2e5eefbfce
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
140 lines
5.1 KiB
YAML
Executable File
140 lines
5.1 KiB
YAML
Executable File
# Derived from Nicolas Iooss: https://github.com/fishilico/selinux-refpolicy-patched/blob/travis-upstream/.travis.yml
|
|
|
|
language: python
|
|
python: 3.5
|
|
|
|
env:
|
|
- TYPE=standard DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y
|
|
- TYPE=standard DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y
|
|
- TYPE=standard DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y
|
|
- TYPE=standard DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y
|
|
- TYPE=standard DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y
|
|
- TYPE=standard DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y
|
|
- TYPE=mcs DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y
|
|
- TYPE=mcs DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y
|
|
- TYPE=mcs DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y
|
|
- TYPE=mcs DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y
|
|
- TYPE=mcs DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y
|
|
- TYPE=mcs DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y
|
|
- TYPE=mls DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y
|
|
- TYPE=mls DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y
|
|
- TYPE=mls DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y
|
|
- TYPE=mls DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y
|
|
- TYPE=mls DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y
|
|
- TYPE=mls DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y
|
|
- TYPE=standard DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
|
|
- TYPE=standard DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
|
|
- TYPE=standard DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y APPS_OFF=unconfined
|
|
- TYPE=mcs DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
|
|
- TYPE=mcs DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
|
|
- TYPE=mcs DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y APPS_OFF=unconfined
|
|
- TYPE=mls DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
|
|
- TYPE=mls DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
|
|
- TYPE=mls DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y APPS_OFF=unconfined
|
|
|
|
jobs:
|
|
fast_finish: true
|
|
include:
|
|
- python: 3.7
|
|
env: LINT=true TYPE=standard
|
|
|
|
os: linux
|
|
dist: bionic
|
|
|
|
cache:
|
|
directories:
|
|
- ${TRAVIS_BUILD_DIR}/selinux
|
|
|
|
addons:
|
|
apt:
|
|
packages:
|
|
# Install SELinux userspace utilities dependencies
|
|
- bison
|
|
- flex
|
|
- gettext
|
|
- libaudit-dev
|
|
- libbz2-dev
|
|
- libpcre3-dev
|
|
- swig
|
|
- libxml2-utils
|
|
|
|
before_install:
|
|
- lsb_release -a
|
|
- bison -V
|
|
- flex -V
|
|
- swig -version
|
|
- python3 -V
|
|
|
|
install:
|
|
- SELINUX_USERSPACE_VERSION=master
|
|
|
|
- export DESTDIR="${TRAVIS_BUILD_DIR}/selinux"
|
|
- |
|
|
if [[ "${SELINUX_USERSPACE_VERSION}" != "$(cat ${TRAVIS_BUILD_DIR}/selinux/travis.version)" ]]; then
|
|
rm -fR selinux-src
|
|
|
|
# Download current SELinux userspace tools and libraries
|
|
git clone https://github.com/SELinuxProject/selinux.git selinux-src -b ${SELINUX_USERSPACE_VERSION}
|
|
mv "selinux-${SELINUX_USERSPACE_VERSION}" selinux-src
|
|
|
|
# Drop secilc to break xmlto dependence (secilc isn't used here anyway)
|
|
sed -i -e 's/secilc//' selinux-src/Makefile
|
|
|
|
# Drop sepolicy to break setools dependence (sepolicy isn't used anyway)
|
|
sed -i -e 's/sepolicy//' selinux-src/policycoreutils/Makefile
|
|
|
|
# Drop restorecond to break glib dependence
|
|
sed -i -e 's/ restorecond//' selinux-src/policycoreutils/Makefile
|
|
|
|
# Drop sandbox to break libcap-ng dependence
|
|
sed -i -e 's/ sandbox//' selinux-src/policycoreutils/Makefile
|
|
|
|
# Compile and install SELinux toolchain into ~/selinux
|
|
make OPT_SUBDIRS=semodule-utils -C selinux-src install
|
|
echo "${SELINUX_USERSPACE_VERSION}" > "${TRAVIS_BUILD_DIR}/selinux/travis.version"
|
|
fi
|
|
|
|
# Use TEST_TOOLCHAIN variable to tell refpolicy Makefile about the installed location
|
|
- export TEST_TOOLCHAIN="${TRAVIS_BUILD_DIR}/selinux"
|
|
|
|
# Drop build.conf settings to listen to env vars
|
|
- sed -r -i -e '/(MONOLITHIC|TYPE|DISTRO|SYSTEMD|WERROR)/d' build.conf
|
|
|
|
- |
|
|
if [ -n "$LINT" ] ; then
|
|
# Install SELint from Debian testing
|
|
wget -O - https://ftp-master.debian.org/keys/archive-key-10.asc 2>/dev/null | sudo apt-key add -
|
|
sudo add-apt-repository 'deb http://deb.debian.org/debian/ testing main' -y
|
|
sudo apt-get update -q
|
|
sudo apt-get install -y selint
|
|
|
|
selint -V
|
|
fi
|
|
|
|
script:
|
|
- echo $TYPE $DISTRO $MONOLITHIC $SYSTEMD $WERROR
|
|
- set -e
|
|
- make bare
|
|
- make conf
|
|
- |
|
|
if [ -n "$LINT" ] ; then
|
|
# Run filecontext checker
|
|
python3 -t -t -E -W error testing/check_fc_files.py
|
|
|
|
# Run SELint
|
|
# disable C-005 (Permissions in av rule or class declaration not ordered) for now: has 712 findings
|
|
# disable W-005 (Interface call from module not in optional_policy block): refpolicy does not follow this rule
|
|
selint --source --recursive --summary --fail --disable C-005 --disable W-005 policy
|
|
|
|
exit 0
|
|
fi
|
|
- make
|
|
- make validate
|
|
- make xml
|
|
- make html
|
|
- make DESTDIR=${HOME}/tmp install
|
|
- make DESTDIR=${HOME}/tmp install-headers
|
|
- make DESTDIR=${HOME}/tmp install-src
|
|
- make DESTDIR=${HOME}/tmp install-docs
|
|
- make DESTDIR=${HOME}/tmp install-appconfig
|