Hello,
Refpolicy INSTALL file says that PyXML is required for building [1].
However I haven't got this library on my system and things are working well
so I'm wondering what I am missing. A simple "git grep import" shows "from
xml.dom.minidom import parse, parseString" in support/sedoctool.py [2] but
the xml module has been part of Python since Python 2.0 (according to 2.6
doc [3]) so this is not PyXML. Moreover PyXML main page says this library
is no longer maintained [4].
Is PyXML still a requirement of refpolicy and if not, is it possible to
remove it from the INSTALL file?
My motivation behind these questions is that an Arch Linux user packaged
PyXML a few days ago [5], described it as "Python XML, Dependency for
selinux-refpolicy" [6] and is asking me whether I want to maintain the
package.
Cheers,
Nicolas
[1]
https://github.com/TresysTechnology/refpolicy/blob/RELEASE_2_20140311/INSTALL#L6
[2]
https://github.com/TresysTechnology/refpolicy/blob/RELEASE_2_20140311/support/sedoctool.py#L21
[3] https://docs.python.org/2.6/library/xml.dom.html
[4] http://sourceforge.net/projects/pyxml/
[5] Comment posted 2014-10-21 on
https://aur.archlinux.org/packages/selinux-refpolicy/
[6] https://aur.archlinux.org/packages/pyxml/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20141030/aacf29ff/attachment.html
On 10/30/2014 6:05 PM, Nicolas Iooss wrote:
> Refpolicy INSTALL file says that PyXML is required for building [1].
> However I haven't got this library on my system and things are working
> well so I'm wondering what I am missing. A simple "git grep import"
> shows "from xml.dom.minidom import parse, parseString" in
> support/sedoctool.py [2] but the xml module has been part of Python
> since Python 2.0 (according to 2.6 doc [3]) so this is not PyXML.
> Moreover PyXML main page says this library is no longer maintained [4].
>
> Is PyXML still a requirement of refpolicy and if not, is it possible to
> remove it from the INSTALL file?
I believe you are correct that it can be removed. These things should
work, to verify:
* 'make conf' will yield doc/policy.xml, which will validate against
doc/policy.dtd. The makefile already validates, so this checks out.
* doc/policy.xml should have all of the xml docs from throughout the policy
* 'make html' should get all the html interface docs
If that all works, then we can update the INSTALL and other
documentation to replace PyXML with Python 2.0 in the dependency list.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
2014-10-31 15:21 GMT+01:00 Christopher J. PeBenito:
> On 10/30/2014 6:05 PM, Nicolas Iooss wrote:
>> Refpolicy INSTALL file says that PyXML is required for building [1].
>> However I haven't got this library on my system and things are working
>> well so I'm wondering what I am missing. A simple "git grep import"
>> shows "from xml.dom.minidom import parse, parseString" in
>> support/sedoctool.py [2] but the xml module has been part of Python
>> since Python 2.0 (according to 2.6 doc [3]) so this is not PyXML.
>> Moreover PyXML main page says this library is no longer maintained [4].
>>
>> Is PyXML still a requirement of refpolicy and if not, is it possible to
>> remove it from the INSTALL file?
>
> I believe you are correct that it can be removed. These things should
> work, to verify:
>
> * 'make conf' will yield doc/policy.xml, which will validate against
> doc/policy.dtd. The makefile already validates, so this checks out.
> * doc/policy.xml should have all of the xml docs from throughout the policy
> * 'make html' should get all the html interface docs
>
> If that all works, then we can update the INSTALL and other
> documentation to replace PyXML with Python 2.0 in the dependency list.
As I got a new computer a few days ago with a clean Arch Linux
installation, I've been able to test things while being sure PyXML has
never been installed on this system. Here are my results:
* "make conf && make" works fine, with python 3.4.2, the latest release
of SELinux userspace tools & librairies (2.3) and setools 3.3.8.
