diff options
| -rw-r--r-- | .github/workflows/build.yml | 10 | ||||
| -rw-r--r-- | Makefile.in | 62 | ||||
| -rwxr-xr-x | configure | 3 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rwxr-xr-x | platform/rpm/mkrpm.sh | 2 | ||||
| -rw-r--r-- | test/Makefile.in | 10 | ||||
| -rwxr-xr-x | test/sysutils/less.exp | 1 | ||||
| -rwxr-xr-x | test/sysutils/xz.exp | 5 | ||||
| -rwxr-xr-x | test/utils/man.exp | 1 |
9 files changed, 43 insertions, 53 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 56b38cb71..71cb7f0b4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
| @@ -7,16 +7,20 @@ on: | |||
| 7 | branches: [ master ] | 7 | branches: [ master ] |
| 8 | 8 | ||
| 9 | jobs: | 9 | jobs: |
| 10 | build: | 10 | build_and_test: |
| 11 | runs-on: ubuntu-20.04 | 11 | runs-on: ubuntu-20.04 |
| 12 | steps: | 12 | steps: |
| 13 | - uses: actions/checkout@v2 | 13 | - uses: actions/checkout@v2 |
| 14 | - name: install dependencies | 14 | - name: install dependencies |
| 15 | run: sudo apt-get install gcc-10 libapparmor-dev libselinux1-dev | 15 | run: sudo apt-get install gcc-10 libapparmor-dev libselinux1-dev expect xzdec |
| 16 | - name: configure | 16 | - name: configure |
| 17 | run: CC=gcc-10 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux | 17 | run: CC=gcc-10 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr |
| 18 | - name: make | 18 | - name: make |
| 19 | run: make | 19 | run: make |
| 20 | - name: make install | ||
| 21 | run: sudo make install | ||
| 22 | - name: run tests | ||
| 23 | run: SHELL=/bin/bash make test-github | ||
| 20 | build-clang: | 24 | build-clang: |
| 21 | runs-on: ubuntu-20.04 | 25 | runs-on: ubuntu-20.04 |
| 22 | steps: | 26 | steps: |
diff --git a/Makefile.in b/Makefile.in index c00d20c64..5fbbfead9 100644 --- a/Makefile.in +++ b/Makefile.in | |||
| @@ -74,6 +74,7 @@ clean: | |||
| 74 | for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \ | 74 | for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \ |
| 75 | $(MAKE) -C $$dir clean; \ | 75 | $(MAKE) -C $$dir clean; \ |
| 76 | done | 76 | done |
| 77 | $(MAKE) -C test clean | ||
| 77 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm | 78 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm |
| 78 | rm -f $(SECCOMP_FILTERS) | 79 | rm -f $(SECCOMP_FILTERS) |
| 79 | rm -f test/utils/index.html* | 80 | rm -f test/utils/index.html* |
| @@ -181,7 +182,7 @@ uninstall: | |||
| 181 | @echo "If you want to install a different version of firejail, you might also need to run 'rm -fr $(DESTDIR)$(sysconfdir)/firejail', see #2038." | 182 | @echo "If you want to install a different version of firejail, you might also need to run 'rm -fr $(DESTDIR)$(sysconfdir)/firejail', see #2038." |
| 182 | 183 | ||
| 183 | DISTFILES = "src etc m4 platform contrib configure configure.ac Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh.in COPYING README RELNOTES" | 184 | DISTFILES = "src etc m4 platform contrib configure configure.ac Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh.in COPYING README RELNOTES" |
| 184 | DISTFILES_TEST = "test/apps test/apps-x11 test/apps-x11-xorg test/root test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils test/chroot" | 185 | DISTFILES_TEST = "test/Makefile.in test/apps test/apps-x11 test/apps-x11-xorg test/root test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils test/chroot" |
| 185 | 186 | ||
| 186 | dist: | 187 | dist: |
| 187 | mv config.status config.status.old | 188 | mv config.status config.status.old |
| @@ -227,45 +228,11 @@ scan-build: clean | |||
| 227 | # make test | 228 | # make test |
| 228 | # | 229 | # |
| 229 | 230 | ||
| 231 | TESTS=profiles private-lib apps apps-x11 apps-x11-xorg sysutils utils environment filters arguments fs fcopy fnetfilter | ||
