diff options
-rw-r--r-- | .github/workflows/build-extra.yml | 25 | ||||
-rw-r--r-- | .github/workflows/build.yml | 63 | ||||
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 7 | ||||
-rw-r--r-- | .github/workflows/profile-checks.yml | 22 | ||||
-rw-r--r-- | .gitlab-ci.yml | 55 | ||||
-rw-r--r-- | Makefile | 4 | ||||
-rwxr-xr-x | ci/printenv.sh | 25 |
7 files changed, 145 insertions, 56 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index 9ba69e2a4..04023ab45 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
@@ -12,6 +12,7 @@ on: | |||
12 | - .git-blame-ignore-revs | 12 | - .git-blame-ignore-revs |
13 | - .github/dependabot.yml | 13 | - .github/dependabot.yml |
14 | - .github/pull_request_template.md | 14 | - .github/pull_request_template.md |
15 | - .github/workflows/build.yml | ||
15 | - .github/workflows/codeql-analysis.yml | 16 | - .github/workflows/codeql-analysis.yml |
16 | - .github/workflows/profile-checks.yml | 17 | - .github/workflows/profile-checks.yml |
17 | - .gitignore | 18 | - .gitignore |
@@ -34,6 +35,7 @@ on: | |||
34 | - .git-blame-ignore-revs | 35 | - .git-blame-ignore-revs |
35 | - .github/dependabot.yml | 36 | - .github/dependabot.yml |
36 | - .github/pull_request_template.md | 37 | - .github/pull_request_template.md |
38 | - .github/workflows/build.yml | ||
37 | - .github/workflows/codeql-analysis.yml | 39 | - .github/workflows/codeql-analysis.yml |
38 | - .github/workflows/profile-checks.yml | 40 | - .github/workflows/profile-checks.yml |
39 | - .gitignore | 41 | - .gitignore |
@@ -65,8 +67,12 @@ jobs: | |||
65 | run: sudo apt-get update | 67 | run: sudo apt-get update |
66 | - name: install dependencies | 68 | - name: install dependencies |
67 | run: sudo apt-get install libapparmor-dev libselinux1-dev | 69 | run: sudo apt-get install libapparmor-dev libselinux1-dev |
70 | - name: print env | ||
71 | run: ./ci/printenv.sh | ||
68 | - name: configure | 72 | - name: configure |
69 | run: CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor --enable-selinux | 73 | run: > |
74 | CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor | ||
75 | --enable-selinux | ||
70 | - name: make | 76 | - name: make |
71 | run: make | 77 | run: make |
72 | - name: make install | 78 | - name: make install |
@@ -88,8 +94,12 @@ jobs: | |||
88 | run: sudo apt-get update | 94 | run: sudo apt-get update |
89 | - name: install clang-tools-14 and dependencies | 95 | - name: install clang-tools-14 and dependencies |
90 | run: sudo apt-get install clang-tools-14 libapparmor-dev libselinux1-dev | 96 | run: sudo apt-get install clang-tools-14 libapparmor-dev libselinux1-dev |
97 | - name: print env | ||
98 | run: ./ci/printenv.sh | ||
91 | - name: configure | 99 | - name: configure |
92 | run: CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor --enable-selinux | 100 | run: > |
101 | CC=clang-14 ./configure --enable-fatal-warnings --enable-apparmor | ||
102 | --enable-selinux | ||
93 | - name: scan-build | 103 | - name: scan-build |
94 | run: NO_EXTRA_CFLAGS="yes" scan-build-14 --status-bugs make | 104 | run: NO_EXTRA_CFLAGS="yes" scan-build-14 --status-bugs make |
95 | cppcheck: | 105 | cppcheck: |
@@ -107,10 +117,13 @@ jobs: | |||
107 | run: sudo apt-get update | 117 | run: sudo apt-get update |
108 | - name: install cppcheck | 118 | - name: install cppcheck |
109 | run: sudo apt-get install cppcheck | 119 | run: sudo apt-get install cppcheck |
120 | - run: cppcheck --version | ||
110 | - name: cppcheck | 121 | - name: cppcheck |
111 | run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance -i src/firejail/checkcfg.c -i src/firejail/main.c . | 122 | run: > |
112 | # new cppcheck version currently chokes on checkcfg.c and main.c, therefore scan all files also | 123 | cppcheck -q --force --error-exitcode=1 --enable=warning,performance |
113 | # with older cppcheck version from ubuntu 20.04. | 124 | -i src/firejail/checkcfg.c -i src/firejail/main.c . |
125 | # new cppcheck version currently chokes on checkcfg.c and main.c, therefore | ||
126 | # scan all files also with older cppcheck version from ubuntu 20.04. | ||
114 | cppcheck_old: | 127 | cppcheck_old: |
115 | runs-on: ubuntu-20.04 | 128 | runs-on: ubuntu-20.04 |
116 | steps: | 129 | steps: |
@@ -126,6 +139,7 @@ jobs: | |||
126 | run: sudo apt-get update | 139 | run: sudo apt-get update |
127 | - name: install cppcheck | 140 | - name: install cppcheck |
128 | run: sudo apt-get install cppcheck | 141 | run: sudo apt-get install cppcheck |
142 | - run: cppcheck --version | ||
129 | - name: cppcheck | 143 | - name: cppcheck |
130 | run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance . | 144 | run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance . |
131 | codespell: | 145 | codespell: |
@@ -143,5 +157,6 @@ jobs: | |||
143 | run: sudo apt-get update | 157 | run: sudo apt-get update |
144 | - name: install dependencies | 158 | - name: install dependencies |
145 | run: sudo apt-get install codespell | 159 | run: sudo apt-get install codespell |
160 | - run: codespell --version | ||
146 | - name: codespell | 161 | - name: codespell |
147 | run: make codespell | 162 | run: make codespell |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 93ad0ebf1..b72bdd611 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -8,6 +8,7 @@ on: | |||
8 | - .git-blame-ignore-revs | 8 | - .git-blame-ignore-revs |
9 | - .github/dependabot.yml | 9 | - .github/dependabot.yml |
10 | - .github/pull_request_template.md | 10 | - .github/pull_request_template.md |
11 | - .github/workflows/build-extra.yml | ||
11 | - .github/workflows/codeql-analysis.yml | 12 | - .github/workflows/codeql-analysis.yml |
12 | - .github/workflows/profile-checks.yml | 13 | - .github/workflows/profile-checks.yml |
13 | - .gitignore | 14 | - .gitignore |
@@ -25,6 +26,7 @@ on: | |||
25 | - .git-blame-ignore-revs | 26 | - .git-blame-ignore-revs |
26 | - .github/dependabot.yml | 27 | - .github/dependabot.yml |
27 | - .github/pull_request_template.md | 28 | - .github/pull_request_template.md |
29 | - .github/workflows/build-extra.yml | ||
28 | - .github/workflows/codeql-analysis.yml | 30 | - .github/workflows/codeql-analysis.yml |
29 | - .github/workflows/profile-checks.yml | 31 | - .github/workflows/profile-checks.yml |
30 | - .gitignore | 32 | - .gitignore |
@@ -42,6 +44,8 @@ permissions: # added using https://github.com/step-security/secure-workflows | |||
42 | jobs: | 44 | jobs: |
43 | build_and_test: | 45 | build_and_test: |
44 | runs-on: ubuntu-22.04 | 46 | runs-on: ubuntu-22.04 |
47 | env: | ||
48 | SHELL: /bin/bash | ||
45 | steps: | 49 | steps: |
46 | - name: Harden Runner | 50 | - name: Harden Runner |
47 | uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 | 51 | uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 |
@@ -60,44 +64,35 @@ jobs: | |||
60 | - name: update package information | 64 | - name: update package information |
61 | run: sudo apt-get update | 65 | run: sudo apt-get update |
62 | - name: install dependencies | 66 | - name: install dependencies |
63 | run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois bridge-utils | 67 | run: > |
68 | sudo apt-get install | ||
69 | gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois | ||
70 | bridge-utils | ||
71 | - name: print env | ||
72 | run: ./ci/printenv.sh | ||
64 | - name: configure | 73 | - name: configure |
65 | run: CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux | 74 | run: > |
75 | CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings | ||
76 | --enable-analyzer --enable-apparmor --enable-selinux | ||
66 | - name: make | 77 | - name: make |
67 | run: make | 78 | run: make |
68 | - name: make install | 79 | - name: make install |
69 | run: sudo make install | 80 | run: sudo make install |
70 | - name: print firejail version | 81 | - name: print firejail version |
71 | run: command -V firejail && firejail --version | 82 | run: command -V firejail && firejail --version |
72 | - name: lab setup | 83 | - run: make lab-setup |
73 | run: SHELL=/bin/bash make lab-setup | 84 | - run: make test-seccomp-extra |
74 | - name: run seccomp extra tests | 85 | - run: make test-firecfg |
75 | run: SHELL=/bin/bash make test-seccomp-extra | 86 | - run: make test-capabilities |
76 | - name: run firecfg tests | 87 | - run: make test-apparmor |
77 | run: SHELL=/bin/bash make test-firecfg | 88 | - run: make test-appimage |
78 | - name: run capabilities tests | 89 | - run: make test-chroot |
79 | run: SHELL=/bin/bash make test-capabilities | 90 | - run: make test-sysutils |
80 | - name: run apparmor tests | 91 | - run: make test-private-etc |
81 | run: SHELL=/bin/bash make test-apparmor | 92 | - run: make test-profiles |
82 | - name: run appimage tests | 93 | - run: make test-fcopy |
83 | run: SHELL=/bin/bash make test-appimage | 94 | - run: make test-fnetfilter |
84 | - name: run chroot tests | 95 | - run: make test-fs |
85 | run: SHELL=/bin/bash make test-chroot | 96 | - run: make test-utils |
86 | - name: run sysutils tests | 97 | - run: make test-environment |
87 | run: SHELL=/bin/bash make test-sysutils | 98 | - run: make test-network |
88 | - name: run private-etc tests | ||
89 | run: SHELL=/bin/bash make test-private-etc | ||
90 | - name: run profile tests | ||
91 | run: SHELL=/bin/bash make test-profiles | ||
92 | - name: run fcopy tests | ||
93 | run: SHELL=/bin/bash make test-fcopy | ||
94 | - name: run fnetfilter tests | ||
95 | run: SHELL=/bin/bash make test-fnetfilter | ||
96 | - name: run fs tests | ||
97 | run: SHELL=/bin/bash make test-fs | ||
98 | - name: run utils tests | ||
99 | run: SHELL=/bin/bash make test-utils | ||
100 | - name: run environment tests | ||
101 | run: SHELL=/bin/bash make test-environment | ||
102 | - name: run network tests | ||
103 | run: SHELL=/bin/bash make test-network | ||
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index a3242ff90..e1353aa86 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -17,6 +17,8 @@ on: | |||
17 | - .git-blame-ignore-revs | 17 | - .git-blame-ignore-revs |
18 | - .github/dependabot.yml | 18 | - .github/dependabot.yml |
19 | - .github/pull_request_template.md | 19 | - .github/pull_request_template.md |
20 | - .github/workflows/build-extra.yml | ||
21 | - .github/workflows/build.yml | ||
20 | - .github/workflows/profile-checks.yml | 22 | - .github/workflows/profile-checks.yml |
21 | - .gitignore | 23 | - .gitignore |
22 | - .gitlab-ci.yml | 24 | - .gitlab-ci.yml |
@@ -39,6 +41,8 @@ on: | |||
39 | - .git-blame-ignore-revs | 41 | - .git-blame-ignore-revs |
40 | - .github/dependabot.yml | 42 | - .github/dependabot.yml |
41 | - .github/pull_request_template.md | 43 | - .github/pull_request_template.md |
44 | - .github/workflows/build-extra.yml | ||
45 | - .github/workflows/build.yml | ||
42 | - .github/workflows/profile-checks.yml | 46 | - .github/workflows/profile-checks.yml |
