tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3467 commits 1 branch 0 tags 17 MiB
Commit graph

11 commits

Author SHA1 Message Date
Christian Göttsche
73b9106dae ci: bump versions in GitHub Actions 
* Move from deprecated actions/setup-ruby to ruby/setup-ruby.
* Bump python and ruby upper versions.
* Bump Reference Policy version
* Do not install recommend packages and output package resolution
* Bump to macOS 12

  macOS 10 is deprecated since 5/31/22 [1].
  VirtualBox and Vagrant seems to be supported [2][3].

[1]: https://github.com/actions/virtual-environments/issues/5583
[2]: https://github.com/actions/virtual-environments/pull/5594
[3]: https://github.com/actions/virtual-environments/pull/5854

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
 2022-08-15 08:47:31 -04:00
Evgeny Vereshchagin
ad2ff8a840 ci: run the tests under ASan/UBsan on GHActions 
It was tested in https://github.com/SELinuxProject/selinux/pull/321 and
https://github.com/SELinuxProject/selinux/pull/320. In the process
it discovered a few issues all of which were fixed in
b98d3c4c53
ea539017fb
fe01a91a79
f95dbf2c74

Now that all the issues are gone it should be safe to turn it on
to make it easier to automatically catch bugs like that almost as soon as
they end up in the repository.

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2022-01-06 10:34:33 -05:00
Christian Göttsche
bf5ff1a8df cifuzz: use the default runtime of 600 seconds 
The default runtime for CIFuzz[1] is 600 seconds; use it.

Since GitHub pull-requests are not the main contribution workflow the
number of runs should be manageable.

[1]: https://google.github.io/oss-fuzz/getting-started/continuous-integration/

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
 2021-12-15 12:48:23 -05:00
Christian Göttsche
01ce79182b cifuzz: enable report-unreproducible-crashes 
Fail and report unreproducible fuzzing crashes and leaks. Such failures
are probably related to some global state not properly reset in the
fuzzer and can cause OSS-Fuzz to report flaky issues.

Suggested-by: Evgeny Vereshchagin
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
 2021-12-15 12:48:19 -05:00
Christian Göttsche
4ffe2dfc78 Replace PCRE with PCRE2 build dependencies 
Now that libselinux defaults to PCRE2 and mcstrans has been ported,
update all documentation and scripts.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
 2021-12-09 11:07:10 -05:00
Nicolas Iooss
b2891256cb GitHub Actions: do not use macOS latest runner for now 
GitHub is currently migrating its macos-latest runner to macOS 11:
https://github.com/actions/virtual-environments/issues/4060

Unfortunately, installing VirtualBox and Vagrant on this new version of
macOS is not easy, and the current macos-11 runner does not support
running virtual machines using Vagrant. This issue is being fixed on
https://github.com/actions/virtual-environments/pull/4010 .

Until this Pull Request is merged, use macos-10.15 runner instead of
macos-latest, to continue using Vagrant to run the SELinux testsuite in
a virtual machine.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Acked-by: Ondrej Mosnacek <omosnace@redhat.com>
 2021-10-04 09:50:46 -04:00
Evgeny Vereshchagin
a2a40f0345
ci: turn on CIFuzz 
Now that almost all the bugs reported by OSS-Fuzz have been
fixed libsepol/cil should be stable enough to get CIFuzz working
more or less reliably. It should help to catch regressions/new bugs
faster.

https://google.github.io/oss-fuzz/getting-started/continuous-integration/

The patch was tested on GitHub in https://github.com/SELinuxProject/selinux/pull/285
The CIFuzz job can be found at https://github.com/SELinuxProject/selinux/actions/runs/1017865690

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-07-13 21:03:29 +02:00
Nicolas Iooss
316a4f89dd
GitHub Actions: run SELinux testsuite in Fedora virtual machine 
Use the Vagrant configuration in scripts/ci in a workflow for GitHub
Actions.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
 2021-01-20 16:45:12 +01:00
Nicolas Iooss
af3e6789f0
GitHub Actions: drop Ruby 2.4 from matrix 
When migrating to Ubuntu 20.04, Ruby 2.4 is no longer available, and
this migration is coming soon, according to
https://github.com/actions/virtual-environments/issues/1816.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
 2020-12-09 22:34:33 +01:00
Nicolas Iooss
e8d50389ab
GitHub Actions: upgrade to Python 3.9 
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
 2020-12-09 22:34:28 +01:00
Nicolas Iooss
7844cd212f Add configuration to build and run tests in GitHub Actions 
Copy the tests that are currently run on Travis CI, in order to no
longer depends on Travis CI.

For more context: Travis-CI is changing its offer, as documented in
https://docs.travis-ci.com/user/migrate/open-source-repository-migration
and SELinuxProject moved to https://travis-ci.com
https://lore.kernel.org/selinux/CAFqZXNspH6MmB-o0wtJJwj-p0DKKrH-ZjfW2YkF_yQS_gCBwqQ@mail.gmail.com/T/#t

Unfortunately the credits for opensource projects are quite limited, and
require interaction with Travis CI support (which was quite unresponsive
when I contacted them for other opensource projects I am maintaining).

Create a configuration for Github Actions that duplicates most Travis CI
checks.

* macOS check has not yet been converted, but GitHub Actions support
  this platform so this can be done in another patch (and in another
  configuration in .github/workflows ?).

* KVM support is not available on GitHub Actions so running SELinux
  testsuite in a Fedora VM is not possible. This is a known issue
  (https://github.com/actions/virtual-environments/issues/183) and other
  projects seem to face the same issue (for example
  https://github.com/opencontainers/runc/issues/2670).

This configuration has been tested on
https://github.com/fishilico/selinux/actions/runs/380579153

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
 2020-11-27 09:49:39 +01:00