| Message ID | 20210125214416.446813-1-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Ondrej Mosnáček |
| Headers | show |
| Series | [testsuite] ci: run testsuite also against the secnext kernel | expand |
On Mon, Jan 25, 2021 at 10:44 PM Ondrej Mosnacek <omosnace@redhat.com> wrote: > Add another CI job that tests against Paul Moore's kernel-secnext > builds, which contain the latest SELinux patches staged for the next > Linux kernel release. > > Since the rawhide image doesn't currently boot under macOS and/or > Virtualbox and/or Vagrant (shrug), use the stable F33 image with rawhide > repo enabled. We will often need at least linux-firmware and glibc from > rawhide anyway, and for verifying new tests for recently developed > features it might be better to have the other userspace dependencies > installed from rawhide, too. > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > --- > .github/workflows/checks.yml | 8 +++++++- > Vagrantfile | 16 +++++++++++++--- > 2 files changed, 20 insertions(+), 4 deletions(-) Since the secnext kernel is now built with a fixed dwarves package and passes testing now, I merged this patch: https://github.com/SELinuxProject/selinux-testsuite/commit/ce647decaadf3347fca0610297a679a40cfcab45 -- Ondrej Mosnacek Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index e1e383f..59f1a47 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -11,8 +11,14 @@ jobs: - run: tools/check-syntax -f && git diff --exit-code fedora-test: runs-on: macos-latest + strategy: + matrix: + env: + - { version: 33, secnext: 0 } + - { version: 33, secnext: 1 } env: - FEDORA_VERSION: 33 + FEDORA_VERSION: ${{ matrix.env.version }} + KERNEL_SECNEXT: ${{ matrix.env.secnext }} steps: - uses: actions/checkout@v2 # macOS sometimes allows symlinks to have permissions other than 777, diff --git a/Vagrantfile b/Vagrantfile index c305fce..a93c912 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -33,8 +33,18 @@ Vagrant.configure("2") do |config| v.memory = 4096 end + if ENV['KERNEL_SECNEXT'] == '1' + dnf_opts = '--nogpgcheck --releasever rawhide --repofrompath kernel-secnext,https://repo.paul-moore.com/rawhide/x86_64' + kernel_pkgs = 'kernel-devel kernel-modules' + reboot_cmd = 'reboot' + else + dnf_opts = '' + kernel_pkgs = 'kernel-devel-"$(uname -r)" kernel-modules-"$(uname -r)"' + reboot_cmd = '' + end + config.vm.provision :shell, inline: <<SCRIPT - dnf install -y \ + dnf install -y #{dnf_opts} \ --allowerasing \ --skip-broken \ make \ @@ -59,7 +69,7 @@ Vagrant.configure("2") do |config| e2fsprogs \ jfsutils \ dosfstools \ - kernel-devel-"$(uname -r)" \ - kernel-modules-"$(uname -r)" + #{kernel_pkgs} + #{reboot_cmd} SCRIPT end
Add another CI job that tests against Paul Moore's kernel-secnext builds, which contain the latest SELinux patches staged for the next Linux kernel release. Since the rawhide image doesn't currently boot under macOS and/or Virtualbox and/or Vagrant (shrug), use the stable F33 image with rawhide repo enabled. We will often need at least linux-firmware and glibc from rawhide anyway, and for verifying new tests for recently developed features it might be better to have the other userspace dependencies installed from rawhide, too. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- .github/workflows/checks.yml | 8 +++++++- Vagrantfile | 16 +++++++++++++--- 2 files changed, 20 insertions(+), 4 deletions(-)