| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
General changes:
* Use a single -q on update, as the output is not too long
* Use a single -q on install, to show all packages at once
GitLab-specific changes:
* Use `DEBIAN_FRONTEND=noninteractive` to reduce noise
* Use --no-install-recommends to avoid installing unnecessary packages
* Filter out uninteresting lines on install
Note: `DEBIAN_FRONTEND` does not appear to be needed in the default
GitHub runner container and not many packages are currently being
downloaded/installed in them, so do the above changes only jobs that use
custom Docker images.
|
|
|
|
|
|
|
|
|
|
|
|
| |
There already exists a workflow dedicated to profile checks:
* .github/workflows/profile-checks.yml.
Keep the build and lint jobs separate to make it easier to spot build vs
lint failures in CI.
See also commit c3b42dbd2 ("ci: disable sort.py on gitlab jobs as well",
2023-04-10).
|
|
|
|
|
|
|
|
|
|
|
| |
Example log of it failing:
$ ./configure
checking for gcc... gcc
checking whether the C compiler works... no
configure: error: in `/tmp/build':
configure: error: C compiler cannot create executables
See `config.log' for more details
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of Debian 9, use Debian 10 in build_debian_package.
It currently fails to update the package index[1]:
$ apt-get update -qq
W: The repository 'http://deb.debian.org/debian stretch Release' does not have a Release file.
W: The repository 'http://deb.debian.org/debian stretch-updates Release' does not have a Release file.
W: The repository 'http://security.debian.org/debian-security stretch/updates Release' does not have a Release file.
E: Failed to fetch http://deb.debian.org/debian/dists/stretch/main/binary-amd64/Packages 404 Not Found [IP: 146.75.38.132 80]
E: Failed to fetch http://deb.debian.org/debian/dists/stretch-updates/main/binary-amd64/Packages 404 Not Found [IP: 146.75.38.132 80]
E: Failed to fetch http://security.debian.org/debian-security/dists/stretch/updates/main/binary-amd64/Packages 404 Not Found [IP: 151.101.130.132 80]
E: Some index files failed to download. They have been ignored, or old ones used instead.
Also, note that LTS support for Debian 9 ended on 2022-06-30, while
Debian 10 has LTS support until 2024-06-30[2].
Relates to #5818.
[1] https://gitlab.com/Firejail/firejail_ci/-/jobs/4195782936
[2] https://wiki.debian.org/LTS
|
|
|
|
|
|
|
| |
To make debugging easier.
Use a separate shell script instead of just a make target to ensure that
it can safely run before ./configure and without having make installed.
|
|
|
|
| |
To make debugging easier.
|
|
|
|
|
|
|
| |
Changes:
* Add quotes around variables
* Use single quotes where applicable
|
|
|
|
|
|
| |
To turn each step in question into a normal multi-line shell script.
Note that each step already runs with `set -e` by default.
|
|
|
|
|
|
|
|
|
|
|
| |
For increased readability.
Note: `>` basically turns each newline into a space while `|` keeps
newlines as is. Both remove leading indentation.
Note2: On jobs using `apt-get install`, this commit moves package names
to their own line, to make it easier to compare which packages are being
installed across such jobs.
|
|
|
|
|
|
|
|
|
|
| |
This amends the following commits:
* 370b9db39 ("gitlab pipeline fixes", 2020-04-21)
* 42fdea77f ("gitlab", 2020-04-21)
Added on commit 2e14c1a1d ("Adding sort.py to GitLab CI (#2973)",
2019-09-21).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the author name is used as the author email in git and vice
versa.
Changes:
* Split the commands to make them easier to read
* Put the name command first to match the usual git usage
* Fix swapped name/email arguments
* Use the DEBFULLNAME / DEBEMAIL environment variables instead of
GitLab-specific ones
Added on commit 4cf51b591 ("extend gitlab-ci configuration to run Debian
CI tests", 2019-06-21).
|
|
|
|
|
|
|
|
|
|
| |
Split them into separate steps to make it clearer in the logs which
command causes a job to fail when it does.
Note that they are already spli in the GitHub workflows:
* .github/workflows/build.yml
* .github/workflows/build-extra.yml
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is currently causing the following jobs to fail on GitLab[1]:
* build_ubuntu_package
* build_fedora_package
See commit df6ea884f ("merges, disable sort.py in profile checks
temporarely, two more private-etc profiles", 2023-02-14).
[1] https://gitlab.com/Firejail/firejail_ci/-/pipelines/832588068
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The official .deb package is always built with apparmor support, so use
`--enable-apparmor` in mkdeb.sh and remove the "deb-apparmor" target in
order to reduce redundancy.
Note that custom configure options may be specified by calling
./mkdeb.sh directly.
For example, to build the .deb package without apparmor support, instead
of running `make deb`, the following commands can be used:
make dist
./mkdeb.sh --disable-apparmor
Also, change the `build_apparmor` GitLab CI job into
`build_no_apparmor`, which is intended to check that building without
apparmor still works.
Note: This commit makes the resulting .deb package not have an
"-apparmor" suffix (see `EXTRA_VERSION` in mkdeb.sh), to avoid
redundancy (as having apparmor support becomes the default).
Misc: This is a follow-up to #5654.
Relates to #5154 #5176 #5547.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "deb" target depends on the "dist" target, which creates an archive
from DISTFILES.
