[testsuite,v4,3/3] travis: test building the test policy package
diff mbox series

Message ID 20191118145238.408124-4-omosnace@redhat.com
State Accepted
Headers show
Series
  • Fix refpolicy build & build test_policy.pp in Travis
Related show

Commit Message

Ondrej Mosnacek Nov. 18, 2019, 2:52 p.m. UTC
Download, build, and install Fedora policy & refpolicy and try building
the test policy package against both of them.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 .travis.yml                         | 48 ++++++++++++++++++++++++++---
 policy/Makefile                     | 11 ++++---
 travis-ci/enable-policy.sh          | 10 ++++++
 travis-ci/setup-policy-fedora.sh    | 33 ++++++++++++++++++++
 travis-ci/setup-policy-refpolicy.sh | 19 ++++++++++++
 5 files changed, 113 insertions(+), 8 deletions(-)
 create mode 100644 travis-ci/enable-policy.sh
 create mode 100644 travis-ci/setup-policy-fedora.sh
 create mode 100644 travis-ci/setup-policy-refpolicy.sh

Comments

Stephen Smalley Nov. 18, 2019, 3:09 p.m. UTC | #1
On 11/18/19 9:52 AM, Ondrej Mosnacek wrote:
> Download, build, and install Fedora policy & refpolicy and try building
> the test policy package against both of them.
> 
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>

For all 3,
Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
Tested-by: Stephen Smalley <sds@tycho.nsa.gov>

