diff --git a/.travis.yml b/.travis.yml index 8de9ea6cc..86c88987b 100755 --- a/.travis.yml +++ b/.travis.yml @@ -6,24 +6,24 @@ matrix: fast_finish: true env: - - TYPE=standard DISTRO=redhat MONOLITHIC=y SYSTEMD=y - - TYPE=standard DISTRO=redhat MONOLITHIC=n SYSTEMD=y - - TYPE=standard DISTRO=debian MONOLITHIC=y SYSTEMD=y - - TYPE=standard DISTRO=debian MONOLITHIC=n SYSTEMD=y - - TYPE=standard DISTRO=gentoo MONOLITHIC=y SYSTEMD=n - - TYPE=standard DISTRO=gentoo MONOLITHIC=n SYSTEMD=n - - TYPE=mcs DISTRO=redhat MONOLITHIC=y SYSTEMD=y - - TYPE=mcs DISTRO=redhat MONOLITHIC=n SYSTEMD=y - - TYPE=mcs DISTRO=debian MONOLITHIC=y SYSTEMD=y - - TYPE=mcs DISTRO=debian MONOLITHIC=n SYSTEMD=y - - TYPE=mcs DISTRO=gentoo MONOLITHIC=y SYSTEMD=n - - TYPE=mcs DISTRO=gentoo MONOLITHIC=n SYSTEMD=n - - TYPE=mls DISTRO=redhat MONOLITHIC=y SYSTEMD=y - - TYPE=mls DISTRO=redhat MONOLITHIC=n SYSTEMD=y - - TYPE=mls DISTRO=debian MONOLITHIC=y SYSTEMD=y - - TYPE=mls DISTRO=debian MONOLITHIC=n SYSTEMD=y - - TYPE=mls DISTRO=gentoo MONOLITHIC=y SYSTEMD=n - - TYPE=mls DISTRO=gentoo MONOLITHIC=n SYSTEMD=n + - TYPE=standard DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y + - TYPE=standard DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y + - TYPE=standard DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y + - TYPE=standard DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y + - TYPE=standard DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y + - TYPE=standard DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y + - TYPE=mcs DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y + - TYPE=mcs DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y + - TYPE=mcs DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y + - TYPE=mcs DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y + - TYPE=mcs DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y + - TYPE=mcs DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y + - TYPE=mls DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y + - TYPE=mls DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y + - TYPE=mls DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y + - TYPE=mls DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y + - TYPE=mls DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y + - TYPE=mls DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y # Uncomment to use Travis-CI container infrastructure (https://docs.travis-ci.com/user/ci-environment/) sudo: false diff --git a/Makefile b/Makefile index 154beb57c..b10b21ee5 100644 --- a/Makefile +++ b/Makefile @@ -106,6 +106,7 @@ gennetfilter := $(PYTHON) -E $(support)/gennetfilter.py m4iferror := $(support)/iferror.m4 m4divert := $(support)/divert.m4 m4undivert := $(support)/undivert.m4 +m4terminate := $(support)/fatal_error.m4 # use our own genhomedircon to make sure we have a known usable one, # so policycoreutils updates are not required (RHEL4) genhomedircon := $(PYTHON) -E $(support)/genhomedircon @@ -212,6 +213,10 @@ ifeq ($(DIRECT_INITRC),y) M4PARAM += -D direct_sysadm_daemon endif +ifeq "$(WERROR)" "y" + M4PARAM += -D m4_werror +endif + ifeq "$(UBAC)" "y" M4PARAM += -D enable_ubac endif diff --git a/README b/README index 1f803c2ea..10cca4c10 100644 --- a/README +++ b/README @@ -138,6 +138,10 @@ QUIET Boolean. If set, the build system will only display status messages and error messages. This option has no effect on policy. +WERROR Boolean. If set, the build system will treat warnings + as errors. If any warnings are encountered, the build + will fail. + 3) Reference Policy Files and Directories All directories relative to the root of the Reference Policy sources directory. diff --git a/Rules.modular b/Rules.modular index 80cf8fd28..60fe55496 100644 --- a/Rules.modular +++ b/Rules.modular @@ -70,7 +70,7 @@ $(modpkgdir)/%.pp: $(builddir)%.pp # # Build module packages # -$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te +$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te $(m4terminate) @echo "Compiling $(NAME) $(@F) module" @test -d $(tmpdir) || mkdir -p $(tmpdir) $(verbose) $(M4) $(M4PARAM) -s $^ > $(@:.mod=.tmp) @@ -140,7 +140,7 @@ $(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces) $(m4iferror) @echo "divert" >> $@ $(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy -$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) +$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(m4terminate) ifeq "$(strip $(base_te_files))" "" $(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf") endif diff --git a/Rules.monolithic b/Rules.monolithic index c2c2147f3..ce112d788 100644 --- a/Rules.monolithic +++ b/Rules.monolithic @@ -125,7 +125,7 @@ $(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces) $(m4iferror) $(verbose) $(SED) -e s/dollarsstar/\$$\*/g $(tmpdir)/$(@F).tmp >> $@ @echo "divert" >> $@ -$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files) +$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files) $(m4terminate) ifeq "$(strip $(all_te_files))" "" $(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf") endif diff --git a/build.conf b/build.conf index 087d952a4..a2f1a9b5b 100644 --- a/build.conf +++ b/build.conf @@ -79,3 +79,6 @@ MCS_CATS = 1024 # Set this to y to only display status messages # during build. QUIET = n + +# Set this to treat warnings as errors. +WERROR = n diff --git a/policy/support/misc_macros.spt b/policy/support/misc_macros.spt index 7f280db3b..4422b5eca 100644 --- a/policy/support/misc_macros.spt +++ b/policy/support/misc_macros.spt @@ -34,16 +34,15 @@ define(`__endline__',` # # print a warning message # -define(`refpolicywarn',`errprint(__file__:__line__: Warning: `$1'__endline__)') +define(`refpolicywarn',`errprint(__file__:__line__: Warning: `$1'__endline__) ifdef(`m4_werror',`define(`m4_fatal_error')')') ######################################## # # refpolerr(message) # -# print an error message. does not -# make anything fail. +# print an error message. # -define(`refpolicyerr',`errprint(__file__:__line__: Error: `$1'__endline__)') +define(`refpolicyerr',`errprint(__file__:__line__: Error: `$1'__endline__) define(`m4_fatal_error')') ######################################## # diff --git a/support/fatal_error.m4 b/support/fatal_error.m4 new file mode 100644 index 000000000..8b01dc263 --- /dev/null +++ b/support/fatal_error.m4 @@ -0,0 +1,2 @@ +ifdef(`m4_werror',`errprint(__file__: Notice: Treating warnings as errors.__endline__)') +ifdef(`m4_fatal_error',`m4exit(`1')')