github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

rework make test-compile

Browse source
This commit is contained in:
netblue30 2026-01-20 12:09:35 -05:00
parent cc89b8391e
commit 5c7c58f6e6
1 changed files with 365 additions and 230 deletions
Download patch file Download diff file Expand all files Collapse all files

595
test/compile/compile.sh
View file

@ -12,40 +12,38 @@
# --enable-analyzer enable GCC 10 static analyzer
# shellcheck source=config.sh
rm -fr firejail
. "$(dirname "$0")/../../config.sh" || exit 1
arr[1]="TEST 1: standard compilation"
arr[2]="TEST 2: compile dbus proxy disabled"
arr[3]="TEST 3: compile chroot disabled"
arr[4]="TEST 4: compile firetunnel disabled"
arr[5]="TEST 5: compile user namespace disabled"
arr[6]="TEST 6: compile network disabled"
arr[7]="TEST 7: compile X11 disabled"
arr[8]="TEST 8: compile selinux"
arr[9]="TEST 9: compile file transfer disabled"
arr[10]="TEST 10: compile disable whitelist"
arr[12]="TEST 12: compile apparmor"
arr[13]="TEST 13: compile busybox"
arr[15]="TEST 15: compile private-home disabled"
arr[16]="TEST 16: compile disable manpages"
arr[17]="TEST 17: disable tmpfs as regular user"
arr[18]="TEST 18: disable private home"
# remove previous reports and output file
cleanup() {
rm -f report*
rm -fr firejail
rm -f oc* om*
rm -f output-configure
rm -f output-make
}
arr[1]="1: standard compilation"
arr[2]="2: compile --disable-dbusproxy"
arr[3]="3: compile --disable-chroot"
arr[4]="4: compile --disable-userns"
arr[5]="5: compile --disable-network"
arr[6]="6: compile --disable-x11"
arr[7]="7: compile --enable-selinux"
arr[8]="8: compile --disable-file-transfer"
arr[9]="9: compile --enable-apparmor"
arr[10]="10: compile --enable-busybox-workaround"
arr[11]="11: compile --disable-private-home"
arr[12]="12: compile --disable-man"
arr[13]="13: compile --disable-usertmpfs"
arr[14]="14: compile --disable-sandbox-check"
arr[15]="15: compile --disable-landlock"
arr[16]="16: compile --disable-output"
arr[17]="17: compile --disable-man"
arr[18]="18: compile --disable-private-lib"
arr[19]="19: compile --disable-suid"
arr[20]="20: compile --enable-contrib-install"
arr[21]="21: compile --enable-only-syscfg-profiles"
arr[22]="22: compile --enable-force-nonewprivs"
print_title() {
echo
echo
echo
echo "**************************************************"
echo "$1"
echo "TESTING $1"
echo "**************************************************"
}
@ -53,7 +51,7 @@ DIST="$TARNAME-$VERSION"
while [[ $# -gt 0 ]]; do # Until you run out of parameters . . .
case "$1" in
--clean)
cleanup
rm -fr firejail
exit
;;
--help)
@ -64,8 +62,10 @@ while [[ $# -gt 0 ]]; do # Until you run out of parameters . . .
shift # Check next set of parameters.
done
cleanup
rm -fr firejail
echo "$DIST"
tar -xJvf ../../"$DIST.tar.xz"
mv "$DIST" firejail
#*****************************************************************
# TEST 1
@ -73,21 +73,21 @@ cleanup
# - checkout source code
#*****************************************************************
print_title "${arr[1]}"
echo "$DIST"
tar -xJvf ../../"$DIST.tar.xz"
mv "$DIST" firejail
cd firejail || exit 1
./configure --prefix=/usr --enable-fatal-warnings \
2>&1 | tee ../output-configure
make -j "$(nproc)" 2>&1 | tee ../output-make
./configure --enable-fatal-warnings 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
grep Warning output-configure output-make > ./report-test1
grep Error output-configure output-make >> ./report-test1
cp output-configure oc1
cp output-make om1
rm output-configure output-make
#*****************************************************************
# TEST 2
@ -96,18 +96,19 @@ rm output-configure output-make
#*****************************************************************
print_title "${arr[2]}"
cd firejail || exit 1
make distclean
./configure --prefix=/usr --enable-fatal-warnings \
--disable-dbusproxy \
2>&1 | tee ../output-configure
make -j "$(nproc)" 2>&1 | tee ../output-make
./configure --enable-fatal-warnings --disable-dbusproxy 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
cd ..
grep Warning output-configure output-make > ./report-test2
grep Error output-configure output-make >> ./report-test2
cp output-configure oc2
cp output-make om2
rm output-configure output-make
#*****************************************************************
# TEST 3
@ -117,37 +118,42 @@ rm output-configure output-make
print_title "${arr[3]}"
cd firejail || exit 1
make distclean
./configure --prefix=/usr --enable-fatal-warnings \
--disable-chroot \
2>&1 | tee ../output-configure
make -j "$(nproc)" 2>&1 | tee ../output-make
./configure --enable-fatal-warnings --disable-chroot 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
grep Warning output-configure output-make > ./report-test3
grep Error output-configure output-make >> ./report-test3
cp output-configure oc3
cp output-make om3
rm output-configure output-make
#*****************************************************************
# TEST 4
#*****************************************************************
# - disable firetunnel configuration
# - disable user namespace configuration
#*****************************************************************
print_title "${arr[4]}"
cd firejail || exit 1
make distclean
./configure --prefix=/usr --enable-fatal-warnings \
--disable-firetunnel \
2>&1 | tee ../output-configure
make -j "$(nproc)" 2>&1 | tee ../output-make
./configure --enable-fatal-warnings --disable-userns 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
grep Warning output-configure output-make > ./report-test4
grep Error output-configure output-make >> ./report-test4
cp output-configure oc4
cp output-make om4
rm output-configure output-make
#*****************************************************************
# TEST 5
@ -156,267 +162,396 @@ rm output-configure output-make
#*****************************************************************
print_title "${arr[5]}"
cd firejail || exit 1
make distclean
./configure --prefix=/usr --enable-fatal-warnings \
--disable-userns \
2>&1 | tee ../output-configure
make -j "$(nproc)" 2>&1 | tee ../output-make
./configure --enable-fatal-warnings --disable-network 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
grep Warning output-configure output-make > ./report-test5
grep Error output-configure output-make >> ./report-test5
cp output-configure oc5
cp output-make om5
rm output-configure output-make
#*****************************************************************
# TEST 6
#*****************************************************************
# - disable user namespace configuration
# - check compilation
# - disable X11 support
#*****************************************************************
print_title "${arr[6]}"
cd firejail || exit 1
make distclean
./configure --prefix=/usr --enable-fatal-warnings \
--disable-network \
2>&1 | tee ../output-configure
make -j "$(nproc)" 2>&1 | tee ../output-make
./configure --enable-fatal-warnings --disable-x11 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
grep Warning output-configure output-make > ./report-test6
grep Error output-configure output-make >> ./report-test6
cp output-configure oc6
cp output-make om6
rm output-configure output-make
#*****************************************************************
# TEST 7
#*****************************************************************
# - disable X11 support
# - enable selinux
#*****************************************************************
print_title "${arr[7]}"
cd firejail || exit 1
make distclean
./configure --prefix=/usr --enable-fatal-warnings \
--disable-x11 \
2>&1 | tee ../output-configure
make -j "$(nproc)" 2>&1 | tee ../output-make
./configure --enable-fatal-warnings --enable-selinux 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
grep Warning output-configure output-make > ./report-test7
grep Error output-configure output-make >> ./report-test7
cp output-configure oc7
cp output-make om7
rm output-configure output-make
#*****************************************************************
# TEST 8
#*****************************************************************
# - enable selinux
# - disable file transfer
#*****************************************************************
print_title "${arr[8]}"
cd firejail || exit 1
make distclean
./configure --prefix=/usr --enable-fatal-warnings \
--enable-selinux \
2>&1 | tee ../output-configure
make -j "$(nproc)" 2>&1 | tee ../output-make
./configure --enable-fatal-warnings --disable-file-transfer 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
grep Warning output-configure output-make > ./report-test8
grep Error output-configure output-make >> ./report-test8
cp output-configure oc8
cp output-make om8
rm output-configure output-make
#*****************************************************************
# TEST 9
#*****************************************************************
# - disable file transfer
# - enable apparmor
#*****************************************************************
print_title "${arr[9]}"
cd firejail || exit 1
