Implement WERROR build option to treat warnings as errors.

Add this to all Travis-CI builds.
author: Chris PeBenito <pebenito@ieee.org> 2017-02-18 10:20:20 -0500
committer: Jason Zaman <jason@perfinion.com> 2017-02-21 14:55:55 +0800
commit: 99249f103339619913cf5c17abb8fd0fd893d9b0 (patch)
tree: 4b87cdba9747a1c3c46695e247ec464b0d686493
parent: Little misc patches from Russell Coker. (diff)
download: hardened-refpolicy-99249f103339619913cf5c17abb8fd0fd893d9b0.tar.gz
hardened-refpolicy-99249f103339619913cf5c17abb8fd0fd893d9b0.tar.bz2
hardened-refpolicy-99249f103339619913cf5c17abb8fd0fd893d9b0.zip
8 files changed, 44 insertions, 31 deletions
diff --git a/.travis.yml b/.travis.yml
index 4848b29a1..c0323421e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -8,30 +8,30 @@ matrix:
 # for T in standard mls mcs ; do for D in arch debian gentoo ; do for I in n y ; do for M in y n ; do for S in n y ; do
 # echo "  - TYPE=$T DISTRO=$D DIRECT_INITRC=$I MONOLITHIC=$M SYSTEMD=$S" ; done ; done ; done ; done ; done
 env:
-  - TYPE=standard DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=n
-  - TYPE=standard DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=y
-  - TYPE=standard DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=n
-  - TYPE=standard DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=y
-  - TYPE=standard DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=n
-  - TYPE=standard DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=y
-  - TYPE=standard DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=n
-  - TYPE=standard DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=y
-  - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=n
-  - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=y
-  - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=n
-  - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=y
-  - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=n
-  - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=y
-  - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=n
-  - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=y
-  - TYPE=mls DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=n
-  - TYPE=mls DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=y
-  - TYPE=mls DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=n
-  - TYPE=mls DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=y
-  - TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=n
-  - TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=y
-  - TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=n
-  - TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=y
+  - TYPE=standard DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=n WERROR=y
+  - TYPE=standard DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=y WERROR=y
+  - TYPE=standard DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=n WERROR=y
+  - TYPE=standard DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=y WERROR=y
+  - TYPE=standard DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=n WERROR=y
+  - TYPE=standard DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=y WERROR=y
+  - TYPE=standard DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=n WERROR=y
+  - TYPE=standard DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=y WERROR=y
+  - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=n WERROR=y
+  - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=y WERROR=y
+  - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=n WERROR=y
+  - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=y WERROR=y
+  - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=n WERROR=y
+  - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=y WERROR=y
+  - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=n WERROR=y
+  - TYPE=mcs DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=y WERROR=y
+  - TYPE=mls DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=n WERROR=y
+  - TYPE=mls DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=y SYSTEMD=y WERROR=y
+  - TYPE=mls DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=n WERROR=y
+  - TYPE=mls DISTRO=gentoo DIRECT_INITRC=n MONOLITHIC=n SYSTEMD=y WERROR=y
+  - TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=n WERROR=y
+  - TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=y SYSTEMD=y WERROR=y
+  - TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=n WERROR=y
+  - TYPE=mls DISTRO=gentoo DIRECT_INITRC=y MONOLITHIC=n SYSTEMD=y WERROR=y
 
 # Uncomment to use Travis-CI container infrastructure (https://docs.travis-ci.com/user/ci-environment/)
 sudo: false
diff --git a/Makefile b/Makefile
index b4c2bae3d..13fb9f8ed 100644
--- a/Makefile
+++ b/Makefile
@@ -106,6 +106,7 @@ gennetfilter := $(PYTHON) -E $(support)/gennetfilter.py
 m4iferror := $(support)/iferror.m4
 m4divert := $(support)/divert.m4
 m4undivert := $(support)/undivert.m4
+m4terminate := $(support)/fatal_error.m4
 # use our own genhomedircon to make sure we have a known usable one,
 # so policycoreutils updates are not required (RHEL4)
 genhomedircon := $(PYTHON) -E $(support)/genhomedircon
@@ -214,6 +215,10 @@ ifeq ($(DIRECT_INITRC),y)
 	M4PARAM += -D direct_sysadm_daemon
 endif
 
+ifeq "$(WERROR)" "y"
+	M4PARAM += -D m4_werror
+endif
+
 ifeq "$(UBAC)" "y"
 	M4PARAM += -D enable_ubac
 endif
diff --git a/README b/README
index 1f803c2ea..10cca4c10 100644
--- a/README
+++ b/README
@@ -138,6 +138,10 @@ QUIET			Boolean.  If set, the build system will only display
 			status messages and error messages.  This option has no
 			effect on policy.
 
