ci: print version after install & fix apparmor support on build_apparmor #5148
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To ensure that the resulting program actually runs and also to show which compile-time features it supports.
To ensure that firejail was actually built with support for it. Note: This commit intentionally fails on GitLab CI to demonstrate that the above is currently not the case.
The "build_apparmor" job was added on commit 342e71c ("Add deb-apparmor build to Gitlab CI", 2019-01-26). It would call `./mkdeb-apparmor.sh`, which would run `./configure --enable-apparmor` directly, adding `-lapparmor` to `EXTRA_LDFLAGS` and thus passing it to the linker. Later, commit 87e7b31 ("Configure Debian package with AA and SELinux options", 2020-05-13) / PR netblue30#3414 merged mkdeb.sh and mkdeb-apparmor.sh into mkdeb.sh.in, which does not always pass `--enable-apparmor` to ./configure directly. Instead, it adds `--enable-apparmor` depending on whether the `$HAVE_APPARMOR` environment variable is set, which would be done by a previous run of ./configure with `--enable-apparmor`. Since on "build_apparmor" ./configure is not run the first time with `--enable-apparmor`, neither is it on the second time and thus `-lapparmor` is never passed to the linker. This commit adds `--enable-apparmor` to the first ./configure run on the ci job, so that it gets passed to the one being executed on mkdeb.sh as well.
|
Depends on #5147. |
kmk3
changed the title
|
By the way, I'm working on |
topimiettinen
approved these changes
May 17, 2022
reinerh
approved these changes
May 17, 2022
|
For completeness, here is the relevant output of running
|
kmk3
added a commit
to kmk3/firejail
that referenced
this pull request
May 27, 2022
Currently, mkdeb.sh (which is used to make a .deb package) runs
./configure with hardcoded options (some of which are automatically
detected based on configure-time variables). To work around the
hardcoding, contrib/fj-mkdeb.py is used to add additional options by
rewriting the actual call to ./configure on mkdeb.sh. For example, the
following invocation adds --disable-firetunnel to mkdeb.sh:
$ ./configure && ./contrib/fj-mkdeb.py --disable-firetunnel
To avoid depending on another script and to avoid re-generating
mkdeb.sh, just let the latter pass the remaining arguments (the first
one is an optional package filename suffix) to ./configure directly.
Example:
$ make distclean && ./configure && make dist &&
./mkdeb.sh "" --disable-firetunnel
Additionally, change contrib/fj-mkdeb.py to do roughly the same as the
above example, by simply forwarding the arguments that it receives to
./mkdeb.sh (which then forwards them to ./configure). Also, remove the
--only-fix-mkdeb option, since the script does not change mkdeb.sh
anymore. With these changes, the script's usage (other than when using
--only-fix-mkdeb) should remain the same.
Note: To clean the generated files and then make a .deb package using
the default configuration, the invocation is still the same:
$ make distclean && ./configure && make deb
Note2: Running ./configure in the above examples is only needed for
generating Makefile/mkdeb.sh from Makefile.in/mkdeb.sh.in after running
distclean, so that running `make` / `./mkdeb.sh` afterwards works.
Should fully fix netblue30#772.
Relates to netblue30#1205 netblue30#5148.
kmk3
added a commit
to kmk3/firejail
that referenced
this pull request
May 27, 2022
Currently, mkdeb.sh (which is used to make a .deb package) runs
./configure with hardcoded options (some of which are automatically
detected based on configure-time variables). To work around the
hardcoding, contrib/fj-mkdeb.py is used to add additional options by
rewriting the actual call to ./configure on mkdeb.sh. For example, the
following invocation adds --disable-firetunnel to mkdeb.sh:
$ ./configure && ./contrib/fj-mkdeb.py --disable-firetunnel
To avoid depending on another script and to avoid re-generating
mkdeb.sh, just let the latter pass the remaining arguments (the first
one is an optional package filename suffix) to ./configure directly.
Example:
$ make distclean && ./configure && make dist &&
./mkdeb.sh "" --disable-firetunnel
Additionally, change contrib/fj-mkdeb.py to do roughly the same as the
above example, by simply forwarding the arguments that it receives to
./mkdeb.sh (which then forwards them to ./configure). Also, remove the
--only-fix-mkdeb option, since the script does not change mkdeb.sh
anymore. With these changes, the script's usage (other than when using
--only-fix-mkdeb) should remain the same.
Note: To clean the generated files and then make a .deb package using
the default configuration, the invocation is still the same:
$ make distclean && ./configure && make deb
Note2: Running ./configure in the above examples is only needed for
generating Makefile/mkdeb.sh from Makefile.in/mkdeb.sh.in after running
distclean, so that running `make` / `./mkdeb.sh` afterwards works.
Should fully fix netblue30#772.
Relates to netblue30#1205 netblue30#5148.
kmk3
added a commit
to kmk3/firejail
that referenced
this pull request
May 27, 2022
Currently, mkdeb.sh (which is used to make a .deb package) runs
./configure with hardcoded options (some of which are automatically
detected based on configure-time variables). To work around the
hardcoding, contrib/fj-mkdeb.py is used to add additional options by
rewriting the actual call to ./configure on mkdeb.sh. For example, the
following invocation adds --disable-firetunnel to mkdeb.sh:
$ ./configure && ./contrib/fj-mkdeb.py --disable-firetunnel
To avoid depending on another script and to avoid re-generating
mkdeb.sh, just let the latter pass the remaining arguments (the first
one is an optional package filename suffix) to ./configure directly.
Example:
$ make distclean && ./configure && make dist &&
./mkdeb.sh "" --disable-firetunnel
Additionally, change contrib/fj-mkdeb.py to do roughly the same as the
above example, by simply forwarding the arguments that it receives to
./mkdeb.sh (which then forwards them to ./configure). Also, remove the
--only-fix-mkdeb option, since the script does not change mkdeb.sh
anymore. With these changes, the script's usage (other than when using
--only-fix-mkdeb) should remain the same.
Note: To clean the generated files and then make a .deb package using
the default configuration, the invocation is still the same:
$ make distclean && ./configure && make deb
Note2: Running ./configure in the above examples is only needed for
generating Makefile/mkdeb.sh from Makefile.in/mkdeb.sh.in after running
distclean, so that running `make` / `./mkdeb.sh` afterwards works.
Should fully fix netblue30#772.
Relates to netblue30#1205 netblue30#5148.
kmk3
added a commit
to kmk3/firejail
that referenced
this pull request
May 29, 2022
Currently, mkdeb.sh (which is used to make a .deb package) runs
./configure with hardcoded options (some of which are automatically
detected based on configure-time variables). To work around the
hardcoding, contrib/fj-mkdeb.py is used to add additional options by
rewriting the actual call to ./configure on mkdeb.sh. For example, the
following invocation adds --disable-firetunnel to mkdeb.sh:
$ ./configure && ./contrib/fj-mkdeb.py --disable-firetunnel
To avoid depending on another script and to avoid re-generating
mkdeb.sh, just let the latter pass the remaining arguments (the first
one is an optional package filename suffix) to ./configure directly.
Example:
$ make distclean && ./configure && make dist &&
./mkdeb.sh "" --disable-firetunnel
Additionally, change contrib/fj-mkdeb.py to do roughly the same as the
above example, by simply forwarding the arguments that it receives to
./mkdeb.sh (which then forwards them to ./configure). Also, remove the
--only-fix-mkdeb option, since the script does not change mkdeb.sh
anymore. With these changes, the script's usage (other than when using
--only-fix-mkdeb) should remain the same.
Note: To clean the generated files and then make a .deb package using
the default configuration, the invocation is still the same:
$ make distclean && ./configure && make deb
Note2: Running ./configure in the above examples is only needed for
generating Makefile/mkdeb.sh from Makefile.in/mkdeb.sh.in after running
distclean, so that running `make` / `./mkdeb.sh` afterwards works.
Should fully fix netblue30#772.
Relates to netblue30#1205 netblue30#3414 netblue30#5148.
kmk3
added a commit
to kmk3/firejail
that referenced
this pull request
Feb 29, 2024
To reduce TARNAME hard-coding. Added on commit 6a89ab0 ("ci: run firejail --version after build/install", 2022-05-16) / PR netblue30#5148.
kmk3
added a commit
to kmk3/firejail
that referenced
this pull request
Feb 29, 2024
To reduce TARNAME hardcoding. Added on commit 6a89ab0 ("ci: run firejail --version after build/install", 2022-05-16) / PR netblue30#5148.
kmk3
added a commit
to kmk3/firejail
that referenced
this pull request
Feb 29, 2024
To reduce TARNAME hardcoding. Added on commit 6a89ab0 ("ci: run firejail --version after build/install", 2022-05-16) / PR netblue30#5148.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The "build_apparmor" job was added on commit 342e71c ("Add
deb-apparmor build to Gitlab CI", 2019-01-26). It would call
./mkdeb-apparmor.sh, which would run./configure --enable-apparmordirectly, adding
-lapparmortoEXTRA_LDFLAGSand thus passing it tothe linker.
Later, commit 87e7b31 ("Configure Debian package with AA and SELinux
options", 2020-05-13) / PR #3414 merged mkdeb.sh and mkdeb-apparmor.sh
into mkdeb.sh.in, which does not always pass
--enable-apparmorto./configure directly. Instead, it adds
--enable-apparmordepending onwhether the
$HAVE_APPARMORenvironment variable is set, which would bedone by a previous run of ./configure with
--enable-apparmor. Sinceon "build_apparmor" ./configure is not run the first time with
--enable-apparmor, neither is it on the second time and thus-lapparmoris never passed to the linker. This commit adds--enable-apparmorto the first ./configure run on the ci job, so thatit gets passed to the one being executed on mkdeb.sh as well.