> ---
>   .travis.yml                         | 48 ++++++++++++++++++++++++++---
>   policy/Makefile                     | 11 ++++---
>   travis-ci/enable-policy.sh          | 10 ++++++
>   travis-ci/setup-policy-fedora.sh    | 33 ++++++++++++++++++++
>   travis-ci/setup-policy-refpolicy.sh | 19 ++++++++++++
>   5 files changed, 113 insertions(+), 8 deletions(-)
>   create mode 100644 travis-ci/enable-policy.sh
>   create mode 100644 travis-ci/setup-policy-fedora.sh
>   create mode 100644 travis-ci/setup-policy-refpolicy.sh
> 
> diff --git a/.travis.yml b/.travis.yml
> index fbbe98d..42b2490 100644
> --- a/.travis.yml
> +++ b/.travis.yml
> @@ -1,6 +1,6 @@
>   language: c
>   
> -dist: xenial
> +dist: bionic
>   
>   addons:
>     apt:
> @@ -8,16 +8,56 @@ addons:
>         - astyle
>         - libselinux1-dev
>         - libsctp-dev
> +      - libaudit-dev
> +      - libcap-dev
> +      - libdbus-glib-1-dev
> +      - xmlto
> +
> +cache:
> +  directories:
> +    - selinux-policy
> +    - container-selinux
> +    - refpolicy
>   
>   before_install:
> +  - export LIBRARY_PATH=/usr/local/lib
> +  - export LD_LIBRARY_PATH=/usr/local/lib
>     # FYI: known good with HEAD at 8551fc60fc515cd290ba38ee8c758c1f4df52b56
>     - git clone https://github.com/perltidy/perltidy.git perltidy
>     - |
>       (cd perltidy &&
>        perl Makefile.PL &&
> -     make &&
> -     sudo make install)
> +     make PREFIX=/usr/local &&
> +     sudo make install PREFIX=/usr/local)
> +  # install libbpf from sources
> +  - git clone https://github.com/libbpf/libbpf
> +  - (cd libbpf/src && make PREFIX=/usr/local)
> +  - (cd libbpf/src && sudo make install PREFIX=/usr/local)
> +  # install keyutils from sources
> +  - git clone https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git
> +  - KEYUTILS_OPTS=""
> +  - KEYUTILS_OPTS+="BINDIR=/usr/local/bin SBINDIR=/usr/local/sbin "
> +  - KEYUTILS_OPTS+="LIBDIR=/usr/local/lib USRLIBDIR=/usr/local/lib "
> +  - KEYUTILS_OPTS+="INCLUDEDIR=/usr/local/include "
> +  - KEYUTILS_OPTS+="SHAREDIR=/usr/local/share/keyutils MANDIR=/usr/local/share/man"
> +  - (cd keyutils && make $KEYUTILS_OPTS)
> +  - (cd keyutils && sudo make install $KEYUTILS_OPTS)
> +  # install SELinux userspace from source
> +  - git clone https://github.com/SELinuxProject/selinux
> +  - (cd selinux && sudo make install PREFIX=/usr/local SHLIBDIR=/usr/local/lib)
> +  # install Fedora policy and refpolicy
> +  - bash travis-ci/setup-policy-fedora.sh
> +  - bash travis-ci/setup-policy-refpolicy.sh
> +  # establish a fake "selinuxfs" mount (policy/Makefile just greps for selinuxfs)
> +  - sudo mkdir -p /tmp/fake-selinuxfs
> +  - sudo mount -t tmpfs tmpfs /tmp/fake-selinuxfs
> +  - echo 999 >/tmp/fake-selinuxfs/policyvers
>   
>   script:
>     - tools/check-syntax -f && git diff --exit-code
> -  - make
> +  - |
> +    bash travis-ci/enable-policy.sh targeted &&
> +    make PREFIX=/usr/local POLDEV=/usr/share/selinux/targeted
> +  - |
> +    bash travis-ci/enable-policy.sh refpolicy &&
> +    make PREFIX=/usr/local POLDEV=/usr/share/selinux/refpolicy
> diff --git a/policy/Makefile b/policy/Makefile
> index ff65153..39ae84a 100644
