diff options
-rw-r--r-- | .github/workflows/build-extra.yml | 9 | ||||
-rw-r--r-- | .github/workflows/build.yml | 12 | ||||
-rw-r--r-- | .github/workflows/check-c.yml | 11 | ||||
-rw-r--r-- | .github/workflows/test.yml | 45 | ||||
-rw-r--r-- | .gitlab-ci.yml | 104 | ||||
-rw-r--r-- | Makefile | 4 | ||||
-rwxr-xr-x | contrib/update_deb.sh | 2 | ||||
-rwxr-xr-x | gcov.sh | 16 | ||||
-rwxr-xr-x | mkdeb.sh | 2 | ||||
-rwxr-xr-x | platform/rpm/mkrpm.sh | 2 | ||||
-rwxr-xr-x | src/tools/mkcoverit.sh | 2 | ||||
-rwxr-xr-x | test/compile/compile.sh | 132 |
12 files changed, 215 insertions, 126 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index 918c879ad..e18ab9f0c 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
@@ -48,12 +48,10 @@ jobs: | |||
48 | with: | 48 | with: |
49 | egress-policy: block | 49 | egress-policy: block |
50 | allowed-endpoints: > | 50 | allowed-endpoints: > |
51 | archive.ubuntu.com:80 | ||
52 | azure.archive.ubuntu.com:80 | 51 | azure.archive.ubuntu.com:80 |
53 | github.com:443 | 52 | github.com:443 |
54 | packages.microsoft.com:443 | 53 | packages.microsoft.com:443 |
55 | ppa.launchpadcontent.net:443 | 54 | ppa.launchpadcontent.net:443 |
56 | security.ubuntu.com:80 | ||
57 | - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | 55 | - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 |
58 | - name: update package information | 56 | - name: update package information |
59 | run: sudo apt-get update -qy | 57 | run: sudo apt-get update -qy |
@@ -65,12 +63,13 @@ jobs: | |||
65 | run: ./ci/printenv.sh | 63 | run: ./ci/printenv.sh |
66 | - name: configure | 64 | - name: configure |
67 | run: > | 65 | run: > |
68 | CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor | 66 | ./configure CC=clang-14 |
69 | --enable-selinux | 67 | --prefix=/usr --enable-fatal-warnings |
68 | --enable-apparmor --enable-selinux | ||
70 | || (cat config.log; exit 1) | 69 | || (cat config.log; exit 1) |
71 | - name: make | 70 | - name: make |
72 | run: make | 71 | run: make |
73 | - name: make install | 72 | - name: make install |
74 | run: sudo make install | 73 | run: sudo make install |
75 | - name: print version | 74 | - name: print version |
76 | run: command -V firejail && firejail --version | 75 | run: make print-version |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index df706c898..a005fefd7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -74,18 +74,18 @@ jobs: | |||
74 | - name: install dependencies | 74 | - name: install dependencies |
75 | run: > | 75 | run: > |
76 | sudo apt-get install -qy | 76 | sudo apt-get install -qy |
77 | gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois | 77 | gcc-12 libapparmor-dev libselinux1-dev |
78 | bridge-utils | ||
79 | - name: print env | 78 | - name: print env |
80 | run: ./ci/printenv.sh | 79 | run: ./ci/printenv.sh |
81 | - name: configure | 80 | - name: configure |
82 | run: > | 81 | run: > |
83 | CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings | 82 | ./configure CC=gcc-12 |
84 | --enable-analyzer --enable-apparmor --enable-selinux | 83 | --prefix=/usr --enable-fatal-warnings --enable-analyzer |
84 | --enable-apparmor --enable-selinux | ||
85 | || (cat config.log; exit 1) | 85 | || (cat config.log; exit 1) |
86 | - name: make | 86 | - name: make |
87 | run: make | 87 | run: make |
88 | - name: make install | 88 | - name: make install |
89 | run: sudo make install | 89 | run: sudo make install |
90 | - name: print firejail version | 90 | - name: print version |
91 | run: command -V firejail && firejail --version | 91 | run: make print-version |
diff --git a/.github/workflows/check-c.yml b/.github/workflows/check-c.yml index 5c20f9892..49c9b38a7 100644 --- a/.github/workflows/check-c.yml +++ b/.github/workflows/check-c.yml | |||
@@ -8,9 +8,9 @@ on: | |||
8 | branches-ignore: | 8 | branches-ignore: |
9 | - 'dependabot/**' | 9 | - 'dependabot/**' |
10 | paths: | 10 | paths: |
11 | - '**.c' | ||
12 | - '**.h' | ||
11 | - 'm4/**' | 13 | - 'm4/**' |
12 | - 'src/**.c' | ||
13 | - 'src/**.h' | ||
14 | - 'src/**.mk' | 14 | - 'src/**.mk' |
15 | - 'src/**Makefile' | 15 | - 'src/**Makefile' |
16 | - .github/workflows/check-c.yml | 16 | - .github/workflows/check-c.yml |
@@ -22,9 +22,9 @@ on: | |||
22 | - configure.ac | 22 | - configure.ac |
23 | pull_request: | 23 | pull_request: |
24 | paths: | 24 | paths: |
25 | - '**.c' | ||
26 | - '**.h' | ||
25 | - 'm4/**' | 27 | - 'm4/**' |
26 | - 'src/**.c' | ||
27 | - 'src/**.h' | ||
28 | - 'src/**.mk' | 28 | - 'src/**.mk' |
29 | - 'src/**Makefile' | 29 | - 'src/**Makefile' |
30 | - .github/workflows/check-c.yml | 30 | - .github/workflows/check-c.yml |
@@ -68,7 +68,8 @@ jobs: | |||
68 | - name: configure | 68 | - name: configure |
69 | run: > | 69 | run: > |
70 | ./configure CC=clang-14 SCAN_BUILD=scan-build-14 | 70 | ./configure CC=clang-14 SCAN_BUILD=scan-build-14 |
71 | --enable-fatal-warnings --enable-apparmor --enable-selinux | 71 | --prefix=/usr --enable-fatal-warnings |
