Chiebot-Mirror
/
tini
mirror of https://github.com/krallin/tini.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #24 from krallin/test-fortify-source

Browse Source 
Add tests for hardening in CI script
child-use-pipe
Thomas Orozco 9 years ago
parent 50476d0cde 2b5b0ecb6e
commit 54236e3815
4 changed files with 23 additions and 18 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      .travis.yml
  2. 2
      Dockerfile
  3. 37
      ci/run_build.sh
  4. 1
      tpl/travis.yml.tpl

1
.travis.yml
Unescape View File

@ -22,6 +22,7 @@ addons:
- libcap-dev - libcap-dev
- python-pip - python-pip
- python-virtualenv - python-virtualenv
- hardening-includes
script: ./ci/run_build.sh script: ./ci/run_build.sh

2
Dockerfile
Unescape View File

@ -1,7 +1,7 @@
FROM ubuntu:precise FROM ubuntu:precise
RUN apt-get update \ RUN apt-get update \
&& apt-get install --no-install-recommends --yes build-essential git gdb valgrind cmake rpm python-dev libcap-dev python-pip python-virtualenv \ && apt-get install --no-install-recommends --yes build-essential git gdb valgrind cmake rpm python-dev libcap-dev python-pip python-virtualenv hardening-includes \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
# Pre-install those here for faster local builds. # Pre-install those here for faster local builds.

37
ci/run_build.sh
Unescape View File

@ -50,39 +50,42 @@ popd
# Smoke tests (actual tests need Docker to run; they don't run within the CI environment) # Smoke tests (actual tests need Docker to run; they don't run within the CI environment)
for tini in "${BUILD_DIR}/tini" "${BUILD_DIR}/tini-static"; do for tini in "${BUILD_DIR}/tini" "${BUILD_DIR}/tini-static"; do
echo "Smoke test for $tini" echo "Smoke test for $tini"
$tini -h "${tini}" -h
echo "Testing $tini with: true" echo "Testing $tini with: true"
$tini -vvv true "${tini}" -vvv true
echo "Testing $tini with: false" echo "Testing $tini with: false"
if $tini -vvv false; then if "${tini}" -vvv false; then
exit 1 exit 1
fi fi
# Test stdin / stdout are handed over to child # Test stdin / stdout are handed over to child
echo "Testing pipe" echo "Testing pipe"
echo "exit 0" | $tini -vvv sh echo "exit 0" | "${tini}" -vvv sh
if [[ ! "$?" -eq "0" ]]; then if [[ ! "$?" -eq "0" ]]; then
echo "Pipe test failed" echo "Pipe test failed"
exit 1 exit 1
fi fi
# Move files to the dist dir for testing echo "Checking hardening on $tini"
mkdir -p "${DIST_DIR}" hardening-check --nopie --nostackprotector --nobindnow "${tini}"
cp "${BUILD_DIR}"/tini{,-static,*.rpm,*deb} "${DIST_DIR}" done
# Quick audit # Move files to the dist dir for testing
if which rpm; then mkdir -p "${DIST_DIR}"
echo "Contents for RPM:" cp "${BUILD_DIR}"/tini{,-static,*.rpm,*deb} "${DIST_DIR}"
rpm -qlp "${DIST_DIR}/tini"*.rpm
fi
if which dpkg; then # Quick package audit
echo "Contents for DEB:" if which rpm; then
dpkg --contents "${DIST_DIR}/tini"*deb echo "Contents for RPM:"
fi rpm -qlp "${DIST_DIR}/tini"*.rpm
done fi
if which dpkg; then
echo "Contents for DEB:"
dpkg --contents "${DIST_DIR}/tini"*deb
fi
# Compile test code # Compile test code
"${CC}" -o "${BUILD_DIR}/sigconf-test" "${SOURCE_DIR}/test/sigconf/sigconf-test.c" "${CC}" -o "${BUILD_DIR}/sigconf-test" "${SOURCE_DIR}/test/sigconf/sigconf-test.c"

1
tpl/travis.yml.tpl
Unescape View File

@ -22,6 +22,7 @@ addons:
- libcap-dev - libcap-dev
- python-pip - python-pip
- python-virtualenv - python-virtualenv
- hardening-includes
script: ./ci/run_build.sh script: ./ci/run_build.sh

Write Preview
Loading…
Cancel
Save