[autotools] libselinux build system comments

[autotools] libselinux build system comments

[Jason Tang]

Josh asked me to look through the autotools work.  Here are the issues I have found with the libselinux package:

1. In configure.ac, the AC_INIT macro is not filled out.

2. Within libselinux/src/Makefile.am, the internal header files are not assigned to COMMONSRC and AVCSRC, as appropriately.

3. Within utils/Makefile.am, the builddir for utils is not necessarily sibling to src.

4. libselinux is being installed to $(LIBDIR).  In this case, it should default to the system library.

5. The SWIG and Python detection routines in configure.ac do not seem to work for my system (Debian/stable).

6. The help messages for --disable-rpm and kin are confusing.

7. There is no definition for the variable abs_top_srcdir in src/Makefile.am.

8. By default, the libselinux configuration file is written to $(SYSCONFDIR), but selinux_config.c has the path /etc/selinux hardcoded.  (N.b. the missing "selinux" subdirectory for the former path.)


For issues one through four, see my related notes on libsepol.

For issue five, why not use the swig_python (and related) package at http://autoconf-archive.cryp.to/swig_python.html?  It seems to work well for SETools.

For issue six, consider changing the line "default=no" to "default=enabled".  Otherwise the help message is ambiguous.

For issue seven, it should be either @abs_top_srcdir@ or $(top_srcdir).  I suggest the latter.

For issue eight, the simplest solution is to explicitly set an install directory ("/etc/selinux") for the configuration file.  A more robust solution is to write config to $(SYSCONFDIR)/selinux, and then have selinux_config.c "#include <config.h>" that includes the destination directory.

-- 
Jason Tang / jtang@tresys.com






--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [autotools] libselinux build system comments

[Vikram Noel Ambrose]

Jason Tang wrote:
> 4. libselinux is being installed to $(LIBDIR).  In this case, it should default to the system library.
>
>   

What does that mean?

> 5. The SWIG and Python detection routines in configure.ac do not seem to work for my system (Debian/stable).
>   

Could you pastebin your config.log from that box

>
> 7. There is no definition for the variable abs_top_srcdir in src/Makefile.am.
>   

Thats built in. You dont need to define it. Have a look at the resulting 
Makefile

> 8. By default, the libselinux configuration file is written to $(SYSCONFDIR), but selinux_config.c has the path /etc/selinux hardcoded.  (N.b. the missing "selinux" subdirectory for the former path.)
>
>   

How is that a problem? I have voiced my concerns over these hard coded 
paths on many occasions. I personally feel the SELinux userspace is a 
complete disaster and needs to be rewritten, and that is my motivation 
for doing the first step, ie build system.

Just build with ./configure --sysconfdir=/etc/selinux

> For issues one through four, see my related notes on libsepol.
>
> For issue five, why not use the swig_python (and related) package at http://autoconf-archive.cryp.to/swig_python.html?  It seems to work well for SETools.
>   

will check it out.




Thanks Jason for the thorough look at the autotools branch. I'll hack 
away at it slowly.

Vikram



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [autotools] libselinux build system comments

[Jason Tang]

From: Vikram Noel Ambrose [mailto:noel.ambrose@gmail.com]
>> 4. libselinux is being installed to $(LIBDIR).  In this case, it should default to the system library.

> What does that mean?

libselinux and libsepol should be installed to /lib (or /lib64).  The reason is because /usr/lib may be on a different filesystem, but /lib (and /lib64) is nearly guaranteed to be available by the time the system will load the SELinux policy.

>> 7. There is no definition for the variable abs_top_srcdir in src/Makefile.am.

>Thats built in. You dont need to define it. Have a look at the resulting 
>Makefile

This probably depends upon the version of automake that read the Makefile.in.  Maybe the bleeding edge version of automake defines $(abs_top_srcdir), but the one that I am using does not.

>> 8. By default, the libselinux configuration file is written to $(SYSCONFDIR), but selinux_config.c has the path /etc/selinux hardcoded.  (N.b. the missing "selinux" subdirectory for the former path.)   

>How is that a problem?

One would expect that the default flags to configure would build working SELinux userspace libraries and tools.  Even if the end-user is expected to pass in a --sysconfdir flag to configure, selinux_config.c does not respect it.  Perhaps a patch to selinux_config.c is necessary?


-- 
Jason Tang  /  jtang@tresys.com


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [autotools] libselinux build system comments

[Vikram Noel Ambrose]

Jason Tang wrote:
> From: Vikram Noel Ambrose [mailto:noel.ambrose@gmail.com]
>   
>>> 4. libselinux is being installed to $(LIBDIR).  In this case, it should default to the system library.
>>>       
>> What does that mean?
>>     
>
> libselinux and libsepol should be installed to /lib (or /lib64).  The reason is because /usr/lib may be on a different filesystem, but /lib (and /lib64) is nearly guaranteed to be available by the time the system will load the SELinux policy.
>
>   
>

And ./configure --libdir=/lib64. doesnt solve this?




--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [autotools] libselinux build system comments

[Jason Tang]

From: owner-selinux@tycho.nsa.gov on behalf of Vikram Noel Ambrose
Sent: Sat 2008-09-27 22:28
To: SE Linux
Subject: Re: [autotools] libselinux build system comments
 
>> libselinux and libsepol should be installed to /lib (or /lib64).  The reason is because /usr/lib may be on a different 
>>filesystem, but /lib (and /lib64) is nearly guaranteed to be available by the time the system will load the SELinux policy.

>And ./configure --libdir=/lib64. doesnt solve this?

No, because then libsemanage would be installed to the wrong location.

-- 
Jason Tang / jtang@tresys.com



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [autotools] libselinux build system comments

[Joshua Brindle]

Vikram Noel Ambrose wrote:
> Jason Tang wrote:
>> From: Vikram Noel Ambrose [mailto:noel.ambrose@gmail.com]
>>  
>>>> 4. libselinux is being installed to $(LIBDIR).  In this case, it
>>>> should default to the system library.
>>>>       
>>> What does that mean?
>>>     
>>
>> libselinux and libsepol should be installed to /lib (or /lib64).  The
>> reason is because /usr/lib may be on a different filesystem, but /lib
>> (and /lib64) is nearly guaranteed to be available by the time the
>> system will load the SELinux policy.
>>
>>  
> 
> And ./configure --libdir=/lib64. doesnt solve this?
> 

./configure (with no flags) must default to:

/lib/libsepol.so.1
/lib/libselinux.so.1
/lib/libsemanage.so.1

/usr/lib/libselinux.a
/usr/lib/libsepol.a
/usr/lib/libsemanage.a

/sbin/fixfiles
/sbin/setfiles

/etc/selinux for conf dir
/etc/pam.d for pam files

/usr/lib/python2.5/site-packages/ for all python wrappers and files

/usr/(s)?bin for utilities

...etc...

This is not optional. I'm not going to switch to a build system under everyone that requires flags to work the way it has always worked. Those who want non-standard configurations are those required to set flags. lib64 should probably be substituted for lib on 64 bit builds.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [autotools] libselinux build system comments

[Vikram Noel Ambrose]

Jason Tang wrote:
> From: owner-selinux@tycho.nsa.gov on behalf of Vikram Noel Ambrose
> Sent: Sat 2008-09-27 22:28
> To: SE Linux
> Subject: Re: [autotools] libselinux build system comments
>  
>   
>>> libselinux and libsepol should be installed to /lib (or /lib64).  The reason is because /usr/lib may be on a different 
>>> filesystem, but /lib (and /lib64) is nearly guaranteed to be available by the time the system will load the SELinux policy.
>>>       
>
>   
>> And ./configure --libdir=/lib64. doesnt solve this?
>>     
>
> No, because then libsemanage would be installed to the wrong location.
>
>   
Sorry I don't follow, do you mean all the sub-packages need to be 
compiled with the same configure parameters?

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.