Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Scan with Coverity #262

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

[WIP] Scan with Coverity #262

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
192 changes: 33 additions & 159 deletions .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,173 +1,47 @@
# Define the building environment
os: linux
dist: bionic
language: c

matrix:
fast_finish: true
git:
depth: 3

compiler:
- clang
- gcc

env:
matrix:
# Test the last version of Python and Ruby together, with some linkers
- PYVER=python3.8 RUBYLIBVER=2.7
- PYVER=python3.8 RUBYLIBVER=2.7 TEST_FLAGS_OVERRIDE=1
- PYVER=python3.8 RUBYLIBVER=2.7 TEST_DEBUG=1
- PYVER=python3.8 RUBYLIBVER=2.7 LINKER=gold
- PYVER=python3.8 RUBYLIBVER=2.7 LINKER=bfd

# Test several Python versions (https://docs.travis-ci.com/user/languages/python/#python-versions)
- PYVER=python3.5 RUBYLIBVER=2.7
- PYVER=python3.6 RUBYLIBVER=2.7
- PYVER=python3.7 RUBYLIBVER=2.7
- PYVER=pypy3.6-7.2.0 RUBYLIBVER=2.7

# Test several Ruby versions (http:https://rubies.travis-ci.org/)
- PYVER=python3.8 RUBYLIBVER=2.6
- PYVER=python3.8 RUBYLIBVER=2.5.1
- PYVER=python3.8 RUBYLIBVER=2.4
global:
# The next declaration is the encrypted COVERITY_SCAN_TOKEN, created
# via the "travis encrypt" command using the project repo's public key
- secure: "TODO"

matrix:
exclude:
- compiler: clang
env: PYVER=python3.8 RUBYLIBVER=2.7 LINKER=gold
- compiler: clang
env: PYVER=python3.8 RUBYLIBVER=2.7 LINKER=bfd
include:
- compiler: gcc
env: TRAVIS_RUN_KVM=true TRAVIS_CLOUD_IMAGE_VERSION="32:1.6"
install:
- skip
before_script:
- skip
script: scripts/ci/travis-kvm-setup.sh

# Use Travis-CI Ubuntu 18.04 Bionic Beaver, "full image" variant
sudo: required
dist: bionic

# Install SELinux userspace utilities dependencies
addons:
apt:
packages:
- bison
- flex
- gawk
- gettext
- libaudit-dev
- libbz2-dev
- libcap-dev
- libcap-ng-dev # This package is not whitelisted for the container infrastructure (https://github.com/travis-ci/apt-package-whitelist/issues/1096)
- libcunit1-dev
- libglib2.0-dev
- libpcre3-dev
- patch
- python3-dev
- python-dev
- swig
- xmlto

install:
# Download and install refpolicy headers for sepolgen tests
- curl --location --retry 10 -o "$TRAVIS_BUILD_DIR/refpolicy.tar.bz2" https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20180701/refpolicy-2.20180701.tar.bz2
- tar -C "$TRAVIS_BUILD_DIR" -xvjf "$TRAVIS_BUILD_DIR/refpolicy.tar.bz2"
# Make refpolicy Makefile use the new toolchain when building modules
- sed -e "s,^PREFIX :=.*,PREFIX := \$(DESTDIR)/usr," -i "$TRAVIS_BUILD_DIR/refpolicy/support/Makefile.devel"
- sudo make -C "$TRAVIS_BUILD_DIR/refpolicy" install-headers
- sudo rm -rf "$TRAVIS_BUILD_DIR/refpolicy.tar.bz2" "$TRAVIS_BUILD_DIR/refpolicy"
- sudo mkdir -p /etc/selinux
- echo 'SELINUXTYPE=refpolicy' | sudo tee /etc/selinux/config
- echo 'SELINUX_DEVEL_PATH = /usr/share/selinux/refpolicy' | sudo tee /etc/selinux/sepolgen.conf

# Make sepolgen tests work without really installing anything in the real root (doing this would conflict with Ubuntu packages)
- sed -e "s,\"\(/usr/bin/[cs]\),\"$TRAVIS_BUILD_DIR/installdir\1," -i python/sepolgen/src/sepolgen/module.py

# Download the required python version if it is not installed
- VIRTUAL_ENV="$HOME/virtualenv/$PYVER"
- if ! [ -d "$VIRTUAL_ENV" ] ; then
curl --retry 10 -o python.tar.bz2 "https://s3.amazonaws.com/travis-python-archives/binaries/ubuntu/18.04/x86_64/${PYVER/python/python-}.tar.bz2" &&
sudo tar xjf python.tar.bz2 --directory / &&
rm python.tar.bz2 ;
fi

# Install flake8 for the given python version
- $VIRTUAL_ENV/bin/pip install flake8

before_script:
# Build and install in a temporary directory to run tests
- export DESTDIR="$TRAVIS_BUILD_DIR/installdir"

# Configure the variables for Python parts
- export VIRTUAL_ENV="$HOME/virtualenv/$PYVER"
- export PYTHON="$VIRTUAL_ENV/bin/python"
# Use the header files in /opt/python/... for Python because the virtualenvs do not provide Python.h
- export PKG_CONFIG_PATH="/opt/python/$($PYTHON -c 'import sys;print("%d.%d.%d" % sys.version_info[:3])')/lib/pkgconfig"
# PyPy does not provide a config file for pkg-config
# libpypy-c.so is provided in bin/libpypy-c.so for PyPy and bin/libpypy3-c.so for PyPy3
- if echo "$PYVER" | grep -q pypy ; then
export PYINC=-I$($PYTHON -c 'import sys;print(sys.prefix)')/include ;
export PYLIBS="$($PYTHON -c 'import sys;print("-L%s/bin -l%s" % (sys.prefix, "pypy-c" if sys.version_info < (3,) else "pypy3-c"))')" ;
fi

# Find the Ruby executable with version $RUBYLIBVER
- rvm reinstall ruby-$RUBYLIBVER --binary
- export RUBY="$(ls -d -1 "$HOME/.rvm/rubies/ruby-$RUBYLIBVER"*/bin/ruby | head -n 1)"
- bison
- flex
- gawk
- gettext
- libaudit-dev
- libbz2-dev
- libcap-dev
- libcap-ng-dev # This package is not whitelisted for the container infrastructure (https://github.com/travis-ci/apt-package-whitelist/issues/1096)
- libcunit1-dev
- libglib2.0-dev
- libpcre3-dev
- patch
- python3-dev
- python-dev
- swig
- xmlto
coverity_scan:
project:
name: "SELinuxProject/selinux"
description: "Build submitted via Travis CI"
notification_email: [email protected]
build_command_prepend: "make clean"
build_command: "export DESTDIR=$TRAVIS_BUILD_DIR/installdir && make install && make all"
branch_pattern: coverity_scan

# Set the linker in $CC so that it gets used everywhere
- if [ -n "$LINKER" ]; then CC="$CC -fuse-ld=$LINKER" ; fi

# Show variables and versions (to help debugging)
- echo "$CC" ; $CC --version
- echo "$PYTHON" ; $PYTHON --version
- echo "$RUBY" ; $RUBY --version

# If TEST_FLAGS_OVERRIDE is defined, test that overriding CFLAGS, LDFLAGS and other variables works fine
- if [ -n "$TEST_FLAGS_OVERRIDE" ]; then EXPLICIT_MAKE_VARS="CFLAGS=-I$DESTDIR/usr/include LDFLAGS=-L$DESTDIR/usr/lib LDLIBS= CPPFLAGS=" ; fi
# If TEST_DEBUG is defined, test that debug build works fine
- if [ -n "$TEST_DEBUG" ]; then EXPLICIT_MAKE_VARS="$EXPLICIT_MAKE_VARS DEBUG=1" ; fi

script:
# Start by installing everything into $DESTDIR
- make install $EXPLICIT_MAKE_VARS -k
- make install-pywrap $EXPLICIT_MAKE_VARS -k
- make install-rubywrap $EXPLICIT_MAKE_VARS -k

# Now that everything is installed, run "make all" to build everything which may have not been built
- make all $EXPLICIT_MAKE_VARS -k

# Set up environment variables for the tests
- . ./scripts/env_use_destdir

# Show variables (to help debugging issues)
- echo "$LD_LIBRARY_PATH"
- echo "$PATH"
- echo "$PYTHONPATH"
- echo "$RUBYLIB"

# Run tests
- make test $EXPLICIT_MAKE_VARS

# Test Python and Ruby wrappers
- $PYTHON -c 'import selinux;import selinux.audit2why;import semanage;print(selinux.is_selinux_enabled())'
- $RUBY -e 'require "selinux";require "semanage";puts Selinux::is_selinux_enabled()'

# Run Python linter
- PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8

# Remove every installed files
- rm -rf "$DESTDIR"

# Test that "git status" looks clean, or print a clear error message
- |-
git status --short | sed -n 's/^??/error: missing .gitignore entry for/p' | (! grep '^')

# Clean up everything and show which file would be added to "make clean"
- make clean distclean $EXPLICIT_MAKE_VARS
- |-
git ls-files --ignored --others --exclude-standard | sed 's/^/error: "make clean distclean" did not remove /' | (! grep '^')

# Do not spam by email so long as the build succeeds
notifications:
email:
on_success: never
- cat "${TRAVIS_BUILD_DIR}/cov-int/scm_log.txt"