selinux-refpolicy/.travis.yml
Chris PeBenito 2e5eefbfce .travis.yml: Point selint at only the policy dir.
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-09-17 09:58:02 -04:00

140 lines
5.1 KiB
YAML
Executable File

# Derived from Nicolas Iooss: https://github.com/fishilico/selinux-refpolicy-patched/blob/travis-upstream/.travis.yml
language: python
python: 3.5
env:
- TYPE=standard DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y
- TYPE=standard DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y
- TYPE=standard DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y
- TYPE=standard DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y
- TYPE=standard DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y
- TYPE=standard DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y
- TYPE=mcs DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y
- TYPE=mcs DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y
- TYPE=mcs DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y
- TYPE=mcs DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y
- TYPE=mcs DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y
- TYPE=mcs DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y
- TYPE=mls DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y
- TYPE=mls DISTRO=redhat MONOLITHIC=n SYSTEMD=y WERROR=y
- TYPE=mls DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y
- TYPE=mls DISTRO=debian MONOLITHIC=n SYSTEMD=y WERROR=y
- TYPE=mls DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y
- TYPE=mls DISTRO=gentoo MONOLITHIC=n SYSTEMD=n WERROR=y
- TYPE=standard DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
- TYPE=standard DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
- TYPE=standard DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y APPS_OFF=unconfined
- TYPE=mcs DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
- TYPE=mcs DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
- TYPE=mcs DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y APPS_OFF=unconfined
- TYPE=mls DISTRO=redhat MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
- TYPE=mls DISTRO=debian MONOLITHIC=y SYSTEMD=y WERROR=y APPS_OFF=unconfined
- TYPE=mls DISTRO=gentoo MONOLITHIC=y SYSTEMD=n WERROR=y APPS_OFF=unconfined
jobs:
fast_finish: true
include:
- python: 3.7
env: LINT=true TYPE=standard
os: linux
dist: bionic
cache:
directories:
- ${TRAVIS_BUILD_DIR}/selinux
addons:
apt:
packages:
# Install SELinux userspace utilities dependencies
- bison
- flex
- gettext
- libaudit-dev
- libbz2-dev
- libpcre3-dev
- swig
- libxml2-utils
before_install:
- lsb_release -a
- bison -V
- flex -V
- swig -version
- python3 -V
install:
- SELINUX_USERSPACE_VERSION=master
- export DESTDIR="${TRAVIS_BUILD_DIR}/selinux"
- |
if [[ "${SELINUX_USERSPACE_VERSION}" != "$(cat ${TRAVIS_BUILD_DIR}/selinux/travis.version)" ]]; then
rm -fR selinux-src
# Download current SELinux userspace tools and libraries
git clone https://github.com/SELinuxProject/selinux.git selinux-src -b ${SELINUX_USERSPACE_VERSION}
mv "selinux-${SELINUX_USERSPACE_VERSION}" selinux-src
# Drop secilc to break xmlto dependence (secilc isn't used here anyway)
sed -i -e 's/secilc//' selinux-src/Makefile
# Drop sepolicy to break setools dependence (sepolicy isn't used anyway)
sed -i -e 's/sepolicy//' selinux-src/policycoreutils/Makefile
# Drop restorecond to break glib dependence
sed -i -e 's/ restorecond//' selinux-src/policycoreutils/Makefile
# Drop sandbox to break libcap-ng dependence
sed -i -e 's/ sandbox//' selinux-src/policycoreutils/Makefile
# Compile and install SELinux toolchain into ~/selinux
make OPT_SUBDIRS=semodule-utils -C selinux-src install
echo "${SELINUX_USERSPACE_VERSION}" > "${TRAVIS_BUILD_DIR}/selinux/travis.version"
fi
# Use TEST_TOOLCHAIN variable to tell refpolicy Makefile about the installed location
- export TEST_TOOLCHAIN="${TRAVIS_BUILD_DIR}/selinux"
# Drop build.conf settings to listen to env vars
- sed -r -i -e '/(MONOLITHIC|TYPE|DISTRO|SYSTEMD|WERROR)/d' build.conf
- |
if [ -n "$LINT" ] ; then
# Install SELint from Debian testing
wget -O - https://ftp-master.debian.org/keys/archive-key-10.asc 2>/dev/null | sudo apt-key add -
sudo add-apt-repository 'deb http://deb.debian.org/debian/ testing main' -y
sudo apt-get update -q
sudo apt-get install -y selint
selint -V
fi
script:
- echo $TYPE $DISTRO $MONOLITHIC $SYSTEMD $WERROR
- set -e
- make bare
- make conf
- |
if [ -n "$LINT" ] ; then
# Run filecontext checker
python3 -t -t -E -W error testing/check_fc_files.py
# Run SELint
# disable C-005 (Permissions in av rule or class declaration not ordered) for now: has 712 findings
# disable W-005 (Interface call from module not in optional_policy block): refpolicy does not follow this rule
selint --source --recursive --summary --fail --disable C-005 --disable W-005 policy
exit 0
fi
- make
- make validate
- make xml
- make html
- make DESTDIR=${HOME}/tmp install
- make DESTDIR=${HOME}/tmp install-headers
- make DESTDIR=${HOME}/tmp install-src
- make DESTDIR=${HOME}/tmp install-docs
- make DESTDIR=${HOME}/tmp install-appconfig