diff --git a/Makefile b/Makefile index e8a501dbb..431e77ed5 100644 --- a/Makefile +++ b/Makefile @@ -199,6 +199,7 @@ clean: $(RM) -r ./$(TARNAME)-$(VERSION) ./$(TARNAME)-$(VERSION).tar.xz $(RM) ./$(TARNAME)*.deb $(RM) ./$(TARNAME)*.rpm + $(RM) -fr gcov-dir .PHONY: distclean distclean: clean diff --git a/gcov.sh b/gcov.sh index 7e31bfd70..8ca329a5c 100755 --- a/gcov.sh +++ b/gcov.sh @@ -4,59 +4,105 @@ # License GPL v2 # GCOV test setup -# required: sudo, lcov (apt-get install lcov) -# setup: modify ./configure line below if necessary +# required: sudo, gcov (apt-get install gcovr) +# Compile and install +# $ ./configure --prefix=/usr --enable-apparmor --enable-gcov +# $ make +# $ sudo make install # run as regular user: ./gcov.sh # result in gcov-dir/index.html gcov_generate() { - USER="$(whoami)" - find . -exec sudo chown "$USER:$USER" '{}' + - lcov -q --capture \ - -d src/firejail -d src/lib -d src/firecfg -d src/firemon \ - -d src/fnet -d src/fnetfilter -d src/fcopy \ - -d src/fseccomp --output-file gcov-file - - genhtml -q gcov-file --output-directory gcov-dir + rm -fr gcov-dir + sleep 1 + mkdir gcov-dir + USER="$(whoami)" + find . -exec sudo chown "$USER:$USER" '{}' + + sleep 1 + gcovr --html-nested gcov-dir/index.html \ + src/firejail src/firemon src/firecfg src/jailcheck \ + src/etc-cleanup \ + src/fbuilder \ + src/fbwrap \ + src/fcopy \ + src/fnet \ + src/fnetfilter \ + src/fnetlock \ + src/fnettrace \ + src/fnettrace-dns \ + src/fnettrace-icmp \ + src/fnettrace-sni \ + src/fseccomp \ + src/fsec-optimize \ + src/fsec-print \ + src/ftee \ + src/fzenity \ + src/lib \ + src/profstats } -make distclean && -./configure --prefix=/usr --enable-fatal-warnings \ - --enable-apparmor --enable-gcov && -make -j "$(nproc)" && -sudo make install - -rm -fr gcov-dir gcov-file -make installcheck +# --help - main programs +/usr/bin/firejail --help +/usr/bin/firemon --help +/usr/bin/firecfg --help +/usr/bin/jailcheck --help gcov_generate -make test-firecfg | grep TESTING +# --help -secondary programs +/usr/lib/firejail/etc-cleanup --help +/usr/lib/firejail/fbuilder --help +/usr/lib/firejail/fbwrap --help +/usr/lib/firejail/fcopy --help +/usr/lib/firejail/fnet --help +/usr/lib/firejail/fnetfilter --help +/usr/lib/firejail/fnetlock --help +/usr/lib/firejail/fnettrace --help +/usr/lib/firejail/fnettrace-dns --help +/usr/lib/firejail/fnettrace-icmp --help +/usr/lib/firejail/fnettrace-sni --help +/usr/lib/firejail/fseccomp --help +/usr/lib/firejail/fseccomp-optimize --help +/usr/lib/firejail/fseccomp-print --help +/usr/lib/firejail/ftee --help +/usr/lib/firejail/fzenity --help +/usr/lib/firejail/profstats --help gcov_generate -make test-capabilities | grep TESTING + +# test-main: .github/workflows/test.yml#L50 +make test-seccomp-extra +make test-firecfg +make test-capabilities +make test-apparmor +make test-appimage +make test-chroot +make test-fcopy gcov_generate -make test-seccomp-extra | grep TESTING + +# test-fs: .github/workflows/test.yml#L99 +make test-private-etc gcov_generate -make test-apparmor | grep TESTING +make test-fs gcov_generate -make test-network | grep TESTING + +# test-environment: .github/workflows/test.yml#L139 +make test-environment gcov_generate -make test-appimage | grep TESTING +make test-profiles gcov_generate -make test-chroot | grep TESTING + +# test-utils: .github/workflows/test.yml#L179 +make test-utils gcov_generate -make test-sysutils | grep TESTING + +# test-network: .github/workflows/test.yml#L221 +make test-fnetfilter +make test-sysutils gcov_generate -make test-private-etc | grep TESTING -gcov_generate -make test-profiles | grep TESTING -gcov_generate -make test-fcopy | grep TESTING -gcov_generate -make test-fnetfilter | grep TESTING -gcov_generate -make test-fs | grep TESTING -gcov_generate -make test-utils | grep TESTING -gcov_generate -make test-environment | grep TESTING +make test-network gcov_generate + + + + + + diff --git a/linecnt.sh b/linecnt.sh index 5d3860961..d66f234f0 100755 --- a/linecnt.sh +++ b/linecnt.sh @@ -1,31 +1,56 @@ +# This script counts the number of lines of code throughout the +# project. We let gcc determine what is executable and what is not. +# +# Install gcov (Debian) +# $ sudo apt install gcovr +# Clean firejail directory +# $ cd firejail +# $ make distclean +# Enable gcov instrumentation +# $ ./configure --enable-gcov --enable-apparmor +# $ make +# Don't install the new firejail, just run this script +# $ ./linecnt.sh +# firejail 13321 +# firemon 1143 +# firecfg 624 +# jailcheck 448 +# ------------------------------- +# fbuilder 712 +# fbwrap 62 +# fcopy 299 +# fnet 615 +# fnetfilter 89 +# fnetlock 229 +# fnettrace 803 +# fnettrace-dns 113 +# fnettrace-icmp 95 +# fnettrace-sni 109 +# fsec-optimize 116 +# fsec-print 205 +# ftee 135 +# fzenity 122 +# lib 975 + #!/bin/bash -# This file is part of Firejail project -# Copyright (C) 2014-2026 Firejail Authors -# License GPL v2 -gcov_init() { - USER="$(whoami)" - firejail --help > /dev/null - firemon --help > /dev/null - /usr/lib/firejail/fnet --help > /dev/null - /usr/lib/firejail/fseccomp --help > /dev/null - /usr/lib/firejail/ftee --help > /dev/null - /usr/lib/firejail/fcopy --help > /dev/null - /usr/lib/firejail/fldd --help > /dev/null - firecfg --help > /dev/null - - /usr/lib/firejail/fnetfilter --help > /dev/null - /usr/lib/firejail/fsec-print --help > /dev/null - /usr/lib/firejail/fsec-optimize --help > /dev/null - /usr/lib/firejail/faudit --help > /dev/null - /usr/lib/firejail/fbuilder --help > /dev/null - - find . -exec sudo chown "$USER:$USER" '{}' + -} - -rm -fr gcov-dir -gcov_init -lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder \ - -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp \ - -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file -genhtml -q gcov-file --output-directory gcov-dir +printf "firejail " && gcovr src/firejail 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "firemon " && gcovr src/firemon 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "firecfg " && gcovr src/firecfg 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "jailcheck " && gcovr src/jailcheck 2>/dev/null | grep TOTAL | awk '{print msg $2}' +echo "-------------------------------" +printf "fbuilder " && gcovr src/fbuilder 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "fbwrap " && gcovr src/fbwrap 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "fcopy " && gcovr src/fcopy 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "fnet " && gcovr src/fnet 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "fnetfilter " && gcovr src/fnetfilter 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "fnetlock " && gcovr src/fnetlock 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "fnettrace " && gcovr src/fnettrace 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "fnettrace-dns " && gcovr src/fnettrace-dns 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "fnettrace-icmp " && gcovr src/fnettrace-icmp 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "fnettrace-sni " && gcovr src/fnettrace-sni 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "fsec-optimize " && gcovr src/fsec-optimize 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "fsec-print " && gcovr src/fsec-print 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "ftee " && gcovr src/ftee 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "fzenity " && gcovr src/fzenity 2>/dev/null | grep TOTAL | awk '{print msg $2}' +printf "lib " && gcovr src/lib 2>/dev/null | grep TOTAL | awk '{print msg $2}' diff --git a/test/private-etc/hostname.exp b/test/private-etc/hostname.exp index e703faa74..006c1b07a 100755 --- a/test/private-etc/hostname.exp +++ b/test/private-etc/hostname.exp @@ -82,14 +82,14 @@ expect { sleep 1 # ping test -send -- "firejail --hostname=foo --private-etc ping -c 3 foo\r" +send -- "firejail --noprofile --hostname=foo --private-etc ping -c 3 foo\r" expect { timeout {puts "TESTING ERROR 6\n";exit} "3 packets transmitted, 3 received" } sleep 1 -send -- "firejail --hosts-file=hosts-file --private-etc ping -c 3 blablabla\r" +send -- "firejail --noprofile --hosts-file=hosts-file --private-etc ping -c 3 blablabla\r" expect { timeout {puts "TESTING ERROR 7\n";exit} "3 packets transmitted, 3 received"