> --- a/policy/Makefile
> +++ b/policy/Makefile
> @@ -1,8 +1,11 @@
>   
> -POLDEV ?= /usr/share/selinux/devel
> -SEMODULE = /usr/sbin/semodule
> -CHECKPOLICY = /usr/bin/checkpolicy
> -CHECKMODULE = /usr/bin/checkmodule
> +PREFIX ?= /usr
> +BINDIR ?= $(PREFIX)/bin
> +SBINDIR ?= $(PREFIX)/sbin
> +POLDEV ?= $(PREFIX)/share/selinux/devel
> +SEMODULE = $(SBINDIR)/semodule
> +CHECKPOLICY = $(BINDIR)/checkpolicy
> +CHECKMODULE = $(BINDIR)/checkmodule
>   
>   DISTRO=$(shell ../tests/os_detect)
>   
> diff --git a/travis-ci/enable-policy.sh b/travis-ci/enable-policy.sh
> new file mode 100644
> index 0000000..ae53fbe
> --- /dev/null
> +++ b/travis-ci/enable-policy.sh
> @@ -0,0 +1,10 @@
> +#!/bin/bash
> +
> +set -e
> +
> +# create a dummy /etc/selinux/config
> +sudo mkdir -p /etc/selinux
> +sudo tee /etc/selinux/config >/dev/null <<EOF
> +SELINUX=disabled
> +SELINUXTYPE=$1
> +EOF
> diff --git a/travis-ci/setup-policy-fedora.sh b/travis-ci/setup-policy-fedora.sh
> new file mode 100644
> index 0000000..d2793f0
> --- /dev/null
> +++ b/travis-ci/setup-policy-fedora.sh
> @@ -0,0 +1,33 @@
> +#!/bin/bash
> +
> +set -ex
> +
> +if ! [ -d selinux-policy/.git ]; then
> +	git clone --recursive https://github.com/fedora-selinux/selinux-policy
> +	(cd selinux-policy/policy/modules/contrib && git checkout rawhide)
> +else
> +	(cd selinux-policy && git pull || { git checkout '*' && git pull; })
> +	(cd selinux-policy/policy/modules/contrib && git pull)
> +fi
> +
> +if ! [ -d container-selinux/.git ]; then
> +	git clone https://github.com/containers/container-selinux.git
> +	for f in container.if container.te; do
> +		ln -s ../../../../container-selinux/$f \
> +			selinux-policy/policy/modules/contrib/$f
> +	done
> +else
> +	(cd container-selinux && git pull)
> +fi
> +
> +cd selinux-policy
> +
> +grep -q refpolicy build.conf && sed -i 's/refpolicy/targeted/' build.conf
> +
> +[ -f policy/modules.conf ] || make conf
> +
> +make -j`nproc --all` BINDIR=/usr/local/bin SBINDIR=/usr/local/sbin
> +sudo make install install-headers
> +
> +# workaround for different Makefile location in Fedora RPMs
> +sudo ln -s include/Makefile /usr/share/selinux/targeted/Makefile
> diff --git a/travis-ci/setup-policy-refpolicy.sh b/travis-ci/setup-policy-refpolicy.sh
> new file mode 100644
> index 0000000..abd4ca4
> --- /dev/null
> +++ b/travis-ci/setup-policy-refpolicy.sh
> @@ -0,0 +1,19 @@
> +#!/bin/bash
> +
> +set -ex
> +
> +if ! [ -d refpolicy/.git ]; then
> +	git clone https://github.com/SELinuxProject/refpolicy
> +else
> +	git pull || { git checkout '*' && git pull; }
> +fi
> +
> +cd refpolicy
> +
> +[ -f policy/modules.conf ] || make conf
> +
> +make -j`nproc --all` BINDIR=/usr/local/bin SBINDIR=/usr/local/sbin
> +sudo make install install-headers
> +
> +# workaround for different Makefile location in Fedora RPMs
> +sudo ln -s include/Makefile /usr/share/selinux/refpolicy/Makefile
>
Stephen Smalley Nov. 21, 2019, 5:02 p.m. UTC | #2
On 11/18/19 9:52 AM, Ondrej Mosnacek wrote:
> Download, build, and install Fedora policy & refpolicy and try building
> the test policy package against both of them.
> 
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>

