[PATCH testsuite] ci: run testsuite also against the secnext kernel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Add another CI job that tests against Paul Moore's kernel-secnext
builds, which contain the latest SELinux patches staged for the next
Linux kernel release.

Since the rawhide image doesn't currently boot under macOS and/or
Virtualbox and/or Vagrant (shrug), use the stable F33 image with rawhide
repo enabled. We will often need at least linux-firmware and glibc from
rawhide anyway, and for verifying new tests for recently developed
features it might be better to have the other userspace dependencies
installed from rawhide, too.

Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
---
 .github/workflows/checks.yml |  8 +++++++-
 Vagrantfile                  | 16 +++++++++++++---
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index e1e383f..59f1a47 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -11,8 +11,14 @@ jobs:
       - run: tools/check-syntax -f && git diff --exit-code
   fedora-test:
     runs-on: macos-latest
+    strategy:
+      matrix:
+        env:
+          - { version: 33, secnext: 0 }
+          - { version: 33, secnext: 1 }
     env:
-      FEDORA_VERSION: 33
+      FEDORA_VERSION: ${{ matrix.env.version }}
+      KERNEL_SECNEXT: ${{ matrix.env.secnext }}
     steps:
       - uses: actions/checkout@v2
       # macOS sometimes allows symlinks to have permissions other than 777,
diff --git a/Vagrantfile b/Vagrantfile
index c305fce..a93c912 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -33,8 +33,18 @@ Vagrant.configure("2") do |config|
     v.memory = 4096
   end
 
+  if ENV['KERNEL_SECNEXT'] == '1'
+    dnf_opts = '--nogpgcheck --releasever rawhide --repofrompath kernel-secnext,https://repo.paul-moore.com/rawhide/x86_64'
+    kernel_pkgs = 'kernel-devel kernel-modules'
+    reboot_cmd = 'reboot'
+  else
+    dnf_opts = ''
+    kernel_pkgs = 'kernel-devel-"$(uname -r)" kernel-modules-"$(uname -r)"'
+    reboot_cmd = ''
+  end
+
   config.vm.provision :shell, inline: <<SCRIPT
-    dnf install -y \
+    dnf install -y #{dnf_opts} \
       --allowerasing \
       --skip-broken \
       make \
@@ -59,7 +69,7 @@ Vagrant.configure("2") do |config|
       e2fsprogs \
       jfsutils \
       dosfstools \
-      kernel-devel-"$(uname -r)" \
-      kernel-modules-"$(uname -r)"
+      #{kernel_pkgs}
+    #{reboot_cmd}
 SCRIPT
 end
-- 
2.29.2
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux