
 ret=0
diff --git a/tests/scanelf/Makefile b/tests/scanelf/Makefile
deleted file mode 100644
index 62084f0..0000000
--- a/tests/scanelf/Makefile
+++ /dev/null
@@ -1,8 +0,0 @@
-all: check
-
-test check:
-	./dotest
-
-clean:
-
-.PHONY: all check clean test
diff --git a/tests/scanelf/dotest b/tests/scanelf/dotest
index d06f086..fdfd2a2 100755
--- a/tests/scanelf/dotest
+++ b/tests/scanelf/dotest
@@ -5,9 +5,9 @@
 #
 # simple scanelf symbol checks
 #
-scanelf -qsmain -F'%s %f' "${top_builddir}"/scanelf \
-	> "${builddir}"/scanelf.simple
-testit scanelf.simple{,.good}
+${MESON_EXE_WRAPPER} "${builddir}/scanelf" -qsmain -F'%s %f' \
+	"${builddir}"/scanelf > "${builddir}"/scanelf.simple
+testit scanelf.simple tests/scanelf/scanelf.simple.good
 
 
 
diff --git a/tests/scanelf/meson.build b/tests/scanelf/meson.build
new file mode 100644
index 0000000..af632fd
--- /dev/null
+++ b/tests/scanelf/meson.build
@@ -0,0 +1,8 @@
+test('scanelf-test', files('dotest'),
+  workdir : meson.current_source_dir(),
+  env : {
+    'builddir' : meson.project_build_root(),
+    'srcdir' : meson.project_source_root(),
+    'current_srcdir' : meson.current_source_dir(),
+  }
+)
diff --git a/tests/source/Makefile b/tests/source/Makefile
deleted file mode 100644
index 62084f0..0000000
--- a/tests/source/Makefile
+++ /dev/null
@@ -1,8 +0,0 @@
-all: check
-
-test check:
-	./dotest
-
-clean:
-
-.PHONY: all check clean test
diff --git a/tests/source/dotest b/tests/source/dotest
index 4cbb54a..c97e8cb 100755
--- a/tests/source/dotest
+++ b/tests/source/dotest
@@ -9,35 +9,6 @@ findfiles() {
 }
 
 #
-# check for misc common typos
-#
-find "${top_srcdir}" \
-	'(' -type d -a '(' -name .git -o -name tests ')' -prune ')' \
-	-o '(' -type f -a -print0 ')' | xargs -0 \
-	grep -n -I \
-		-e '\<compatability\>' \
-		-e '\<compatable\>' \
-		-e '\<fordeground\>' \
-		-e '\<depency\>' \
-		-e '\<defalt\>' \
-		-e '\<remaing\>' \
-		-e '\<queuing\>' \
-		-e '\<detatch\>' \
-		-e '\<sempahore\>' \
-		-e '\<reprenstative\>' \
-		-e '\<overriden\>' \
-		-e '\<readed\>' \
-		-e '\<formated\>' \
-		-e '\<algorithic\>' \
-		-e '\<deamon\>' \
-		-e '\<derefernce\>' \
-		-e '\<lenght\>' \
-		| sed -e "s:^\.\./\.\./::g" > "${builddir}"/src.typos
-testit src.typos
-
-
-
-#
 # don't allow obsolete functions
 #
 findfiles | xargs -0 \
diff --git a/tests/source/meson.build b/tests/source/meson.build
new file mode 100644
index 0000000..f435679
--- /dev/null
+++ b/tests/source/meson.build
@@ -0,0 +1,8 @@
+test('source tests', files('dotest'),
+  workdir : meson.current_source_dir(),
+  env : {
+    'builddir' : meson.project_build_root(),
+    'srcdir' : meson.project_source_root(),
+    'current_srcdir' : meson.current_source_dir(),
+  }
+)
diff --git a/version.h.in b/version.h.in
new file mode 100644
index 0000000..eac885b
--- /dev/null
+++ b/version.h.in
@@ -0,0 +1 @@
+#define VCSID "@VCS_TAG@"