Thanks, all 3 patches applied.

> ---
>   .travis.yml                         | 48 ++++++++++++++++++++++++++---
>   policy/Makefile                     | 11 ++++---
>   travis-ci/enable-policy.sh          | 10 ++++++
>   travis-ci/setup-policy-fedora.sh    | 33 ++++++++++++++++++++
>   travis-ci/setup-policy-refpolicy.sh | 19 ++++++++++++
>   5 files changed, 113 insertions(+), 8 deletions(-)
>   create mode 100644 travis-ci/enable-policy.sh
>   create mode 100644 travis-ci/setup-policy-fedora.sh
>   create mode 100644 travis-ci/setup-policy-refpolicy.sh
> 
> diff --git a/.travis.yml b/.travis.yml
> index fbbe98d..42b2490 100644
> --- a/.travis.yml
> +++ b/.travis.yml
> @@ -1,6 +1,6 @@
>   language: c
>   
> -dist: xenial
> +dist: bionic
>   
>   addons:
>     apt:
> @@ -8,16 +8,56 @@ addons:
>         - astyle
>         - libselinux1-dev
>         - libsctp-dev
> +      - libaudit-dev
> +      - libcap-dev
> +      - libdbus-glib-1-dev
> +      - xmlto
> +
> +cache:
> +  directories:
> +    - selinux-policy
> +    - container-selinux
> +    - refpolicy
>   
>   before_install:
> +  - export LIBRARY_PATH=/usr/local/lib
> +  - export LD_LIBRARY_PATH=/usr/local/lib
>     # FYI: known good with HEAD at 8551fc60fc515cd290ba38ee8c758c1f4df52b56
>     - git clone https://github.com/perltidy/perltidy.git perltidy
>     - |
>       (cd perltidy &&
>        perl Makefile.PL &&
> -     make &&
> -     sudo make install)
> +     make PREFIX=/usr/local &&
> +     sudo make install PREFIX=/usr/local)
> +  # install libbpf from sources
> +  - git clone https://github.com/libbpf/libbpf
> +  - (cd libbpf/src && make PREFIX=/usr/local)
> +  - (cd libbpf/src && sudo make install PREFIX=/usr/local)
> +  # install keyutils from sources
> +  - git clone https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git
> +  - KEYUTILS_OPTS=""
> +  - KEYUTILS_OPTS+="BINDIR=/usr/local/bin SBINDIR=/usr/local/sbin "
> +  - KEYUTILS_OPTS+="LIBDIR=/usr/local/lib USRLIBDIR=/usr/local/lib "
> +  - KEYUTILS_OPTS+="INCLUDEDIR=/usr/local/include "
> +  - KEYUTILS_OPTS+="SHAREDIR=/usr/local/share/keyutils MANDIR=/usr/local/share/man"
> +  - (cd keyutils && make $KEYUTILS_OPTS)
> +  - (cd keyutils && sudo make install $KEYUTILS_OPTS)
> +  # install SELinux userspace from source
> +  - git clone https://github.com/SELinuxProject/selinux
> +  - (cd selinux && sudo make install PREFIX=/usr/local SHLIBDIR=/usr/local/lib)
> +  # install Fedora policy and refpolicy
> +  - bash travis-ci/setup-policy-fedora.sh
> +  - bash travis-ci/setup-policy-refpolicy.sh
> +  # establish a fake "selinuxfs" mount (policy/Makefile just greps for selinuxfs)
> +  - sudo mkdir -p /tmp/fake-selinuxfs
> +  - sudo mount -t tmpfs tmpfs /tmp/fake-selinuxfs
> +  - echo 999 >/tmp/fake-selinuxfs/policyvers
>   
>   script:
>     - tools/check-syntax -f && git diff --exit-code
> -  - make
> +  - |
> +    bash travis-ci/enable-policy.sh targeted &&
> +    make PREFIX=/usr/local POLDEV=/usr/share/selinux/targeted
> +  - |
> +    bash travis-ci/enable-policy.sh refpolicy &&
> +    make PREFIX=/usr/local POLDEV=/usr/share/selinux/refpolicy
> diff --git a/policy/Makefile b/policy/Makefile
> index ff65153..39ae84a 100644
> --- a/policy/Makefile
> +++ b/policy/Makefile
> @@ -1,8 +1,11 @@
>   
> -POLDEV ?= /usr/share/selinux/devel
> -SEMODULE = /usr/sbin/semodule
> -CHECKPOLICY = /usr/bin/checkpolicy
> -CHECKMODULE = /usr/bin/checkmodule
> +PREFIX ?= /usr
> +BINDIR ?= $(PREFIX)/bin
> +SBINDIR ?= $(PREFIX)/sbin
> +POLDEV ?= $(PREFIX)/share/selinux/devel
> +SEMODULE = $(SBINDIR)/semodule
> +CHECKPOLICY = $(BINDIR)/checkpolicy
> +CHECKMODULE = $(BINDIR)/checkmodule
>   
>   DISTRO=$(shell ../tests/os_detect)
>   
> diff --git a/travis-ci/enable-policy.sh b/travis-ci/enable-policy.sh
> new file mode 100644
> index 0000000..ae53fbe
> --- /dev/null
> +++ b/travis-ci/enable-policy.sh
> @@ -0,0 +1,10 @@
> +#!/bin/bash
> +
> +set -e
> +
> +# create a dummy /etc/selinux/config
> +sudo mkdir -p /etc/selinux
> +sudo tee /etc/selinux/config >/dev/null <<EOF
> +SELINUX=disabled
> +SELINUXTYPE=$1
> +EOF
> diff --git a/travis-ci/setup-policy-fedora.sh b/travis-ci/setup-policy-fedora.sh
> new file mode 100644
> index 0000000..d2793f0
> --- /dev/null
> +++ b/travis-ci/setup-policy-fedora.sh
> @@ -0,0 +1,33 @@
> +#!/bin/bash
> +
> +set -ex
> +
> +if ! [ -d selinux-policy/.git ]; then
> +	git clone --recursive https://github.com/fedora-selinux/selinux-policy
> +	(cd selinux-policy/policy/modules/contrib && git checkout rawhide)
> +else
> +	(cd selinux-policy && git pull || { git checkout '*' && git pull; })
> +	(cd selinux-policy/policy/modules/contrib && git pull)
> +fi
> +
> +if ! [ -d container-selinux/.git ]; then
> +	git clone https://github.com/containers/container-selinux.git
> +	for f in container.if container.te; do
> +		ln -s ../../../../container-selinux/$f \
> +			selinux-policy/policy/modules/contrib/$f
> +	done
> +else
> +	(cd container-selinux && git pull)
> +fi
> +
> +cd selinux-policy
> +
> +grep -q refpolicy build.conf && sed -i 's/refpolicy/targeted/' build.conf
> +
> +[ -f policy/modules.conf ] || make conf
> +
> +make -j`nproc --all` BINDIR=/usr/local/bin SBINDIR=/usr/local/sbin
> +sudo make install install-headers
> +
> +# workaround for different Makefile location in Fedora RPMs
> +sudo ln -s include/Makefile /usr/share/selinux/targeted/Makefile
> diff --git a/travis-ci/setup-policy-refpolicy.sh b/travis-ci/setup-policy-refpolicy.sh
> new file mode 100644
> index 0000000..abd4ca4
> --- /dev/null
> +++ b/travis-ci/setup-policy-refpolicy.sh
> @@ -0,0 +1,19 @@
> +#!/bin/bash
> +
> +set -ex
> +
> +if ! [ -d refpolicy/.git ]; then
> +	git clone https://github.com/SELinuxProject/refpolicy
> +else
> +	git pull || { git checkout '*' && git pull; }
> +fi
> +
> +cd refpolicy
> +
> +[ -f policy/modules.conf ] || make conf
> +
> +make -j`nproc --all` BINDIR=/usr/local/bin SBINDIR=/usr/local/sbin
> +sudo make install install-headers
> +
> +# workaround for different Makefile location in Fedora RPMs
> +sudo ln -s include/Makefile /usr/share/selinux/refpolicy/Makefile
>

