diff options
-rw-r--r-- | .github/workflows/build-extra.yml | 16 | ||||
-rw-r--r-- | .github/workflows/build.yml | 9 | ||||
-rw-r--r-- | .github/workflows/profile-checks.yml | 18 | ||||
-rw-r--r-- | .gitlab-ci.yml | 39 |
4 files changed, 61 insertions, 21 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index 9db2ec41f..13c575c8b 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
@@ -68,7 +68,9 @@ jobs: | |||
68 | - name: install dependencies | 68 | - name: install dependencies |
69 | run: sudo apt-get install libapparmor-dev libselinux1-dev | 69 | run: sudo apt-get install libapparmor-dev libselinux1-dev |
70 | - name: configure | 70 | - name: configure |
71 | run: CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor --enable-selinux | 71 | run: > |
72 | CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor | ||
73 | --enable-selinux | ||
72 | - name: make | 74 | - name: make |
73 | run: make | 75 | run: make |
74 | - name: make install | 76 | - name: make install |
@@ -91,7 +93,9 @@ jobs: | |||
91 | - name: install clang-tools-14 and dependencies | 93 | - name: install clang-tools-14 and dependencies |
92 | run: sudo apt-get install clang-tools-14 libapparmor-dev libselinux1-dev | 94 | run: sudo apt-get install clang-tools-14 libapparmor-dev libselinux1-dev |
93 | - name: configure | 95 | - name: configure |
94 | run: CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor --enable-selinux | 96 | run: > |
97 | CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor | ||
98 | --enable-selinux | ||
95 | - name: scan-build | 99 | - name: scan-build |
96 | run: NO_EXTRA_CFLAGS="yes" scan-build-14 --status-bugs make | 100 | run: NO_EXTRA_CFLAGS="yes" scan-build-14 --status-bugs make |
97 | cppcheck: | 101 | cppcheck: |
@@ -110,9 +114,11 @@ jobs: | |||
110 | - name: install cppcheck | 114 | - name: install cppcheck |
111 | run: sudo apt-get install cppcheck | 115 | run: sudo apt-get install cppcheck |
112 | - name: cppcheck | 116 | - name: cppcheck |
113 | run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance -i src/firejail/checkcfg.c -i src/firejail/main.c . | 117 | run: > |
114 | # new cppcheck version currently chokes on checkcfg.c and main.c, therefore scan all files also | 118 | cppcheck -q --force --error-exitcode=1 --enable=warning,performance |
115 | # with older cppcheck version from ubuntu 20.04. | 119 | -i src/firejail/checkcfg.c -i src/firejail/main.c . |
120 | # new cppcheck version currently chokes on checkcfg.c and main.c, therefore | ||
121 | # scan all files also with older cppcheck version from ubuntu 20.04. | ||
116 | cppcheck_old: | 122 | cppcheck_old: |
117 | runs-on: ubuntu-20.04 | 123 | runs-on: ubuntu-20.04 |
118 | steps: | 124 | steps: |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 429fb5807..4af788044 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -64,9 +64,14 @@ jobs: | |||
64 | - name: update package information | 64 | - name: update package information |
65 | run: sudo apt-get update | 65 | run: sudo apt-get update |
66 | - name: install dependencies | 66 | - name: install dependencies |
67 | run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois bridge-utils | 67 | run: > |
68 | sudo apt-get install | ||
69 | gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois | ||
70 | bridge-utils | ||
68 | - name: configure | 71 | - name: configure |
69 | run: CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux | 72 | run: > |
73 | CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings | ||
74 | --enable-analyzer --enable-apparmor --enable-selinux | ||
70 | - name: make | 75 | - name: make |
71 | run: make | 76 | run: make |
72 | - name: make install | 77 | - name: make install |
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml index 64069f917..4981b3c69 100644 --- a/.github/workflows/profile-checks.yml +++ b/.github/workflows/profile-checks.yml | |||
@@ -35,11 +35,19 @@ jobs: | |||
35 | 35 | ||
36 | - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab | 36 | - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab |
37 | # - name: sort.py | 37 | # - name: sort.py |
38 | # run: ./ci/check/profiles/sort.py etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile | 38 | # run: > |
39 | # ./ci/check/profiles/sort.py | ||
40 | # etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile | ||
39 | # Currently broken (see #5610) | 41 | # Currently broken (see #5610) |
40 | # - name: private-etc-always-required.sh | 42 | # - name: private-etc-always-required.sh |
41 | # run: ./ci/check/profiles/private-etc-always-required.sh etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile | 43 | # run: > |
44 | # ./ci/check/profiles/private-etc-always-required.sh | ||
45 | # etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile | ||
42 | - name: sort-disable-programs.sh | 46 | - name: sort-disable-programs.sh |
