* [gentoo-commits] proj/hardened-refpolicy:master commit in: support/, /, policy/support/
@ 2017-02-21 7:11 Jason Zaman
0 siblings, 0 replies; only message in thread
From: Jason Zaman @ 2017-02-21 7:11 UTC (permalink / raw
To: gentoo-commits
commit: 99249f103339619913cf5c17abb8fd0fd893d9b0
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Sat Feb 18 15:20:20 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Tue Feb 21 06:55:55 2017 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=99249f10
Implement WERROR build option to treat warnings as errors.
Add this to all Travis-CI builds.
.travis.yml | 48 +++++++++++++++++++++---------------------
Makefile | 5 +++++
README | 4 ++++
Rules.modular | 4 ++--
Rules.monolithic | 2 +-
build.conf | 3 +++
policy/support/misc_macros.spt | 7 +++---
support/fatal_error.m4 | 2 ++
8 files changed, 44 insertions(+), 31 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 4848b29a..c0323421 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -8,30 +8,30 @@ matrix:
# for T in standard mls mcs ; do for D in arch debian gentoo ; do for I in n y ; do for M in y n ; do for S in n y ; do
# echo " - TYPE=$T DISTRO=$D DIRECT_INITRC=$I MONOLITHIC=$M SYSTEMD=$S" ; done ; done ; done ; done ; done
env:
- - TYPE=standard DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=n
- - TYPE=standard DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=y
- - TYPE=standard DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=n
- - TYPE=standard DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=y
- - TYPE=standard DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=n
- - TYPE=standard DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=y
- - TYPE=standard DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=n
- - TYPE=standard DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=y
- - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=n
- - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=y
- - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=n
- - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=y
- - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=n
- - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=y
- - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=n
- - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=y
- - TYPE=mls DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=n
- - TYPE=mls DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=y
- - TYPE=mls DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=n
- - TYPE=mls DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=y
- - TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=n
- - TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=y
- - TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=n
- - TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=y
+ - TYPE=standard DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=n WERROR=y
+ - TYPE=standard DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=y WERROR=y
+ - TYPE=standard DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=n WERROR=y
+ - TYPE=standard DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=y WERROR=y
+ - TYPE=standard DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=n WERROR=y
+ - TYPE=standard DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=y WERROR=y
+ - TYPE=standard DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=n WERROR=y
+ - TYPE=standard DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=y WERROR=y
+ - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=n WERROR=y
+ - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=y WERROR=y
+ - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=n WERROR=y
+ - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=y WERROR=y
+ - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=n WERROR=y
+ - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=y WERROR=y
+ - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=n WERROR=y
+ - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=y WERROR=y
+ - TYPE=mls DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=n WERROR=y
+ - TYPE=mls DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=y WERROR=y
+ - TYPE=mls DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=n WERROR=y
+ - TYPE=mls DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=y WERROR=y
+ - TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=n WERROR=y
+ - TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=y WERROR=y
+ - TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=n WERROR=y
+ - TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=y WERROR=y
# Uncomment to use Travis-CI container infrastructure (https://docs.travis-ci.com/user/ci-environment/)
sudo: false
diff --git a/Makefile b/Makefile
index b4c2bae3..13fb9f8e 100644
--- a/Makefile
+++ b/Makefile
@@ -106,6 +106,7 @@ gennetfilter := $(PYTHON) -E $(support)/gennetfilter.py
m4iferror := $(support)/iferror.m4
m4divert := $(support)/divert.m4
m4undivert := $(support)/undivert.m4
+m4terminate := $(support)/fatal_error.m4
# use our own genhomedircon to make sure we have a known usable one,
# so policycoreutils updates are not required (RHEL4)
genhomedircon := $(PYTHON) -E $(support)/genhomedircon
@@ -214,6 +215,10 @@ ifeq ($(DIRECT_INITRC),y)
M4PARAM += -D direct_sysadm_daemon
endif
+ifeq "$(WERROR)" "y"
+ M4PARAM += -D m4_werror
+endif
+
ifeq "$(UBAC)" "y"
M4PARAM += -D enable_ubac
endif
diff --git a/README b/README
index 1f803c2e..10cca4c1 100644
--- a/README
+++ b/README
@@ -138,6 +138,10 @@ QUIET Boolean. If set, the build system will only display
status messages and error messages. This option has no
effect on policy.
