diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml deleted file mode 100644 index c4e592c5c..000000000 --- a/.github/workflows/cifuzz.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -name: CIFuzz -on: - push: - branches: - - master - pull_request: - branches: - - master -jobs: - Fuzzing: - runs-on: ubuntu-latest - if: github.repository == 'SELinuxProject/selinux' - strategy: - fail-fast: false - matrix: - sanitizer: [address, undefined, memory] - steps: - - name: Build Fuzzers (${{ matrix.sanitizer }}) - id: build - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master - with: - oss-fuzz-project-name: 'selinux' - dry-run: false - allowed-broken-targets-percentage: 0 - sanitizer: ${{ matrix.sanitizer }} - - name: Run Fuzzers (${{ matrix.sanitizer }}) - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master - with: - oss-fuzz-project-name: 'selinux' - fuzz-seconds: 600 - dry-run: false - report-unreproducible-crashes: true - sanitizer: ${{ matrix.sanitizer }} - - name: Upload Crash - uses: actions/upload-artifact@v3 - if: failure() && steps.build.outcome == 'success' - with: - name: ${{ matrix.sanitizer }}-artifacts - path: ./out/artifacts diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml deleted file mode 100644 index 3bd859a37..000000000 --- a/.github/workflows/run_tests.yml +++ /dev/null @@ -1,208 +0,0 @@ -name: Run tests - -on: [push, pull_request] - -jobs: - build: - - runs-on: ubuntu-latest - strategy: - matrix: - compiler: [gcc, clang] - python-ruby-version: - - {python: '3.11', ruby: '3.1'} - - {python: '3.11', ruby: '3.1', other: 'test-flags-override'} - - {python: '3.11', ruby: '3.1', other: 'test-debug'} - - {python: '3.11', ruby: '3.1', other: 'linker-bfd'} - - {python: '3.11', ruby: '3.1', other: 'linker-gold'} - # Test several Python versions with the latest Ruby version - - {python: '3.10', ruby: '3.1'} - - {python: '3.9', ruby: '3.1'} - - {python: '3.8', ruby: '3.1'} - - {python: '3.7', ruby: '3.1'} - - {python: 'pypy3.7', ruby: '3.1'} - # Test several Ruby versions with the latest Python version - - {python: '3.11', ruby: '3.0'} - - {python: '3.11', ruby: '2.7'} - - {python: '3.11', ruby: '2.6'} - - {python: '3.11', ruby: '2.5'} - exclude: - - compiler: clang - python-ruby-version: {python: '3.11', ruby: '3.1', other: 'linker-bfd'} - - compiler: clang - python-ruby-version: {python: '3.11', ruby: '3.1', other: 'linker-gold'} - include: - - compiler: gcc - python-ruby-version: {python: '3.11', ruby: '3.1', other: 'sanitizers'} - - steps: - - uses: actions/checkout@v4 - - - name: Set up Python ${{ matrix.python-ruby-version.python }} - uses: actions/setup-python@v4 - with: - python-version: ${{ matrix.python-ruby-version.python }} - - - name: Set up Ruby ${{ matrix.python-ruby-version.ruby }} - uses: ruby/setup-ruby@v1 - with: - ruby-version: ${{ matrix.python-ruby-version.ruby }} - bundler-cache: true - - - name: Install dependencies - run: | - sudo apt-get update -q - sudo apt-get install -qy --no-install-recommends \ - bison \ - flex \ - gawk \ - gettext \ - libaudit-dev \ - libcap-dev \ - libcap-ng-dev \ - libcunit1-dev \ - libdbus-glib-1-dev \ - libpcre2-dev \ - ruby-dev \ - swig \ - xmlto - - pip install flake8 - - - name: