| 1 |
Hi Sven. |
| 2 |
|
| 3 |
В Втр, 02/08/2011 в 09:19 +0200, Sven Vermeulen пишет: |
| 4 |
> To allow for more manageable patching on our selinux policies (since Matthew |
| 5 |
> will bombard me anyhow with things to fix ;-) and not to clutter the files/ |
| 6 |
> directory in the Portage tree, I've been meaning to update the |
| 7 |
> selinux-policy-2 eclass to support reusing the patchbundles offered by the |
| 8 |
> selinux-base-policy releases. The result can currently be seen at |
| 9 |
> http://bit.ly/owGhAs but, unless people object, I'll be pushing this eclass |
| 10 |
> to the hardened-dev overlay tomorrow (in an eclass/ directory) without |
| 11 |
> changing the eclass name ("bumping") since it doesn't change anything for |
| 12 |
> existing ebuilds. |
| 13 |
|
| 14 |
First of all thank you for all this job you are doing. Here are just |
| 15 |
general comments on how to clean code a bit: |
| 16 |
|
| 17 |
1. |
| 18 |
: ${BASEPOL:="0"} |
| 19 |
later is checked with [[ "${BASEPOL}" == "0" ]]; |
| 20 |
I guess it's better to make this consistent with : ${POLICY_PATCH:=""} |
| 21 |
(and [[ -n ${POLICY_PATCH} ]]). |
| 22 |
|
| 23 |
2. if [[ "${BASEPOL}" == "0" ]]; |
| 24 |
Here and in many other places, you don't need to quote variables inside |
| 25 |
bash checks [[ ]]. (while it's good idea to quote strings). |
| 26 |
|
| 27 |
3. if [[ ${EAPI:-0} -le 1 ]]; |
| 28 |
EAPI is a string and not a number. Please use |
| 29 |
has "${EAPI:-0}" 0 1 && selinux-policy-2_src_prepare |
| 30 |
|
| 31 |
4. [ -n "${POLICY_PATCH}" ] |
| 32 |
generally it's better to use bash tests [[ ]] and avoid quotation. |
| 33 |
|
| 34 |
5. epatch "${POLPATCH}" || die |
| 35 |
drop || die. epatch dies on its own. |
| 36 |
|
| 37 |
6. modfiles="`find ${S}/refpolicy/policy/modules -iname $i.te` |
| 38 |
$modfiles" |
| 39 |
It's better to use $() instead of backtics `` |
| 40 |
http://mywiki.wooledge.org/BashFAQ/082 |
| 41 |
|
| 42 |
7. cp "${S}"/refpolicy/doc/Makefile.example ... |
| 43 |
add || die for this command and similar commands below. |
| 44 |
|
| 45 |
8. |
| 46 |
selinux-policy-2_src_compile() { |
| 47 |
for i in ${POLICY_TYPES}; do |
| 48 |
make NAME=$i -C "${S}"/${i} || die "${i} compile failed" |
| 49 |
Is parallel build unsupported here? May be emake? |
| 50 |
|
| 51 |
9. echo "Installing ${i} ${j} policy package" |
| 52 |
It's better to use einfo here as it was implemented exactly for this |
| 53 |
cases :) |
| 54 |
|
| 55 |
10. |
| 56 |
insinto ${BASEDIR}/${i} |
| 57 |
doins "${S}"/${i}/${j}.pp |
| 58 |
Until eclass supports only EAPI>=4 "|| die" should be appended here. |
| 59 |
|
| 60 |
With best regards, |
| 61 |
-- |
| 62 |
Peter. |
Archives