From 462a65678e0fc15f924bf0f9f4d384fc18487b9b Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Fri, 10 Feb 2023 17:18:54 +0100
Subject: [PATCH] configure: protect against escaping venv when running Meson

If neither --python nor --meson are specified, Meson's generated
build.ninja will invoke Python script using the interpreter *that Meson
itself is running under*; not the one identified by configure.

This is only an issue if Meson's Python interpreter is not "the first
one in the path", which is the one that is used if --python is not
specified.  A common case where this happen is when the "python3" binary
comes from a virtual environment but Meson is not installed (with pip)
in the virtual environment.  In this case (presumably) whoever set up
the venv wanted to use the venv's Python interpreter to build QEMU,
while Meson might use a different one, for example an enterprise
distro's older runtime.

So, detect whether a virtual environment is setup, and if the virtual
environment does not have Meson, use the meson submodule.  Meson will
then run under the virtual environment's Python interpreter.

Reported-by: John Snow <jsnow@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 configure | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/configure b/configure
index cf6db3d5518..a1912463c94 100755
--- a/configure
+++ b/configure
@@ -1044,11 +1044,24 @@ if ! $python -c 'import sys; sys.exit(sys.version_info < (3,6))'; then
       "Use --python=/path/to/python to specify a supported Python."
 fi
 
-# Suppress writing compiled files
-python="$python -B"
+# Resolve PATH + suppress writing compiled files
+python="$(command -v "$python") -B"
+
+has_meson() {
+  local python_dir=$(dirname "$python")
+  # PEP405: pyvenv.cfg is either adjacent to the Python executable
+  # or one directory above
+  if test -f $python_dir/pyvenv.cfg || test -f $python_dir/../pyvenv.cfg; then
+    # Ensure that Meson and Python come from the same virtual environment
+    test -x "$python_dir/meson" &&
+      test "$(command -v meson)" -ef "$python_dir/meson"
+  else
+    has meson
+  fi
+}
 
 if test -z "$meson"; then
-    if test "$explicit_python" = no && has meson && version_ge "$(meson --version)" 0.61.5; then
+    if test "$explicit_python" = no && has_meson && version_ge "$(meson --version)" 0.61.5; then
         meson=meson
     elif test "$git_submodules_action" != 'ignore' ; then
         meson=git
-- 
GitLab