diff options
Diffstat (limited to 'test/compile')
-rwxr-xr-x | test/compile/compile.sh | 150 |
1 files changed, 131 insertions, 19 deletions
diff --git a/test/compile/compile.sh b/test/compile/compile.sh index e3e9bef2b..44e67fe22 100755 --- a/test/compile/compile.sh +++ b/test/compile/compile.sh | |||
@@ -9,13 +9,18 @@ arr[6]="TEST 6: compile network disabled" | |||
9 | arr[7]="TEST 7: compile X11 disabled" | 9 | arr[7]="TEST 7: compile X11 disabled" |
10 | arr[8]="TEST 8: compile network restricted" | 10 | arr[8]="TEST 8: compile network restricted" |
11 | arr[9]="TEST 9: compile file transfer disabled" | 11 | arr[9]="TEST 9: compile file transfer disabled" |
12 | 12 | arr[10]="TEST 10: compile disable whitelist" | |
13 | arr[11]="TEST 11: compile disable global config" | ||
14 | arr[12]="TEST 12: compile apparmor" | ||
15 | arr[13]="TEST 13: compile busybox" | ||
16 | arr[14]="TEST 14: compile overlayfs disabled" | ||
17 | arr[15]="TEST 15: compile apparmor enabled" | ||
13 | 18 | ||
14 | # remove previous reports and output file | 19 | # remove previous reports and output file |
15 | cleanup() { | 20 | cleanup() { |
16 | rm -f report* | 21 | rm -f report* |
17 | rm -fr firejail | 22 | rm -fr firejail |
18 | rm oc* om* | 23 | rm -f oc* om* |
19 | } | 24 | } |
20 | 25 | ||
21 | print_title() { | 26 | print_title() { |
@@ -27,6 +32,7 @@ print_title() { | |||
27 | echo "**************************************************" | 32 | echo "**************************************************" |
28 | } | 33 | } |
29 | 34 | ||
35 | DIST="$1" | ||
30 | while [ $# -gt 0 ]; do # Until you run out of parameters . . . | 36 | while [ $# -gt 0 ]; do # Until you run out of parameters . . . |
31 | case "$1" in | 37 | case "$1" in |
32 | --clean) | 38 | --clean) |
@@ -42,36 +48,33 @@ while [ $# -gt 0 ]; do # Until you run out of parameters . . . | |||
42 | done | 48 | done |
43 | 49 | ||
44 | cleanup | 50 | cleanup |
45 | # enable sudo | ||
46 | sudo ls -al | ||
47 | 51 | ||
48 | 52 | ||
49 | #***************************************************************** | 53 | #***************************************************************** |
50 | # TEST 1 | 54 | # TEST 1 |
51 | #***************************************************************** | 55 | #***************************************************************** |
52 | # - checkout source code | 56 | # - checkout source code |
53 | # - check compilation | ||
54 | # - install | ||
55 | #***************************************************************** | 57 | #***************************************************************** |
56 | print_title "${arr[1]}" | 58 | print_title "${arr[1]}" |
57 | git clone https://github.com/netblue30/firejail.git | 59 | echo "$DIST" |
60 | tar -xJvf ../../$DIST.tar.xz | ||
61 | mv $DIST firejail | ||
62 | |||
58 | cd firejail | 63 | cd firejail |
59 | ./configure --prefix=/usr --enable-fatal-warnings 2>&1 | tee ../output-configure | 64 | ./configure --prefix=/usr --enable-fatal-warnings 2>&1 | tee ../output-configure |
60 | make -j4 2>&1 | tee ../output-make | 65 | make -j4 2>&1 | tee ../output-make |
61 | sudo make install 2>&1 | tee ../output-install | ||
62 | cd .. | 66 | cd .. |
63 | grep Warning output-configure output-make output-install > ./report-test1 | 67 | grep Warning output-configure output-make > ./report-test1 |
64 | grep Error output-configure output-make output-install >> ./report-test1 | 68 | grep Error output-configure output-make >> ./report-test1 |
65 | cp output-configure oc1 | 69 | cp output-configure oc1 |
66 | cp output-make om1 | 70 | cp output-make om1 |
67 | rm output-configure output-make output-install | 71 | rm output-configure output-make |
68 | 72 | ||
69 | 73 | ||
70 | #***************************************************************** | 74 | #***************************************************************** |
71 | # TEST 2 | 75 | # TEST 2 |
72 | #***************************************************************** | 76 | #***************************************************************** |
73 | # - disable seccomp configuration | 77 | # - disable seccomp configuration |
74 | # - check compilation | ||
75 | #***************************************************************** | 78 | #***************************************************************** |
76 | print_title "${arr[2]}" | 79 | print_title "${arr[2]}" |
77 | # seccomp | 80 | # seccomp |
@@ -90,7 +93,6 @@ rm output-configure output-make | |||
90 | # TEST 3 | 93 | # TEST 3 |
91 | #***************************************************************** | 94 | #***************************************************************** |
92 | # - disable chroot configuration | 95 | # - disable chroot configuration |
93 | # - check compilation | ||
94 | #***************************************************************** | 96 | #***************************************************************** |
95 | print_title "${arr[3]}" | 97 | print_title "${arr[3]}" |
96 | # seccomp | 98 | # seccomp |
@@ -109,7 +111,6 @@ rm output-configure output-make | |||
109 | # TEST 4 | 111 | # TEST 4 |
110 | #***************************************************************** | 112 | #***************************************************************** |
111 | # - disable bind configuration | 113 | # - disable bind configuration |
112 | # - check compilation | ||
113 | #***************************************************************** | 114 | #***************************************************************** |
114 | print_title "${arr[4]}" | 115 | print_title "${arr[4]}" |
115 | # seccomp | 116 | # seccomp |
@@ -128,7 +129,6 @@ rm output-configure output-make | |||
128 | # TEST 5 | 129 | # TEST 5 |
129 | #***************************************************************** | 130 | #***************************************************************** |
130 | # - disable user namespace configuration | 131 | # - disable user namespace configuration |
131 | # - check compilation | ||
132 | #***************************************************************** | 132 | #***************************************************************** |
133 | print_title "${arr[5]}" | 133 | print_title "${arr[5]}" |
134 | # seccomp | 134 | # seccomp |
@@ -166,7 +166,6 @@ rm output-configure output-make | |||
166 | # TEST 7 | 166 | # TEST 7 |
167 | #***************************************************************** | 167 | #***************************************************************** |
168 | # - disable X11 support | 168 | # - disable X11 support |
169 | # - check compilation | ||
170 | #***************************************************************** | 169 | #***************************************************************** |
171 | print_title "${arr[7]}" | 170 | print_title "${arr[7]}" |
172 | # seccomp | 171 | # seccomp |
@@ -186,7 +185,6 @@ rm output-configure output-make | |||
186 | # TEST 8 | 185 | # TEST 8 |
187 | #***************************************************************** | 186 | #***************************************************************** |
188 | # - enable network restricted | 187 | # - enable network restricted |
189 | # - check compilation | ||
190 | #***************************************************************** | 188 | #***************************************************************** |
191 | print_title "${arr[8]}" | 189 | print_title "${arr[8]}" |
192 | # seccomp | 190 | # seccomp |
@@ -206,13 +204,12 @@ rm output-configure output-make | |||
206 | # TEST 9 | 204 | # TEST 9 |
207 | #***************************************************************** | 205 | #***************************************************************** |
208 | # - disable file transfer | 206 | # - disable file transfer |
209 | # - check compilation | ||
210 | #***************************************************************** | 207 | #***************************************************************** |
211 | print_title "${arr[9]}" | 208 | print_title "${arr[9]}" |
212 | # seccomp | 209 | # seccomp |
213 | cd firejail | 210 | cd firejail |
214 | make distclean | 211 | make distclean |
215 | ./configure --prefix=/usr --enable-network=restricted --enable-fatal-warnings 2>&1 | tee ../output-configure | 212 | ./configure --prefix=/usr --disable-file-transfer --enable-fatal-warnings 2>&1 | tee ../output-configure |
216 | make -j4 2>&1 | tee ../output-make | 213 | make -j4 2>&1 | tee ../output-make |
217 | cd .. | 214 | cd .. |
218 | grep Warning output-configure output-make > ./report-test9 | 215 | grep Warning output-configure output-make > ./report-test9 |
@@ -221,6 +218,114 @@ cp output-configure oc9 | |||
221 | cp output-make om9 | 218 | cp output-make om9 |
222 | rm output-configure output-make | 219 | rm output-configure output-make |
223 | 220 | ||
221 | #***************************************************************** | ||
222 | # TEST 10 | ||
223 | #***************************************************************** | ||
224 | # - disable whitelist | ||
225 | #***************************************************************** | ||
226 | print_title "${arr[10]}" | ||
227 | # seccomp | ||
228 | cd firejail | ||
229 | make distclean | ||
230 | ./configure --prefix=/usr --disable-whitelist --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
231 | make -j4 2>&1 | tee ../output-make | ||
232 | cd .. | ||
233 | grep Warning output-configure output-make > ./report-test10 | ||
234 | grep Error output-configure output-make >> ./report-test10 | ||
235 | cp output-configure oc10 | ||
236 | cp output-make om10 | ||