72 | --enable-apparmor --enable-selinux | ||
72 | || (cat config.log; exit 1) | 73 | || (cat config.log; exit 1) |
73 | - name: scan-build | 74 | - name: scan-build |
74 | run: make scan-build | 75 | run: make scan-build |
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c76401022..f0aeafc9a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml | |||
@@ -73,15 +73,16 @@ jobs: | |||
73 | run: ./ci/printenv.sh | 73 | run: ./ci/printenv.sh |
74 | - name: configure | 74 | - name: configure |
75 | run: > | 75 | run: > |
76 | CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings | 76 | ./configure CC=gcc-12 |
77 | --enable-analyzer --enable-apparmor --enable-selinux | 77 | --prefix=/usr --enable-fatal-warnings --enable-analyzer |
78 | --enable-apparmor --enable-selinux | ||
78 | || (cat config.log; exit 1) | 79 | || (cat config.log; exit 1) |
79 | - name: make | 80 | - name: make |
80 | run: make -j "$(nproc)" | 81 | run: make -j "$(nproc)" |
81 | - name: make install | 82 | - name: make install |
82 | run: sudo make install | 83 | run: sudo make install |
83 | - name: print firejail version | 84 | - name: print version |
84 | run: command -V firejail && firejail --version | 85 | run: make print-version |
85 | - run: make lab-setup | 86 | - run: make lab-setup |
86 | - run: make test-seccomp-extra | 87 | - run: make test-seccomp-extra |
87 | - run: make test-firecfg | 88 | - run: make test-firecfg |
@@ -121,15 +122,16 @@ jobs: | |||
121 | run: ./ci/printenv.sh | 122 | run: ./ci/printenv.sh |
122 | - name: configure | 123 | - name: configure |
123 | run: > | 124 | run: > |
124 | CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings | 125 | ./configure CC=gcc-12 |
125 | --enable-analyzer --enable-apparmor --enable-selinux | 126 | --prefix=/usr --enable-fatal-warnings --enable-analyzer |
127 | --enable-apparmor --enable-selinux | ||
126 | || (cat config.log; exit 1) | 128 | || (cat config.log; exit 1) |
127 | - name: make | 129 | - name: make |
128 | run: make -j "$(nproc)" | 130 | run: make -j "$(nproc)" |
129 | - name: make install | 131 | - name: make install |
130 | run: sudo make install | 132 | run: sudo make install |
131 | - name: print firejail version | 133 | - name: print version |
132 | run: command -V firejail && firejail --version | 134 | run: make print-version |
133 | - run: make lab-setup | 135 | - run: make lab-setup |
134 | - run: make test-private-etc | 136 | - run: make test-private-etc |
135 | - run: make test-fs | 137 | - run: make test-fs |
@@ -160,15 +162,16 @@ jobs: | |||
160 | run: ./ci/printenv.sh | 162 | run: ./ci/printenv.sh |
161 | - name: configure | 163 | - name: configure |
162 | run: > | 164 | run: > |
163 | CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings | 165 | ./configure CC=gcc-12 |
164 | --enable-analyzer --enable-apparmor --enable-selinux | 166 | --prefix=/usr --enable-fatal-warnings --enable-analyzer |
167 | --enable-apparmor --enable-selinux | ||
165 | || (cat config.log; exit 1) | 168 | || (cat config.log; exit 1) |
166 | - name: make | 169 | - name: make |
167 | run: make -j "$(nproc)" | 170 | run: make -j "$(nproc)" |
168 | - name: make install | 171 | - name: make install |
169 | run: sudo make install | 172 | run: sudo make install |
170 | - name: print firejail version | 173 | - name: print version |
171 | run: command -V firejail && firejail --version | 174 | run: make print-version |
172 | - run: make lab-setup | 175 | - run: make lab-setup |
173 | - run: make test-environment | 176 | - run: make test-environment |
174 | - run: make test-profiles | 177 | - run: make test-profiles |
@@ -202,15 +205,16 @@ jobs: | |||
202 | run: ./ci/printenv.sh | 205 | run: ./ci/printenv.sh |
203 | - name: configure | 206 | - name: configure |
204 | run: > | 207 | run: > |
205 | CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings | 208 | ./configure CC=gcc-12 |
206 | --enable-analyzer --enable-apparmor --enable-selinux | 209 | --prefix=/usr --enable-fatal-warnings --enable-analyzer |
210 | --enable-apparmor --enable-selinux | ||
207 | || (cat config.log; exit 1) | 211 | || (cat config.log; exit 1) |
208 | - name: make | 212 | - name: make |
209 | run: make -j "$(nproc)" | 213 | run: make -j "$(nproc)" |
210 | - name: make install | 214 | - name: make install |
211 | run: sudo make install | 215 | run: sudo make install |
212 | - name: print firejail version | 216 | - name: print version |
213 | run: command -V firejail && firejail --version | 217 | run: make print-version |
214 | - run: make lab-setup | 218 | - run: make lab-setup |
215 | - run: make test-utils | 219 | - run: make test-utils |
216 | 220 | ||
@@ -248,15 +252,16 @@ jobs: | |||
248 | run: ./ci/printenv.sh | 252 | run: ./ci/printenv.sh |
249 | - name: configure | 253 | - name: configure |
250 | run: > | 254 | run: > |
251 | CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings | 255 | ./configure CC=gcc-12 |
252 | --enable-analyzer --enable-apparmor --enable-selinux | 256 | --prefix=/usr --enable-fatal-warnings --enable-analyzer |
257 | --enable-apparmor --enable-selinux | ||
253 | || (cat config.log; exit 1) | 258 | || (cat config.log; exit 1) |
254 | - name: make | 259 | - name: make |
255 | run: make -j "$(nproc)" | 260 | run: make -j "$(nproc)" |
256 | - name: make install | 261 | - name: make install |
257 | run: sudo make install | 262 | run: sudo make install |
258 | - name: print firejail version | 263 | - name: print version |
259 | run: command -V firejail && firejail --version | 264 | run: make print-version |
260 | - run: make lab-setup | 265 | - run: make lab-setup |
261 | - run: make test-fnetfilter | 266 | - run: make test-fnetfilter |
262 | - run: make test-sysutils | 267 | - run: make test-sysutils |
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 33835ba71..71bb70b82 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml | |||
@@ -1,10 +1,13 @@ | |||
1 | # Basic notes: builds firejail on 5 different systems for 2 package systems: | 1 | # Builds on multiple systems using different package managers: |
2 | # 1. Debian-based systems. Use debian:jessie to ensure reasonable backwards | 2 | # |
3 | # compat and ubuntu:rolling for new setups | 3 | # - Debian-based systems: Use oldest working/supported debian image for |
4 | # 2. Redhat-based systems. Use centos:latest for reasonable backwards compat | 4 | # reasonable backwards compatibility and ubuntu:rolling for new setups. |
5 | # and fedora:latest for new setups | 5 | # Additionally, ensure that the package works without apparmor. |
6 | # 3. Alpine for installing directly from source | 6 | # |
7 | # Also builds apparmor package for Ubuntu LTS | 7 | # - Redhat-based systems: Use a centos-like distribution for reasonable |
8 | # backwards compatibility and fedora:latest for new setups. | ||
9 | # | ||
10 | # - Alpine: Use it for installing directly from source. | ||
8 | 11 | ||
9 | build_ubuntu_package: | 12 | build_ubuntu_package: |
10 | image: ubuntu:rolling | 13 | image: ubuntu:rolling |
@@ -19,9 +22,10 @@ build_ubuntu_package: | |||
19 | | grep -Ev '^(Selecting|Preparing to unpack|Unpacking)' | 22 | | grep -Ev '^(Selecting|Preparing to unpack|Unpacking)' |
20 | - ./ci/printenv.sh | 23 | - ./ci/printenv.sh |
21 | - ./configure || (cat config.log; exit 1) | 24 | - ./configure || (cat config.log; exit 1) |
22 | - make deb | 25 | - make dist |
23 | - dpkg -i firejail*.deb | 26 | - ./mkdeb.sh --enable-fatal-warnings |
24 | - command -V firejail && firejail --version | 27 | - dpkg -i ./*.deb |
28 | - make print-version | ||
25 | 29 | ||
26 | build_debian_package: | 30 | build_debian_package: |
27 | image: debian:buster | 31 | image: debian:buster |
@@ -36,9 +40,31 @@ build_debian_package: | |||
36 | | grep -Ev '^(Selecting|Preparing to unpack|Unpacking)' | 40 | | grep -Ev '^(Selecting|Preparing to unpack|Unpacking)' |
37 | - ./ci/printenv.sh | 41 | - ./ci/printenv.sh |
38 | - ./configure || (cat config.log; exit 1) | 42 | - ./configure || (cat config.log; exit 1) |
39 | - make deb | 43 | - make dist |
40 | - dpkg -i firejail*.deb | 44 | - ./mkdeb.sh --enable-fatal-warnings |
41 | - command -V firejail && firejail --version | 45 | - dpkg -i ./*.deb |
46 | - make print-version | ||
47 | |||
48 | build_no_apparmor: | ||
49 | image: ubuntu:latest | ||
50 | timeout: 10 minutes | ||
51 | variables: | ||
52 | DEBIAN_FRONTEND: noninteractive | ||
53 | script: | ||
54 | - apt-get update -qy | ||
55 | - > | ||
56 | apt-get install --no-install-recommends -qy | ||
57 | build-essential fakeroot lintian pkg-config gawk | ||
58 | | grep -Ev '^(Selecting|Preparing to unpack|Unpacking)' | ||
59 | - ./ci/printenv.sh | ||
60 | - ./configure || (cat config.log; exit 1) | ||
61 | - make dist | ||
62 | - > | ||
63 | ./mkdeb.sh --enable-fatal-warnings | ||
64 | --disable-apparmor | ||
65 | - dpkg -i ./*.deb | ||
66 | - make print-version | ||
67 | - make print-version | grep -F 'AppArmor support is disabled' | ||
42 | 68 | ||
43 | build_redhat_package: | 69 | build_redhat_package: |
44 | image: almalinux:latest | 70 | image: almalinux:latest |
@@ -48,9 +74,10 @@ build_redhat_package: | |||
48 | - dnf install -y rpm-build gcc make | 74 | - dnf install -y rpm-build gcc make |
49 | - ./ci/printenv.sh | 75 | - ./ci/printenv.sh |
50 | - ./configure || (cat config.log; exit 1) | 76 | - ./configure || (cat config.log; exit 1) |
51 | - make rpms | 77 | - make dist |
52 | - rpm -i firejail*.rpm | 78 | - ./platform/rpm/mkrpm.sh --enable-fatal-warnings |
53 | - command -V firejail && firejail --version | 79 | - rpm -i ./*.rpm |
80 | - make print-version | ||
54 | 81 | ||
55 | build_fedora_package: | 82 | build_fedora_package: |
56 | image: fedora:latest | 83 | image: fedora:latest |
@@ -60,9 +87,10 @@ build_fedora_package: | |||
60 | - dnf install -y rpm-build gcc make | 87 | - dnf install -y rpm-build gcc make |
61 | - ./ci/printenv.sh | 88 | - ./ci/printenv.sh |
62 | - ./configure || (cat config.log; exit 1) | 89 | - ./configure || (cat config.log; exit 1) |
63 | - make rpms | 90 | - make dist |
64 | - rpm -i firejail*.rpm | 91 | - ./platform/rpm/mkrpm.sh --enable-fatal-warnings |
65 | - command -V firejail && firejail --version | 92 | - rpm -i ./*.rpm |
93 | - make print-version | ||
66 | 94 | ||
67 | build_src_package: | 95 | build_src_package: |
68 | image: alpine:latest | 96 | image: alpine:latest |
@@ -72,29 +100,14 @@ build_src_package: | |||
72 | - apk upgrade | 100 | - apk upgrade |
73 | - apk add build-base linux-headers gawk | 101 | - apk add build-base linux-headers gawk |
74 | - ./ci/printenv.sh | 102 | - ./ci/printenv.sh |
75 | - ./configure --prefix=/usr || (cat config.log; exit 1) | 103 | # Note: Do not use ` --enable-fatal-warnings` because the build |
104 | # currently produces warnings on Alpine (see #6224). | ||
105 | - > | ||
106 | ./configure --prefix=/usr | ||
107 | || (cat config.log; exit 1) | ||
76 | - make | 108 | - make |
77 | - make install-strip | 109 | - make install-strip |
78 | - command -V firejail && firejail --version | 110 | - make print-version |
79 | |||
80 | build_no_apparmor: | ||
81 | image: ubuntu:latest | ||
82 | timeout: 10 minutes | ||
83 | variables: | ||
84 | DEBIAN_FRONTEND: noninteractive | ||
85 | script: | ||
86 | - apt-get update -qy | ||
87 | - > | ||
88 | apt-get install --no-install-recommends -qy | ||
89 | build-essential fakeroot lintian pkg-config gawk | ||
90 | | grep -Ev '^(Selecting|Preparing to unpack|Unpacking)' | ||
91 | - ./ci/printenv.sh | ||
92 | - ./configure || (cat config.log; exit 1) | ||
93 | - make dist | ||
94 | - ./mkdeb.sh --disable-apparmor | ||
95 | - dpkg -i firejail*.deb | ||
96 | - command -V firejail && firejail --version | ||
97 | - firejail --version | grep -F 'AppArmor support is disabled' | ||
98 | 111 | ||
99 | debian_ci: | 112 | debian_ci: |
100 | image: registry.salsa.debian.org/salsa-ci-team/ci-image-git-buildpackage:latest | 113 | image: registry.salsa.debian.org/salsa-ci-team/ci-image-git-buildpackage:latest |
@@ -103,6 +116,7 @@ debian_ci: | |||
103 | DEBFULLNAME: "$GITLAB_USER_NAME" | 116 | DEBFULLNAME: "$GITLAB_USER_NAME" |
104 | DEBEMAIL: "$GITLAB_USER_EMAIL" | 117 | DEBEMAIL: "$GITLAB_USER_EMAIL" |
105 | DEBIAN_FRONTEND: noninteractive | 118 | DEBIAN_FRONTEND: noninteractive |
119 | PKGNAME: firejail | ||
106 | before_script: | 120 | before_script: |
107 | - git checkout -B ci_build "$CI_COMMIT_SHA" | 121 | - git checkout -B ci_build "$CI_COMMIT_SHA" |
108 | - gitlab-ci-enable-sid | 122 | - gitlab-ci-enable-sid |
@@ -117,17 +131,17 @@ debian_ci: | |||
117 | - git config user.email "$DEBEMAIL" | 131 | - git config user.email "$DEBEMAIL" |
118 | - | | 132 | - | |
119 | cd "$CI_PROJECT_DIR/.." | 133 | cd "$CI_PROJECT_DIR/.." |
120 | apt-get source --download-only -t experimental firejail || | 134 | apt-get source --download-only -t experimental "$PKGNAME" || |
121 | apt-get source --download-only firejail | 135 | apt-get source --download-only "$PKGNAME" |
122 | - | | 136 | - | |
123 | cd "$CI_PROJECT_DIR" | 137 | cd "$CI_PROJECT_DIR" |
124 | tar xf ../firejail_*.debian.tar.* | 138 | tar xf "../${PKGNAME}"_*.debian.tar.* |
125 | - rm -rf debian/patches/ | 139 | - rm -rf debian/patches/ |
126 | - | | 140 | - | |
127 | VERSION="$(grep ^PACKAGE_VERSION= configure | cut -d "'" -f 2)" | 141 | VERSION="$(grep ^PACKAGE_VERSION= configure | cut -d "'" -f 2)" |
128 | dch -v "${VERSION}-0.1~ci" 'Non-maintainer upload.' | 142 | dch -v "${VERSION}-0.1~ci" 'Non-maintainer upload.' |
129 | git archive -o "../firejail_${VERSION}.orig.tar.gz" HEAD | 143 | git archive -o "../${PKGNAME}_${VERSION}.orig.tar.gz" HEAD |
130 | pristine-tar commit "../firejail_${VERSION}.orig.tar.gz" ci_build | 144 | pristine-tar commit "../${PKGNAME}_${VERSION}.orig.tar.gz" ci_build |
131 | git branch -m pristine-tar origin/pristine-tar | 145 | git branch -m pristine-tar origin/pristine-tar |
132 | - git add debian | 146 | - git add debian |
133 | - git commit -m 'add debian/' | 147 | - git commit -m 'add debian/' |
@@ -391,6 +391,10 @@ codespell: | |||
391 | print-env: | 391 | print-env: |
392 | ./ci/printenv.sh | 392 | ./ci/printenv.sh |
393 | 393 | ||
394 | .PHONY: print-version | ||
395 | print-version: config.mk | ||
396 | command -V $(TARNAME) && $(TARNAME) --version | ||
397 | |||
394 | # | 398 | # |
395 | # make test | 399 | # make test |
396 | # | 400 | # |
diff --git a/contrib/update_deb.sh b/contrib/update_deb.sh index c61c2b8a9..c5947d996 100755 --- a/contrib/update_deb.sh +++ b/contrib/update_deb.sh | |||
@@ -16,7 +16,7 @@ sed -i "s/# restricted-network .*/restricted-network yes/" \ | |||
16 | etc/firejail.config | 16 | etc/firejail.config |
17 | 17 | ||
18 | make deb | 18 | make deb |
19 | sudo dpkg -i firejail*.deb | 19 | sudo dpkg -i ./*.deb |
20 | echo "Firejail updated." | 20 | echo "Firejail updated." |
21 | cd .. | 21 | cd .. |
22 | rm -rf firejail | 22 | rm -rf firejail |
@@ -12,14 +12,22 @@ | |||
12 | gcov_generate() { | 12 | gcov_generate() { |
13 | USER="$(whoami)" | 13 | USER="$(whoami)" |
14 | find . -exec sudo chown "$USER:$USER" '{}' + | 14 | find . -exec sudo chown "$USER:$USER" '{}' + |
15 | lcov -q --capture -d src/firejail -d src/lib -d src/firecfg -d src/firemon \ | 15 | lcov -q --capture \ |
16 | -d src/fnet -d src/fnetfilter -d src/fcopy -d src/fseccomp --output-file gcov-file | 16 | -d src/firejail -d src/lib -d src/firecfg -d src/firemon \ |
17 | -d src/fnet -d src/fnetfilter -d src/fcopy \ | ||
18 | -d src/fseccomp --output-file gcov-file | ||
19 | |||
17 | genhtml -q gcov-file --output-directory gcov-dir | 20 | genhtml -q gcov-file --output-directory gcov-dir |
18 | } | 21 | } |
19 | 22 | ||
20 | make distclean && ./configure --prefix=/usr --enable-apparmor --enable-gcov --enable-fatal-warnings && make -j4 && sudo make install | 23 | make distclean && |
24 | ./configure --prefix=/usr --enable-fatal-warnings \ | ||
25 | --enable-apparmor --enable-gcov && | ||
26 | make -j "$(nproc)" && | ||
27 | sudo make install | ||
28 | |||
21 | rm -fr gcov-dir gcov-file | 29 | rm -fr gcov-dir gcov-file |
22 | firejail --version | 30 | make print-version |
23 | gcov_generate | 31 | gcov_generate |
24 | 32 | ||
25 | make test-firecfg | grep TESTING | 33 | make test-firecfg | grep TESTING |
@@ -26,7 +26,7 @@ tar -xJvf "$CODE_ARCHIVE" | |||
26 | #mkdir -p "$INSTALL_DIR" | 26 | #mkdir -p "$INSTALL_DIR" |
27 | cd "$CODE_DIR" | 27 | cd "$CODE_DIR" |
28 | ./configure --prefix=/usr --enable-apparmor "$@" | 28 | ./configure --prefix=/usr --enable-apparmor "$@" |
29 | make -j2 | 29 | make -j "$(nproc)" |
30 | mkdir debian | 30 | mkdir debian |
31 | DESTDIR=debian make install-strip | 31 | DESTDIR=debian make install-strip |
32 | 32 | ||
diff --git a/platform/rpm/mkrpm.sh b/platform/rpm/mkrpm.sh index 0221fa607..46bb90036 100755 --- a/platform/rpm/mkrpm.sh +++ b/platform/rpm/mkrpm.sh | |||
@@ -16,6 +16,8 @@ set -e | |||
16 | name="$TARNAME" | 16 | name="$TARNAME" |
17 | # Strip any trailing prefix from the version like -rc1 etc | 17 | # Strip any trailing prefix from the version like -rc1 etc |
18 | version="$(printf '%s\n' "$VERSION" | sed 's/\-.*//g')" | 18 | version="$(printf '%s\n' "$VERSION" | sed 's/\-.*//g')" |
19 | |||
20 | # Note: rpmbuild itself already passes --prefix=/usr to ./configure | ||
19 | config_opt="--disable-userns --disable-contrib-install $*" | 21 | config_opt="--disable-userns --disable-contrib-install $*" |
20 | 22 | ||
21 | if [[ ! -f "platform/rpm/${name}.spec" ]]; then | 23 | if [[ ! -f "platform/rpm/${name}.spec" ]]; then |
diff --git a/src/tools/mkcoverit.sh b/src/tools/mkcoverit.sh index 2d54f7c66..2b1c0a9d8 100755 --- a/src/tools/mkcoverit.sh +++ b/src/tools/mkcoverit.sh | |||
@@ -44,5 +44,5 @@ mv $DIRFIRETOOLS $DIRFIREJAIL/extras/firetools | |||
44 | 44 | ||
45 | # build | 45 | # build |
46 | cd $DIRFIREJAIL | 46 | cd $DIRFIREJAIL |
47 | cov-build --dir cov-int make -j 4 extras | 47 | cov-build --dir cov-int make -j "$(nproc)" extras |
48 | tar czvf myproject.tgz cov-int | 48 | tar czvf myproject.tgz cov-int |
diff --git a/test/compile/compile.sh b/test/compile/compile.sh index 4e9b6bed2..f3e5c4f33 100755 --- a/test/compile/compile.sh +++ b/test/compile/compile.sh | |||
@@ -81,8 +81,10 @@ tar -xJvf ../../"$DIST.tar.xz" | |||
81 | mv "$DIST" firejail | 81 | mv "$DIST" firejail |
82 | 82 | ||
83 | cd firejail || exit 1 | 83 | cd firejail || exit 1 |
84 | ./configure --prefix=/usr --enable-fatal-warnings 2>&1 | tee ../output-configure | 84 | ./configure --prefix=/usr --enable-fatal-warnings \ |
85 | make -j4 2>&1 | tee ../output-make | 85 | 2>&1 | tee ../output-configure |
86 | |||
87 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
86 | cd .. | 88 | cd .. |
87 | grep Warning output-configure output-make > ./report-test1 | 89 | grep Warning output-configure output-make > ./report-test1 |
88 | grep Error output-configure output-make >> ./report-test1 | 90 | grep Error output-configure output-make >> ./report-test1 |
@@ -98,8 +100,11 @@ rm output-configure output-make | |||
98 | print_title "${arr[2]}" | 100 | print_title "${arr[2]}" |
99 | cd firejail || exit 1 | 101 | cd firejail || exit 1 |
100 | make distclean | 102 | make distclean |
101 | ./configure --prefix=/usr --disable-dbusproxy --enable-fatal-warnings 2>&1 | tee ../output-configure | 103 | ./configure --prefix=/usr --enable-fatal-warnings \ |
102 | make -j4 2>&1 | tee ../output-make | 104 | --disable-dbusproxy \ |
105 | 2>&1 | tee ../output-configure | ||
106 | |||
107 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
103 | cd .. | 108 | cd .. |
104 | grep Warning output-configure output-make > ./report-test2 | 109 | grep Warning output-configure output-make > ./report-test2 |
105 | grep Error output-configure output-make >> ./report-test2 | 110 | grep Error output-configure output-make >> ./report-test2 |
