Don't fail setting log file ACLs with broken NSS backends #469
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| paths: | |
| - src/** | |
| - audit-specs/** | |
| - syscall-tables/** | |
| - build.rs | |
| - Cargo.* | |
| - .github/workflows/build.yml | |
| tags-ignore: | |
| - "v*" | |
| pull_request: | |
| paths: | |
| - src/** | |
| - audit-specs/** | |
| - syscall-tables/** | |
| - build.rs | |
| - Cargo.* | |
| - .github/workflows/build.yml | |
| jobs: | |
| check_fmt: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions-rs/toolchain@v1 | |
| with: | |
| toolchain: stable | |
| profile: minimal | |
| - name: check formatting | |
| run: cargo fmt --check | |
| build-test: | |
| runs-on: ubuntu-latest | |
| container: ubuntu:latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Install dependency | |
| run: | | |
| apt-get -qq update | |
| apt-get -qqy dist-upgrade | |
| apt-get -qqy install curl build-essential libclang-dev libacl1-dev selinux-policy-dev libgoogle-perftools-dev | |
| - uses: actions-rs/toolchain@v1 | |
| with: | |
| toolchain: stable | |
| profile: minimal | |
| - uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: "${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}" | |
| - run: cargo build | |
| - run: cargo test --no-default-features | |
| - run: cargo test | |
| - run: cargo bench --no-run | |
| - run: make -C contrib/selinux | |
| build-x86_64-gnu: | |
| runs-on: ubuntu-latest | |
| container: debian:bullseye | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Install dependency | |
| run: | | |
| apt-get -qq update | |
| apt-get -qqy dist-upgrade | |
| apt-get -qqy install curl build-essential libclang-dev libacl1-dev | |
| - uses: actions-rs/toolchain@v1 | |
| with: | |
| toolchain: stable | |
| profile: minimal | |
| - uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: "${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}" | |
| - run: cargo build --target=x86_64-unknown-linux-gnu --release | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: laurel-x86_64-gnu | |
| path: target/x86_64-unknown-linux-gnu/release/laurel | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: laurel2audit-x86_64-gnu | |
| path: target/x86_64-unknown-linux-gnu/release/laurel2audit | |
| build-aarch64-gnu: | |
| runs-on: ubuntu-latest | |
| container: debian:bullseye | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Install dependency | |
| run: | | |
| dpkg --add-architecture arm64 | |
| apt-get -qq update | |
| apt-get -qqy dist-upgrade | |
| apt-get -qqy install curl build-essential libclang-dev gcc-aarch64-linux-gnu libacl1-dev:arm64 | |
| - uses: actions-rs/toolchain@v1 | |
| with: | |
| toolchain: stable | |
| profile: minimal | |
| target: aarch64-unknown-linux-gnu | |
| - uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: "${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}" | |
| - run: cargo build --target=aarch64-unknown-linux-gnu --release | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: laurel-aarch64-gnu | |
| path: target/aarch64-unknown-linux-gnu/release/laurel | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: laurel2audit-aarch64-gnu | |
| path: target/aarch64-unknown-linux-gnu/release/laurel2audit | |
| build-armv7-gnueabihf: | |
| runs-on: ubuntu-latest | |
| container: debian:bullseye | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Install dependency | |
| run: | | |
| dpkg --add-architecture armhf | |
| apt-get -qq update | |
| apt-get -qqy dist-upgrade | |
| apt-get -qqy install curl build-essential libclang-dev gcc-arm-linux-gnueabihf libacl1-dev:armhf | |
| - uses: actions-rs/toolchain@v1 | |
| with: | |
| toolchain: stable | |
| profile: minimal | |
| target: armv7-unknown-linux-gnueabihf | |
| - uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: "${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}" | |
| - run: cargo build --target=armv7-unknown-linux-gnueabihf --release | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: laurel-armv7-gnueabihf | |
| path: target/armv7-unknown-linux-gnueabihf/release/laurel | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: laurel2audit-armv7-gnueabihf | |
| path: target/armv7-unknown-linux-gnueabihf/release/laurel2audit | |
| build-x86_64-musl: | |
| runs-on: ubuntu-latest | |
| container: alpine:3.19 | |
| steps: | |
| - name: Prepare | |
| run: | | |
| apk add git ca-certificates rust cargo clang-dev acl-static musl-dev linux-headers make pandoc | |
| apk add binutils file jq | |
| - uses: actions/checkout@v2 | |
| - name: Build | |
| run: | | |
| RUSTFLAGS='-C target-feature=+crt-static -L /lib -l static=acl' \ | |
| cargo build --target x86_64-alpine-linux-musl --release | |
| make -C man | |
| - name: Show binary charcteristics | |
| run: | | |
| set -x | |
| file target/x86_64-alpine-linux-musl/release/laurel | |
| ldd target/x86_64-alpine-linux-musl/release/laurel | |
| objdump -x target/x86_64-alpine-linux-musl/release/laurel | grep NEEDED || true | |
| set +x | |
| if [ -n "$(objdump -x target/x86_64-alpine-linux-musl/debug/laurel | grep NEEDED)" ]; then | |
| echo "laurel is linked against shared libraries" >&2 | |
| exit 1 | |
| fi | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: laurel-x86_64-musl | |
| path: target/x86_64-alpine-linux-musl/release/laurel | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: laurel2audit-x86_64-musl | |
| path: target/x86_64-alpine-linux-musl/release/laurel2audit | |
| build-x86_64-gnu-old: | |
| env: | |
| ACTIONS_RUNNER_FORCE_ACTIONS_NODE_VERSION: node16 | |
| ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true | |
| runs-on: ubuntu-latest | |
| container: centos:7 | |
| steps: | |
| - name: Prepare | |
| run: | | |
| sed -i \ | |
| -e 's,^# *baseurl=http://mirror.centos.org/centos/,baseurl=https://vault.centos.org/centos/,g' \ | |
| -e 's,^mirrorlist=http://mirrorlist.centos.org,#&1,' \ | |
| /etc/yum.repos.d/*.repo | |
| yum -q -y update | |
| yum -q -y install centos-release-scl | |
| sed -i \ | |
| -e 's,^# *baseurl=http://mirror.centos.org/centos/,baseurl=https://vault.centos.org/centos/,g' \ | |
| -e 's,^mirrorlist=http://mirrorlist.centos.org,#&1,' \ | |
| /etc/yum.repos.d/*.repo | |
| - name: Install misc. | |
| run: | | |
| yum -q -y install gcc file libacl-devel | |
| - name: Install LLVM | |
| run: | | |
| yum -q -y install llvm-toolset-7-clang | |
| - name: Install Rust toolchain (stable) | |
| uses: actions-rs/toolchain@v1 | |
| with: | |
| profile: minimal | |
| toolchain: stable | |
| - uses: actions/checkout@v2 | |
| - name: Build | |
| run: | | |
| scl enable llvm-toolset-7 "cargo build --release" | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: laurel-x86_64-gnu-old | |
| path: target/release/laurel | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: laurel2audit-x86_64-gnu-old | |
| path: target/release/laurel |