mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-09 23:19:26 +00:00
562d6d1527
The current Travis CI runs the userspace tooling and libraries against policy files, but cannot test against an SELinux enabled kernel. Thus, some tests are not being done in the CI. Travis, unfortunately only provides Ubuntu images, so in order to run against a modern distro with SELinux in enforcing mode, we need to launch a KVM with something like Fedora. This patch enables this support by launching a Fedora32 Cloud Image with the SELinux userspace library passed on from the Travis clone, it then builds and replaces the current SELinux bits on the Fedora32 image and runs the SELinux testsuite. The cloud image run can be controlled with the TRAVIS env variable: TRAVIS_CLOUD_IMAGE_VERSION. That variable takes the major and minor version numbers in a colon delimited string, eg: "32:1.6". Signed-off-by: William Roberts <william.c.roberts@intel.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
174 lines
6.5 KiB
YAML
174 lines
6.5 KiB
YAML
# Define the building environment
|
|
language: c
|
|
|
|
matrix:
|
|
fast_finish: true
|
|
|
|
compiler:
|
|
- clang
|
|
- gcc
|
|
|
|
env:
|
|
matrix:
|
|
# Test the last version of Python and Ruby together, with some linkers
|
|
- PYVER=python3.8 RUBYLIBVER=2.7
|
|
- PYVER=python3.8 RUBYLIBVER=2.7 TEST_FLAGS_OVERRIDE=1
|
|
- PYVER=python3.8 RUBYLIBVER=2.7 TEST_DEBUG=1
|
|
- PYVER=python3.8 RUBYLIBVER=2.7 LINKER=gold
|
|
- PYVER=python3.8 RUBYLIBVER=2.7 LINKER=bfd
|
|
|
|
# Test several Python versions (https://docs.travis-ci.com/user/languages/python/#python-versions)
|
|
- PYVER=python3.5 RUBYLIBVER=2.7
|
|
- PYVER=python3.6 RUBYLIBVER=2.7
|
|
- PYVER=python3.7 RUBYLIBVER=2.7
|
|
- PYVER=pypy3.6-7.2.0 RUBYLIBVER=2.7
|
|
|
|
# Test several Ruby versions (http://rubies.travis-ci.org/)
|
|
- PYVER=python3.8 RUBYLIBVER=2.6
|
|
- PYVER=python3.8 RUBYLIBVER=2.5.1
|
|
- PYVER=python3.8 RUBYLIBVER=2.4
|
|
|
|
matrix:
|
|
exclude:
|
|
- compiler: clang
|
|
env: PYVER=python3.8 RUBYLIBVER=2.7 LINKER=gold
|
|
- compiler: clang
|
|
env: PYVER=python3.8 RUBYLIBVER=2.7 LINKER=bfd
|
|
include:
|
|
- compiler: gcc
|
|
env: TRAVIS_RUN_KVM=true TRAVIS_CLOUD_IMAGE_VERSION="32:1.6"
|
|
install:
|
|
- skip
|
|
before_script:
|
|
- skip
|
|
script: scripts/ci/travis-kvm-setup.sh
|
|
|
|
# Use Travis-CI Ubuntu 18.04 Bionic Beaver, "full image" variant
|
|
sudo: required
|
|
dist: bionic
|
|
|
|
# Install SELinux userspace utilities dependencies
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- bison
|
|
- flex
|
|
- gawk
|
|
- gettext
|
|
- libaudit-dev
|
|
- libbz2-dev
|
|
- libcap-dev
|
|
- libcap-ng-dev # This package is not whitelisted for the container infrastructure (https://github.com/travis-ci/apt-package-whitelist/issues/1096)
|
|
- libcunit1-dev
|
|
- libglib2.0-dev
|
|
- libpcre3-dev
|
|
- patch
|
|
- python3-dev
|
|
- python-dev
|
|
- swig
|
|
- xmlto
|
|
|
|
install:
|
|
# Download and install refpolicy headers for sepolgen tests
|
|
- curl --location --retry 10 -o "$TRAVIS_BUILD_DIR/refpolicy.tar.bz2" https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20180701/refpolicy-2.20180701.tar.bz2
|
|
- tar -C "$TRAVIS_BUILD_DIR" -xvjf "$TRAVIS_BUILD_DIR/refpolicy.tar.bz2"
|
|
# Make refpolicy Makefile use the new toolchain when building modules
|
|
- sed -e "s,^PREFIX :=.*,PREFIX := \$(DESTDIR)/usr," -i "$TRAVIS_BUILD_DIR/refpolicy/support/Makefile.devel"
|
|
- sudo make -C "$TRAVIS_BUILD_DIR/refpolicy" install-headers
|
|
- sudo rm -rf "$TRAVIS_BUILD_DIR/refpolicy.tar.bz2" "$TRAVIS_BUILD_DIR/refpolicy"
|
|
- sudo mkdir -p /etc/selinux
|
|
- echo 'SELINUXTYPE=refpolicy' | sudo tee /etc/selinux/config
|
|
- echo 'SELINUX_DEVEL_PATH = /usr/share/selinux/refpolicy' | sudo tee /etc/selinux/sepolgen.conf
|
|
|
|
# Make sepolgen tests work without really installing anything in the real root (doing this would conflict with Ubuntu packages)
|
|