make distclean
./configure --prefix=/usr --enable-fatal-warnings \
--disable-file-transfer \
2>&1 | tee ../output-configure
make -j "$(nproc)" 2>&1 | tee ../output-make
./configure --enable-fatal-warnings --enable-apparmor 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
grep Warning output-configure output-make > ./report-test9
grep Error output-configure output-make >> ./report-test9
cp output-configure oc9
cp output-make om9
rm output-configure output-make
#*****************************************************************
# TEST 10
#*****************************************************************
# - disable whitelist
# - enable busybox workaround
#*****************************************************************
print_title "${arr[10]}"
cd firejail || exit 1
make distclean
./configure --prefix=/usr --enable-fatal-warnings \
--disable-whitelist \
2>&1 | tee ../output-configure
make -j "$(nproc)" 2>&1 | tee ../output-make
./configure --enable-fatal-warnings --enable-busybox-workaround 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
#*****************************************************************
# TEST 11
#*****************************************************************
# - disable private home
#*****************************************************************
print_title "${arr[11]}"
cd firejail || exit 1
./configure --enable-fatal-warnings --disable-private-home 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
grep Warning output-configure output-make > ./report-test10
grep Error output-configure output-make >> ./report-test10
cp output-configure oc10
cp output-make om10
rm output-configure output-make
#*****************************************************************
# TEST 12
#*****************************************************************
# - enable apparmor
# - disable manpages
#*****************************************************************
print_title "${arr[12]}"
cd firejail || exit 1
make distclean
./configure --prefix=/usr --enable-fatal-warnings \
--enable-apparmor \
2>&1 | tee ../output-configure
make -j "$(nproc)" 2>&1 | tee ../output-make
./configure --enable-fatal-warnings --disable-man 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
grep Warning output-configure output-make > ./report-test12
grep Error output-configure output-make >> ./report-test12
cp output-configure oc12
cp output-make om12
rm output-configure output-make
#*****************************************************************
# TEST 13
#*****************************************************************
# - enable busybox workaround
# - disable tmpfs as regular user"
#*****************************************************************
print_title "${arr[13]}"
cd firejail || exit 1
make distclean
./configure --prefix=/usr --enable-fatal-warnings \
--enable-busybox-workaround \
2>&1 | tee ../output-configure
make -j "$(nproc)" 2>&1 | tee ../output-make
./configure --enable-fatal-warnings --disable-usertmpfs 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
#*****************************************************************
# TEST 14
#*****************************************************************
# - disable sandbox check
#*****************************************************************
print_title "${arr[14]}"
cd firejail || exit 1
./configure --enable-fatal-warnings --disable-sandbox-check 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
grep Warning output-configure output-make > ./report-test13
grep Error output-configure output-make >> ./report-test13
cp output-configure oc13
cp output-make om13
rm output-configure output-make
#*****************************************************************
# TEST 15
#*****************************************************************
# - disable private home
# - disable landlock
#*****************************************************************
print_title "${arr[15]}"
cd firejail || exit 1
make distclean
./configure --prefix=/usr --enable-fatal-warnings \
--disable-private-home \
2>&1 | tee ../output-configure
make -j "$(nproc)" 2>&1 | tee ../output-make
./configure --enable-fatal-warnings --disable-landlock 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
grep Warning output-configure output-make > ./report-test15
grep Error output-configure output-make >> ./report-test15
cp output-configure oc15
cp output-make om15
rm output-configure output-make
#*****************************************************************
# TEST 16
#*****************************************************************
# - disable manpages
# - disable --output logging
#*****************************************************************
print_title "${arr[16]}"
cd firejail || exit 1
make distclean
./configure --prefix=/usr --enable-fatal-warnings \
--disable-man \
2>&1 | tee ../output-configure
make -j "$(nproc)" 2>&1 | tee ../output-make
./configure --enable-fatal-warnings --disable-output 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
cd ..
grep Warning output-configure output-make > ./report-test16
grep Error output-configure output-make >> ./report-test16
cp output-configure oc16
cp output-make om16
rm output-configure output-make
#*****************************************************************
# TEST 17
#*****************************************************************
# - disable tmpfs as regular user"
# - disable man pages
#*****************************************************************
print_title "${arr[17]}"
cd firejail || exit 1
make distclean
./configure --prefix=/usr --enable-fatal-warnings \
--disable-usertmpfs \
2>&1 | tee ../output-configure
make -j "$(nproc)" 2>&1 | tee ../output-make
./configure --enable-fatal-warnings --disable-man 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
grep Warning output-configure output-make > ./report-test17
grep Error output-configure output-make >> ./report-test17
cp output-configure oc17
cp output-make om17
rm output-configure output-make
#*****************************************************************
# TEST 18
#*****************************************************************
# - disable private home feature
# - disable private-lib
#*****************************************************************
print_title "${arr[18]}"
cd firejail || exit 1
./configure --enable-fatal-warnings --disable-private-lib 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
./configure --prefix=/usr --enable-fatal-warnings \
--disable-private-home \
2>&1 | tee ../output-configure
make -j "$(nproc)" 2>&1 | tee ../output-make
cd ..
grep Warning output-configure output-make > ./report-test18
grep Error output-configure output-make >> ./report-test18
cp output-configure oc18
cp output-make om18
rm output-configure output-make
#*****************************************************************
# PRINT REPORTS
# TEST 19
#*****************************************************************
echo
echo
echo
echo
echo "**********************************************************"
echo "TEST RESULTS"
echo "**********************************************************"
# - disable suid
#*****************************************************************
print_title "${arr[19]}"
cd firejail || exit 1
wc -l report-test*
echo
echo "Legend:"
echo "${arr[1]}"
echo "${arr[2]}"
echo "${arr[3]}"
echo "${arr[4]}"
echo "${arr[5]}"
echo "${arr[6]}"
echo "${arr[7]}"
echo "${arr[8]}"
echo "${arr[9]}"
echo "${arr[10]}"
echo "${arr[12]}"
echo "${arr[13]}"
echo "${arr[15]}"
echo "${arr[16]}"
echo "${arr[17]}"
echo "${arr[18]}"
./configure --enable-fatal-warnings --disable-suid 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
#*****************************************************************
# TEST 20
#*****************************************************************
# - enable contrib install
#*****************************************************************
print_title "${arr[20]}"
cd firejail || exit 1
./configure --enable-fatal-warnings --enable-contrib-install 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
#*****************************************************************
# TEST 21
#*****************************************************************
# --enable-only-syscfg-profile
#*****************************************************************
print_title "${arr[21]}"
cd firejail || exit 1
./configure --enable-fatal-warnings --enable-only-syscfg-profiles 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
#*****************************************************************
# TEST 22
#*****************************************************************
# - enable force nonewprivs
#*****************************************************************
print_title "${arr[22]}"
cd firejail || exit 1
./configure --enable-fatal-warnings --enable-force-nonewprivs 2>&1 | tee output
if grep -E '(WARNING|ERROR)' output; then
echo "TESTING ERROR";
exit 1
fi
make -j4 2>&1 | tee output
if grep -E -i 'error:' output; then
echo "TESTING ERROR";
exit 1
fi
make distclean
cd ..
#*****************************************************************
# cleanup
#*****************************************************************
rm -fr firejail