tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_external_selinux/scripts/ci/fedora-test-runner.sh
Christian Göttsche ed4cd8772a ci: declare git repository a safe directory 
Since version 2.35.2, due to CVE-2022-24765, git refuses to operate by
default on a repository owned by a different user.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
2022-05-18 12:31:31 +02:00

99 lines
1.9 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
# SPDX-License-Identifier: MIT
set -ev
#
# We expect this to be set in the environment, but if it's not, most selinux projects
# just have the same name as upstream, so choose that.
#
export SELINUX_DIR="${SELINUX_DIR:-/root/selinux}"
# CI Debug output if things go squirrely.
getenforce
id -Z
nproc
pwd
# Turn off enforcing for the setup to prevent any weirdness from breaking
# the CI.
setenforce 0
dnf clean all -y
dnf install -y \
--allowerasing \
--skip-broken \
git \
audit-libs-devel \
bison \
bzip2-devel \
CUnit-devel \
diffutils \
flex \
gcc \
gettext \
glib2-devel \
make \
libcap-devel \
libcap-ng-devel \
pam-devel \
pcre2-devel \
xmlto \
python3-devel \
ruby-devel \
swig \
perl-Test \
perl-Test-Harness \
perl-Test-Simple \
selinux-policy-devel \
gcc \
libselinux-devel \
net-tools \
netlabel_tools \
iptables \
lksctp-tools-devel \
attr \
libbpf-devel \
keyutils-libs-devel \
kernel-devel \
quota \
xfsprogs-devel \
libuuid-devel \
e2fsprogs \
jfsutils \
dosfstools \
kernel-devel-"$(uname -r)" \
kernel-modules-"$(uname -r)"
#
# Move to selinux code and build
#
cd "$SELINUX_DIR"
# Show HEAD commit for sanity checking
git config --global --add safe.directory "$SELINUX_DIR"
git log --oneline -1
#
# Build and replace userspace components
#
make clean distclean
make -j"$(nproc)" LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install
make -j"$(nproc)" LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install-pywrap
make -j"$(nproc)" LIBDIR=/usr/lib64 SHLIBDIR=/lib64 relabel
#
# Get the selinux testsuite, but don't clone it in selinux git directory, move to $HOME
# first.
#
cd "$HOME"
rm -rf selinux-testsuite
git clone --depth=1 https://github.com/SELinuxProject/selinux-testsuite.git
cd selinux-testsuite
# The testsuite must be run in enforcing mode
setenforce 1
#
# Run the test suite
#
make test
Reference in a new issue View git blame Copy permalink