- sed -e "s,\"\(/usr/bin/[cs]\),\"$TRAVIS_BUILD_DIR/installdir\1," -i python/sepolgen/src/sepolgen/module.py
|
|
|
|
# Download the required python version if it is not installed
|
|
- VIRTUAL_ENV="$HOME/virtualenv/$PYVER"
|
|
- if ! [ -d "$VIRTUAL_ENV" ] ; then
|
|
curl --retry 10 -o python.tar.bz2 "https://s3.amazonaws.com/travis-python-archives/binaries/ubuntu/18.04/x86_64/${PYVER/python/python-}.tar.bz2" &&
|
|
sudo tar xjf python.tar.bz2 --directory / &&
|
|
rm python.tar.bz2 ;
|
|
fi
|
|
|
|
# Install flake8 for the given python version
|
|
- $VIRTUAL_ENV/bin/pip install flake8
|
|
|
|
before_script:
|
|
# Build and install in a temporary directory to run tests
|
|
- export DESTDIR="$TRAVIS_BUILD_DIR/installdir"
|
|
|
|
# Configure the variables for Python parts
|
|
- export VIRTUAL_ENV="$HOME/virtualenv/$PYVER"
|
|
- export PYTHON="$VIRTUAL_ENV/bin/python"
|
|
# Use the header files in /opt/python/... for Python because the virtualenvs do not provide Python.h
|
|
- export PKG_CONFIG_PATH="/opt/python/$($PYTHON -c 'import sys;print("%d.%d.%d" % sys.version_info[:3])')/lib/pkgconfig"
|
|
# PyPy does not provide a config file for pkg-config
|
|
# libpypy-c.so is provided in bin/libpypy-c.so for PyPy and bin/libpypy3-c.so for PyPy3
|
|
- if echo "$PYVER" | grep -q pypy ; then
|
|
export PYINC=-I$($PYTHON -c 'import sys;print(sys.prefix)')/include ;
|
|
export PYLIBS="$($PYTHON -c 'import sys;print("-L%s/bin -l%s" % (sys.prefix, "pypy-c" if sys.version_info < (3,) else "pypy3-c"))')" ;
|
|
fi
|
|
|
|
# Find the Ruby executable with version $RUBYLIBVER
|
|
- rvm reinstall ruby-$RUBYLIBVER --binary
|
|
- export RUBY="$(ls -d -1 "$HOME/.rvm/rubies/ruby-$RUBYLIBVER"*/bin/ruby | head -n 1)"
|
|
|
|
# Set the linker in $CC so that it gets used everywhere
|
|
- if [ -n "$LINKER" ]; then CC="$CC -fuse-ld=$LINKER" ; fi
|
|
|
|
# Show variables and versions (to help debugging)
|
|
- echo "$CC" ; $CC --version
|
|
- echo "$PYTHON" ; $PYTHON --version
|
|
- echo "$RUBY" ; $RUBY --version
|
|
|
|
# If TEST_FLAGS_OVERRIDE is defined, test that overriding CFLAGS, LDFLAGS and other variables works fine
|
|
- if [ -n "$TEST_FLAGS_OVERRIDE" ]; then EXPLICIT_MAKE_VARS="CFLAGS=-I$DESTDIR/usr/include LDFLAGS=-L$DESTDIR/usr/lib LDLIBS= CPPFLAGS=" ; fi
|
|
# If TEST_DEBUG is defined, test that debug build works fine
|
|
- if [ -n "$TEST_DEBUG" ]; then EXPLICIT_MAKE_VARS="$EXPLICIT_MAKE_VARS DEBUG=1" ; fi
|
|
|
|
script:
|
|
# Start by installing everything into $DESTDIR
|
|
- make install $EXPLICIT_MAKE_VARS -k
|
|
- make install-pywrap $EXPLICIT_MAKE_VARS -k
|
|
- make install-rubywrap $EXPLICIT_MAKE_VARS -k
|
|
|
|
# Now that everything is installed, run "make all" to build everything which may have not been built
|
|
- make all $EXPLICIT_MAKE_VARS -k
|
|
|
|
# Set up environment variables for the tests
|
|
- . ./scripts/env_use_destdir
|
|
|
|
# Show variables (to help debugging issues)
|
|
- echo "$LD_LIBRARY_PATH"
|
|
- echo "$PATH"
|
|
- echo "$PYTHONPATH"
|
|
- echo "$RUBYLIB"
|
|
|
|
# Run tests
|
|
- make test $EXPLICIT_MAKE_VARS
|
|
|
|
# Test Python and Ruby wrappers
|
|
- $PYTHON -c 'import selinux;import selinux.audit2why;import semanage;print(selinux.is_selinux_enabled())'
|
|
- $RUBY -e 'require "selinux";require "semanage";puts Selinux::is_selinux_enabled()'
|
|
|
|
# Run Python linter
|
|
- PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8
|
|
|
|
# Remove every installed files
|
|
- rm -rf "$DESTDIR"
|
|
|
|
# Test that "git status" looks clean, or print a clear error message
|
|
- |-
|
|
git status --short | sed -n 's/^??/error: missing .gitignore entry for/p' | (! grep '^')
|
|
|
|
# Clean up everything and show which file would be added to "make clean"
|
|
- make clean distclean $EXPLICIT_MAKE_VARS
|
|
- |-
|
|
git ls-files --ignored --others --exclude-standard | sed 's/^/error: "make clean distclean" did not remove /' | (! grep '^')
|
|
|
|
# Do not spam by email so long as the build succeeds
|
|
notifications:
|
|
email:
|
|
on_success: never
|