@@ -115,8 +120,11 @@ rm output-configure output-make | |||
115 | print_title "${arr[3]}" | 120 | print_title "${arr[3]}" |
116 | cd firejail || exit 1 | 121 | cd firejail || exit 1 |
117 | make distclean | 122 | make distclean |
118 | ./configure --prefix=/usr --disable-chroot --enable-fatal-warnings 2>&1 | tee ../output-configure | 123 | ./configure --prefix=/usr --enable-fatal-warnings \ |
119 | make -j4 2>&1 | tee ../output-make | 124 | --disable-chroot \ |
125 | 2>&1 | tee ../output-configure | ||
126 | |||
127 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
120 | cd .. | 128 | cd .. |
121 | grep Warning output-configure output-make > ./report-test3 | 129 | grep Warning output-configure output-make > ./report-test3 |
122 | grep Error output-configure output-make >> ./report-test3 | 130 | grep Error output-configure output-make >> ./report-test3 |
@@ -132,8 +140,11 @@ rm output-configure output-make | |||
132 | print_title "${arr[4]}" | 140 | print_title "${arr[4]}" |
133 | cd firejail || exit 1 | 141 | cd firejail || exit 1 |
134 | make distclean | 142 | make distclean |
135 | ./configure --prefix=/usr --disable-firetunnel --enable-fatal-warnings 2>&1 | tee ../output-configure | 143 | ./configure --prefix=/usr --enable-fatal-warnings \ |
136 | make -j4 2>&1 | tee ../output-make | 144 | --disable-firetunnel \ |
145 | 2>&1 | tee ../output-configure | ||
146 | |||
147 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
137 | cd .. | 148 | cd .. |
138 | grep Warning output-configure output-make > ./report-test4 | 149 | grep Warning output-configure output-make > ./report-test4 |
139 | grep Error output-configure output-make >> ./report-test4 | 150 | grep Error output-configure output-make >> ./report-test4 |
@@ -149,8 +160,11 @@ rm output-configure output-make | |||
149 | print_title "${arr[5]}" | 160 | print_title "${arr[5]}" |
150 | cd firejail || exit 1 | 161 | cd firejail || exit 1 |
151 | make distclean | 162 | make distclean |
152 | ./configure --prefix=/usr --disable-userns --enable-fatal-warnings 2>&1 | tee ../output-configure | 163 | ./configure --prefix=/usr --enable-fatal-warnings \ |
153 | make -j4 2>&1 | tee ../output-make | 164 | --disable-userns \ |
165 | 2>&1 | tee ../output-configure | ||
166 | |||
167 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
154 | cd .. | 168 | cd .. |
155 | grep Warning output-configure output-make > ./report-test5 | 169 | grep Warning output-configure output-make > ./report-test5 |
156 | grep Error output-configure output-make >> ./report-test5 | 170 | grep Error output-configure output-make >> ./report-test5 |
@@ -167,8 +181,11 @@ rm output-configure output-make | |||
167 | print_title "${arr[6]}" | 181 | print_title "${arr[6]}" |
168 | cd firejail || exit 1 | 182 | cd firejail || exit 1 |
169 | make distclean | 183 | make distclean |
170 | ./configure --prefix=/usr --disable-network --enable-fatal-warnings 2>&1 | tee ../output-configure | 184 | ./configure --prefix=/usr --enable-fatal-warnings \ |
171 | make -j4 2>&1 | tee ../output-make | 185 | --disable-network \ |
186 | 2>&1 | tee ../output-configure | ||
187 | |||
188 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
172 | cd .. | 189 | cd .. |
173 | grep Warning output-configure output-make > ./report-test6 | 190 | grep Warning output-configure output-make > ./report-test6 |
174 | grep Error output-configure output-make >> ./report-test6 | 191 | grep Error output-configure output-make >> ./report-test6 |
@@ -184,8 +201,11 @@ rm output-configure output-make | |||
184 | print_title "${arr[7]}" | 201 | print_title "${arr[7]}" |
185 | cd firejail || exit 1 | 202 | cd firejail || exit 1 |
186 | make distclean | 203 | make distclean |
187 | ./configure --prefix=/usr --disable-x11 --enable-fatal-warnings 2>&1 | tee ../output-configure | 204 | ./configure --prefix=/usr --enable-fatal-warnings \ |
188 | make -j4 2>&1 | tee ../output-make | 205 | --disable-x11 \ |
206 | 2>&1 | tee ../output-configure | ||
207 | |||
208 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
189 | cd .. | 209 | cd .. |
190 | grep Warning output-configure output-make > ./report-test7 | 210 | grep Warning output-configure output-make > ./report-test7 |
191 | grep Error output-configure output-make >> ./report-test7 | 211 | grep Error output-configure output-make >> ./report-test7 |
@@ -201,8 +221,11 @@ rm output-configure output-make | |||
201 | print_title "${arr[8]}" | 221 | print_title "${arr[8]}" |
202 | cd firejail || exit 1 | 222 | cd firejail || exit 1 |
203 | make distclean | 223 | make distclean |
204 | ./configure --prefix=/usr --enable-selinux --enable-fatal-warnings 2>&1 | tee ../output-configure | 224 | ./configure --prefix=/usr --enable-fatal-warnings \ |
205 | make -j4 2>&1 | tee ../output-make | 225 | --enable-selinux \ |
226 | 2>&1 | tee ../output-configure | ||
227 | |||
228 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
206 | cd .. | 229 | cd .. |
207 | grep Warning output-configure output-make > ./report-test8 | 230 | grep Warning output-configure output-make > ./report-test8 |
208 | grep Error output-configure output-make >> ./report-test8 | 231 | grep Error output-configure output-make >> ./report-test8 |
@@ -218,8 +241,11 @@ rm output-configure output-make | |||
218 | print_title "${arr[9]}" | 241 | print_title "${arr[9]}" |
219 | cd firejail || exit 1 | 242 | cd firejail || exit 1 |
220 | make distclean | 243 | make distclean |
221 | ./configure --prefix=/usr --disable-file-transfer --enable-fatal-warnings 2>&1 | tee ../output-configure | 244 | ./configure --prefix=/usr --enable-fatal-warnings \ |
222 | make -j4 2>&1 | tee ../output-make | 245 | --disable-file-transfer \ |
246 | 2>&1 | tee ../output-configure | ||
247 | |||
248 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
223 | cd .. | 249 | cd .. |
224 | grep Warning output-configure output-make > ./report-test9 | 250 | grep Warning output-configure output-make > ./report-test9 |
225 | grep Error output-configure output-make >> ./report-test9 | 251 | grep Error output-configure output-make >> ./report-test9 |
@@ -235,8 +261,11 @@ rm output-configure output-make | |||
235 | print_title "${arr[10]}" | 261 | print_title "${arr[10]}" |
236 | cd firejail || exit 1 | 262 | cd firejail || exit 1 |
237 | make distclean | 263 | make distclean |
238 | ./configure --prefix=/usr --disable-whitelist --enable-fatal-warnings 2>&1 | tee ../output-configure | 264 | ./configure --prefix=/usr --enable-fatal-warnings \ |
239 | make -j4 2>&1 | tee ../output-make | 265 | --disable-whitelist \ |
266 | 2>&1 | tee ../output-configure | ||
267 | |||
268 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
240 | cd .. | 269 | cd .. |
241 | grep Warning output-configure output-make > ./report-test10 | 270 | grep Warning output-configure output-make > ./report-test10 |
242 | grep Error output-configure output-make >> ./report-test10 | 271 | grep Error output-configure output-make >> ./report-test10 |
@@ -252,8 +281,11 @@ rm output-configure output-make | |||
252 | print_title "${arr[11]}" | 281 | print_title "${arr[11]}" |
253 | cd firejail || exit 1 | 282 | cd firejail || exit 1 |
254 | make distclean | 283 | make distclean |
255 | ./configure --prefix=/usr --disable-globalcfg --enable-fatal-warnings 2>&1 | tee ../output-configure | 284 | ./configure --prefix=/usr --enable-fatal-warnings \ |
256 | make -j4 2>&1 | tee ../output-make | 285 | --disable-globalcfg \ |
286 | 2>&1 | tee ../output-configure | ||
287 | |||
288 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
257 | cd .. | 289 | cd .. |
258 | grep Warning output-configure output-make > ./report-test11 | 290 | grep Warning output-configure output-make > ./report-test11 |
259 | grep Error output-configure output-make >> ./report-test11 | 291 | grep Error output-configure output-make >> ./report-test11 |
@@ -269,8 +301,11 @@ rm output-configure output-make | |||
269 | print_title "${arr[12]}" | 301 | print_title "${arr[12]}" |
270 | cd firejail || exit 1 | 302 | cd firejail || exit 1 |
271 | make distclean | 303 | make distclean |
272 | ./configure --prefix=/usr --enable-apparmor --enable-fatal-warnings 2>&1 | tee ../output-configure | 304 | ./configure --prefix=/usr --enable-fatal-warnings \ |
273 | make -j4 2>&1 | tee ../output-make | 305 | --enable-apparmor \ |
306 | 2>&1 | tee ../output-configure | ||
307 | |||
308 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
274 | cd .. | 309 | cd .. |
275 | grep Warning output-configure output-make > ./report-test12 | 310 | grep Warning output-configure output-make > ./report-test12 |
276 | grep Error output-configure output-make >> ./report-test12 | 311 | grep Error output-configure output-make >> ./report-test12 |
@@ -286,8 +321,11 @@ rm output-configure output-make | |||
286 | print_title "${arr[13]}" | 321 | print_title "${arr[13]}" |
287 | cd firejail || exit 1 | 322 | cd firejail || exit 1 |
288 | make distclean | 323 | make distclean |
289 | ./configure --prefix=/usr --enable-busybox-workaround --enable-fatal-warnings 2>&1 | tee ../output-configure | 324 | ./configure --prefix=/usr --enable-fatal-warnings \ |
290 | make -j4 2>&1 | tee ../output-make | 325 | --enable-busybox-workaround \ |
326 | 2>&1 | tee ../output-configure | ||
327 | |||
328 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
291 | cd .. | 329 | cd .. |
292 | grep Warning output-configure output-make > ./report-test13 | 330 | grep Warning output-configure output-make > ./report-test13 |
293 | grep Error output-configure output-make >> ./report-test13 | 331 | grep Error output-configure output-make >> ./report-test13 |
@@ -303,8 +341,11 @@ rm output-configure output-make | |||
303 | print_title "${arr[14]}" | 341 | print_title "${arr[14]}" |
304 | cd firejail || exit 1 | 342 | cd firejail || exit 1 |
305 | make distclean | 343 | make distclean |
306 | ./configure --prefix=/usr --disable-overlayfs --enable-fatal-warnings 2>&1 | tee ../output-configure | 344 | ./configure --prefix=/usr --enable-fatal-warnings \ |
307 | make -j4 2>&1 | tee ../output-make | 345 | --disable-overlayfs \ |
346 | 2>&1 | tee ../output-configure | ||
347 | |||
348 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
308 | cd .. | 349 | cd .. |
309 | grep Warning output-configure output-make > ./report-test14 | 350 | grep Warning output-configure output-make > ./report-test14 |
310 | grep Error output-configure output-make >> ./report-test14 | 351 | grep Error output-configure output-make >> ./report-test14 |
@@ -320,8 +361,11 @@ rm output-configure output-make | |||
320 | print_title "${arr[15]}" | 361 | print_title "${arr[15]}" |
321 | cd firejail || exit 1 | 362 | cd firejail || exit 1 |
322 | make distclean | 363 | make distclean |
323 | ./configure --prefix=/usr --disable-private-home --enable-fatal-warnings 2>&1 | tee ../output-configure | 364 | ./configure --prefix=/usr --enable-fatal-warnings \ |
324 | make -j4 2>&1 | tee ../output-make | 365 | --disable-private-home \ |
366 | 2>&1 | tee ../output-configure | ||
367 | |||
368 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
325 | cd .. | 369 | cd .. |
326 | grep Warning output-configure output-make > ./report-test15 | 370 | grep Warning output-configure output-make > ./report-test15 |
327 | grep Error output-configure output-make >> ./report-test15 | 371 | grep Error output-configure output-make >> ./report-test15 |
@@ -337,8 +381,11 @@ rm output-configure output-make | |||
337 | print_title "${arr[16]}" | 381 | print_title "${arr[16]}" |
338 | cd firejail || exit 1 | 382 | cd firejail || exit 1 |
339 | make distclean | 383 | make distclean |
340 | ./configure --prefix=/usr --disable-man --enable-fatal-warnings 2>&1 | tee ../output-configure | 384 | ./configure --prefix=/usr --enable-fatal-warnings \ |
341 | make -j4 2>&1 | tee ../output-make | 385 | --disable-man \ |
386 | 2>&1 | tee ../output-configure | ||
387 | |||
388 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
342 | cd .. | 389 | cd .. |
343 | grep Warning output-configure output-make > ./report-test16 | 390 | grep Warning output-configure output-make > ./report-test16 |
344 | grep Error output-configure output-make >> ./report-test16 | 391 | grep Error output-configure output-make >> ./report-test16 |
@@ -354,8 +401,11 @@ rm output-configure output-make | |||
354 | print_title "${arr[17]}" | 401 | print_title "${arr[17]}" |
355 | cd firejail || exit 1 | 402 | cd firejail || exit 1 |
356 | make distclean | 403 | make distclean |
357 | ./configure --prefix=/usr --disable-usertmpfs --enable-fatal-warnings 2>&1 | tee ../output-configure | 404 | ./configure --prefix=/usr --enable-fatal-warnings \ |
358 | make -j4 2>&1 | tee ../output-make | 405 | --disable-usertmpfs \ |
406 | 2>&1 | tee ../output-configure | ||
407 | |||
408 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
359 | cd .. | 409 | cd .. |
360 | grep Warning output-configure output-make > ./report-test17 | 410 | grep Warning output-configure output-make > ./report-test17 |
361 | grep Error output-configure output-make >> ./report-test17 | 411 | grep Error output-configure output-make >> ./report-test17 |
@@ -371,8 +421,11 @@ rm output-configure output-make | |||
371 | print_title "${arr[18]}" | 421 | print_title "${arr[18]}" |
372 | cd firejail || exit 1 | 422 | cd firejail || exit 1 |
373 | make distclean | 423 | make distclean |
374 | ./configure --prefix=/usr --disable-private-home --enable-fatal-warnings 2>&1 | tee ../output-configure | 424 | ./configure --prefix=/usr --enable-fatal-warnings \ |
375 | make -j4 2>&1 | tee ../output-make | 425 | --disable-private-home \ |
426 | 2>&1 | tee ../output-configure | ||
427 | |||
428 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
376 | cd .. | 429 | cd .. |
377 | grep Warning output-configure output-make > ./report-test18 | 430 | grep Warning output-configure output-make > ./report-test18 |
378 | grep Error output-configure output-make >> ./report-test18 | 431 | grep Error output-configure output-make >> ./report-test18 |
@@ -388,8 +441,11 @@ rm output-configure output-make | |||
388 | print_title "${arr[19]}" | 441 | print_title "${arr[19]}" |
389 | cd firejail || exit 1 | 442 | cd firejail || exit 1 |
390 | make distclean | 443 | make distclean |
391 | ./configure --prefix=/usr --enable-ids --enable-fatal-warnings 2>&1 | tee ../output-configure | 444 | ./configure --prefix=/usr --enable-fatal-warnings \ |
392 | make -j4 2>&1 | tee ../output-make | 445 | --enable-ids \ |
446 | 2>&1 | tee ../output-configure | ||
447 | |||
448 | make -j "$(nproc)" 2>&1 | tee ../output-make | ||
393 | cd .. | 449 | cd .. |
394 | grep Warning output-configure output-make > ./report-test19 | 450 | grep Warning output-configure output-make > ./report-test19 |
395 | grep Error output-configure output-make >> ./report-test19 | 451 | grep Error output-configure output-make >> ./report-test19 |