From: nicolas.iooss@m4x.org (Nicolas Iooss) Date: Tue, 4 Mar 2014 00:00:10 +0100 Subject: [refpolicy] [PATCH] Add build-time distribution detection to Makefile In-Reply-To: <53149434.1040201@tresys.com> References: <1392765615-19475-1-git-send-email-nicolas.iooss@m4x.org> <53149434.1040201@tresys.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com 2014-03-03 15:39 GMT+01:00 Christopher J. PeBenito : > On 2/18/2014 6:20 PM, Nicolas Iooss wrote: > > When using the same policy on several hosts with different Linux > distributions > > the DISTRO variable can't be defined in the build.conf of the build > directory > > because this file is tracked with git. > > > > Instead of maintaining a local patch per host to define DISTRO in > build.conf > > or of building using "make DISTRO=...", this commit introduces a > DISTRO_DETECT > > boolean in build.conf which automatically fills DISTRO with the name of > the > > distro of the building host. > > > > DISTRO_DETECT definition is not copied in the installed build.conf file > > (/usr/share/selinux/refpolicy/include/build.conf) because this file > would have > > the DISTRO variable set. > > I'm reluctant to add this, as the refpolicy build system is already more > complicated than I'd like. I also feel that the use case is too uncommon. > > I suggest that for your scenario that you instead have a local build.conf > that is included by the revision-controlled build.conf. Then in the local > one you can set DISTRO without putting it on the make command. > > Thanks for your suggestion. I've added "-include build-local.conf" to my build.conf so that it automatically includes the host-specific build.conf if it exists. By doing so, "make" works as expected but I'm wondering whether some obscure program used in the build system of the policy may expect build.conf to only have comments and variable definitions. If that's the case, I'll change my Makefile instead of build.conf (and I'll never upstream this change). While speaking about files which aren't revision-controlled, if I send a patch which creates a .gitignore file which contains most of the lines of http://oss.tresys.com/projects/refpolicy/browser/.gitignore?rev=190b058eaef2551f9045121f9f2e558b901ff733, will it have any chance of being accepted? By the way, I'm trying to get SELinux work on Archlinux, and that's why I'm in an uncommon scenario of using the same policy with Arch and Debian. Right now, the SELinux-configured Archlinux packages are working quite well but my policy is already some patches away from the refpolicy (with some patches for systemd, others to handle all binaries in /usr/bin...). I've experienced a bunch of issues that were solved with patches which can't be upstreamed "as-is" and that's why I'm looking forward to the support of systemd in the reference policy. Nicolas -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20140304/cae66794/attachment.html