mirror of https://github.com/krallin/tini.git
Add tests for hardening in CI script
This ensures that _FORTIFY_SOURCE is actually used!
This commit is contained in:
Thomas Orozco
parent
50476d0cde
commit
2b5b0ecb6e
|
|
@ -22,6 +22,7 @@ addons:
|
|||
- libcap-dev
|
||||
- python-pip
|
||||
- python-virtualenv
|
||||
- hardening-includes
|
||||
|
||||
script: ./ci/run_build.sh
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
FROM ubuntu:precise
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get install --no-install-recommends --yes build-essential git gdb valgrind cmake rpm python-dev libcap-dev python-pip python-virtualenv \
|
||||
&& apt-get install --no-install-recommends --yes build-essential git gdb valgrind cmake rpm python-dev libcap-dev python-pip python-virtualenv hardening-includes \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Pre-install those here for faster local builds.
|
||||
|
|
|
|||
|
|
@ -50,40 +50,43 @@ popd
|
|||
# Smoke tests (actual tests need Docker to run; they don't run within the CI environment)
|
||||
for tini in "${BUILD_DIR}/tini" "${BUILD_DIR}/tini-static"; do
|
||||
echo "Smoke test for $tini"
|
||||
$tini -h
|
||||
"${tini}" -h
|
||||
|
||||
echo "Testing $tini with: true"
|
||||
$tini -vvv true
|
||||
"${tini}" -vvv true
|
||||
|
||||
echo "Testing $tini with: false"
|
||||
if $tini -vvv false; then
|
||||
if "${tini}" -vvv false; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Test stdin / stdout are handed over to child
|
||||
echo "Testing pipe"
|
||||
echo "exit 0" | $tini -vvv sh
|
||||
echo "exit 0" | "${tini}" -vvv sh
|
||||
if [[ ! "$?" -eq "0" ]]; then
|
||||
echo "Pipe test failed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Move files to the dist dir for testing
|
||||
mkdir -p "${DIST_DIR}"
|
||||
cp "${BUILD_DIR}"/tini{,-static,*.rpm,*deb} "${DIST_DIR}"
|
||||
|
||||
# Quick audit
|
||||
if which rpm; then
|
||||
echo "Contents for RPM:"
|
||||
rpm -qlp "${DIST_DIR}/tini"*.rpm
|
||||
fi
|
||||
|
||||
if which dpkg; then
|
||||
echo "Contents for DEB:"
|
||||
dpkg --contents "${DIST_DIR}/tini"*deb
|
||||
fi
|
||||
echo "Checking hardening on $tini"
|
||||
hardening-check --nopie --nostackprotector --nobindnow "${tini}"
|
||||
done
|
||||
|
||||
# Move files to the dist dir for testing
|
||||
mkdir -p "${DIST_DIR}"
|
||||
cp "${BUILD_DIR}"/tini{,-static,*.rpm,*deb} "${DIST_DIR}"
|
||||
|
||||
# Quick package audit
|
||||
if which rpm; then
|
||||
echo "Contents for RPM:"
|
||||
rpm -qlp "${DIST_DIR}/tini"*.rpm
|
||||
fi
|
||||
|
||||
if which dpkg; then
|
||||
echo "Contents for DEB:"
|
||||
dpkg --contents "${DIST_DIR}/tini"*deb
|
||||
fi
|
||||
|
||||
# Compile test code
|
||||
"${CC}" -o "${BUILD_DIR}/sigconf-test" "${SOURCE_DIR}/test/sigconf/sigconf-test.c"
|
||||
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ addons:
|
|||
- libcap-dev
|
||||
- python-pip
|
||||
- python-virtualenv
|
||||
- hardening-includes
|
||||
|
||||
script: ./ci/run_build.sh
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue