Email: noel.ambrose@gmail.com
Subject: AC_INIT VERSION info fix + checkpolicy test
Date: Fri, 03 Oct 2008 19:42:04 -0400
Jason Tang wrote:
> Subject: [autotools][patch] AC_INIT VERSION info fix + checkpolicy test
> Date: Tue, 30 Sep 2008 13:17:55 -0400
> From: Vikram Noel Ambrose <noel.ambrose@gmail.com>
> To: owner-selinux@tycho.nsa.gov
> CC: Joshua Brindle <method@manicmethod.com>
>
>
>> Changelog.
>> 1. AC_INIT gets version string from $srcdir/VERSION file
>> 2. checkpolicy tests are now being built with --enable-tests
>>
>
> With this patch applied against the current autotools branch on git, the following issues seem to exist:
>
> libsepol:
> 1. Version information is in both configure.ac as well as the VERSION file. Consider having configure.ac generate the VERSION file via a @VERSION@ substitution in AC_CONFIG_FILE.
> 2. Default behavior of libsepol should be to enable_tests.
> 3. Syntax of subsequent AM_CONDITIONAL is incorrect; there is a stray right bracket.
> 4. Actual library and symlink will be installed to $(LIBDIR). The current model is to place library at /lib and symlink at /usr/lib.
> 5. No Makefile.am for tests subdirectory.
>
>
1,2,3 -> Fixed with attached libsepol-fixes.patch
-1- The VERSION file is deleted, it is redundant. From
now on the only file that will track the version string
will be configure.ac for all packages
4. -> This is an issue for the distro maintainer, not the package
maintainer.
5 -> I dont understand how to build the tests for libsepol. Can someone
explain the libsepol/tests/Makefile from the master branch to me? I have
just stubbed it out for now
// make distcheck OK after patch
> libselinux:
> 1. No Ruby support in configure.ac.
> 2. By default, configure.ac will not enable Python. This is because $with_python is set to the default ("no"), but then it does not actually guess the Python site folder despite what the help message claims.
> 3. Consider using the ac_pkg_swig package (http://autoconf-archive.cryp.to/ac_pkg_swig.html) to detect if SWIG and Python are installed.
> 4. In utils/Makefile.am, instead of $(builddir)/.., this should simply be $(top_builddir). Likewise, consider $(top_srcdir) instead of $(srcdir)/...
> 5. In src/Makefile.am, private header files are not included.
> 6. Actual library and symlink will be installed to $(LIBDIR). The current model is to place library at /lib and symlink at /usr/lib.
>
>
1 -> I'm not going to address this one. If someone knows how to use
ruby, go ahead and add it.
2 -> You seem to be mixing 2 very different things here.
-1- $with_python refers to building code that needs python
support and yes, by default, it is set to no.
Python is extra functionality, it is not a mandatory
dependency, use --with-python=/path/to/include/python2.4
if you want these python features from libselinux
-2- The python site-packages folder is indeed guessed if
one is not specified, why do you say differently?
Did you look at the resulting/guessed site-packages
folder after running configure without specifying
--with-python-site?
libselinux-fixes.patch stops the WARNING message
from being displayed if the libpy* cannot be built
3 -> Like I said previously, can you give me the logs from
the machine you claim fails the swig checks?
4 -> Fixed with attached libselinux-fixes.patch
5 -> Not sure what you mean
6 -> As in libsepol, this is a distro maintainer policy, not one to be
enforced by the build system.
// make distcheck OK after patch
> libsemanage:
> 1. Instead of using AC_SEARCH_LIBS in configure.ac, why not use AC_CHECK_LIB? There are no alternatives to libselinux, libsepol, and libustr, respectively, AC_CHECK_LIB would be simpler.
> 2. Defining HAVE_SELINUX_SELINUX_H and its kin are unnecessary. In no case would it be possible to compile libsemanage without having these defines be false.
> 3. By default, configure.ac will not enable Python. This is because $with_python is set to the default ("no").
> 4. Consider using the ac_pkg_swig package (http://autoconf-archive.cryp.to/ac_pkg_swig.html) to detect if SWIG and Python are installed.
> 5. No Makefile.am for tests subdirectory.
> 6. In src/Makefile.am, private header files are not included.
> 7. Actual library and symlink will be installed to $(LIBDIR). The current model is to place library at /lib and symlink at /usr/lib.
>
>
>
1,2 -> Fixed with attached libsemanage-fixes.patch
3 -> Yup, that's true. Python is not needed for libsemanage. If you need
this extra functionality (ie, libpysemanage), then specify the headers
you want to build with.
./configure --with-python=/these/guys/include/python2.4
4 -> Why? Whats wrong with the current test?
5 -> Fixed with attached libsemanage-fixes.patch
-1- I have not tested the tests. CUnit header checks may
also be needed in configure.ac
6 -> Not sure what you mean
7 -> Again this is a site policy and no concern of the package
maintainer. The distro maintainer adjusts these sort of things according
to the policies of the distro.
// make distcheck OK after patch
phew....that was some work...
I've attached my quilt series file along with the patches. So that you
can apply them in stack, as i had them.
Thanks again Jason for taking such a close look at the autotools branch.
5 patches! have fun Josh.
Vikram
Josh asked me to look through the autotools work. Here are the issues I have found with the libsepol package:
1. In configure.ac, the AC_INIT macro is not filled out;
2. Within libsepol/src/Makefile.am, the internal header files are not assigned to COMMONSRC;
3. Within utils/Makefile.am, the builddir for utils is not necessarily sibling to src;
4. libsepol is being installed to $(LIBDIR). In this case, it should default to the system library.
5. Most importantly, the unit tests are not built nor run.
I resolved the first three issues with the patch below. After applying the changes, 'make distcheck' succeeded for me. For the fourth issue, consider adding to configure.ac an AC_ARG_WITH, "--with-libsepol-dir", that sets the location to install libsepol.so. This would default to /lib or /lib64, depending upon the target architecture. For the fifth issue, the enable_tests variable ought to default to yes, and then conditional compiliation be used to actually compile and run those tests.
--
Jason Tang / jtang@tresys.com
More stuff:
1. Fixed error for libtool_compat.h in libsepol/libselinux
2. Renamed pam modules with pamd suffix to prevent overwriting
corresponding binaries
3. Added --enable-test option to libsepol (no Makefile.am yet)
4. Added few more autogen.sh scripts
5. Added .gitignore file to prevent accidental checkin of autoconf temp
files
Note: My SELinux work from now onwards will be unofficial, and any
correspondence should be to my personal email address,
noel.ambrose@gmail.com, or you can always catch me on IRC.
Vikram.
>From 054fec1d53c1731f702fd742c3b5d3bcf8f99359 Mon Sep 17 00:00:00 2001
From: Vikram Ambrse <vikram@dhcp-146-224.ottawa.windriver.com>
Date: Thu, 28 Aug 2008 14:38:59 -0400
Subject: [PATCH] fix libtool_compat header error
1. Fixed error for libtool_compat.h in libsepol/libselinux
2. Renamed pam modules with pamd suffix to prevent overwriting corresponding binaries
3. Added --enable-test option to libsepol (no Makefile.am yet)
4. Added few more autogen.sh scripts
5. added .gitignore file to prevent accidental checkin of autoconf temp files
Signed-off-by: Joshua Brindle <method@manicmethod.com>
> Attached to this email is a tarball snapshot of a new build system
> for the SELinux toolchain that I have been working on for the last
> couple of months.
>
> This autoconf/automake build system has many advantages over the
> current Makefiles.
>
> 1) It is capable of correctly cross compiling all libraries and
> tools, including the python wrappers.
> 2) It allows the distro maintainer to set sysconfdir, prefix,
> pamdir, startupdir etc..
> 3) It employs no "hacks", it is to-the-book, clean, GNU Automake,
> Autoconf code, formatted to ~80 char line length.
> 4) It lets RPM spec and .deb control take advantage of the autoconf
> infrastructure already built into these package formats, allowing
> distro maintainers to quickly and effortlessly build distro
> packages.
> 5) It is completely self dependent, ie. one can build the complete
> toolchain now resolving dependencies within the build, without
> needing to link against a system wide library.
>
> Due to an incompatibility with libtool, related to the current
> naming convention of the python wrappers and classes, a patch is
> supplied to rename:
> *) _selinux.so to libpyselinux.so
> *) _semanage.so to libpysemanage.so
> *) _audit2why.so to libpyaudit2why.so
>
> Similarily, the update also renames:
> *) selinux.py to __init__.py
> *) semanage.py to __init__.py
> and installs these plugins into their own sub site-packages folder.
>
> For Example: libselinux/src/Makefile.am
> line 35 # When the upstream tree is patched this should be removed
> line 36 # and selinux.py must be renamed to __init__.py
> line 37 __init__.py : selinux.py
> line 38 cp selinux.py $@
>
> A similar measure is taken in libsemanage/src/Makefile.am for semanage.py.
>
> On a similar note, the code currently uses a macro called SHARED,
> which is currently being wrapped with a forced -include libtool_compat.h
> using -DPIC (a libtool defined macro). This too can be removed if the code
> can be reformatted.
>
> This build system has been thoroughly tested to function correctly.
> Compiling natively for localhost, as well as cross compiling for
> the following platforms:
> *) PPC32
> *) PPC64
> *) ARM (Versatile family)
> *) Common PC X86_64
>
> It has also been tested on mainstream Linux distributions such
> as Ubuntu 8.04 and Fedora 9.
>
> This new build system is a replacement for the existing build system.
> They cannot be used concurrently. I leave no guarantee on backward
> compatibility after applying this update.
>
> Recently a Ruby wrapper was added to the SELinux trunk, this build
> system does not build it. Though with the current infrastructure in
> place, it is a very simple procedure for anyone familiar with ruby
> to include it.
>
> This contribution comes out of the integration efforts WindRiver has
> recently taken to add a SELinux feature to WindRiver Linux. It comes
> with no obligation or indemnity from WindRiver or myself. Distributed
> as not copyrighted, public domain software, in accordance with
> libselinux.
>
> I ask if this update can be merged into the main SELinux trunk.
> I will help coordinate the merge if necessary.
>
>
Joshua Brindle
Jason Tang
Vikram Ambrose