| 232 | TEST_TARGETS=$(patsubst %,test-%,$(TESTS)) | ||
| 230 | 233 | ||
| 231 | test-profiles: | 234 | $(TEST_TARGETS): |
| 232 | cd test/profiles; ./profiles.sh | grep TESTING | 235 | $(MAKE) -C test $(subst test-,,$@) |
| 233 | |||
| 234 | test-private-lib: | ||
| 235 | cd test/private-lib; ./private-lib.sh | grep TESTING | ||
| 236 | |||
| 237 | test-apps: | ||
| 238 | cd test/apps; ./apps.sh | grep TESTING | ||
| 239 | |||
| 240 | test-apps-x11: | ||
| 241 | cd test/apps-x11; ./apps-x11.sh | grep TESTING | ||
| 242 | |||
| 243 | test-apps-x11-xorg: | ||
| 244 | cd test/apps-x11-xorg; ./apps-x11-xorg.sh | grep TESTING | ||
| 245 | |||
| 246 | test-sysutils: | ||
| 247 | cd test/sysutils; ./sysutils.sh | grep TESTING | ||
| 248 | |||
| 249 | test-utils: | ||
| 250 | cd test/utils; ./utils.sh | grep TESTING | ||
| 251 | |||
| 252 | test-environment: | ||
| 253 | cd test/environment; ./environment.sh | grep TESTING | ||
| 254 | |||
| 255 | test-filters: | ||
| 256 | cd test/filters; ./filters.sh | grep TESTING | ||
| 257 | |||
| 258 | test-arguments: | ||
| 259 | cd test/arguments; ./arguments.sh | grep TESTING | ||
| 260 | |||
| 261 | test-fs: | ||
| 262 | cd test/fs; ./fs.sh | grep TESTING | ||
| 263 | |||
| 264 | test-fcopy: | ||
| 265 | cd test/fcopy; ./fcopy.sh | grep TESTING | ||
| 266 | |||
| 267 | test-fnetfilter: | ||
| 268 | cd test/fnetfilter; ./fnetfilter.sh | grep TESTING | ||
| 269 | 236 | ||
| 270 | test: test-profiles test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments | 237 | test: test-profiles test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments |
| 271 | echo "TEST COMPLETE" | 238 | echo "TEST COMPLETE" |
| @@ -276,6 +243,9 @@ test-noprofiles: test-private-lib test-fcopy test-fnetfilter test-fs test-utils | |||
| 276 | test-travis: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-filters test-arguments | 243 | test-travis: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-filters test-arguments |
| 277 | echo "TEST COMPLETE" | 244 | echo "TEST COMPLETE" |
| 278 | 245 | ||
| 246 | test-github: test-fcopy test-fnetfilter test-utils test-sysutils test-environment test-arguments | ||
| 247 | echo "TEST COMPLETE" | ||
| 248 | |||
| 279 | ########################################## | 249 | ########################################## |
| 280 | # Individual tests, some of them require root access | 250 | # Individual tests, some of them require root access |
| 281 | # The tests are very intrusive, by the time you are done | 251 | # The tests are very intrusive, by the time you are done |
| @@ -284,32 +254,32 @@ test-travis: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sy | |||
| 284 | 254 | ||
| 285 | # a firejail-test account is required, public/private key setup | 255 | # a firejail-test account is required, public/private key setup |
| 286 | test-ssh: | 256 | test-ssh: |
| 287 | cd test/ssh; ./ssh.sh | grep TESTING | 257 | $(MAKE) -C test $(subst test-,,$@) |
| 288 | 258 | ||
| 289 | # requires root access | 259 | # requires root access |
| 290 | test-chroot: | 260 | test-chroot: |
| 291 | cd test/chroot; ./chroot.sh | grep testing | 261 | $(MAKE) -C test $(subst test-,,$@) |
| 292 | 262 | ||
| 293 | # Huge appimage files, not included in "make dist" archive | 263 | # Huge appimage files, not included in "make dist" archive |
| 294 | test-appimage: | 264 | test-appimage: |
| 295 | cd test/appimage; ./appimage.sh | grep TESTING | 265 | $(MAKE) -C test $(subst test-,,$@) |
| 296 | 266 | ||
| 297 | # Root access, network devices are created before the test | 267 | # Root access, network devices are created before the test |