237 | rm output-configure output-make | ||
238 | |||
239 | #***************************************************************** | ||
240 | # TEST 11 | ||
241 | #***************************************************************** | ||
242 | # - disable global config | ||
243 | #***************************************************************** | ||
244 | print_title "${arr[11]}" | ||
245 | # seccomp | ||
246 | cd firejail | ||
247 | make distclean | ||
248 | ./configure --prefix=/usr --disable-globalcfg --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
249 | make -j4 2>&1 | tee ../output-make | ||
250 | cd .. | ||
251 | grep Warning output-configure output-make > ./report-test11 | ||
252 | grep Error output-configure output-make >> ./report-test11 | ||
253 | cp output-configure oc11 | ||
254 | cp output-make om11 | ||
255 | rm output-configure output-make | ||
256 | |||
257 | #***************************************************************** | ||
258 | # TEST 12 | ||
259 | #***************************************************************** | ||
260 | # - enable apparmor | ||
261 | #***************************************************************** | ||
262 | print_title "${arr[12]}" | ||
263 | # seccomp | ||
264 | cd firejail | ||
265 | make distclean | ||
266 | ./configure --prefix=/usr --enable-apparmor --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
267 | make -j4 2>&1 | tee ../output-make | ||
268 | cd .. | ||
269 | grep Warning output-configure output-make > ./report-test12 | ||
270 | grep Error output-configure output-make >> ./report-test12 | ||
271 | cp output-configure oc12 | ||
272 | cp output-make om12 | ||
273 | rm output-configure output-make | ||
274 | |||
275 | #***************************************************************** | ||
276 | # TEST 13 | ||
277 | #***************************************************************** | ||
278 | # - enable busybox workaround | ||
279 | #***************************************************************** | ||
280 | print_title "${arr[13]}" | ||
281 | # seccomp | ||
282 | cd firejail | ||
283 | make distclean | ||
284 | ./configure --prefix=/usr --enable-busybox-workaround --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
285 | make -j4 2>&1 | tee ../output-make | ||
286 | cd .. | ||
287 | grep Warning output-configure output-make > ./report-test13 | ||
288 | grep Error output-configure output-make >> ./report-test13 | ||
289 | cp output-configure oc13 | ||
290 | cp output-make om13 | ||
291 | rm output-configure output-make | ||
292 | |||
293 | #***************************************************************** | ||
294 | # TEST 14 | ||
295 | #***************************************************************** | ||
296 | # - disable overlayfs | ||
297 | #***************************************************************** | ||
298 | print_title "${arr[14]}" | ||
299 | # seccomp | ||
300 | cd firejail | ||
301 | make distclean | ||
302 | ./configure --prefix=/usr --disable-overlayfs --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
303 | make -j4 2>&1 | tee ../output-make | ||
304 | cd .. | ||
305 | grep Warning output-configure output-make > ./report-test14 | ||
306 | grep Error output-configure output-make >> ./report-test14 | ||
307 | cp output-configure oc14 | ||
308 | cp output-make om14 | ||
309 | rm output-configure output-make | ||
310 | |||
311 | #***************************************************************** | ||
312 | # TEST 15 | ||
313 | #***************************************************************** | ||
314 | # - enable apparmor | ||
315 | #***************************************************************** | ||
316 | print_title "${arr[15]}" | ||
317 | # seccomp | ||
318 | cd firejail | ||
319 | make distclean | ||
320 | ./configure --prefix=/usr --enable-apparmor --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
321 | make -j4 2>&1 | tee ../output-make | ||
322 | cd .. | ||
323 | grep Warning output-configure output-make > ./report-test15 | ||
324 | grep Error output-configure output-make >> ./report-test15 | ||
325 | cp output-configure oc15 | ||
326 | cp output-make om15 | ||
327 | rm output-configure output-make | ||
328 | |||
224 | 329 | ||
225 | #***************************************************************** | 330 | #***************************************************************** |
226 | # PRINT REPORTS | 331 | # PRINT REPORTS |
@@ -245,3 +350,10 @@ echo ${arr[6]} | |||
245 | echo ${arr[7]} | 350 | echo ${arr[7]} |
246 | echo ${arr[8]} | 351 | echo ${arr[8]} |
247 | echo ${arr[9]} | 352 | echo ${arr[9]} |
353 | echo ${arr[10]} | ||
354 | echo ${arr[11]} | ||
355 | echo ${arr[12]} | ||
356 | echo ${arr[13]} | ||
357 | echo ${arr[14]} | ||
358 | echo ${arr[15]} | ||
359 | |||