Patch
diff mbox series

diff --git a/.travis.yml b/.travis.yml
index fbbe98d..42b2490 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,6 +1,6 @@ 
 language: c
 
-dist: xenial
+dist: bionic
 
 addons:
   apt:
@@ -8,16 +8,56 @@  addons:
       - astyle
       - libselinux1-dev
       - libsctp-dev
+      - libaudit-dev
+      - libcap-dev
+      - libdbus-glib-1-dev
+      - xmlto
+
+cache:
+  directories:
+    - selinux-policy
+    - container-selinux
+    - refpolicy
 
 before_install:
+  - export LIBRARY_PATH=/usr/local/lib
+  - export LD_LIBRARY_PATH=/usr/local/lib
   # FYI: known good with HEAD at 8551fc60fc515cd290ba38ee8c758c1f4df52b56
   - git clone https://github.com/perltidy/perltidy.git perltidy
   - |
     (cd perltidy &&
      perl Makefile.PL &&
-     make &&
-     sudo make install)
+     make PREFIX=/usr/local &&
+     sudo make install PREFIX=/usr/local)
+  # install libbpf from sources
+  - git clone https://github.com/libbpf/libbpf
+  - (cd libbpf/src && make PREFIX=/usr/local)
+  - (cd libbpf/src && sudo make install PREFIX=/usr/local)
+  # install keyutils from sources
+  - git clone https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git
+  - KEYUTILS_OPTS=""
+  - KEYUTILS_OPTS+="BINDIR=/usr/local/bin SBINDIR=/usr/local/sbin "
+  - KEYUTILS_OPTS+="LIBDIR=/usr/local/lib USRLIBDIR=/usr/local/lib "
+  - KEYUTILS_OPTS+="INCLUDEDIR=/usr/local/include "
+  - KEYUTILS_OPTS+="SHAREDIR=/usr/local/share/keyutils MANDIR=/usr/local/share/man"
+  - (cd keyutils && make $KEYUTILS_OPTS)
+  - (cd keyutils && sudo make install $KEYUTILS_OPTS)
+  # install SELinux userspace from source
+  - git clone https://github.com/SELinuxProject/selinux
+  - (cd selinux && sudo make install PREFIX=/usr/local SHLIBDIR=/usr/local/lib)
+  # install Fedora policy and refpolicy
+  - bash travis-ci/setup-policy-fedora.sh
+  - bash travis-ci/setup-policy-refpolicy.sh
+  # establish a fake "selinuxfs" mount (policy/Makefile just greps for selinuxfs)
+  - sudo mkdir -p /tmp/fake-selinuxfs
+  - sudo mount -t tmpfs tmpfs /tmp/fake-selinuxfs
+  - echo 999 >/tmp/fake-selinuxfs/policyvers
 
 script:
   - tools/check-syntax -f && git diff --exit-code
-  - make
+  - |
+    bash travis-ci/enable-policy.sh targeted &&
+    make PREFIX=/usr/local POLDEV=/usr/share/selinux/targeted
+  - |
+    bash travis-ci/enable-policy.sh refpolicy &&
+    make PREFIX=/usr/local POLDEV=/usr/share/selinux/refpolicy
diff --git a/policy/Makefile b/policy/Makefile
index ff65153..39ae84a 100644
--- a/policy/Makefile
+++ b/policy/Makefile
@@ -1,8 +1,11 @@ 
 