43 | run: ./ci/check/profiles/sort-disable-programs.sh etc/inc/disable-programs.inc | 47 | run: > |
48 | ./ci/check/profiles/sort-disable-programs.sh | ||
49 | etc/inc/disable-programs.inc | ||
44 | - name: sort-firecfg.config.sh | 50 | - name: sort-firecfg.config.sh |
45 | run: ./ci/check/profiles/sort-firecfg.config.sh src/firecfg/firecfg.config | 51 | run: > |
52 | ./ci/check/profiles/sort-firecfg.config.sh | ||
53 | src/firecfg/firecfg.config | ||
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index fe07b5b93..bfad57c08 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml | |||
@@ -5,11 +5,14 @@ | |||
5 | # and fedora:latest for new setups | 5 | # and fedora:latest for new setups |
6 | # 3. Alpine for installing directly from source | 6 | # 3. Alpine for installing directly from source |
7 | # Also builds apparmor package for Ubuntu LTS | 7 | # Also builds apparmor package for Ubuntu LTS |
8 | |||
8 | build_ubuntu_package: | 9 | build_ubuntu_package: |
9 | image: ubuntu:rolling | 10 | image: ubuntu:rolling |
10 | script: | 11 | script: |
11 | - apt-get update -qq | 12 | - apt-get update -qq |
12 | - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config python3 gawk | 13 | - > |
14 | DEBIAN_FRONTEND=noninteractive apt-get install -y -qq | ||
15 | build-essential lintian libapparmor-dev pkg-config python3 gawk | ||
13 | - ./configure | 16 | - ./configure |
14 | - make deb | 17 | - make deb |
15 | - dpkg -i firejail*.deb | 18 | - dpkg -i firejail*.deb |
@@ -20,7 +23,9 @@ build_debian_package: | |||
20 | image: debian:stretch | 23 | image: debian:stretch |
21 | script: | 24 | script: |
22 | - apt-get update -qq | 25 | - apt-get update -qq |
23 | - apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk | 26 | - > |
27 | apt-get install -y -qq | ||
28 | build-essential lintian libapparmor-dev pkg-config gawk | ||
24 | - ./configure | 29 | - ./configure |
25 | - make deb | 30 | - make deb |
26 | - dpkg -i firejail*.deb | 31 | - dpkg -i firejail*.deb |
@@ -63,7 +68,9 @@ build_no_apparmor: | |||
63 | image: ubuntu:latest | 68 | image: ubuntu:latest |
64 | script: | 69 | script: |
65 | - apt-get update -qq | 70 | - apt-get update -qq |
66 | - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian pkg-config gawk | 71 | - > |
72 | DEBIAN_FRONTEND=noninteractive apt-get install -y -qq | ||
73 | build-essential lintian pkg-config gawk | ||
67 | - ./configure | 74 | - ./configure |
68 | - make dist | 75 | - make dist |
69 | - ./mkdeb.sh --disable-apparmor | 76 | - ./mkdeb.sh --disable-apparmor |
@@ -80,16 +87,30 @@ debian_ci: | |||
80 | - git checkout -B ci_build $CI_COMMIT_SHA | 87 | - git checkout -B ci_build $CI_COMMIT_SHA |
81 | - gitlab-ci-enable-sid | 88 | - gitlab-ci-enable-sid |
82 | - gitlab-ci-enable-experimental | 89 | - gitlab-ci-enable-experimental |
83 | - echo "deb-src http://deb.debian.org/debian sid main" >> /etc/apt/sources.list | 90 | - | |
84 | - echo "deb-src http://deb.debian.org/debian experimental main" >> /etc/apt/sources.list | 91 | cat >>/etc/apt/sources.list <<EOF |
92 | deb-src http://deb.debian.org/debian sid main | ||
93 | deb-src http://deb.debian.org/debian experimental main | ||
94 | EOF | ||
85 | - apt-get update | 95 | - apt-get update |
86 | - git config user.name "$DEBFULLNAME" | 96 | - git config user.name "$DEBFULLNAME" |
87 | - git config user.email "$DEBEMAIL" | 97 | - git config user.email "$DEBEMAIL" |
88 | - cd $CI_PROJECT_DIR/.. && (apt-get source --download-only -t experimental firejail || apt-get source --download-only firejail) | 98 | - | |
89 | - cd $CI_PROJECT_DIR && tar xf ../firejail_*.debian.tar.* | 99 | cd $CI_PROJECT_DIR/.. && |
100 | (apt-get source --download-only -t experimental firejail || | ||
101 | apt-get source --download-only firejail) | ||
102 | - | | ||
103 | cd $CI_PROJECT_DIR && | ||
104 | tar xf ../firejail_*.debian.tar.* | ||
90 | - rm -rf debian/patches/ | 105 | - rm -rf debian/patches/ |
91 | - VERSION=$(grep ^PACKAGE_VERSION= configure | cut -d"'" -f2) && dch -v ${VERSION}-0.1~ci "Non-maintainer upload." && git archive -o ../firejail_${VERSION}.orig.tar.gz HEAD && pristine-tar commit ../firejail_${VERSION}.orig.tar.gz ci_build && git branch -m pristine-tar origin/pristine-tar | 106 | - | |
92 | - git add debian && git commit -m "add debian/" | 107 | VERSION=$(grep ^PACKAGE_VERSION= configure | cut -d "'" -f 2) && |
108 | dch -v ${VERSION}-0.1~ci "Non-maintainer upload." && | ||
109 | git archive -o ../firejail_${VERSION}.orig.tar.gz HEAD && | ||
110 | pristine-tar commit ../firejail_${VERSION}.orig.tar.gz ci_build && | ||
111 | git branch -m pristine-tar origin/pristine-tar | ||
112 | - git add debian | ||
113 | - git commit -m "add debian/" | ||
93 | - export CI_COMMIT_SHA=$(git rev-parse HEAD) | 114 | - export CI_COMMIT_SHA=$(git rev-parse HEAD) |
94 | script: | 115 | script: |
95 | - apt-get --no-install-recommends install -y -qq gawk | 116 | - apt-get --no-install-recommends install -y -qq gawk |