Commit Graph

29 Commits

Author SHA1 Message Date
Thiébaud Weksteen
454466e2e4 Revert "Revert "Merge remote-tracking branch 'aosp/upstream-mast..."
Revert^2 "Use cil_write_build_ast"

bde09de39feec91cf8220f0f798a6e52154d69e9

Change-Id: I3ab19bda9c1968409ad5a4f4d0866649036c683c
2021-10-27 04:50:56 +00:00
Thiébaud Weksteen
c65aca49bb Revert "Merge remote-tracking branch 'aosp/upstream-master' into..."
Revert "Use cil_write_build_ast"

Revert submission 1827311-update_libselinux

Reason for revert: b/200771997 
Reverted Changes:
I088d1e94c:Fix build and use new cil_write_build_ast
I14dc4dc58:Merge remote-tracking branch 'aosp/upstream-master...
I7b77f4469:Use cil_write_build_ast

Change-Id: Iec17732997ab203787f021f437f31e51ef886425
2021-09-22 09:15:53 +00:00
Ondrej Mosnacek
fe985a8c84 travis: run only selinux-testsuite
Now that the standard testing is run on GitHub Actions, we can remove it
from .travis.yml, leaving only the selinux-testsuite sanity check, which
can't be migrated. Hopefully this will save some precious minutesfrom
the limited "plan" Travis gave us...

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-11-27 15:37:31 +01:00
Ondrej Mosnacek
3de445af0b
ci: bump Fedora image version to 33
The testsuite will soon be switching to testing multiple filesystems,
which exposes a bug in F32 image's kernel. Since Fedora 33 has been
released recently and the testsuite runs just fine on it, just bump the
image version to avoid the bug.

This commit also fixes the script to read out the Fedora image version
from environment variables instead of using hard-coded values.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-11-11 20:40:15 +01:00
Ondrej Mosnacek
4dd74ded5b ci: use parallel build
Pass -j$(nproc) to all make invocations to make the CI run a little
faster.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: William Roberts <bill.c.roberts@gmail.com>
2020-10-31 16:53:44 +01:00
William Roberts
562d6d1527 ci: run SELinux kernel test suite
The current Travis CI runs the userspace tooling and libraries against
policy files, but cannot test against an SELinux enabled kernel. Thus,
some tests are not being done in the CI. Travis, unfortunately only
provides Ubuntu images, so in order to run against a modern distro with
SELinux in enforcing mode, we need to launch a KVM with something like
Fedora.

This patch enables this support by launching a Fedora32 Cloud Image with
the SELinux userspace library passed on from the Travis clone, it then
builds and replaces the current SELinux bits on the Fedora32 image and
runs the SELinux testsuite.

The cloud image run can be controlled with the TRAVIS env variable:
TRAVIS_CLOUD_IMAGE_VERSION. That variable takes the major and minor
version numbers in a colon delimited string, eg: "32:1.6".

Signed-off-by: William Roberts <william.c.roberts@intel.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
2020-06-18 19:22:12 +02:00
Nicolas Iooss
6950ee07d0 Travis-CI: upgrade to Ubuntu 18.04 and latest releases of Python and Ruby
* Test Python 3.8 and Pypy3 3.6-7.2.0
* Test Ruby 2.7
* Drop Ruby 2.2 and 2.3 (they are not supported with Ubuntu 18.04 in
  https://rubies.travis-ci.org/)
* While at it, replace deprecated libdbus-glib-1-dev with libglib2.0-dev
  now that restorecond has been upgraded.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
2020-05-06 16:13:01 +02:00
Nicolas Iooss
574a15b983 libsepol/tests: drop ncurses dependency
ncurses library is not used anywhere.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Acked-by: James Carter <jwcart2@gmail.com>
2020-05-04 10:31:44 +02:00
Ondrej Mosnacek
0129422714 Travis-CI: test that DEBUG build works
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-02-07 16:29:04 -05:00
Petr Lautrbach
214cb61d53 Travis-CI: Drop Python 2 from matrix
As a result of Python 2 sunset - https://www.python.org/doc/sunset-python-2/ -
Python 2 code will not be supported in this project anymore and new Python code
should be written only for Python 3.