43 | - .gitignore | 47 | - .gitignore |
44 | - .gitlab-ci.yml | 48 | - .gitlab-ci.yml |
@@ -87,6 +91,9 @@ jobs: | |||
87 | - name: Checkout repository | 91 | - name: Checkout repository |
88 | uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab | 92 | uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab |
89 | 93 | ||
94 | - name: print env | ||
95 | run: ./ci/printenv.sh | ||
96 | |||
90 | # Initializes the CodeQL tools for scanning. | 97 | # Initializes the CodeQL tools for scanning. |
91 | - name: Initialize CodeQL | 98 | - name: Initialize CodeQL |
92 | uses: github/codeql-action/init@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 | 99 | uses: github/codeql-action/init@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 |
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml index 64069f917..9d9e67fe6 100644 --- a/.github/workflows/profile-checks.yml +++ b/.github/workflows/profile-checks.yml | |||
@@ -34,12 +34,24 @@ jobs: | |||
34 | github.com:443 | 34 | github.com:443 |
35 | 35 | ||
36 | - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab | 36 | - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab |
37 | - name: print env | ||
38 | run: ./ci/printenv.sh | ||
39 | - run: python3 --version | ||
40 | |||
37 | # - name: sort.py | 41 | # - name: sort.py |
38 | # run: ./ci/check/profiles/sort.py etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile | 42 | # run: > |
43 | # ./ci/check/profiles/sort.py | ||
44 | # etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile | ||
39 | # Currently broken (see #5610) | 45 | # Currently broken (see #5610) |
40 | # - name: private-etc-always-required.sh | 46 | # - name: private-etc-always-required.sh |
41 | # run: ./ci/check/profiles/private-etc-always-required.sh etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile | 47 | # run: > |
48 | # ./ci/check/profiles/private-etc-always-required.sh | ||
49 | # etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile | ||
42 | - name: sort-disable-programs.sh | 50 | - name: sort-disable-programs.sh |
43 | run: ./ci/check/profiles/sort-disable-programs.sh etc/inc/disable-programs.inc | 51 | run: > |
52 | ./ci/check/profiles/sort-disable-programs.sh | ||
53 | etc/inc/disable-programs.inc | ||
44 | - name: sort-firecfg.config.sh | 54 | - name: sort-firecfg.config.sh |
45 | run: ./ci/check/profiles/sort-firecfg.config.sh src/firecfg/firecfg.config | 55 | run: > |
56 | ./ci/check/profiles/sort-firecfg.config.sh | ||
57 | src/firecfg/firecfg.config | ||
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a0241e994..8229c6575 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml | |||
@@ -5,22 +5,30 @@ | |||
5 | # and fedora:latest for new setups | 5 | # and fedora:latest for new setups |
6 | # 3. Alpine for installing directly from source | 6 | # 3. Alpine for installing directly from source |
7 | # Also builds apparmor package for Ubuntu LTS | 7 | # Also builds apparmor package for Ubuntu LTS |
8 | |||
8 | build_ubuntu_package: | 9 | build_ubuntu_package: |
9 | image: ubuntu:rolling | 10 | image: ubuntu:rolling |
10 | script: | 11 | script: |
11 | - apt-get update -qq | 12 | - apt-get update -qq |
12 | - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config python3 gawk | 13 | - > |
14 | DEBIAN_FRONTEND=noninteractive apt-get install -y -qq | ||
15 | build-essential lintian libapparmor-dev pkg-config python3 gawk | ||
16 | - ./ci/printenv.sh | ||
13 | - ./configure | 17 | - ./configure |
14 | - make deb | 18 | - make deb |
15 | - dpkg -i firejail*.deb | 19 | - dpkg -i firejail*.deb |
