| 1 |
commit: f51d21f62c9f44d637796ab5d5fab793f871cb2e |
| 2 |
Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org> |
| 3 |
AuthorDate: Sat Aug 27 15:08:57 2016 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Wed Aug 31 15:38:26 2016 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f51d21f6 |
| 7 |
|
| 8 |
Make Travis-CI build without using sudo |
| 9 |
|
| 10 |
This makes migrating to container-based infrastructure much easier (all |
| 11 |
that is needed is adding "sudo: false" in the file). |
| 12 |
|
| 13 |
Moreover installing the toolchain in a user directory fixes issues when |
| 14 |
using the Trusty Beta environment: this toolchain broke the |
| 15 |
already-installed Ubuntu packages (with for example policy version |
| 16 |
issues between setfiles and checkpolicy). As the packaged tools (version |
| 17 |
2.2) are much slower than the latest toolchain release on Trusty, it is |
| 18 |
better to keep using the latest release. |
| 19 |
|
| 20 |
As libcap-ng-dev package is not (yet? [1]) whitelisted in Travis-CI |
| 21 |
container infrastructure, drop this package and do not build |
| 22 |
policycoreutils/sandbox. Do not build policycoreutils/restorecond too as |
| 23 |
it requires glib to be installed. |
| 24 |
|
| 25 |
While at it, set the language as "generic" instead of "python". |
| 26 |
|
| 27 |
[1] https://github.com/travis-ci/apt-package-whitelist/issues/1096 |
| 28 |
|
| 29 |
Signed-off-by: Nicolas Iooss <nicolas.iooss <AT> m4x.org> |
| 30 |
|
| 31 |
.travis.yml | 44 +++++++++++++++++++++++++++++++++----------- |
| 32 |
1 file changed, 33 insertions(+), 11 deletions(-) |
| 33 |
|
| 34 |
diff --git a/.travis.yml b/.travis.yml |
| 35 |
index 7c6301d..3f9d678 100644 |
| 36 |
--- a/.travis.yml |
| 37 |
+++ b/.travis.yml |
| 38 |
@@ -1,8 +1,6 @@ |
| 39 |
# Derived from Nicolas Iooss: https://github.com/fishilico/selinux-refpolicy-patched/blob/travis-upstream/.travis.yml |
| 40 |
|
| 41 |
-language: python |
| 42 |
-python: |
| 43 |
- - "2.7" |
| 44 |
+language: generic |
| 45 |
|
| 46 |
# for T in standard mls mcs ; do for D in arch debian gentoo ; do for I in n y ; do for M in y n ; do for S in n y ; do |
| 47 |
# echo " - TYPE=$T DISTRO=$D DIRECT_INITRC=$I MONOLITHIC=$M SYSTEMD=$S" ; done ; done ; done ; done ; done |
| 48 |
@@ -32,16 +30,31 @@ env: |
| 49 |
- TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=n |
| 50 |
- TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=y |
| 51 |
|
| 52 |
-before_install: |
| 53 |
+# Uncomment to use Travis-CI container infrastructure (https://docs.travis-ci.com/user/ci-environment/) |
| 54 |
+#sudo: false |
| 55 |
+ |
| 56 |
+# Uncomment these two lines to use Travis-CI Trusty Beta environment |
| 57 |
+#sudo: required |
| 58 |
+#dist: trusty |
| 59 |
+ |
| 60 |
+addons: |
| 61 |
+ apt: |
| 62 |
+ packages: |
| 63 |
+ # Install SELinux userspace utilities dependencies |
| 64 |
+ - bison |
| 65 |
+ - flex |
| 66 |
+ - gettext |
| 67 |
+ - libaudit-dev |
| 68 |
+ - libbz2-dev |
| 69 |
+ - libustr-dev |
| 70 |
+ - libpcre3-dev |
| 71 |
+ - swig |
| 72 |
+ |
| 73 |
+install: |
| 74 |
- lsb_release -a |
| 75 |
- bison -V |
| 76 |
- flex -V |
| 77 |
- - sudo apt-get update -qq |
| 78 |
- |
| 79 |
- # Install SELinux userspace utilities dependencies |
| 80 |
- - sudo apt-get install -qq libaudit-dev libcap-ng-dev libustr-dev libpcre3-dev swig |
| 81 |
|
| 82 |
-install: |
| 83 |
# Download current SELinux userspace tools and libraries |
| 84 |
- curl -sS -L https://github.com/SELinuxProject/selinux/archive/20160223.tar.gz | tar xz |
| 85 |
- mv selinux-20160223 selinux-src |
| 86 |
@@ -56,10 +69,19 @@ install: |
| 87 |
# Drop sepolicy to break setools dependence (sepolicy isn't used anyway) |
| 88 |
- sed -i -e 's/sepolicy//' selinux-src/policycoreutils/Makefile |
| 89 |
|
| 90 |
- # Compile and install SELinux toolchain |
| 91 |
+ # Drop restorecond to break glib dependence |
| 92 |
+ - sed -i -e 's/ restorecond//' selinux-src/policycoreutils/Makefile |
| 93 |
+ |
| 94 |
+ # Drop sandbox to break libcap-ng dependence |
| 95 |
+ - sed -i -e 's/ sandbox//' selinux-src/policycoreutils/Makefile |
| 96 |
+ |
| 97 |
+ # Compile and install SELinux toolchain into ~/selinux |
| 98 |
# On Ubuntu 12.04, default CFLAGS make the build fail in libsepol/cil with: |
| 99 |
# error: declaration of 'index' shadows a global declarationo |
| 100 |
- - sudo make CFLAGS="-O2 -pipe -fPIC -Wall" -C selinux-src install |
| 101 |
+ - make "DESTDIR=$HOME/selinux" CFLAGS="-O2 -pipe -fPIC -Wall -I$HOME/selinux/usr/include" -C selinux-src install |
| 102 |
+ |
| 103 |
+ # Use TEST_TOOLCHAIN variable to tell refpolicy Makefile about the installed location |
| 104 |
+ - export TEST_TOOLCHAIN="$HOME/selinux" |
| 105 |
|
| 106 |
# Drop build.conf settings to listen to env vars |
| 107 |
- sed -r -i -e '/(DIRECT_INITRC|MONOLITHIC|TYPE|DISTRO|SYSTEMD)/d' build.conf |
Archives