From 5c7c58f6e6ea2c45d578b19a08b7cf8379354802 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 20 Jan 2026 12:09:35 -0500 Subject: [PATCH] rework make test-compile --- test/compile/compile.sh | 595 ++++++++++++++++++++++++---------------- 1 file changed, 365 insertions(+), 230 deletions(-) diff --git a/test/compile/compile.sh b/test/compile/compile.sh index 751600fb8..717698dd5 100755 --- a/test/compile/compile.sh +++ b/test/compile/compile.sh @@ -12,40 +12,38 @@ # --enable-analyzer enable GCC 10 static analyzer # shellcheck source=config.sh +rm -fr firejail . "$(dirname "$0")/../../config.sh" || exit 1 -arr[1]="TEST 1: standard compilation" -arr[2]="TEST 2: compile dbus proxy disabled" -arr[3]="TEST 3: compile chroot disabled" -arr[4]="TEST 4: compile firetunnel disabled" -arr[5]="TEST 5: compile user namespace disabled" -arr[6]="TEST 6: compile network disabled" -arr[7]="TEST 7: compile X11 disabled" -arr[8]="TEST 8: compile selinux" -arr[9]="TEST 9: compile file transfer disabled" -arr[10]="TEST 10: compile disable whitelist" -arr[12]="TEST 12: compile apparmor" -arr[13]="TEST 13: compile busybox" -arr[15]="TEST 15: compile private-home disabled" -arr[16]="TEST 16: compile disable manpages" -arr[17]="TEST 17: disable tmpfs as regular user" -arr[18]="TEST 18: disable private home" - -# remove previous reports and output file -cleanup() { - rm -f report* - rm -fr firejail - rm -f oc* om* - rm -f output-configure - rm -f output-make -} +arr[1]="1: standard compilation" +arr[2]="2: compile --disable-dbusproxy" +arr[3]="3: compile --disable-chroot" +arr[4]="4: compile --disable-userns" +arr[5]="5: compile --disable-network" +arr[6]="6: compile --disable-x11" +arr[7]="7: compile --enable-selinux" +arr[8]="8: compile --disable-file-transfer" +arr[9]="9: compile --enable-apparmor" +arr[10]="10: compile --enable-busybox-workaround" +arr[11]="11: compile --disable-private-home" +arr[12]="12: compile --disable-man" +arr[13]="13: compile --disable-usertmpfs" +arr[14]="14: compile --disable-sandbox-check" +arr[15]="15: compile --disable-landlock" +arr[16]="16: compile --disable-output" +arr[17]="17: compile --disable-man" +arr[18]="18: compile --disable-private-lib" +arr[19]="19: compile --disable-suid" +arr[20]="20: compile --enable-contrib-install" +arr[21]="21: compile --enable-only-syscfg-profiles" +arr[22]="22: compile --enable-force-nonewprivs" print_title() { echo echo echo echo "**************************************************" - echo "$1" + echo "TESTING $1" echo "**************************************************" } @@ -53,7 +51,7 @@ DIST="$TARNAME-$VERSION" while [[ $# -gt 0 ]]; do # Until you run out of parameters . . . case "$1" in --clean) - cleanup + rm -fr firejail exit ;; --help) @@ -64,8 +62,10 @@ while [[ $# -gt 0 ]]; do # Until you run out of parameters . . . shift # Check next set of parameters. done -cleanup - +rm -fr firejail +echo "$DIST" +tar -xJvf ../../"$DIST.tar.xz" +mv "$DIST" firejail #***************************************************************** # TEST 1 @@ -73,21 +73,21 @@ cleanup # - checkout source code #***************************************************************** print_title "${arr[1]}" -echo "$DIST" -tar -xJvf ../../"$DIST.tar.xz" -mv "$DIST" firejail - cd firejail || exit 1 -./configure --prefix=/usr --enable-fatal-warnings \ - 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +./configure --enable-fatal-warnings 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean cd .. -grep Warning output-configure output-make > ./report-test1 -grep Error output-configure output-make >> ./report-test1 -cp output-configure oc1 -cp output-make om1 -rm output-configure output-make #***************************************************************** # TEST 2 @@ -96,18 +96,19 @@ rm output-configure output-make #***************************************************************** print_title "${arr[2]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-dbusproxy \ - 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +./configure --enable-fatal-warnings --disable-dbusproxy 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi cd .. -grep Warning output-configure output-make > ./report-test2 -grep Error output-configure output-make >> ./report-test2 -cp output-configure oc2 -cp output-make om2 -rm output-configure output-make #***************************************************************** # TEST 3 @@ -117,37 +118,42 @@ rm output-configure output-make print_title "${arr[3]}" cd firejail || exit 1 make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-chroot \ - 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +./configure --enable-fatal-warnings --disable-chroot 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean cd .. -grep Warning output-configure output-make > ./report-test3 -grep Error output-configure output-make >> ./report-test3 -cp output-configure oc3 -cp output-make om3 -rm output-configure output-make #***************************************************************** # TEST 4 #***************************************************************** -# - disable firetunnel configuration +# - disable user namespace configuration #***************************************************************** print_title "${arr[4]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-firetunnel \ - 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +./configure --enable-fatal-warnings --disable-userns 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean cd .. -grep Warning output-configure output-make > ./report-test4 -grep Error output-configure output-make >> ./report-test4 -cp output-configure oc4 -cp output-make om4 -rm output-configure output-make #***************************************************************** # TEST 5 @@ -156,267 +162,396 @@ rm output-configure output-make #***************************************************************** print_title "${arr[5]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-userns \ - 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +./configure --enable-fatal-warnings --disable-network 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean cd .. -grep Warning output-configure output-make > ./report-test5 -grep Error output-configure output-make >> ./report-test5 -cp output-configure oc5 -cp output-make om5 -rm output-configure output-make #***************************************************************** # TEST 6 #***************************************************************** -# - disable user namespace configuration -# - check compilation +# - disable X11 support #***************************************************************** print_title "${arr[6]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-network \ - 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +./configure --enable-fatal-warnings --disable-x11 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean cd .. -grep Warning output-configure output-make > ./report-test6 -grep Error output-configure output-make >> ./report-test6 -cp output-configure oc6 -cp output-make om6 -rm output-configure output-make #***************************************************************** # TEST 7 #***************************************************************** -# - disable X11 support +# - enable selinux #***************************************************************** print_title "${arr[7]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-x11 \ - 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +./configure --enable-fatal-warnings --enable-selinux 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean cd .. -grep Warning output-configure output-make > ./report-test7 -grep Error output-configure output-make >> ./report-test7 -cp output-configure oc7 -cp output-make om7 -rm output-configure output-make #***************************************************************** # TEST 8 #***************************************************************** -# - enable selinux +# - disable file transfer #***************************************************************** print_title "${arr[8]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --enable-selinux \ - 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +./configure --enable-fatal-warnings --disable-file-transfer 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean cd .. -grep Warning output-configure output-make > ./report-test8 -grep Error output-configure output-make >> ./report-test8 -cp output-configure oc8 -cp output-make om8 -rm output-configure output-make #***************************************************************** # TEST 9 #***************************************************************** -# - disable file transfer +# - enable apparmor #***************************************************************** print_title "${arr[9]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-file-transfer \ - 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +./configure --enable-fatal-warnings --enable-apparmor 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean cd .. -grep Warning output-configure output-make > ./report-test9 -grep Error output-configure output-make >> ./report-test9 -cp output-configure oc9 -cp output-make om9 -rm output-configure output-make #***************************************************************** # TEST 10 #***************************************************************** -# - disable whitelist +# - enable busybox workaround #***************************************************************** print_title "${arr[10]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-whitelist \ - 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +./configure --enable-fatal-warnings --enable-busybox-workaround 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean +cd .. + +#***************************************************************** +# TEST 11 +#***************************************************************** +# - disable private home +#***************************************************************** +print_title "${arr[11]}" +cd firejail || exit 1 + +./configure --enable-fatal-warnings --disable-private-home 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean cd .. -grep Warning output-configure output-make > ./report-test10 -grep Error output-configure output-make >> ./report-test10 -cp output-configure oc10 -cp output-make om10 -rm output-configure output-make #***************************************************************** # TEST 12 #***************************************************************** -# - enable apparmor +# - disable manpages #***************************************************************** print_title "${arr[12]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --enable-apparmor \ - 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +./configure --enable-fatal-warnings --disable-man 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean cd .. -grep Warning output-configure output-make > ./report-test12 -grep Error output-configure output-make >> ./report-test12 -cp output-configure oc12 -cp output-make om12 -rm output-configure output-make #***************************************************************** # TEST 13 #***************************************************************** -# - enable busybox workaround +# - disable tmpfs as regular user" #***************************************************************** print_title "${arr[13]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --enable-busybox-workaround \ - 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +./configure --enable-fatal-warnings --disable-usertmpfs 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean +cd .. + +#***************************************************************** +# TEST 14 +#***************************************************************** +# - disable sandbox check +#***************************************************************** +print_title "${arr[14]}" +cd firejail || exit 1 + +./configure --enable-fatal-warnings --disable-sandbox-check 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean cd .. -grep Warning output-configure output-make > ./report-test13 -grep Error output-configure output-make >> ./report-test13 -cp output-configure oc13 -cp output-make om13 -rm output-configure output-make #***************************************************************** # TEST 15 #***************************************************************** -# - disable private home +# - disable landlock #***************************************************************** print_title "${arr[15]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-private-home \ - 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +./configure --enable-fatal-warnings --disable-landlock 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean cd .. -grep Warning output-configure output-make > ./report-test15 -grep Error output-configure output-make >> ./report-test15 -cp output-configure oc15 -cp output-make om15 -rm output-configure output-make #***************************************************************** # TEST 16 #***************************************************************** -# - disable manpages +# - disable --output logging #***************************************************************** print_title "${arr[16]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-man \ - 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +./configure --enable-fatal-warnings --disable-output 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi cd .. -grep Warning output-configure output-make > ./report-test16 -grep Error output-configure output-make >> ./report-test16 -cp output-configure oc16 -cp output-make om16 -rm output-configure output-make #***************************************************************** # TEST 17 #***************************************************************** -# - disable tmpfs as regular user" +# - disable man pages #***************************************************************** print_title "${arr[17]}" cd firejail || exit 1 -make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-usertmpfs \ - 2>&1 | tee ../output-configure -make -j "$(nproc)" 2>&1 | tee ../output-make +./configure --enable-fatal-warnings --disable-man 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean cd .. -grep Warning output-configure output-make > ./report-test17 -grep Error output-configure output-make >> ./report-test17 -cp output-configure oc17 -cp output-make om17 -rm output-configure output-make #***************************************************************** # TEST 18 #***************************************************************** -# - disable private home feature +# - disable private-lib #***************************************************************** print_title "${arr[18]}" cd firejail || exit 1 + +./configure --enable-fatal-warnings --disable-private-lib 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi make distclean -./configure --prefix=/usr --enable-fatal-warnings \ - --disable-private-home \ - 2>&1 | tee ../output-configure - -make -j "$(nproc)" 2>&1 | tee ../output-make cd .. -grep Warning output-configure output-make > ./report-test18 -grep Error output-configure output-make >> ./report-test18 -cp output-configure oc18 -cp output-make om18 -rm output-configure output-make #***************************************************************** -# PRINT REPORTS +# TEST 19 #***************************************************************** -echo -echo -echo -echo -echo "**********************************************************" -echo "TEST RESULTS" -echo "**********************************************************" +# - disable suid +#***************************************************************** +print_title "${arr[19]}" +cd firejail || exit 1 -wc -l report-test* -echo -echo "Legend:" -echo "${arr[1]}" -echo "${arr[2]}" -echo "${arr[3]}" -echo "${arr[4]}" -echo "${arr[5]}" -echo "${arr[6]}" -echo "${arr[7]}" -echo "${arr[8]}" -echo "${arr[9]}" -echo "${arr[10]}" -echo "${arr[12]}" -echo "${arr[13]}" -echo "${arr[15]}" -echo "${arr[16]}" -echo "${arr[17]}" -echo "${arr[18]}" +./configure --enable-fatal-warnings --disable-suid 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean +cd .. + +#***************************************************************** +# TEST 20 +#***************************************************************** +# - enable contrib install +#***************************************************************** +print_title "${arr[20]}" +cd firejail || exit 1 + +./configure --enable-fatal-warnings --enable-contrib-install 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean +cd .. + +#***************************************************************** +# TEST 21 +#***************************************************************** +# --enable-only-syscfg-profile +#***************************************************************** +print_title "${arr[21]}" +cd firejail || exit 1 + +./configure --enable-fatal-warnings --enable-only-syscfg-profiles 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean +cd .. + +#***************************************************************** +# TEST 22 +#***************************************************************** +# - enable force nonewprivs +#***************************************************************** +print_title "${arr[22]}" +cd firejail || exit 1 + +./configure --enable-fatal-warnings --enable-force-nonewprivs 2>&1 | tee output +if grep -E '(WARNING|ERROR)' output; then + echo "TESTING ERROR"; + exit 1 +fi + +make -j4 2>&1 | tee output +if grep -E -i 'error:' output; then + echo "TESTING ERROR"; + exit 1 +fi +make distclean +cd .. + + +#***************************************************************** +# cleanup +#***************************************************************** +rm -fr firejail