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-11-21 12:06:43 -05:00
Nicolas Iooss
9e0ed5ce17 scripts: introduce env_use_destdir.sh helper
Set-up environment variables in order to use DESTDIR in Python, Ruby,
etc. This makes testing Python scripts easier.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-01-21 12:13:41 +01:00
Nicolas Iooss
dbcada0621 Travis-CI: add Ruby 2.6 to the test matrix
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-01-21 12:13:41 +01:00
Nicolas Iooss
111c541c46 Travis-CI: upgrade PyPy to 6.0
PyPy 6.0 was released in April 2018 but became available on Travis-CI
only recently. Now that it is available, use it.

While at it, compile Python modules with libpypy-c.so, now that PyPy
provides this library. This would enable linking Python modules with
-Wl,-no-undefined (or -Wl,-z,defs) and help fixing issues with
https://github.com/SELinuxProject/selinux/pull/130.

Tracking issues:
* https://github.com/travis-ci/travis-ci/issues/9542
* https://travis-ci.community/t/pypy-2-7-on-xenial/889

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-01-21 12:13:41 +01:00
Nicolas Iooss
53c7a046ff Travis-CI: download refpolicy and install headers
This is needed in order to run sepolgen-ifgen in audit2allow testsuite.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-01-08 10:15:46 +01:00
Nicolas Iooss
b5e2da2654
Travis-CI: upgrade to Ubuntu 16.04 LTS Xenial Xerus
Ubuntu 14.04 uses SWIG 2.0.11 which produces Python files which contain
lines ending with a semicolon:

    __del__ = lambda self : None;

Ubuntu 16.04 uses SWIG 3.0.8, which does not put a semicolon. Moreover
Travis CI only support Python 3.7 with Ubuntu 16.04. The reason for this
is clearly stated on
https://docs.travis-ci.com/user/languages/python/#development-releases-support :

    Recent Python branches require OpenSSL 1.0.2+. As this library is
    not available for Trusty, 3.7, 3.7-dev, 3.8-dev, and nightly do not
    work (or use outdated archive).

Enabling Python 3.7 in Travis CI build matrix is therefore another
reason to upgrade .travis.yml to Ubuntu 16.04. As this new template does
not support Python 3.4 nor 3.5, and does not support PyPy2.7 yet, drop
them from the build matrix.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-19 17:55:17 +02:00
Nicolas Iooss
41764b73a7
Travis-CI: run flake8 on Python code
flake8 is a Python linter which is able to detect issues in Python code
(syntax errors, undefined variables, etc.). It has been used to find
bugs in the project. In order to prevent the introduction of new bugs
which can be detected by it, add a script which runs it and use it in
Travis-CI.

flake8 can be used to detect code which is not written according to PEP8
style guide (which forbids whitespaces in some places, enforces the use
of space-indenting, specifies how many blank lines are used between
functions, etc.). As SELinux code does not follow this style guide,
scripts/run-flake8 disables many warnings related to this when running
the linter.

In order to silence flake8 warnings, the Python code can also be
modified. However fixing every "do not use bare 'except'" in the project
needs to be done carefully and takes much time.
This is why the warnings which are disabled have been ordered in three
lists:
* The warnings which can be activated in a not-so-distant future after
  the code has been modified.
* The warnings related to PEP8 which cannot be activated without a major
  cleaning work of the codebase (for example to modify white spaces)
* The warnings which are introduced by code generated by SWIG 3.0.12,
  which would require patches in SWIG in order to be activated (there
  is right now only one such warning).

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-18 12:00:24 +02:00
Nicolas Iooss
f9a56ed765
Travis-CI: use new location of refpolicy repository
refpolicy moved from github.com/TresysTechnology to
github.com/SELinuxProject. It is still used in sepolgen tests (they
build modules using Makefile.devel and build.conf) so update the
location of the repository.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-07-04 22:08:57 +02:00
Jason Zaman
b2d710d959 travis.yml: add ruby 2.5 to the test matrix
Ruby 2.5 is not installed by default, force reinstall with rvm

Signed-off-by: Jason Zaman <jason@perfinion.com>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-05-22 23:47:20 +08:00
Nicolas Iooss
07629c0a9f
libselinux,libsemanage: Replace PYSITEDIR with PYTHONLIBDIR
libselinux and libsemanage Makefiles invoke site.getsitepackages() in
order to get the path to the directory /usr/lib/pythonX.Y/site-packages
that matches the Python interpreter chosen with $(PYTHON). This method
is incompatible with Python virtual environments, as described in
https://github.com/pypa/virtualenv/issues/355#issuecomment-10250452 .
This issue has been opened for more than 5 years.

On the contrary python/semanage/ and python/sepolgen/ Makefiles use
distutils.sysconfig.get_python_lib() in order to get the site-packages
path into a variable named PYTHONLIBDIR. This way of computing
PYTHONLIBDIR is compatible with virtual environments and gives the same
result as PYSITEDIR.

As PYTHONLIBDIR works in more cases than PYSITEDIR, make libselinux and
libsemanage Makefiles use it. And as native code is installed (as part
of the SWIG wrapper), use "plat_specific=1" in order to use /usr/lib64
on systems which distinguish /usr/lib64 from /usr/lib.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
2018-03-17 09:03:33 +01:00
Nicolas Iooss
fdd306711a
Travis-CI: do not duplicate $DESTDIR in $PYSITEDIR
Recent commits removed $DESTDIR from $PYSITEDIR in libselinux and
libsemanage:

    -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site;
    print(site.getsitepackages()[0])')
    +PYSITEDIR ?= $(shell $(PYTHON) -c 'import site;
    print(site.getsitepackages()[0])')

As "site.getsitepackages()" does not work within virtualenvs,
.travis.yml defines PYSITEDIR's value in it and this definition needs to
be updated too.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-02-21 22:42:47 +01:00
Nicolas Iooss
1b7073c700 Travis-CI: try working around network issues by retrying downloads
Some Travis-CI builds failed because of issues when downloading
refpolicy files for sepolgen tests. Use curl's option --retry to make
the downloads work when the networking issues are only transient.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-10-26 12:51:33 -07:00
Nicolas Iooss
6d9258e5a0 Travis-CI: fix configuration after September's update
The latest update to Travis-CI build environment splitted sugilite
environment into amethyst and garnet and deprecated sugilite. As garnet
provides tools for languages C and Python, and as it is automatically
selected according to
https://travis-ci.org/fishilico/selinux/jobs/278927391 , remove "group:
sugilite" from Travis-CI configuration file.

This update introduced two issues:

- Ruby 2.1 is no longer provided. As it has reached End Of Life
  according to https://www.ruby-lang.org/en/downloads/, remove it from
  the tested versions

- Python 3.3, 3.4 and 3.5 are no longer installed by default. When
  Travis-CI builds Python projects using these versions, it
  automatically download and extract an archive from
  https://s3.amazonaws.com/travis-python-archives/binaries/ubuntu/14.04/x86_64/.
  Implement this process in .travis.yml directly (because Travis-CI does
  not support multi-language projects which use several versions of C
  compilers and Python and Ruby interpreters).

Last but not least, it is now possible to build with PyPy3. Enable this
interpreter in the build environment matrix.

More information about the Travis-CI update is available at
https://docs.travis-ci.com/user/build-environment-updates/2017-09-06/

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-09-25 12:56:02 -04:00
Nicolas Iooss
ff2e36831d Travis-CI: do not test gold linkers with clang
clang does not know -fuse-ld=gold. It only needs -flto, which
automatically adds -plugin=LLVMgold.so to the linker command line, but
this does not work on Travis-CI because the gold linker plugin is not
installed:

    /usr/bin/ld: /usr/local/clang-3.9.0/bin/../lib/LLVMgold.so: error
    loading plugin: /usr/local/clang-3.9.0/bin/../lib/LLVMgold.so:
    cannot open shared object file: No such file or directory

Disable in the build matrix the combination of linking with special
linkers with using clang.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-08-07 10:44:17 -04:00
Nicolas Iooss
b1ea812083 Travis-CI: use sugulite environment
Travis-CI provides several environments for Ubuntu 14.04 Trusty. It
chooses the one that best matches the needs defined in .travis.yml
depending on a complex algorithm.

In order to test several C compilers, Python versions and Ruby versions,
we need the full image, which is named "sugulite".

For future reference, there are some notes about using the full image
on https://github.com/travis-ci/packer-templates/pull/454 and
https://github.com/travis-ci/docs-travis-ci-com/issues/1267#issuecomment-316016312
and https://blog.travis-ci.com/2017-06-21-trusty-updates-2017-Q2-launch

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-08-07 10:44:17 -04:00
Nicolas Iooss
1edb93c0ba Travis-CI: test defining CFLAGS, LDFLAGS, etc. on make command line
Some Makefiles rely on adding values to variables like CFLAGS,
LDFLAGS, etc. For example doing "LDFLAGS += -L../src" does not work fine
when LDFLAGS is defined on the command line of "make".