+WERROR Boolean. If set, the build system will treat warnings
+ as errors. If any warnings are encountered, the build
+ will fail.
+
3) Reference Policy Files and Directories
All directories relative to the root of the Reference Policy sources directory.
diff --git a/Rules.modular b/Rules.modular
index 80cf8fd2..60fe5549 100644
--- a/Rules.modular
+++ b/Rules.modular
@@ -70,7 +70,7 @@ $(modpkgdir)/%.pp: $(builddir)%.pp
#
# Build module packages
#
-$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
+$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te $(m4terminate)
@echo "Compiling $(NAME) $(@F) module"
@test -d $(tmpdir) || mkdir -p $(tmpdir)
$(verbose) $(M4) $(M4PARAM) -s $^ > $(@:.mod=.tmp)
@@ -140,7 +140,7 @@ $(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces) $(m4iferror)
@echo "divert" >> $@
$(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
-$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files)
+$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(m4terminate)
ifeq "$(strip $(base_te_files))" ""
$(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf")
endif
diff --git a/Rules.monolithic b/Rules.monolithic
index c2c2147f..ce112d78 100644
--- a/Rules.monolithic
+++ b/Rules.monolithic
@@ -125,7 +125,7 @@ $(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces) $(m4iferror)
$(verbose) $(SED) -e s/dollarsstar/\$$\*/g $(tmpdir)/$(@F).tmp >> $@
@echo "divert" >> $@
-$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files)
+$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files) $(m4terminate)
ifeq "$(strip $(all_te_files))" ""
$(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf")
endif
diff --git a/build.conf b/build.conf
index 087d952a..a2f1a9b5 100644
--- a/build.conf
+++ b/build.conf
@@ -79,3 +79,6 @@ MCS_CATS = 1024
# Set this to y to only display status messages
# during build.
QUIET = n
+
+# Set this to treat warnings as errors.
+WERROR = n
diff --git a/policy/support/misc_macros.spt b/policy/support/misc_macros.spt
index 7f280db3..4422b5ec 100644
--- a/policy/support/misc_macros.spt
+++ b/policy/support/misc_macros.spt
@@ -34,16 +34,15 @@ define(`__endline__',`
#
# print a warning message
#
-define(`refpolicywarn',`errprint(__file__:__line__: Warning: `$1'__endline__)')
+define(`refpolicywarn',`errprint(__file__:__line__: Warning: `$1'__endline__) ifdef(`m4_werror',`define(`m4_fatal_error')')')
########################################
#
# refpolerr(message)
#
-# print an error message. does not
-# make anything fail.
+# print an error message.
#
-define(`refpolicyerr',`errprint(__file__:__line__: Error: `$1'__endline__)')
+define(`refpolicyerr',`errprint(__file__:__line__: Error: `$1'__endline__) define(`m4_fatal_error')')
########################################
#
diff --git a/support/fatal_error.m4 b/support/fatal_error.m4
new file mode 100644
index 00000000..8b01dc26
--- /dev/null
+++ b/support/fatal_error.m4
@@ -0,0 +1,2 @@
+ifdef(`m4_werror',`errprint(__file__: Notice: Treating warnings as errors.__endline__)')
+ifdef(`m4_fatal_error',`m4exit(`1')')
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2017-02-21 7:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-02-21 7:11 [gentoo-commits] proj/hardened-refpolicy:master commit in: support/, /, policy/support/ Jason Zaman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox