# Derived from Nicolas Iooss: https://github.com/fishilico/selinux-refpolicy-patched/blob/travis-upstream/.travis.yml language: python python: 3.5 env: - TYPE=standard DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y - TYPE=standard DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y - TYPE=standard DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y - TYPE=standard DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y - TYPE=standard DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y - TYPE=standard DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y - TYPE=mcs DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y - TYPE=mcs DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y - TYPE=mcs DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y - TYPE=mcs DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y - TYPE=mcs DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y - TYPE=mcs DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y - TYPE=mls DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y - TYPE=mls DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y - TYPE=mls DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y - TYPE=mls DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y - TYPE=mls DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y - TYPE=mls DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y - TYPE=standard DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined - TYPE=standard DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined - TYPE=standard DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y APPS_OFF=unconfined - TYPE=mcs DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined - TYPE=mcs DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined - TYPE=mcs DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y APPS_OFF=unconfined - TYPE=mls DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined - TYPE=mls DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined - TYPE=mls DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y APPS_OFF=unconfined jobs: fast_finish: true include: - python: 3.7 env: LINT=true TYPE=standard os: linux dist: bionic cache: directories: - ${TRAVIS_BUILD_DIR}/selinux addons: apt: packages: # Install SELinux userspace utilities dependencies - bison - flex - gettext - libaudit-dev - libbz2-dev - libpcre3-dev - swig - libxml2-utils before_install: - lsb_release -a - bison -V - flex -V - swig -version - python3 -V install: - SELINUX_USERSPACE_VERSION=master - export DESTDIR="${TRAVIS_BUILD_DIR}/selinux" - | if [[ "${SELINUX_USERSPACE_VERSION}" != "$(cat ${TRAVIS_BUILD_DIR}/selinux/travis.version)" ]]; then rm -fR selinux-src # Download current SELinux userspace tools and libraries git clone https://github.com/SELinuxProject/selinux.git selinux-src -b ${SELINUX_USERSPACE_VERSION} mv "selinux-${SELINUX_USERSPACE_VERSION}" selinux-src # Drop secilc to break xmlto dependence (secilc isn't used here anyway) sed -i -e 's/secilc//' selinux-src/Makefile # Drop sepolicy to break setools dependence (sepolicy isn't used anyway) sed -i -e 's/sepolicy//' selinux-src/policycoreutils/Makefile # Drop restorecond to break glib dependence sed -i -e 's/ restorecond//' selinux-src/policycoreutils/Makefile # Drop sandbox to break libcap-ng dependence sed -i -e 's/ sandbox//' selinux-src/policycoreutils/Makefile # Compile and install SELinux toolchain into ~/selinux make OPT_SUBDIRS=semodule-utils -C selinux-src install echo "${SELINUX_USERSPACE_VERSION}" > "${TRAVIS_BUILD_DIR}/selinux/travis.version" fi # Use TEST_TOOLCHAIN variable to tell refpolicy Makefile about the installed location - export TEST_TOOLCHAIN="${TRAVIS_BUILD_DIR}/selinux" # Drop build.conf settings to listen to env vars - sed -r -i -e '/(MONOLITHIC|TYPE|DISTRO|SYSTEMD|WERROR)/d' build.conf - | if [ -n "$LINT" ] ; then # Install SELint from Debian testing wget -O - https://ftp-master.debian.org/keys/archive-key-10.asc 2>/dev/null | sudo apt-key add - sudo add-apt-repository 'deb http://deb.debian.org/debian/ testing main' -y sudo apt-get update -q sudo apt-get install -y selint selint -V fi script: - echo $TYPE $DISTRO $MONOLITHIC $SYSTEMD $WERROR - set -e - make bare - make conf - | if [ -n "$LINT" ] ; then # Run filecontext checker python3 -t -t -E -W error testing/check_fc_files.py # Run SELint # disable C-005 (Permissions in av rule or class declaration not ordered) for now: has 712 findings # disable S-010 (Permission macro usage suggested) for now: has 96 findings # disable W-005 (Interface call from module not in optional_policy block): refpolicy does not follow this rule selint --source --recursive --summary --fail --disable C-005 --disable S-010 --disable W-005 . exit 0 fi - make - make validate - make xml - make html - make DESTDIR=${HOME}/tmp install - make DESTDIR=${HOME}/tmp install-headers - make DESTDIR=${HOME}/tmp install-src - make DESTDIR=${HOME}/tmp install-docs - make DESTDIR=${HOME}/tmp install-appconfig