Commits 297877ab88 ("libselinux utils: override LD{FLAGS, LIBS} for
libselinux.so in Makefile") and 15f2740733 ("Makefiles: override
*FLAGS and *LIBS") recently fixed such issues, by introducing keyword
"override" in the relevant Makefile statements.

In order to prevent the fixed issues from appearing again, add a test
case in Travis-CI configuration file. This case adds on make's command
line minimal definitions for CFLAGS and LDFLAGS and empty definitions
for CPPFLAGS and LDLIBS.

An example of build failure due to a missing override in a required
CPPFLAGS addition is provided on
https://travis-ci.org/fishilico/selinux/builds/245107609

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-06-30 08:56:43 -04:00
Nicolas Iooss
9a0279e9e9 Travis-CI: update the list of Ruby's and Python's versions
Travis-CI no longer provides Ruby 2.0 in its Trusty environment (it has
been updated according to
https://blog.travis-ci.com/2017-06-21-trusty-updates-2017-Q2-launch).
Remove this version from .travis.yml.

Moreover Python 3.6 and Ruby 3.4 are available. Test building with them.

Last by not least, pypy virtual environment directory has been renamed
pypy2 (/home/travis/virtualenv/pypy2 is a symbolic link to pypy2-5.6.0).

The updated .travis.yml file has been tested on
https://travis-ci.org/fishilico/selinux/builds/248126824

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-06-30 08:56:43 -04:00
Nicolas Iooss
ccfbd9aa17 libsemanage/tests: include libsepol headers from $DESTDIR
When building and running tests on a system without SELinux with a
command similar to "make DESTDIR=/tmp/destdir install test", libsemanage
tests fail to build with the following error:

    In file included from utilities.h:20:0,
                     from utilities.c:24:
    ../src/handle.h:29:26: fatal error: sepol/handle.h: No such file or
    directory
     #include <sepol/handle.h>
                              ^

Fix this by adding the newly-installed directory under $DESTDIR (using
variable $PREFIX) in the search paths of the compiler.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-03-01 10:42:34 -05:00
Nicolas Iooss
1cd3e1a40a libselinux, libsemanage: make PYPREFIX computation more robust
On systems where $PYTHON is python3.5 (instead of python2 or python3),
pkg-config fails to find the Python package because it is named with a
dash (e.g. python-3.5).

Moreover the build system may have been using the pkg-config
configuration files for the wrong Python version when several Python
with the same major version number are installed (e.g. using python-3.5
on a system with both python-3.4 and python-3.5 and where
/usr/lib/pkgconfig/python3.pc is a symlink to python-3.5.pc).

In order to fix these two issues, compute $PYPREFIX from $PYTHON by
using the full major.minor version.

Moreover update Travis-Ci configuration to grab the relevant
configuration files for pkg-config from /opt/python (for example
/opt/python/3.5.2/lib/pkgconfig/python-3.5.pc) instead of using
system-provided files (/usr/lib/x86_64-linux-gnu/pkgconfig/python3.pc
and /usr/lib/x86_64-linux-gnu/pkgconfig/python2.pc).

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-02-21 13:42:52 -05:00
Nicolas Iooss
c9adfe2d26 Introduce Travis-CI tests
Add a configuration file for https://travis-ci.org/. This continuous
integration platform can build the project for several configurations on
Linux, using different compilers, linkers, Python versions and Ruby
versions. An example of build results is available on
https://travis-ci.org/fishilico/selinux/builds/185912863

Even if the SELinux userland libraries and tools project does not enable
Travis-CI integration, the .travis.yml file may be helpful for
contributors who wish to run tests in several configurations.

Current limitations:

- It does not run an OS X build. Travis-CI provides free OS X
  environments but it is quite difficult to configure a single
  .travis.yml file which defines many Linux environments and some OS X
  ones.
- It only runs Ubuntu 14.04 with an x86-64 CPU. This does not test
  Android, ARM nor 32-bit x86 configurations.
- It only builds with glibc, not musl or other light C library.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-02-08 10:48:53 -05:00