| 298 | # restart your computer to get rid of these devices | 268 | # restart your computer to get rid of these devices |
| 299 | test-network: | 269 | test-network: |
| 300 | cd test/network; ./network.sh | grep TESTING | 270 | $(MAKE) -C test $(subst test-,,$@) |
| 301 | 271 | ||
| 302 | # requires the same setup as test-network | 272 | # requires the same setup as test-network |
| 303 | test-stress: | 273 | test-stress: |
| 304 | cd test/stress; ./stress.sh | grep TESTING | 274 | $(MAKE) -C test $(subst test-,,$@) |
| 305 | 275 | ||
| 306 | # Tests running a root user | 276 | # Tests running a root user |
| 307 | test-root: | 277 | test-root: |
| 308 | cd test/root; su -c ./root.sh | grep TESTING | 278 | $(MAKE) -C test $(subst test-,,$@) |
| 309 | 279 | ||
| 310 | # OverlayFS is not available on all platforms | 280 | # OverlayFS is not available on all platforms |
| 311 | test-overlay: | 281 | test-overlay: |
| 312 | cd test/overlay; ./overlay.sh | grep TESTING | 282 | $(MAKE) -C test $(subst test-,,$@) |
| 313 | 283 | ||
| 314 | # For testing hidepid system, the command to set it up is "mount -o remount,rw,hidepid=2 /proc" | 284 | # For testing hidepid system, the command to set it up is "mount -o remount,rw,hidepid=2 /proc" |
| 315 | 285 | ||
| @@ -4257,7 +4257,7 @@ fi | |||
| 4257 | 4257 | ||
| 4258 | ac_config_files="$ac_config_files mkdeb.sh" | 4258 | ac_config_files="$ac_config_files mkdeb.sh" |
| 4259 | 4259 | ||
| 4260 | ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile src/profstats/Makefile src/man/Makefile" | 4260 | ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile src/profstats/Makefile src/man/Makefile test/Makefile" |
| 4261 | 4261 | ||
| 4262 | cat >confcache <<\_ACEOF | 4262 | cat >confcache <<\_ACEOF |
| 4263 | # This file is a shell script that caches the results of configure | 4263 | # This file is a shell script that caches the results of configure |
| @@ -4988,6 +4988,7 @@ do | |||
| 4988 | "src/fsec-optimize/Makefile") CONFIG_FILES="$CONFIG_FILES src/fsec-optimize/Makefile" ;; | 4988 | "src/fsec-optimize/Makefile") CONFIG_FILES="$CONFIG_FILES src/fsec-optimize/Makefile" ;; |
| 4989 | "src/profstats/Makefile") CONFIG_FILES="$CONFIG_FILES src/profstats/Makefile" ;; | 4989 | "src/profstats/Makefile") CONFIG_FILES="$CONFIG_FILES src/profstats/Makefile" ;; |
| 4990 | "src/man/Makefile") CONFIG_FILES="$CONFIG_FILES src/man/Makefile" ;; | 4990 | "src/man/Makefile") CONFIG_FILES="$CONFIG_FILES src/man/Makefile" ;; |
| 4991 | "test/Makefile") CONFIG_FILES="$CONFIG_FILES test/Makefile" ;; | ||
| 4991 | 4992 | ||
| 4992 | *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; | 4993 | *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; |
| 4993 | esac | 4994 | esac |
diff --git a/configure.ac b/configure.ac index 670a755b1..cefc302f9 100644 --- a/configure.ac +++ b/configure.ac | |||
| @@ -223,7 +223,7 @@ AC_CONFIG_FILES([mkdeb.sh], [chmod +x mkdeb.sh]) | |||
| 223 | AC_OUTPUT(Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \ | 223 | AC_OUTPUT(Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \ |
| 224 | src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile \ | 224 | src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile \ |
| 225 | src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile \ | 225 | src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile \ |
| 226 | src/profstats/Makefile src/man/Makefile) | 226 | src/profstats/Makefile src/man/Makefile test/Makefile) |
| 227 | 227 | ||
| 228 | echo | 228 | echo |
| 229 | echo "Configuration options:" | 229 | echo "Configuration options:" |
diff --git a/platform/rpm/mkrpm.sh b/platform/rpm/mkrpm.sh index 2bdead7a8..c9b90dbe3 100755 --- a/platform/rpm/mkrpm.sh +++ b/platform/rpm/mkrpm.sh | |||