+WERROR			Boolean.  If set, the build system will treat warnings
+			as errors.  If any warnings are encountered, the build
+			will fail.
+
 
 3) Reference Policy Files and Directories
 All directories relative to the root of the Reference Policy sources directory.
diff --git a/Rules.modular b/Rules.modular
index 80cf8fd28..60fe55496 100644
--- a/Rules.modular
+++ b/Rules.modular
@@ -70,7 +70,7 @@ $(modpkgdir)/%.pp: $(builddir)%.pp
 #
 # Build module packages
 #
-$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
+$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te $(m4terminate)
 	@echo "Compiling $(NAME) $(@F) module"
 	@test -d $(tmpdir) || mkdir -p $(tmpdir)
 	$(verbose) $(M4) $(M4PARAM) -s $^ > $(@:.mod=.tmp)
@@ -140,7 +140,7 @@ $(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces) $(m4iferror)
 	@echo "divert" >> $@
 
 $(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
-$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files)
+$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(m4terminate)
 ifeq "$(strip $(base_te_files))" ""
 	$(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf")
 endif
diff --git a/Rules.monolithic b/Rules.monolithic
index c2c2147f3..ce112d788 100644
--- a/Rules.monolithic
+++ b/Rules.monolithic
@@ -125,7 +125,7 @@ $(tmpdir)/all_interfaces.conf: $(m4support) $(all_interfaces) $(m4iferror)
 	$(verbose) $(SED) -e s/dollarsstar/\$$\*/g $(tmpdir)/$(@F).tmp >> $@
 	@echo "divert" >> $@
 
-$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files)
+$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files) $(m4terminate)
 ifeq "$(strip $(all_te_files))" ""
 	$(error No enabled modules! $(notdir $(mod_conf)) may need to be generated by using "make conf")
 endif
diff --git a/build.conf b/build.conf
index 087d952a4..a2f1a9b5b 100644
--- a/build.conf
+++ b/build.conf
@@ -79,3 +79,6 @@ MCS_CATS = 1024
 # Set this to y to only display status messages
 # during build.
 QUIET = n
+
+# Set this to treat warnings as errors.
+WERROR = n
diff --git a/policy/support/misc_macros.spt b/policy/support/misc_macros.spt
index 7f280db3b..4422b5eca 100644
--- a/policy/support/misc_macros.spt
+++ b/policy/support/misc_macros.spt
@@ -34,16 +34,15 @@ define(`__endline__',`
 #
 # print a warning message
 #
-define(`refpolicywarn',`errprint(__file__:__line__: Warning: `$1'__endline__)')
+define(`refpolicywarn',`errprint(__file__:__line__: Warning: `$1'__endline__) ifdef(`m4_werror',`define(`m4_fatal_error')')')
 
 ########################################
 #
 # refpolerr(message)
 #
-# print an error message.  does not
-# make anything fail.
+# print an error message.
 #
-define(`refpolicyerr',`errprint(__file__:__line__: Error: `$1'__endline__)')
+define(`refpolicyerr',`errprint(__file__:__line__: Error: `$1'__endline__) define(`m4_fatal_error')')
 
 ########################################
 #
diff --git a/support/fatal_error.m4 b/support/fatal_error.m4
new file mode 100644
index 000000000..8b01dc263
--- /dev/null
+++ b/support/fatal_error.m4
@@ -0,0 +1,2 @@
+ifdef(`m4_werror',`errprint(__file__: Notice: Treating warnings as errors.__endline__)')
+ifdef(`m4_fatal_error',`m4exit(`1')')
author	Chris PeBenito <pebenito@ieee.org>	2017-02-18 10:20:20 -0500
committer	Jason Zaman <jason@perfinion.com>	2017-02-21 14:55:55 +0800
commit	99249f103339619913cf5c17abb8fd0fd893d9b0 (patch)
tree	4b87cdba9747a1c3c46695e247ec464b0d686493
parent	Little misc patches from Russell Coker. (diff)
download	hardened-refpolicy-99249f103339619913cf5c17abb8fd0fd893d9b0.tar.gz hardened-refpolicy-99249f103339619913cf5c17abb8fd0fd893d9b0.tar.bz2 hardened-refpolicy-99249f103339619913cf5c17abb8fd0fd893d9b0.zip