1 |
commit: f51d21f62c9f44d637796ab5d5fab793f871cb2e |
2 |
Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org> |
3 |
AuthorDate: Sat Aug 27 15:08:57 2016 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Aug 31 15:38:26 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f51d21f6 |
7 |
|
8 |
Make Travis-CI build without using sudo |
9 |
|
10 |
This makes migrating to container-based infrastructure much easier (all |
11 |
that is needed is adding "sudo: false" in the file). |
12 |
|
13 |
Moreover installing the toolchain in a user directory fixes issues when |
14 |
using the Trusty Beta environment: this toolchain broke the |
15 |
already-installed Ubuntu packages (with for example policy version |
16 |
issues between setfiles and checkpolicy). As the packaged tools (version |
17 |
2.2) are much slower than the latest toolchain release on Trusty, it is |
18 |
better to keep using the latest release. |
19 |
|
20 |
As libcap-ng-dev package is not (yet? [1]) whitelisted in Travis-CI |
21 |
container infrastructure, drop this package and do not build |
22 |
policycoreutils/sandbox. Do not build policycoreutils/restorecond too as |
23 |
it requires glib to be installed. |
24 |
|
25 |
While at it, set the language as "generic" instead of "python". |
26 |
|
27 |
[1] https://github.com/travis-ci/apt-package-whitelist/issues/1096 |
28 |
|
29 |
Signed-off-by: Nicolas Iooss <nicolas.iooss <AT> m4x.org> |
30 |
|
31 |
.travis.yml | 44 +++++++++++++++++++++++++++++++++----------- |
32 |
1 file changed, 33 insertions(+), 11 deletions(-) |
33 |
|
34 |
diff --git a/.travis.yml b/.travis.yml |
35 |
index 7c6301d..3f9d678 100644 |
36 |
--- a/.travis.yml |
37 |
+++ b/.travis.yml |
38 |
@@ -1,8 +1,6 @@ |
39 |
# Derived from Nicolas Iooss: https://github.com/fishilico/selinux-refpolicy-patched/blob/travis-upstream/.travis.yml |
40 |
|
41 |
-language: python |
42 |
-python: |
43 |
- - "2.7" |
44 |
+language: generic |
45 |
|
46 |
# for T in standard mls mcs ; do for D in arch debian gentoo ; do for I in n y ; do for M in y n ; do for S in n y ; do |
47 |
# echo " - TYPE=$T DISTRO=$D DIRECT_INITRC=$I MONOLITHIC=$M SYSTEMD=$S" ; done ; done ; done ; done ; done |
48 |
@@ -32,16 +30,31 @@ env: |
49 |
- TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=n |
50 |
- TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=y |
51 |
|
52 |
-before_install: |
53 |
+# Uncomment to use Travis-CI container infrastructure (https://docs.travis-ci.com/user/ci-environment/) |
54 |
+#sudo: false |
55 |
+ |
56 |
+# Uncomment these two lines to use Travis-CI Trusty Beta environment |
57 |
+#sudo: required |
58 |
+#dist: trusty |
59 |
+ |
60 |
+addons: |
61 |
+ apt: |
62 |
+ packages: |
63 |
+ # Install SELinux userspace utilities dependencies |
64 |
+ - bison |
65 |
+ - flex |
66 |
+ - gettext |
67 |
+ - libaudit-dev |
68 |
+ - libbz2-dev |
69 |
+ - libustr-dev |
70 |
+ - libpcre3-dev |
71 |
+ - swig |
72 |
+ |
73 |
+install: |
74 |
- lsb_release -a |
75 |
- bison -V |
76 |
- flex -V |
77 |
- - sudo apt-get update -qq |
78 |
- |
79 |
- # Install SELinux userspace utilities dependencies |
80 |
- - sudo apt-get install -qq libaudit-dev libcap-ng-dev libustr-dev libpcre3-dev swig |
81 |
|
82 |
-install: |
83 |
# Download current SELinux userspace tools and libraries |
84 |
- curl -sS -L https://github.com/SELinuxProject/selinux/archive/20160223.tar.gz | tar xz |
85 |
- mv selinux-20160223 selinux-src |
86 |
@@ -56,10 +69,19 @@ install: |
87 |
# Drop sepolicy to break setools dependence (sepolicy isn't used anyway) |
88 |
- sed -i -e 's/sepolicy//' selinux-src/policycoreutils/Makefile |
89 |
|
90 |
- # Compile and install SELinux toolchain |
91 |
+ # Drop restorecond to break glib dependence |
92 |
+ - sed -i -e 's/ restorecond//' selinux-src/policycoreutils/Makefile |
93 |
+ |
94 |
+ # Drop sandbox to break libcap-ng dependence |
95 |
+ - sed -i -e 's/ sandbox//' selinux-src/policycoreutils/Makefile |
96 |
+ |
97 |
+ # Compile and install SELinux toolchain into ~/selinux |
98 |
# On Ubuntu 12.04, default CFLAGS make the build fail in libsepol/cil with: |
99 |
# error: declaration of 'index' shadows a global declarationo |
100 |
- - sudo make CFLAGS="-O2 -pipe -fPIC -Wall" -C selinux-src install |
101 |
+ - make "DESTDIR=$HOME/selinux" CFLAGS="-O2 -pipe -fPIC -Wall -I$HOME/selinux/usr/include" -C selinux-src install |
102 |
+ |
103 |
+ # Use TEST_TOOLCHAIN variable to tell refpolicy Makefile about the installed location |
104 |
+ - export TEST_TOOLCHAIN="$HOME/selinux" |
105 |
|
106 |
# Drop build.conf settings to listen to env vars |
107 |
- sed -r -i -e '/(DIRECT_INITRC|MONOLITHIC|TYPE|DISTRO|SYSTEMD)/d' build.conf |