| @@ -44,7 +44,7 @@ sed -e "s/__NAME__/${name}/g" \ | |||
| 44 | # FIXME: We could parse RELNOTES and create a %changelog section here | 44 | # FIXME: We could parse RELNOTES and create a %changelog section here |
| 45 | 45 | ||
| 46 | # Copy the source to build into a tarball | 46 | # Copy the source to build into a tarball |
| 47 | tar --exclude='./.git*' --exclude='./test' --transform "s/^./${name}-${version}/" -czf ${tmpdir}/SOURCES/${name}-${version}.tar.gz . | 47 | tar --exclude='./.git*' --transform "s/^./${name}-${version}/" -czf ${tmpdir}/SOURCES/${name}-${version}.tar.gz . |
| 48 | 48 | ||
| 49 | # Build the files (rpm, debug rpm and source rpm) | 49 | # Build the files (rpm, debug rpm and source rpm) |
| 50 | rpmbuild --quiet --define "_topdir ${tmpdir}" -ba ${tmp_spec_file} | 50 | rpmbuild --quiet --define "_topdir ${tmpdir}" -ba ${tmp_spec_file} |
diff --git a/test/Makefile.in b/test/Makefile.in new file mode 100644 index 000000000..ef1ca73bc --- /dev/null +++ b/test/Makefile.in | |||
| @@ -0,0 +1,10 @@ | |||
| 1 | TESTS=$(patsubst %/,%,$(wildcard */)) | ||
| 2 | |||
| 3 | .PHONY: $(TESTS) | ||
| 4 | |||
| 5 | $(TESTS): | ||
| 6 | cd $@ && ./$@.sh 2>&1 | tee $@.log | ||
| 7 | cd $@ && grep -a TESTING $@.log && grep -a -L "TESTING ERROR" $@.log | ||
| 8 | |||
| 9 | clean: | ||
| 10 | for test in $(TESTS); do rm -f "$$test/$$test.log"; done | ||
diff --git a/test/sysutils/less.exp b/test/sysutils/less.exp index 2bfb60302..daa666c18 100755 --- a/test/sysutils/less.exp +++ b/test/sysutils/less.exp | |||
| @@ -10,6 +10,7 @@ match_max 100000 | |||
| 10 | send -- "firejail less sysutils.sh\r" | 10 | send -- "firejail less sysutils.sh\r" |
| 11 | expect { | 11 | expect { |
| 12 | timeout {puts "TESTING ERROR 1\n";exit} | 12 | timeout {puts "TESTING ERROR 1\n";exit} |
| 13 | "(press RETURN)" {puts "TESTING SKIP 1.1\n";exit} | ||
| 13 | "MALLOC_CHECK" | 14 | "MALLOC_CHECK" |
| 14 | } | 15 | } |
| 15 | expect { | 16 | expect { |
diff --git a/test/sysutils/xz.exp b/test/sysutils/xz.exp index 63b1ad3c7..074b90076 100755 --- a/test/sysutils/xz.exp +++ b/test/sysutils/xz.exp | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | # Copyright (C) 2014-2020 Firejail Authors | 3 | # Copyright (C) 2014-2020 Firejail Authors |
| 4 | # License GPL v2 | 4 | # License GPL v2 |
| 5 | 5 | ||
| 6 | set timeout 10 | 6 | set timeout 60 |
| 7 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
| 8 | match_max 100000 | 8 | match_max 100000 |
| 9 | 9 | ||
| @@ -13,6 +13,9 @@ sleep 1 | |||
| 13 | send -- "firejail /usr/bin/xz -c /usr/bin/firejail > firejail_t2\r" | 13 | send -- "firejail /usr/bin/xz -c /usr/bin/firejail > firejail_t2\r" |
| 14 | sleep 1 | 14 | sleep 1 |
| 15 | 15 | ||
| 16 | send -- "md5sum firejail_t1 firejail_t2; ls -l firejail_t1 firejail_t2\r" | ||
| 17 | sleep 1 | ||
| 18 | |||
| 16 | send -- "diff -s firejail_t1 firejail_t2\r" | 19 | send -- "diff -s firejail_t1 firejail_t2\r" |
| 17 | expect { | 20 | expect { |
| 18 | timeout {puts "TESTING ERROR 1\n";exit} | 21 | timeout {puts "TESTING ERROR 1\n";exit} |
diff --git a/test/utils/man.exp b/test/utils/man.exp index 3cde9f2c8..102701a6a 100755 --- a/test/utils/man.exp +++ b/test/utils/man.exp | |||
| @@ -10,6 +10,7 @@ match_max 100000 | |||
| 10 | send -- "man firejail\r" | 10 | send -- "man firejail\r" |
| 11 | expect { | 11 | expect { |
| 12 | timeout {puts "TESTING ERROR 0\n";exit} | 12 | timeout {puts "TESTING ERROR 0\n";exit} |
| 13 | "(press RETURN)" {puts "TESTING SKIP 1.1\n";exit} | ||
| 13 | "Linux namespaces sandbox program" | 14 | "Linux namespaces sandbox program" |
| 14 | } | 15 | } |
| 15 | after 100 | 16 | after 100 |