The arguments to ./configure are misleading, as they do not affect the
archive that is used by `make deb`. That is the case because the
configure output files (config.mk and config.sh) are not copied into the
dist archive, only their input files (config.mk.in and config.sh.in).
In order to affect the .deb package, the configure arguments have to be
passed to mkdeb.sh, which then forwards them to ./configure itself.
Note: This does not apply to the rpm-based jobs, as `make rpms` uses the
files directly rather than using the dist archive.
Relates to #5154.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, mkdeb.sh (which is used to make a .deb package) runs
./configure with hardcoded options (some of which are automatically
detected based on configure-time variables). To work around the
hardcoding, contrib/fj-mkdeb.py is used to add additional options by
rewriting the actual call to ./configure on mkdeb.sh. For example, the
following invocation adds --disable-firetunnel to mkdeb.sh:
$ ./configure && ./contrib/fj-mkdeb.py --disable-firetunnel
To avoid depending on another script and to avoid re-generating
mkdeb.sh, just let the latter pass the remaining arguments (the first
one is an optional package filename suffix) to ./configure directly.
Example:
$ make distclean && ./configure && make dist &&
./mkdeb.sh "" --disable-firetunnel
Additionally, change contrib/fj-mkdeb.py to do roughly the same as the
above example, by simply forwarding the arguments that it receives to
./mkdeb.sh (which then forwards them to ./configure). Also, remove the
--only-fix-mkdeb option, since the script does not change mkdeb.sh
anymore. With these changes, the script's usage (other than when using
--only-fix-mkdeb) should remain the same.
Note: To clean the generated files and then make a .deb package using
the default configuration, the invocation is still the same:
$ make distclean && ./configure && make deb
Note2: Running ./configure in the above examples is only needed for
generating Makefile/mkdeb.sh from Makefile.in/mkdeb.sh.in after running
distclean, so that running `make` / `./mkdeb.sh` afterwards works.
Should fully fix #772.
Relates to #1205 #3414 #5148.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "build_apparmor" job was added on commit 342e71cd8 ("Add
deb-apparmor build to Gitlab CI", 2019-01-26). It would call
`./mkdeb-apparmor.sh`, which would run `./configure --enable-apparmor`
directly, adding `-lapparmor` to `EXTRA_LDFLAGS` and thus passing it to
the linker.
Later, commit 87e7b3139 ("Configure Debian package with AA and SELinux
options", 2020-05-13) / PR #3414 merged mkdeb.sh and mkdeb-apparmor.sh
into mkdeb.sh.in, which does not always pass `--enable-apparmor` to
./configure directly. Instead, it adds `--enable-apparmor` depending on
whether the `$HAVE_APPARMOR` environment variable is set, which would be
done by a previous run of ./configure with `--enable-apparmor`. Since
on "build_apparmor" ./configure is not run the first time with
`--enable-apparmor`, neither is it on the second time and thus
`-lapparmor` is never passed to the linker. This commit adds
`--enable-apparmor` to the first ./configure run on the ci job, so that
it gets passed to the one being executed on mkdeb.sh as well.
|
|
|
|
|
|
|
| |
To ensure that firejail was actually built with support for it.
Note: This commit intentionally fails on GitLab CI to demonstrate that
the above is currently not the case.
|
|
|
|
|
| |
To ensure that the resulting program actually runs and also to show
which compile-time features it supports.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Likely caused by commit 500a56efd ("more on nettrace", 2022-01-07).
From the build log of "debian_ci" for the above commit[1]:
make[1]: Leaving directory '/builds/Firejail/firejail_ci'
dh_fixperms -Nfirejail
debian/rules override_dh_missing
make[1]: Entering directory '/builds/Firejail/firejail_ci'
dh_missing -pfirejail --fail-missing
dh_missing: warning: etc/firejail/hostnames exists in debian/tmp but is not installed to anywhere
dh_missing: error: missing files, aborting
[1] https://gitlab.com/Firejail/firejail_ci/-/jobs/1952432676
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
See
87e7b313997b1d2be6553cfb22fef71b74c84ea6
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add contrib/sort.py to Gitlab CI
Not adding to Debian Jessie or CentOS since python >=3.6 is not
available
See https://github.com/netblue30/firejail/pull/2870
* Updates
Explicitly install python3 on Ubuntu (should be pre-installed but not
working as-is)
Remove running python3 code on CentOS
* ci: comment out contrib/sort.py for Alpine
Getting this error:
$ python3 contrib/sort.py etc/*.{profile,inc}
[ Error ] Can't find `etc/*.{profile,inc}'
ERROR: Job failed: exit code 1
For now it's better to debug later and enable this test for the other
jobs
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Ubuntu:rolling is the latest Ubuntu release (LTS and/or non-LTS).
Since debian:latest already provides a reasonable base for testing
firejail builds on older Debian-based systems, use ubuntu:rolling
to test on relatively new systems.
|
|
Code tests are still run on Travis CI, but distro-specific builds are run on GitLab CI.
Currently these are used:
1. Debian stable
2. Ubuntu latest
3. CentOS latest
4. Fedora latest
5. Alpine
Debian and CentOS are for testing builds on older systems, for *.deb vs *.rpm, respectively.
Ubuntu and Fedora are for testing builds on the latest **stable** systems for *.deb and *.rpm.
Alpine is used to test building/installing from source.
All run concurrently.
In the future may expand tests on Gitlab to cover code testing as well.
|