* "xmllint --noout --dtdvalid doc/policy.dtd doc/policy.xml" succeeds
and "doc/policy.xml" seems to be a valid XML when opened in a text
editor (i.e. it is not almost empty).
* "make html" produces HTML pages in docs/html and Firefox renders them
correctly (and the links work fine). While speaking about
documentation, there is a small typo in corenet_raw_bind_generic_node
summary: "genric" is written instead of "generic" [1].
* "make validate" prints "Success", after 740s.
It should be OK to drop PyXML from the INSTALL and the doc and document
the supported Python versions. Python 2.0 might lack some features
which are used in the support scripts (like "from __future__ import
print_function"?). I haven't got this version on my systems but I've
tested the build with both Python 2.7.8 and 3.4.2 and it succeeded. As
Arch Linux is probably not the best distro to establish the lower limit
of supported version numbers, it probably makes more sense to see what
Python version Debian, Fedora and Gentoo currently support.
Thanks,
Nicolas
[1]
https://github.com/TresysTechnology/refpolicy/blob/8a3a8c7e1b829193b238ef8397ee050ed1b67fc3/policy/modules/kernel/corenetwork.if.in#L858
On 11/3/2014 3:14 PM, Nicolas Iooss wrote:
> 2014-10-31 15:21 GMT+01:00 Christopher J. PeBenito:
>> On 10/30/2014 6:05 PM, Nicolas Iooss wrote:
>>> Refpolicy INSTALL file says that PyXML is required for building [1].
>>> However I haven't got this library on my system and things are working
>>> well so I'm wondering what I am missing. A simple "git grep import"
>>> shows "from xml.dom.minidom import parse, parseString" in
>>> support/sedoctool.py [2] but the xml module has been part of Python
>>> since Python 2.0 (according to 2.6 doc [3]) so this is not PyXML.
>>> Moreover PyXML main page says this library is no longer maintained [4].
>>>
>>> Is PyXML still a requirement of refpolicy and if not, is it possible to
>>> remove it from the INSTALL file?
>>
>> I believe you are correct that it can be removed. These things should
>> work, to verify:
>>
>> * 'make conf' will yield doc/policy.xml, which will validate against
>> doc/policy.dtd. The makefile already validates, so this checks out.
>> * doc/policy.xml should have all of the xml docs from throughout the policy
>> * 'make html' should get all the html interface docs
>>
>> If that all works, then we can update the INSTALL and other
>> documentation to replace PyXML with Python 2.0 in the dependency list.
>
> As I got a new computer a few days ago with a clean Arch Linux
> installation, I've been able to test things while being sure PyXML has
> never been installed on this system. Here are my results:
>
> * "make conf && make" works fine, with python 3.4.2, the latest release
> of SELinux userspace tools & librairies (2.3) and setools 3.3.8.
>
> * "xmllint --noout --dtdvalid doc/policy.dtd doc/policy.xml" succeeds
> and "doc/policy.xml" seems to be a valid XML when opened in a text
> editor (i.e. it is not almost empty).
>
> * "make html" produces HTML pages in docs/html and Firefox renders them
> correctly (and the links work fine). While speaking about
> documentation, there is a small typo in corenet_raw_bind_generic_node
> summary: "genric" is written instead of "generic" [1].
>
> * "make validate" prints "Success", after 740s.
This wasn't necessary for checking XML, as all it does is link all the
.pp files to make sure there's no dependency issue.
> It should be OK to drop PyXML from the INSTALL and the doc and document
> the supported Python versions. Python 2.0 might lack some features
> which are used in the support scripts (like "from __future__ import
> print_function"?). I haven't got this version on my systems but I've
> tested the build with both Python 2.7.8 and 3.4.2 and it succeeded. As
> Arch Linux is probably not the best distro to establish the lower limit
> of supported version numbers, it probably makes more sense to see what
> Python version Debian, Fedora and Gentoo currently support.
I think Python 2.6 should be a reasonable minimum. It's the first to
support the print_function import you mention above.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com