selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: William Roberts <bill.c.roberts@gmail.com>
To: Nicolas Iooss <nicolas.iooss@m4x.org>
Cc: SElinux list <selinux@vger.kernel.org>,
	Ondrej Mosnacek <omosnace@redhat.com>,
	William Roberts <william.c.roberts@intel.com>
Subject: Re: [PATCH] libsemanage: check libsepol version
Date: Sun, 1 Mar 2020 13:53:14 -0600	[thread overview]
Message-ID: <CAFftDdo6ndA=uHW9Ujr2WA4cvMMN_+tJezZYaTL7vXNnafK0ig@mail.gmail.com> (raw)
In-Reply-To: <CAJfZ7==oAidx6pT5jK1C-r=i-qEM2tESVLWiCkN-v53u7uXtEw@mail.gmail.com>

On Sun, Mar 1, 2020 at 1:25 PM Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
>
> On Fri, Feb 28, 2020 at 2:32 PM <bill.c.roberts@gmail.com> wrote:
> >
> > From: William Roberts <william.c.roberts@intel.com>
> >
> > If libsepol is older than version 3.0, the required routine
> > sepol_policydb_optimize will not be present. Use pkg-config to get the
> > modversion and check that it is 3.0 or higher.
> >
> > This can manifest as a compilation issue:
> > direct_api.c: In function ‘semanage_direct_commit’:
> > direct_api.c:1466:13: error: implicit declaration of function ‘sepol_policydb_optimize’; did you mean ‘sepol_policydb_to_image’? [-Werror=implicit-function-declaration]
> >      retval = sepol_policydb_optimize(out);
> >
> > Which is not really clear on how to check.
>
> >From my point of view, this kind of dependency management is something
> that is more suited in a package management system than in a Makefile.
> It makes sense to check for libsepol version if there is some kind of
> optional features that gets enabled according to it (in a similar way
> as a --with-... statement in build systems using autoconf) or if there
> is a fall back to another compatible source code (and the Makefile
> would "route" the building process to the right .c file). But these
> reasons do not match what you are doing in this change.

Since we don't use autotools, selinux makefiles have to be smarter. We
already use
PKG_CONFIG to get various flags, which would normally be handled in a
configure script, which if we had autotools, would also be a place to check
dependency versions.

>
> Why do you need this patch, instead of stating in the package to use
> for libsemanage that it depends on libsepol>=3.0?

We should document that as well, but make software smarter, not people.
If we can provide a better error message, without a huge burden of
work or maintenance
I always vote to do it. In this case, it's pretty simple to do, since
we already have the infrastructure for
PKG_CONFIG in the Makefiles.

>
> Thanks,
> Nicolas
>
> > Signed-off-by: William Roberts <william.c.roberts@intel.com>
> > ---
> >  libsemanage/src/Makefile | 18 +++++++++++++-----
> >  1 file changed, 13 insertions(+), 5 deletions(-)
> >
> > diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
> > index f6780dc6048e..a329797fe1cc 100644
> > --- a/libsemanage/src/Makefile
> > +++ b/libsemanage/src/Makefile
> > @@ -65,6 +65,14 @@ SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
> >
> >  SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./
> >
> > +sepol-version-check:
> > +       @v=$$($(PKG_CONFIG) --modversion libsepol); \
> > +       major=$$(echo "$$v" | cut -d"." -f 1-1); \
> > +       if [ "$$major" -lt 3 ]; then \
> > +               >&2 echo "libsepol is required to be version 3.0 or higher, got: $$v"; \
> > +               exit 1; \
> > +       fi
> > +
> >  all: $(LIBA) $(LIBSO) $(LIBPC)
> >
> >  pywrap: all $(SWIGSO)
> > @@ -83,12 +91,12 @@ $(SWIGSO): $(SWIGLOBJ)
> >  $(SWIGRUBYSO): $(SWIGRUBYLOBJ)
> >         $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lsemanage $(RUBYLIBS)
> >
> > -$(LIBA): $(OBJS)
> > -       $(AR) rcs $@ $^
> > +$(LIBA): sepol-version-check $(OBJS)
> > +       $(AR) rcs $@ $(filter-out $<,$^)
> >         $(RANLIB) $@
> >
> > -$(LIBSO): $(LOBJS)
> > -       $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
> > +$(LIBSO): sepol-version-check $(LOBJS)
> > +       $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $(filter-out $<,$^) -lsepol -laudit -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
> >         ln -sf $@ $(TARGET)
> >
> >  $(LIBPC): $(LIBPC).in ../VERSION
> > @@ -163,4 +171,4 @@ distclean: clean
> >  indent:
> >         ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
> >
> > -.PHONY: all clean pywrap rubywrap swigify install install-pywrap install-rubywrap distclean
> > +.PHONY: all clean pywrap rubywrap swigify install install-pywrap install-rubywrap distclean sepol-version-check
> > --
> > 2.17.1
> >
>

  reply	other threads:[~2020-03-01 19:53 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-27 22:47 [PATCH] libsemange: add missing header sepol/policydb.h bill.c.roberts
2020-02-28  8:17 ` Ondrej Mosnacek
2020-02-28 12:43   ` William Roberts
2020-02-28 13:32     ` [PATCH] libsemanage: check libsepol version bill.c.roberts
2020-03-01 19:24       ` Nicolas Iooss
2020-03-01 19:53         ` William Roberts [this message]
2020-03-01 20:21           ` Nicolas Iooss
2020-03-01 20:33             ` William Roberts
     [not found]               ` <CAJfZ7=kocVtoWs2fo8JkH+7FicnORGGVQEH51tG95u2nGoaPTw@mail.gmail.com>
     [not found]                 ` <CAFftDdpkV9furWPR1VzuSV6ew93+Rij3bF7gw2Lup9aa8VMrSw@mail.gmail.com>
2020-03-01 21:43                   ` Nicolas Iooss
2020-03-01 22:19                     ` William Roberts
2020-03-02 15:24                     ` Stephen Smalley
2020-03-02 15:32                       ` William Roberts

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAFftDdo6ndA=uHW9Ujr2WA4cvMMN_+tJezZYaTL7vXNnafK0ig@mail.gmail.com' \
    --to=bill.c.roberts@gmail.com \
    --cc=nicolas.iooss@m4x.org \
    --cc=omosnace@redhat.com \
    --cc=selinux@vger.kernel.org \
    --cc=william.c.roberts@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).