16 | - command -V firejail && firejail --version | 20 | - command -V firejail && firejail --version |
21 | # - python3 --version | ||
17 | # - python3 contrib/sort.py etc/profile-*/*.profile etc/inc/*.inc | 22 | # - python3 contrib/sort.py etc/profile-*/*.profile etc/inc/*.inc |
18 | 23 | ||
19 | build_debian_package: | 24 | build_debian_package: |
20 | image: debian:stretch | 25 | image: debian:stretch |
21 | script: | 26 | script: |
22 | - apt-get update -qq | 27 | - apt-get update -qq |
23 | - apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk | 28 | - > |
29 | apt-get install -y -qq | ||
30 | build-essential lintian libapparmor-dev pkg-config gawk | ||
31 | - ./ci/printenv.sh | ||
24 | - ./configure | 32 | - ./configure |
25 | - make deb | 33 | - make deb |
26 | - dpkg -i firejail*.deb | 34 | - dpkg -i firejail*.deb |
@@ -31,6 +39,7 @@ build_redhat_package: | |||
31 | script: | 39 | script: |
32 | - dnf update -y | 40 | - dnf update -y |
33 | - dnf install -y rpm-build gcc make | 41 | - dnf install -y rpm-build gcc make |
42 | - ./ci/printenv.sh | ||
34 | - ./configure --prefix=/usr | 43 | - ./configure --prefix=/usr |
35 | - make rpms | 44 | - make rpms |
36 | - rpm -i firejail*.rpm | 45 | - rpm -i firejail*.rpm |
@@ -41,10 +50,12 @@ build_fedora_package: | |||
41 | script: | 50 | script: |
42 | - dnf update -y | 51 | - dnf update -y |
43 | - dnf install -y rpm-build gcc make | 52 | - dnf install -y rpm-build gcc make |
53 | - ./ci/printenv.sh | ||
44 | - ./configure --prefix=/usr | 54 | - ./configure --prefix=/usr |
45 | - make rpms | 55 | - make rpms |
46 | - rpm -i firejail*.rpm | 56 | - rpm -i firejail*.rpm |
47 | - command -V firejail && firejail --version | 57 | - command -V firejail && firejail --version |
58 | # - python3 --version | ||
48 | # - python3 contrib/sort.py etc/profile-*/*.profile etc/inc/*.inc | 59 | # - python3 contrib/sort.py etc/profile-*/*.profile etc/inc/*.inc |
49 | 60 | ||
50 | build_src_package: | 61 | build_src_package: |
@@ -53,17 +64,22 @@ build_src_package: | |||
53 | - apk update | 64 | - apk update |
54 | - apk upgrade | 65 | - apk upgrade |
55 | - apk add build-base linux-headers python3 gawk | 66 | - apk add build-base linux-headers python3 gawk |
67 | - ./ci/printenv.sh | ||
56 | - ./configure --prefix=/usr | 68 | - ./configure --prefix=/usr |
57 | - make | 69 | - make |
58 | - make install-strip | 70 | - make install-strip |
59 | - command -V firejail && firejail --version | 71 | - command -V firejail && firejail --version |
60 | # - python3 contrib/sort.py etc/*.{profile,inc} | 72 | # - python3 --version |
73 | # - python3 contrib/sort.py etc/profile-*/*.profile etc/inc/*.inc | ||
61 | 74 | ||
62 | build_no_apparmor: | 75 | build_no_apparmor: |
63 | image: ubuntu:latest | 76 | image: ubuntu:latest |
64 | script: | 77 | script: |
65 | - apt-get update -qq | 78 | - apt-get update -qq |
66 | - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian pkg-config gawk | 79 | - > |
80 | DEBIAN_FRONTEND=noninteractive apt-get install -y -qq | ||
81 | build-essential lintian pkg-config gawk | ||
82 | - ./ci/printenv.sh | ||
67 | - ./configure | 83 | - ./configure |
68 | - make dist | 84 | - make dist |
69 | - ./mkdeb.sh --disable-apparmor | 85 | - ./mkdeb.sh --disable-apparmor |
@@ -77,21 +93,36 @@ debian_ci: | |||
77 | DEBFULLNAME: "$GITLAB_USER_NAME" | 93 | DEBFULLNAME: "$GITLAB_USER_NAME" |
78 | DEBEMAIL: "$GITLAB_USER_EMAIL" | 94 | DEBEMAIL: "$GITLAB_USER_EMAIL" |
79 | before_script: | 95 | before_script: |
80 | - git checkout -B ci_build $CI_COMMIT_SHA | 96 | - git checkout -B ci_build "$CI_COMMIT_SHA" |