-POLDEV ?= /usr/share/selinux/devel
-SEMODULE = /usr/sbin/semodule
-CHECKPOLICY = /usr/bin/checkpolicy
-CHECKMODULE = /usr/bin/checkmodule
+PREFIX ?= /usr
+BINDIR ?= $(PREFIX)/bin
+SBINDIR ?= $(PREFIX)/sbin
+POLDEV ?= $(PREFIX)/share/selinux/devel
+SEMODULE = $(SBINDIR)/semodule
+CHECKPOLICY = $(BINDIR)/checkpolicy
+CHECKMODULE = $(BINDIR)/checkmodule
 
 DISTRO=$(shell ../tests/os_detect)
 
diff --git a/travis-ci/enable-policy.sh b/travis-ci/enable-policy.sh
new file mode 100644
index 0000000..ae53fbe
--- /dev/null
+++ b/travis-ci/enable-policy.sh
@@ -0,0 +1,10 @@ 
+#!/bin/bash
+
+set -e
+
+# create a dummy /etc/selinux/config
+sudo mkdir -p /etc/selinux
+sudo tee /etc/selinux/config >/dev/null <<EOF
+SELINUX=disabled
+SELINUXTYPE=$1
+EOF
diff --git a/travis-ci/setup-policy-fedora.sh b/travis-ci/setup-policy-fedora.sh
new file mode 100644
index 0000000..d2793f0
--- /dev/null
+++ b/travis-ci/setup-policy-fedora.sh
@@ -0,0 +1,33 @@ 
+#!/bin/bash
+
+set -ex
+
+if ! [ -d selinux-policy/.git ]; then
+	git clone --recursive https://github.com/fedora-selinux/selinux-policy
+	(cd selinux-policy/policy/modules/contrib && git checkout rawhide)
+else
+	(cd selinux-policy && git pull || { git checkout '*' && git pull; })
+	(cd selinux-policy/policy/modules/contrib && git pull)
+fi
+
+if ! [ -d container-selinux/.git ]; then
+	git clone https://github.com/containers/container-selinux.git
+	for f in container.if container.te; do
+		ln -s ../../../../container-selinux/$f \
+			selinux-policy/policy/modules/contrib/$f
+	done
+else
+	(cd container-selinux && git pull)
+fi
+
+cd selinux-policy
+
+grep -q refpolicy build.conf && sed -i 's/refpolicy/targeted/' build.conf
+
+[ -f policy/modules.conf ] || make conf
+
+make -j`nproc --all` BINDIR=/usr/local/bin SBINDIR=/usr/local/sbin
+sudo make install install-headers
+
+# workaround for different Makefile location in Fedora RPMs
+sudo ln -s include/Makefile /usr/share/selinux/targeted/Makefile
diff --git a/travis-ci/setup-policy-refpolicy.sh b/travis-ci/setup-policy-refpolicy.sh
new file mode 100644
index 0000000..abd4ca4
--- /dev/null
+++ b/travis-ci/setup-policy-refpolicy.sh
@@ -0,0 +1,19 @@ 
+#!/bin/bash
+
+set -ex
+
+if ! [ -d refpolicy/.git ]; then
+	git clone https://github.com/SELinuxProject/refpolicy
+else
+	git pull || { git checkout '*' && git pull; }
+fi
+
+cd refpolicy
+
+[ -f policy/modules.conf ] || make conf
+
+make -j`nproc --all` BINDIR=/usr/local/bin SBINDIR=/usr/local/sbin
+sudo make install install-headers
+
+# workaround for different Makefile location in Fedora RPMs
+sudo ln -s include/Makefile /usr/share/selinux/refpolicy/Makefile