We need this for the --bind-fd option, which will close a race
condition in our solution to CVE-2024-42472.
Signed-off-by: Simon McVittie <smcv@collabora.com>
When combined with using `git subtree` for our mandatory vendored
dependencies, this avoids differences between what we ship in our git
repository (available to users via `git clone` or by unpacking the
result of `git archive`), and what's in our official source code
releases (which are the result of `meson dist`).
Differences between those artifacts would provide an attractive place
for attackers to hide malware, for example in CVE-2024-3094, so
avoiding differences is a good "nothing up my sleeve" mechanism to
make it less appealing for attackers to target Flatpak.
With default Meson settings, the wrap files will be used automatically
to download our suggested versions of these dependencies, unless
the `-Dsystem_bubblewrap=...`, `-Dsystem_dbus_proxy=...` Meson options
are used. In environments where automatic downloads are disabled via
`-Dwrap_mode=nodownload`, for example many Linux distributions,
specifying a system copy becomes mandatory.
Signed-off-by: Simon McVittie <smcv@collabora.com>
