| 1 |
On Wed, Aug 03, 2011 at 02:59:14PM +0400, Peter Volkov wrote: |
| 2 |
> В Втр, 02/08/2011 в 09:19 +0200, Sven Vermeulen пишет: |
| 3 |
> > To allow for more manageable patching on our selinux policies (since Matthew |
| 4 |
> > will bombard me anyhow with things to fix ;-) and not to clutter the files/ |
| 5 |
> > directory in the Portage tree, I've been meaning to update the |
| 6 |
> > selinux-policy-2 eclass to support reusing the patchbundles offered by the |
| 7 |
> > selinux-base-policy releases. The result can currently be seen at |
| 8 |
> > http://bit.ly/owGhAs but, unless people object, I'll be pushing this eclass |
| 9 |
> > to the hardened-dev overlay tomorrow (in an eclass/ directory) without |
| 10 |
> > changing the eclass name ("bumping") since it doesn't change anything for |
| 11 |
> > existing ebuilds. |
| 12 |
> |
| 13 |
> First of all thank you for all this job you are doing. Here are just |
| 14 |
> general comments on how to clean code a bit: |
| 15 |
|
| 16 |
Thanks for the feedback. I've incorporated most of the changes you |
| 17 |
suggested. The eclass is currently in the hardened-dev overlay (you can view |
| 18 |
it at http://bit.ly/oJdMVz) with the changes included. |
| 19 |
|
| 20 |
I'd like to reply to a few of your suggestions (to show you I didn't ignore |
| 21 |
them and to solicit some reaction or suggestions too ;-) |
| 22 |
|
| 23 |
> 4. [ -n "${POLICY_PATCH}" ] |
| 24 |
> generally it's better to use bash tests [[ ]] and avoid quotation. |
| 25 |
|
| 26 |
For POLICY_PATCH, I'll keep the quotation(s) because it can contain multiple |
| 27 |
patches (space-separated). |
| 28 |
|
| 29 |
> 8. |
| 30 |
> selinux-policy-2_src_compile() { |
| 31 |
> for i in ${POLICY_TYPES}; do |
| 32 |
> make NAME=$i -C "${S}"/${i} || die "${i} compile failed" |
| 33 |
> Is parallel build unsupported here? May be emake? |
| 34 |
|
| 35 |
It isn't supported out-of-the-box. I would have to create a Makefile here |
| 36 |
(from within the eclass) to allow parallel builds, but I think that would |
| 37 |
make it less obvious of what is going on here. |
| 38 |
|
| 39 |
Also, the make operation takes about 2 seconds on a moderate CPU and I |
| 40 |
assume that most users set their POLICY_TYPES to the type they use (and not |
| 41 |
more), so the gain here is minimal. |
| 42 |
|
| 43 |
Also, emake fails here, it complains about a missing file: |
| 44 |
|
| 45 |
/bin/sh: tmp/ldap.mod.fc: No such file or directory |
| 46 |
|
| 47 |
whereas with just "make" it works well. The Makefile used is probably the |
| 48 |
fault here, but I'm no wizard in these things and since "just" make works, |
| 49 |
I'll stick with that ;) |
| 50 |
|
| 51 |
Wkr, |
| 52 |
Sven Vermeulen |
Archives