Install Clang - if: ${{ matrix.compiler == 'clang' }} - run: sudo apt-get install -qqy clang - - - name: Configure the environment - run: | - DESTDIR=/tmp/destdir - echo "PYTHON=python" >> $GITHUB_ENV - echo "RUBY=ruby" >> $GITHUB_ENV - echo "DESTDIR=$DESTDIR" >> $GITHUB_ENV - - CC=${{ matrix.compiler }} - if [ "${{ matrix.python-ruby-version.other }}" = "linker-bfd" ] ; then - CC="$CC -fuse-ld=bfd" - elif [ "${{ matrix.python-ruby-version.other }}" = "linker-gold" ] ; then - CC="$CC -fuse-ld=gold" - fi - # https://bugs.ruby-lang.org/issues/18616 - # https://github.com/llvm/llvm-project/issues/49958 - if [ "${{ matrix.compiler }}" = "clang" ] && [[ "${{ matrix.python-ruby-version.ruby }}" = 3* ]] ; then - CC="$CC -fdeclspec" - fi - echo "CC=$CC" >> $GITHUB_ENV - - EXPLICIT_MAKE_VARS= - if [ "${{ matrix.python-ruby-version.other }}" = "test-flags-override" ] ; then - # Test that overriding CFLAGS, LDFLAGS and other variables works fine - EXPLICIT_MAKE_VARS="CFLAGS=-I$DESTDIR/usr/include LDFLAGS=-L$DESTDIR/usr/lib LDLIBS= CPPFLAGS=" - elif [ "${{ matrix.python-ruby-version.other }}" = "test-debug" ] ; then - # Test hat debug build works fine - EXPLICIT_MAKE_VARS="DEBUG=1" - elif [ "${{ matrix.python-ruby-version.other }}" = "sanitizers" ] ; then - sanitizers='-fsanitize=address,undefined' - EXPLICIT_MAKE_VARS="CFLAGS='-g -I$DESTDIR/usr/include $sanitizers' LDFLAGS='-L$DESTDIR/usr/lib $sanitizers' LDLIBS= CPPFLAGS= OPT_SUBDIRS=" - echo "ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1" >> $GITHUB_ENV - echo "UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1" >> $GITHUB_ENV - else - EXPLICIT_MAKE_VARS= - fi - echo "EXPLICIT_MAKE_VARS=${EXPLICIT_MAKE_VARS}" >> $GITHUB_ENV - - # Find files in order of pkgconf to be able to find Python.h - # For example with Python 3.5: - # * python is located at /opt/hostedtoolcache/Python/3.5.10/x64/bin/python - # * sys.prefix is /opt/hostedtoolcache/Python/3.5.10/x64 - # * Python.h is located at /opt/hostedtoolcache/Python/3.5.10/x64/include/python3.5m/Python.h - # * python-3.5.pc is located at /opt/hostedtoolcache/Python/3.5.10/x64/lib/pkgconfig/python-3.5.pc - PYTHON_SYS_PREFIX="$(python -c 'import sys;print(sys.prefix)')" - echo "PKG_CONFIG_PATH=${PYTHON_SYS_PREFIX}/lib/pkgconfig" >> $GITHUB_ENV - - if [[ "${{ matrix.python-ruby-version.python }}" = pypy* ]] ; then - # PyPy does not provide a config file for pkg-config - # libpypy-c.so is provided in bin/libpypy-c.so for PyPy and bin/libpypy3-c.so for PyPy3 - echo "PYINC=-I${PYTHON_SYS_PREFIX}/include" >> $GITHUB_ENV - echo "PYLIBS=-L${PYTHON_SYS_PREFIX}/bin -lpypy3-c" >> $GITHUB_ENV - fi - - # Display the final environment file, for debugging purpose - cat $GITHUB_ENV - - - name: Download and install refpolicy headers for sepolgen tests - run: | - curl --location --retry 10 -o refpolicy.tar.bz2 https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20220520/refpolicy-2.20220520.tar.bz2 - tar -xvjf refpolicy.tar.bz2 - sed -e "s,^PREFIX :=.