From 17d53ecdd365f3b5561856b3aa8bfdc2bfcec246 Mon Sep 17 00:00:00 2001 From: Owen Avery Date: Tue, 17 Jun 2025 15:40:46 -0400 Subject: [PATCH 01/14] Use GCC 15 to compile when checking for warnings This patch skips the alpine CI for now, as alpine seems to lack a gcc-15 package equivalent. ChangeLog: * .github/workflows/ccpp.yml: Use GCC 15 for jobs which check for warnings. Signed-off-by: Owen Avery --- .github/workflows/ccpp.yml | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml index 9762a0a1acd6..c3a125385e76 100644 --- a/.github/workflows/ccpp.yml +++ b/.github/workflows/ccpp.yml @@ -19,13 +19,19 @@ jobs: # Force locale, in particular for reproducible results re '.github/log_expected_warnings' (see below). LC_ALL: C.UTF-8 - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: Install Deps run: | + sudo apt-get update; + sudo apt-get upgrade; + sudo sed -i 's/Prompt=lts/Prompt=normal/' /etc/update-manager/release-upgrades; + sudo do-release-upgrade -f DistUpgradeViewNonInteractive; + sudo do-release-upgrade -f DistUpgradeViewNonInteractive; + sudo add-apt-repository universe; sudo apt-get update; sudo apt-get install -y \ automake \ @@ -38,8 +44,7 @@ jobs: libmpfr-dev \ libmpc-dev \ build-essential \ - gcc-multilib \ - g++-multilib \ + gcc-15 \ dejagnu; # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; @@ -104,13 +109,19 @@ jobs: # Force locale, in particular for reproducible results re '.github/log_expected_warnings' (see below). LC_ALL: C.UTF-8 - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: Install Deps run: | + sudo apt-get update; + sudo apt-get upgrade; + sudo sed -i 's/Prompt=lts/Prompt=normal/' /etc/update-manager/release-upgrades; + sudo do-release-upgrade -f DistUpgradeViewNonInteractive; + sudo do-release-upgrade -f DistUpgradeViewNonInteractive; + sudo add-apt-repository universe; sudo apt-get update; sudo apt-get install -y \ automake \ @@ -123,8 +134,7 @@ jobs: libmpfr-dev \ libmpc-dev \ build-essential \ - gcc-multilib \ - g++-multilib \ + gcc-15 \ dejagnu; # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; @@ -189,13 +199,19 @@ jobs: # Force locale, in particular for reproducible results re '.github/log_expected_warnings' (see below). LC_ALL: C.UTF-8 - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: Install Deps run: | + sudo apt-get update; + sudo apt-get upgrade; + sudo sed -i 's/Prompt=lts/Prompt=normal/' /etc/update-manager/release-upgrades; + sudo do-release-upgrade -f DistUpgradeViewNonInteractive; + sudo do-release-upgrade -f DistUpgradeViewNonInteractive; + sudo add-apt-repository universe; sudo apt-get update; sudo apt-get install -y \ automake \ @@ -208,8 +224,7 @@ jobs: libmpfr-dev \ libmpc-dev \ build-essential \ - gcc-multilib \ - g++-multilib \ + gcc-15 \ dejagnu; # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; From 54859c509ca1e74a58c23c29b66fc359f37ffb7f Mon Sep 17 00:00:00 2001 From: Owen Avery Date: Wed, 18 Jun 2025 15:15:51 -0400 Subject: [PATCH 02/14] Revert "Use GCC 15 to compile when checking for warnings" This reverts commit 17d53ecdd365f3b5561856b3aa8bfdc2bfcec246. --- .github/workflows/ccpp.yml | 33 +++++++++------------------------ 1 file changed, 9 insertions(+), 24 deletions(-) diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml index c3a125385e76..9762a0a1acd6 100644 --- a/.github/workflows/ccpp.yml +++ b/.github/workflows/ccpp.yml @@ -19,19 +19,13 @@ jobs: # Force locale, in particular for reproducible results re '.github/log_expected_warnings' (see below). LC_ALL: C.UTF-8 - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - name: Install Deps run: | - sudo apt-get update; - sudo apt-get upgrade; - sudo sed -i 's/Prompt=lts/Prompt=normal/' /etc/update-manager/release-upgrades; - sudo do-release-upgrade -f DistUpgradeViewNonInteractive; - sudo do-release-upgrade -f DistUpgradeViewNonInteractive; - sudo add-apt-repository universe; sudo apt-get update; sudo apt-get install -y \ automake \ @@ -44,7 +38,8 @@ jobs: libmpfr-dev \ libmpc-dev \ build-essential \ - gcc-15 \ + gcc-multilib \ + g++-multilib \ dejagnu; # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; @@ -109,19 +104,13 @@ jobs: # Force locale, in particular for reproducible results re '.github/log_expected_warnings' (see below). LC_ALL: C.UTF-8 - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - name: Install Deps run: | - sudo apt-get update; - sudo apt-get upgrade; - sudo sed -i 's/Prompt=lts/Prompt=normal/' /etc/update-manager/release-upgrades; - sudo do-release-upgrade -f DistUpgradeViewNonInteractive; - sudo do-release-upgrade -f DistUpgradeViewNonInteractive; - sudo add-apt-repository universe; sudo apt-get update; sudo apt-get install -y \ automake \ @@ -134,7 +123,8 @@ jobs: libmpfr-dev \ libmpc-dev \ build-essential \ - gcc-15 \ + gcc-multilib \ + g++-multilib \ dejagnu; # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; @@ -199,19 +189,13 @@ jobs: # Force locale, in particular for reproducible results re '.github/log_expected_warnings' (see below). LC_ALL: C.UTF-8 - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - name: Install Deps run: | - sudo apt-get update; - sudo apt-get upgrade; - sudo sed -i 's/Prompt=lts/Prompt=normal/' /etc/update-manager/release-upgrades; - sudo do-release-upgrade -f DistUpgradeViewNonInteractive; - sudo do-release-upgrade -f DistUpgradeViewNonInteractive; - sudo add-apt-repository universe; sudo apt-get update; sudo apt-get install -y \ automake \ @@ -224,7 +208,8 @@ jobs: libmpfr-dev \ libmpc-dev \ build-essential \ - gcc-15 \ + gcc-multilib \ + g++-multilib \ dejagnu; # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; From 90d3d3fd25402b491f5ea67725710167994de406 Mon Sep 17 00:00:00 2001 From: Owen Avery Date: Wed, 18 Jun 2025 15:17:06 -0400 Subject: [PATCH 03/14] use containers --- .github/workflows/ccpp.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml index 9762a0a1acd6..9271881377b9 100644 --- a/.github/workflows/ccpp.yml +++ b/.github/workflows/ccpp.yml @@ -20,6 +20,7 @@ jobs: LC_ALL: C.UTF-8 runs-on: ubuntu-22.04 + container: ubuntu:22.04 steps: - uses: actions/checkout@v4 @@ -105,6 +106,7 @@ jobs: LC_ALL: C.UTF-8 runs-on: ubuntu-22.04 + container: ubuntu:22.04 steps: - uses: actions/checkout@v4 @@ -190,6 +192,7 @@ jobs: LC_ALL: C.UTF-8 runs-on: ubuntu-22.04 + container: ubuntu:22.04 steps: - uses: actions/checkout@v4 From e13bd548ade56d819bbb8e7a9dac7e041dccf44c Mon Sep 17 00:00:00 2001 From: Owen Avery Date: Wed, 18 Jun 2025 15:23:13 -0400 Subject: [PATCH 04/14] install curl --- .github/workflows/ccpp.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml index 9271881377b9..17d7f180db42 100644 --- a/.github/workflows/ccpp.yml +++ b/.github/workflows/ccpp.yml @@ -41,7 +41,8 @@ jobs: build-essential \ gcc-multilib \ g++-multilib \ - dejagnu; + dejagnu \ + curl; # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; @@ -127,7 +128,8 @@ jobs: build-essential \ gcc-multilib \ g++-multilib \ - dejagnu; + dejagnu \ + curl; # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; @@ -213,7 +215,8 @@ jobs: build-essential \ gcc-multilib \ g++-multilib \ - dejagnu; + dejagnu \ + curl; # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; From 107c426ee7bb3035e67c415db96dbbb38cb16b9d Mon Sep 17 00:00:00 2001 From: Owen Avery Date: Wed, 18 Jun 2025 15:30:31 -0400 Subject: [PATCH 05/14] add cargo to path during configure --- .github/workflows/ccpp.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml index 17d7f180db42..7da8237d1aa1 100644 --- a/.github/workflows/ccpp.yml +++ b/.github/workflows/ccpp.yml @@ -53,6 +53,8 @@ jobs: run: | mkdir -p gccrs-build; cd gccrs-build; + # Add cargo to our path quickly + . "$HOME/.cargo/env"; ../configure \ --enable-languages=rust \ --disable-bootstrap \ @@ -140,6 +142,8 @@ jobs: run: | mkdir -p gccrs-build; cd gccrs-build; + # Add cargo to our path quickly + . "$HOME/.cargo/env"; export CXXFLAGS="$CXXFLAGS -D_GLIBCXX_ASSERTIONS" ../configure \ --enable-languages=rust \ @@ -227,6 +231,8 @@ jobs: run: | mkdir -p gccrs-build; cd gccrs-build; + # Add cargo to our path quickly + . "$HOME/.cargo/env"; ../configure \ --enable-languages=rust \ --disable-bootstrap \ From 93aa1d47139a4ba46757ea4c9b941a888b185fe4 Mon Sep 17 00:00:00 2001 From: Owen Avery Date: Wed, 18 Jun 2025 15:32:21 -0400 Subject: [PATCH 06/14] remove sudo --- .github/workflows/ccpp.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml index 7da8237d1aa1..a30024411a25 100644 --- a/.github/workflows/ccpp.yml +++ b/.github/workflows/ccpp.yml @@ -27,8 +27,8 @@ jobs: - name: Install Deps run: | - sudo apt-get update; - sudo apt-get install -y \ + apt-get update; + apt-get install -y \ automake \ autoconf \ libtool \ @@ -116,8 +116,8 @@ jobs: - name: Install Deps run: | - sudo apt-get update; - sudo apt-get install -y \ + apt-get update; + apt-get install -y \ automake \ autoconf \ libtool \ @@ -205,8 +205,8 @@ jobs: - name: Install Deps run: | - sudo apt-get update; - sudo apt-get install -y \ + apt-get update; + apt-get install -y \ automake \ autoconf \ libtool \ From 94ffd1a5bfae0b9fe36f52fd683dfe7fbfeb46db Mon Sep 17 00:00:00 2001 From: Owen Avery Date: Wed, 18 Jun 2025 15:36:28 -0400 Subject: [PATCH 07/14] set noninteractive --- .github/workflows/ccpp.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml index a30024411a25..7e3ac383a81b 100644 --- a/.github/workflows/ccpp.yml +++ b/.github/workflows/ccpp.yml @@ -28,6 +28,7 @@ jobs: - name: Install Deps run: | apt-get update; + DEBIAN_FRONTEND=noninteractive \ apt-get install -y \ automake \ autoconf \ @@ -117,6 +118,7 @@ jobs: - name: Install Deps run: | apt-get update; + DEBIAN_FRONTEND=noninteractive \ apt-get install -y \ automake \ autoconf \ @@ -206,6 +208,7 @@ jobs: - name: Install Deps run: | apt-get update; + DEBIAN_FRONTEND=noninteractive \ apt-get install -y \ automake \ autoconf \ From d187c9875f368fc0476113c91d524d04836250d5 Mon Sep 17 00:00:00 2001 From: Owen Avery Date: Wed, 18 Jun 2025 16:01:26 -0400 Subject: [PATCH 08/14] unshare user --- .github/workflows/ccpp.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml index 7e3ac383a81b..22ae97722d2f 100644 --- a/.github/workflows/ccpp.yml +++ b/.github/workflows/ccpp.yml @@ -68,7 +68,7 @@ jobs: # Add cargo to our path quickly . "$HOME/.cargo/env"; \ # Build without network access - unshare --net --ipc -r /bin/bash -c "make -Otarget -j $(nproc) 2>&1 | tee log ; exit \${PIPESTATUS[0]}" + unshare --user --map-user=$(id -u) --map-group=$(id -g) --net --ipc -r /bin/bash -c "make -Otarget -j $(nproc) 2>&1 | tee log ; exit \${PIPESTATUS[0]}" - name: Check for new warnings run: | From 8857d3bc952a566b92f3b0c486c9970dd8bbcbd9 Mon Sep 17 00:00:00 2001 From: Owen Avery Date: Wed, 18 Jun 2025 16:03:53 -0400 Subject: [PATCH 09/14] adjust expected warnings --- .github/glibcxx_ubuntu64b_log_expected_warnings | 4 ++-- .github/log_expected_warnings | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/glibcxx_ubuntu64b_log_expected_warnings b/.github/glibcxx_ubuntu64b_log_expected_warnings index 4a7e11096785..b380ee1047b1 100644 --- a/.github/glibcxx_ubuntu64b_log_expected_warnings +++ b/.github/glibcxx_ubuntu64b_log_expected_warnings @@ -196,8 +196,8 @@ ../../libcpp/macro.cc:214:34: warning: format not a string literal and no format arguments [-Wformat-security] ../../libcpp/macro.cc:3811:25: warning: format not a string literal and no format arguments [-Wformat-security] ../../libcpp/macro.cc:3826:25: warning: format not a string literal and no format arguments [-Wformat-security] -/home/runner/work/gccrs/gccrs/gccrs-build/x86_64-pc-linux-gnu/32/libssp/../../../../libssp/gets-chk.c:73: warning: the `gets' function is dangerous and should not be used. -/home/runner/work/gccrs/gccrs/gccrs-build/x86_64-pc-linux-gnu/libssp/../../../libssp/gets-chk.c:73: warning: the `gets' function is dangerous and should not be used. +/__w/gccrs/gccrs/gccrs-build/x86_64-pc-linux-gnu/32/libssp/../../../../libssp/gets-chk.c:73: warning: the `gets' function is dangerous and should not be used. +/__w/gccrs/gccrs/gccrs-build/x86_64-pc-linux-gnu/libssp/../../../libssp/gets-chk.c:73: warning: the `gets' function is dangerous and should not be used. gengtype-lex.cc:357:15: warning: this statement may fall through [-Wimplicit-fallthrough=] gengtype-lex.cc:357:15: warning: this statement may fall through [-Wimplicit-fallthrough=] gengtype-lex.cc:357:15: warning: this statement may fall through [-Wimplicit-fallthrough=] diff --git a/.github/log_expected_warnings b/.github/log_expected_warnings index 427a2e8cc37f..b5d4907a6cda 100644 --- a/.github/log_expected_warnings +++ b/.github/log_expected_warnings @@ -221,8 +221,8 @@ ../../libcpp/macro.cc:214:34: warning: format not a string literal and no format arguments [-Wformat-security] ../../libcpp/macro.cc:3811:25: warning: format not a string literal and no format arguments [-Wformat-security] ../../libcpp/macro.cc:3826:25: warning: format not a string literal and no format arguments [-Wformat-security] -/home/runner/work/gccrs/gccrs/gccrs-build/x86_64-pc-linux-gnu/32/libssp/../../../../libssp/gets-chk.c:73: warning: the `gets' function is dangerous and should not be used. -/home/runner/work/gccrs/gccrs/gccrs-build/x86_64-pc-linux-gnu/libssp/../../../libssp/gets-chk.c:73: warning: the `gets' function is dangerous and should not be used. +/__w/gccrs/gccrs/gccrs-build/x86_64-pc-linux-gnu/32/libssp/../../../../libssp/gets-chk.c:73: warning: the `gets' function is dangerous and should not be used. +/__w/gccrs/gccrs/gccrs-build/x86_64-pc-linux-gnu/libssp/../../../libssp/gets-chk.c:73: warning: the `gets' function is dangerous and should not be used. gengtype-lex.cc:357:15: warning: this statement may fall through [-Wimplicit-fallthrough=] gengtype-lex.cc:357:15: warning: this statement may fall through [-Wimplicit-fallthrough=] gengtype-lex.cc:357:15: warning: this statement may fall through [-Wimplicit-fallthrough=] From ba10eb14e1ef8c9ce65a1c812294f47787a01817 Mon Sep 17 00:00:00 2001 From: Owen Avery Date: Wed, 18 Jun 2025 16:30:43 -0400 Subject: [PATCH 10/14] remove unshare --- .github/workflows/ccpp.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml index 22ae97722d2f..37f14c55dd17 100644 --- a/.github/workflows/ccpp.yml +++ b/.github/workflows/ccpp.yml @@ -68,7 +68,7 @@ jobs: # Add cargo to our path quickly . "$HOME/.cargo/env"; \ # Build without network access - unshare --user --map-user=$(id -u) --map-group=$(id -g) --net --ipc -r /bin/bash -c "make -Otarget -j $(nproc) 2>&1 | tee log ; exit \${PIPESTATUS[0]}" + make -Otarget -j $(nproc) 2>&1 | tee log - name: Check for new warnings run: | From e9b47644027967893c7ca1e08d901e0b6bc29dbf Mon Sep 17 00:00:00 2001 From: Owen Avery Date: Wed, 18 Jun 2025 16:39:25 -0400 Subject: [PATCH 11/14] disable networking --- .github/workflows/ccpp.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml index 37f14c55dd17..fd2e7ccb1a45 100644 --- a/.github/workflows/ccpp.yml +++ b/.github/workflows/ccpp.yml @@ -47,6 +47,9 @@ jobs: # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; + - name: Disable Networking + run: iptables -P OUTPUT DROP + - name: Make Source Read-Only run: chmod -R a-w ./* @@ -137,6 +140,9 @@ jobs: # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; + - name: Disable Networking + run: iptables -P OUTPUT DROP + - name: Make Source Read-Only run: chmod -R a-w ./* @@ -227,6 +233,9 @@ jobs: # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; + - name: Disable Networking + run: iptables -P OUTPUT DROP + - name: Make Source Read-Only run: chmod -R a-w ./* From b0a8c7b0e5fa7e636e6286f7181e4e61d5fd3315 Mon Sep 17 00:00:00 2001 From: Owen Avery Date: Wed, 18 Jun 2025 16:41:13 -0400 Subject: [PATCH 12/14] update ubuntu --- .github/workflows/ccpp.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml index fd2e7ccb1a45..d875ce5bbaf3 100644 --- a/.github/workflows/ccpp.yml +++ b/.github/workflows/ccpp.yml @@ -19,8 +19,8 @@ jobs: # Force locale, in particular for reproducible results re '.github/log_expected_warnings' (see below). LC_ALL: C.UTF-8 - runs-on: ubuntu-22.04 - container: ubuntu:22.04 + runs-on: ubuntu-latest + container: ubuntu:25.04 steps: - uses: actions/checkout@v4 @@ -112,8 +112,8 @@ jobs: # Force locale, in particular for reproducible results re '.github/log_expected_warnings' (see below). LC_ALL: C.UTF-8 - runs-on: ubuntu-22.04 - container: ubuntu:22.04 + runs-on: ubuntu-latest + container: ubuntu:25.04 steps: - uses: actions/checkout@v4 @@ -205,8 +205,8 @@ jobs: # Force locale, in particular for reproducible results re '.github/log_expected_warnings' (see below). LC_ALL: C.UTF-8 - runs-on: ubuntu-22.04 - container: ubuntu:22.04 + runs-on: ubuntu-latest + container: ubuntu:25.04 steps: - uses: actions/checkout@v4 From fb1d9023be69edf8432e4767e9dba54c3489a2c1 Mon Sep 17 00:00:00 2001 From: Owen Avery Date: Wed, 18 Jun 2025 16:50:29 -0400 Subject: [PATCH 13/14] fixup networking patch --- .github/workflows/ccpp.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml index d875ce5bbaf3..bd8ecfddf9e4 100644 --- a/.github/workflows/ccpp.yml +++ b/.github/workflows/ccpp.yml @@ -48,7 +48,7 @@ jobs: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; - name: Disable Networking - run: iptables -P OUTPUT DROP + run: nft add rule filter output drop - name: Make Source Read-Only run: chmod -R a-w ./* @@ -141,7 +141,7 @@ jobs: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; - name: Disable Networking - run: iptables -P OUTPUT DROP + run: nft add rule filter output drop - name: Make Source Read-Only run: chmod -R a-w ./* @@ -234,7 +234,7 @@ jobs: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; - name: Disable Networking - run: iptables -P OUTPUT DROP + run: nft add rule filter output drop - name: Make Source Read-Only run: chmod -R a-w ./* From 525f258239840037453fd2c490dc7e083ebd77d7 Mon Sep 17 00:00:00 2001 From: Owen Avery Date: Wed, 18 Jun 2025 16:54:08 -0400 Subject: [PATCH 14/14] install nftables --- .github/workflows/ccpp.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml index bd8ecfddf9e4..8e90b50040d8 100644 --- a/.github/workflows/ccpp.yml +++ b/.github/workflows/ccpp.yml @@ -43,7 +43,8 @@ jobs: gcc-multilib \ g++-multilib \ dejagnu \ - curl; + curl \ + nftables; # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; @@ -136,7 +137,8 @@ jobs: gcc-multilib \ g++-multilib \ dejagnu \ - curl; + curl \ + nftables; # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; @@ -229,7 +231,8 @@ jobs: gcc-multilib \ g++-multilib \ dejagnu \ - curl; + curl \ + nftables; # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0;