mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-27 07:43:24 +00:00
de491fda3d
* Do not build test target Building the test target breaks the whole build since the tests for libsepol require checkpolicy to be build already: make[2]: *** No rule to make target '../../checkpolicy/y.tab.o', needed by 'libsepol-tests'. Stop. make[2]: *** Waiting for unfinished jobs.... Since issues in the test suites are not critical do not build them. * Update build status reporting Since the script sets the option -e scan-build will immediately exit on failure and the informative message "++ Build failed" is not printed. * Bump to fortify level 3 * Fix typo Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>
49 lines
1.8 KiB
Bash
Executable File
49 lines
1.8 KiB
Bash
Executable File
#!/bin/sh
|
|
# Run clang's static analyzer (scan-build) and record its output in output-scan-build/
|
|
|
|
# Allow overriding binary names, like clang-12
|
|
export CC=${CC:-clang}
|
|
SCAN_BUILD=${SCAN_BUILD:-scan-build}
|
|
|
|
# Ensure the current directory is where this script is
|
|
cd "$(dirname -- "$0")" || exit $?
|
|
|
|
OUTPUTDIR="$(pwd)/output-scan-build"
|
|
|
|
# Display the commands which are run, and make sure they succeed
|
|
set -x -e
|
|
|
|
# Use a temporary directory as an installation directory, if $DESTDIR is not set
|
|
if [ -z "$DESTDIR" ] ; then
|
|
DESTDIR="$(mktemp --tmpdir -d scan-build-destdir-XXXXXXXXXX)"
|
|
fi
|
|
|
|
# Make sure to use the newly-installed libraries when running tests
|
|
export LD_LIBRARY_PATH="$DESTDIR/usr/lib:$DESTDIR/lib"
|
|
export PATH="$DESTDIR/usr/sbin:$DESTDIR/usr/bin:$DESTDIR/sbin:$DESTDIR/bin:$PATH"
|
|
export PYTHONPATH="$DESTDIR$(${PYTHON:-python3} -c "import sysconfig; print(sysconfig.get_path('purelib', vars={'platbase': '/usr', 'base': '/usr'}))")"
|
|
export RUBYLIB="$DESTDIR/$(${RUBY:-ruby} -e 'puts RbConfig::CONFIG["vendorlibdir"]'):$DESTDIR/$(${RUBY:-ruby} -e 'puts RbConfig::CONFIG["vendorarchdir"]')"
|
|
|
|
if [ -f /etc/debian_version ] && [ -z "${IS_CIRCLE_CI:-}" ] ; then
|
|
export DEB_PYTHON_INSTALL_LAYOUT='deb'
|
|
fi
|
|
|
|
# Build and analyze
|
|
make -C .. clean distclean -j"$(nproc)"
|
|
$SCAN_BUILD -analyze-headers -o "$OUTPUTDIR" make -C .. \
|
|
DESTDIR="$DESTDIR" \
|
|
CFLAGS="-O2 -Wall -Wextra -D_FORTIFY_SOURCE=3 -D__CHECKER__ -I$DESTDIR/usr/include" \
|
|
-j"$(nproc)" \
|
|
install install-pywrap install-rubywrap all \
|
|
|| { echo "++ Build failed!"; exit 1; }
|
|
|
|
echo "++ Build succeeded"
|
|
|
|
# Reduce the verbosity in order to keep the message from scan-build saying
|
|
# "scan-build: Run 'scan-view /.../output-scan-build/2018-...' to examine bug reports.
|
|
set +x
|
|
|
|
# Remove the destination directory without using "rm -rf"
|
|
chmod u+w "$DESTDIR/usr/bin/newrole"
|
|
rm -r "$DESTDIR"
|