@@ -1,6 +1,6 @@
language: c
-dist: xenial
+dist: bionic
addons:
apt:
@@ -8,16 +8,56 @@ addons:
- astyle
- libselinux1-dev
- libsctp-dev
+ - libaudit-dev
+ - libcap-dev
+ - libdbus-glib-1-dev
+ - xmlto
+
+cache:
+ directories:
+ - selinux-policy
+ - container-selinux
+ - refpolicy
before_install:
+ - export LIBRARY_PATH=/usr/local/lib
+ - export LD_LIBRARY_PATH=/usr/local/lib
# FYI: known good with HEAD at 8551fc60fc515cd290ba38ee8c758c1f4df52b56
- git clone https://github.com/perltidy/perltidy.git perltidy
- |
(cd perltidy &&
perl Makefile.PL &&
- make &&
- sudo make install)
+ make PREFIX=/usr/local &&
+ sudo make install PREFIX=/usr/local)
+ # install libbpf from sources
+ - git clone https://github.com/libbpf/libbpf
+ - (cd libbpf/src && make PREFIX=/usr/local)
+ - (cd libbpf/src && sudo make install PREFIX=/usr/local)
+ # install keyutils from sources
+ - git clone https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git
+ - KEYUTILS_OPTS=""
+ - KEYUTILS_OPTS+="BINDIR=/usr/local/bin SBINDIR=/usr/local/sbin "
+ - KEYUTILS_OPTS+="LIBDIR=/usr/local/lib USRLIBDIR=/usr/local/lib "
+ - KEYUTILS_OPTS+="INCLUDEDIR=/usr/local/include "
+ - KEYUTILS_OPTS+="SHAREDIR=/usr/local/share/keyutils MANDIR=/usr/local/share/man"
+ - (cd keyutils && make $KEYUTILS_OPTS)
+ - (cd keyutils && sudo make install $KEYUTILS_OPTS)
+ # install SELinux userspace from source
+ - git clone https://github.com/SELinuxProject/selinux
+ - (cd selinux && sudo make install PREFIX=/usr/local SHLIBDIR=/usr/local/lib)
+ # install Fedora policy and refpolicy
+ - bash travis-ci/setup-policy-fedora.sh
+ - bash travis-ci/setup-policy-refpolicy.sh
+ # establish a fake "selinuxfs" mount (policy/Makefile just greps for selinuxfs)
+ - sudo mkdir -p /tmp/fake-selinuxfs
+ - sudo mount -t tmpfs tmpfs /tmp/fake-selinuxfs
+ - echo 999 >/tmp/fake-selinuxfs/policyvers
script:
- tools/check-syntax -f && git diff --exit-code
- - make
+ - |
+ bash travis-ci/enable-policy.sh targeted &&
+ make PREFIX=/usr/local POLDEV=/usr/share/selinux/targeted
+ - |
+ bash travis-ci/enable-policy.sh refpolicy &&
+ make PREFIX=/usr/local POLDEV=/usr/share/selinux/refpolicy
@@ -1,8 +1,11 @@
-POLDEV ?= /usr/share/selinux/devel
-SEMODULE = /usr/sbin/semodule
-CHECKPOLICY = /usr/bin/checkpolicy
-CHECKMODULE = /usr/bin/checkmodule
+PREFIX ?= /usr
+BINDIR ?= $(PREFIX)/bin
+SBINDIR ?= $(PREFIX)/sbin
+POLDEV ?= $(PREFIX)/share/selinux/devel
+SEMODULE = $(SBINDIR)/semodule
+CHECKPOLICY = $(BINDIR)/checkpolicy
+CHECKMODULE = $(BINDIR)/checkmodule
DISTRO=$(shell ../tests/os_detect)
new file mode 100644
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -e
+
+# create a dummy /etc/selinux/config
+sudo mkdir -p /etc/selinux
+sudo tee /etc/selinux/config >/dev/null <<EOF
+SELINUX=disabled
+SELINUXTYPE=$1
+EOF
new file mode 100644
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+set -ex
+
+if ! [ -d selinux-policy/.git ]; then
+ git clone --recursive https://github.com/fedora-selinux/selinux-policy
+ (cd selinux-policy/policy/modules/contrib && git checkout rawhide)
+else
+ (cd selinux-policy && git pull || { git checkout '*' && git pull; })
+ (cd selinux-policy/policy/modules/contrib && git pull)
+fi
+
+if ! [ -d container-selinux/.git ]; then
+ git clone https://github.com/containers/container-selinux.git
+ for f in container.if container.te; do
+ ln -s ../../../../container-selinux/$f \
+ selinux-policy/policy/modules/contrib/$f
+ done
+else
+ (cd container-selinux && git pull)
+fi
+
+cd selinux-policy
+
+grep -q refpolicy build.conf && sed -i 's/refpolicy/targeted/' build.conf
+
+[ -f policy/modules.conf ] || make conf
+
+make -j`nproc --all` BINDIR=/usr/local/bin SBINDIR=/usr/local/sbin
+sudo make install install-headers
+
+# workaround for different Makefile location in Fedora RPMs
+sudo ln -s include/Makefile /usr/share/selinux/targeted/Makefile
new file mode 100644
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -ex
+
+if ! [ -d refpolicy/.git ]; then
+ git clone https://github.com/SELinuxProject/refpolicy
+else
+ git pull || { git checkout '*' && git pull; }
+fi
+
+cd refpolicy
+
+[ -f policy/modules.conf ] || make conf
+
+make -j`nproc --all` BINDIR=/usr/local/bin SBINDIR=/usr/local/sbin
+sudo make install install-headers
+
+# workaround for different Makefile location in Fedora RPMs
+sudo ln -s include/Makefile /usr/share/selinux/refpolicy/Makefile
Download, build, and install Fedora policy & refpolicy and try building the test policy package against both of them. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- .travis.yml | 48 ++++++++++++++++++++++++++--- policy/Makefile | 11 ++++--- travis-ci/enable-policy.sh | 10 ++++++ travis-ci/setup-policy-fedora.sh | 33 ++++++++++++++++++++ travis-ci/setup-policy-refpolicy.sh | 19 ++++++++++++ 5 files changed, 113 insertions(+), 8 deletions(-) create mode 100644 travis-ci/enable-policy.sh create mode 100644 travis-ci/setup-policy-fedora.sh create mode 100644 travis-ci/setup-policy-refpolicy.sh