81 | - gitlab-ci-enable-sid | 97 | - gitlab-ci-enable-sid |
82 | - gitlab-ci-enable-experimental | 98 | - gitlab-ci-enable-experimental |
83 | - echo "deb-src http://deb.debian.org/debian sid main" >> /etc/apt/sources.list | 99 | - | |
84 | - echo "deb-src http://deb.debian.org/debian experimental main" >> /etc/apt/sources.list | 100 | cat >>/etc/apt/sources.list <<EOF |
101 | deb-src http://deb.debian.org/debian sid main | ||
102 | deb-src http://deb.debian.org/debian experimental main | ||
103 | EOF | ||
85 | - apt-get update | 104 | - apt-get update |
86 | - git config user.name "$DEBFULLNAME" | 105 | - git config user.name "$DEBFULLNAME" |
87 | - git config user.email "$DEBEMAIL" | 106 | - git config user.email "$DEBEMAIL" |
88 | - cd $CI_PROJECT_DIR/.. && (apt-get source --download-only -t experimental firejail || apt-get source --download-only firejail) | 107 | - | |
89 | - cd $CI_PROJECT_DIR && tar xf ../firejail_*.debian.tar.* | 108 | cd "$CI_PROJECT_DIR/.." |
109 | apt-get source --download-only -t experimental firejail || | ||
110 | apt-get source --download-only firejail | ||
111 | - | | ||
112 | cd "$CI_PROJECT_DIR" | ||
113 | tar xf ../firejail_*.debian.tar.* | ||
90 | - rm -rf debian/patches/ | 114 | - rm -rf debian/patches/ |
91 | - VERSION=$(grep ^PACKAGE_VERSION= configure | cut -d"'" -f2) && dch -v ${VERSION}-0.1~ci "Non-maintainer upload." && git archive -o ../firejail_${VERSION}.orig.tar.gz HEAD && pristine-tar commit ../firejail_${VERSION}.orig.tar.gz ci_build && git branch -m pristine-tar origin/pristine-tar | 115 | - | |
92 | - git add debian && git commit -m "add debian/" | 116 | VERSION="$(grep ^PACKAGE_VERSION= configure | cut -d "'" -f 2)" |
93 | - export CI_COMMIT_SHA=$(git rev-parse HEAD) | 117 | dch -v "${VERSION}-0.1~ci" 'Non-maintainer upload.' |
118 | git archive -o "../firejail_${VERSION}.orig.tar.gz" HEAD | ||
119 | pristine-tar commit "../firejail_${VERSION}.orig.tar.gz" ci_build | ||
120 | git branch -m pristine-tar origin/pristine-tar | ||
121 | - git add debian | ||
122 | - git commit -m 'add debian/' | ||
123 | - export CI_COMMIT_SHA="$(git rev-parse HEAD)" | ||
94 | script: | 124 | script: |
95 | - apt-get --no-install-recommends install -y -qq gawk | 125 | - apt-get --no-install-recommends install -y -qq gawk |
126 | - ./ci/printenv.sh | ||
96 | - gitlab-ci-git-buildpackage | 127 | - gitlab-ci-git-buildpackage |
97 | - gitlab-ci-lintian | 128 | - gitlab-ci-lintian |
@@ -364,6 +364,10 @@ scan-build: clean | |||
364 | codespell: clean | 364 | codespell: clean |
365 | codespell --ignore-regex "UE|creat|shotcut|ether" src test | 365 | codespell --ignore-regex "UE|creat|shotcut|ether" src test |
366 | 366 | ||
367 | .PHONY: print-env | ||
368 | print-env: | ||
369 | ./ci/printenv.sh | ||
370 | |||
367 | # | 371 | # |
368 | # make test | 372 | # make test |
369 | # | 373 | # |
diff --git a/ci/printenv.sh b/ci/printenv.sh new file mode 100755 index 000000000..4b7e03fa7 --- /dev/null +++ b/ci/printenv.sh | |||
@@ -0,0 +1,25 @@ | |||
1 | #!/bin/sh | ||
2 | # Print information that may be useful for debugging CI. | ||
3 | |||
4 | test -f /etc/os-release && . /etc/os-release | ||
5 | |||
6 | cat <<EOF | ||
7 | nproc: $(nproc) | ||
8 | kernel: $(uname -srvm) | ||
9 | distro: $PRETTY_NAME | ||
10 | sh: $(ls -l /bin/sh | sed 's|.* /bin|/bin|') | ||
11 | user: $(id | cut -f -2 -d ' ') | ||
12 | |||
13 | [/etc/os-release] | ||
14 | $(cat /etc/os-release) | ||
15 | EOF | ||
16 | |||
17 | if test -z "$CI_VERBOSE"; then | ||
18 | exit | ||
19 | fi | ||
20 | |||
21 | cat <<EOF | ||
22 | |||
23 | [env] | ||
24 | $(env | LC_ALL=C sort) | ||
25 | EOF | ||