*,PREFIX := $DESTDIR/usr," -i refpolicy/support/Makefile.devel - sudo make -C refpolicy install-headers bare - sudo mkdir -p /etc/selinux - echo 'SELINUXTYPE=refpolicy' | sudo tee /etc/selinux/config - echo 'SELINUX_DEVEL_PATH = /usr/share/selinux/refpolicy' | sudo tee /etc/selinux/sepolgen.conf - sed -e "s,\"\(/usr/bin/[cs]\),\"$DESTDIR\1," -i python/sepolgen/src/sepolgen/module.py - rm -r refpolicy refpolicy.tar.bz2 - - - name: Display versions - run: | - echo "::group::Compiler ($CC):" - $CC --version - echo "::endgroup::" - echo "::group::Python ($(which "$PYTHON")):" - $PYTHON --version - echo "::endgroup::" - echo "::group::Ruby ($(which "$RUBY")):" - $RUBY --version - echo "::endgroup::" - - - name: Run tests - run: | - echo "::group::make install" - eval make -j$(nproc) install $EXPLICIT_MAKE_VARS -k - echo "::endgroup::" - echo "::group::make install-pywrap" - eval make -j$(nproc) install-pywrap $EXPLICIT_MAKE_VARS -k - echo "::endgroup::" - echo "::group::make install-rubywrap" - eval make -j$(nproc) install-rubywrap $EXPLICIT_MAKE_VARS -k - echo "::endgroup::" - - # Now that everything is installed, run "make all" to build everything which may have not been built - echo "::group::make all" - eval make -j$(nproc) all $EXPLICIT_MAKE_VARS -k - echo "::endgroup::" - - # Set up environment variables for the tests and show variables (to help debugging issues) - echo "::group::Environment variables" - . ./scripts/env_use_destdir - echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH" - echo "PATH=$PATH" - echo "PYTHONPATH=$PYTHONPATH" - echo "RUBYLIB=$RUBYLIB" - echo "::endgroup::" - - # Run tests - echo "::group::make test" - eval make test $EXPLICIT_MAKE_VARS - echo "::endgroup::" - - if [ "${{ matrix.python-ruby-version.other }}" != "sanitizers" ] ; then - # Test Python and Ruby wrappers - echo "::group::Test Python and Ruby wrappers" - $PYTHON -c 'import selinux;import selinux.audit2why;import semanage;print(selinux.is_selinux_enabled())' - $RUBY -e 'require "selinux";require "semanage";puts Selinux::is_selinux_enabled()' - echo "::endgroup::" - - # Run Python linter, but not on the downloaded refpolicy - echo "::group::scripts/run-flake8" - ./scripts/run-flake8 - echo "::endgroup::" - fi - - echo "::group::Test .gitignore and make clean distclean" - # Remove every installed files - rm -rf "$DESTDIR" - # Test that "git status" looks clean, or print a clear error message - git status --short | sed -n 's/^??/error: missing .gitignore entry for/p' | (! grep '^') - # Clean up everything and show which file needs to be added to "make clean" - eval make clean distclean $EXPLICIT_MAKE_VARS - git ls-files --ignored --others --exclude-standard | sed 's/^/error: "make clean distclean" did not remove /' | (! grep '^') - echo "::endgroup::" diff --git a/.github/workflows/vm_testsuite.yml b/.github/workflows/vm_testsuite.yml deleted file mode 100644 index b96d58a54..000000000 --- a/.github/workflows/vm_testsuite.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: Run SELinux testsuite in a virtual machine - -on: [push, pull_request] - -jobs: - vm_testsuite: - - # Use VirtualBox+vagrant on macOS, as described in https://github.com/actions/virtual-environments/issues/433 - runs-on: macos-12 - - steps: - - uses: actions/checkout@v4 - - - name: Create Vagrant VM - run: | - cd scripts/ci - vagrant up - - - name: Run SELinux testsuite in the VM - run: | - cd scripts/ci - vagrant ssh -- ./run-selinux-test.sh