From: nicolas.iooss@m4x.org (Nicolas Iooss) Date: Mon, 03 Nov 2014 21:14:30 +0100 Subject: [refpolicy] PyXML requirement for refpolicy In-Reply-To: <54539AE2.8000401@tresys.com> References: <54539AE2.8000401@tresys.com> Message-ID: <5457E226.5080303@m4x.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com 2014-10-31 15:21 GMT+01:00 Christopher J. PeBenito: > On 10/30/2014 6:05 PM, Nicolas Iooss wrote: >> Refpolicy INSTALL file says that PyXML is required for building [1]. >> However I haven't got this library on my system and things are working >> well so I'm wondering what I am missing. A simple "git grep import" >> shows "from xml.dom.minidom import parse, parseString" in >> support/sedoctool.py [2] but the xml module has been part of Python >> since Python 2.0 (according to 2.6 doc [3]) so this is not PyXML. >> Moreover PyXML main page says this library is no longer maintained [4]. >> >> Is PyXML still a requirement of refpolicy and if not, is it possible to >> remove it from the INSTALL file? > > I believe you are correct that it can be removed. These things should > work, to verify: > > * 'make conf' will yield doc/policy.xml, which will validate against > doc/policy.dtd. The makefile already validates, so this checks out. > * doc/policy.xml should have all of the xml docs from throughout the policy > * 'make html' should get all the html interface docs > > If that all works, then we can update the INSTALL and other > documentation to replace PyXML with Python 2.0 in the dependency list. As I got a new computer a few days ago with a clean Arch Linux installation, I've been able to test things while being sure PyXML has never been installed on this system. Here are my results: * "make conf && make" works fine, with python 3.4.2, the latest release of SELinux userspace tools & librairies (2.3) and setools 3.3.8. * "xmllint --noout --dtdvalid doc/policy.dtd doc/policy.xml" succeeds and "doc/policy.xml" seems to be a valid XML when opened in a text editor (i.e. it is not almost empty). * "make html" produces HTML pages in docs/html and Firefox renders them correctly (and the links work fine). While speaking about documentation, there is a small typo in corenet_raw_bind_generic_node summary: "genric" is written instead of "generic" [1]. * "make validate" prints "Success", after 740s. It should be OK to drop PyXML from the INSTALL and the doc and document the supported Python versions. Python 2.0 might lack some features which are used in the support scripts (like "from __future__ import print_function"?). I haven't got this version on my systems but I've tested the build with both Python 2.7.8 and 3.4.2 and it succeeded. As Arch Linux is probably not the best distro to establish the lower limit of supported version numbers, it probably makes more sense to see what Python version Debian, Fedora and Gentoo currently support. Thanks, Nicolas [1] https://github.com/TresysTechnology/refpolicy/blob/8a3a8c7e1b829193b238ef8397ee050ed1b67fc3/policy/modules/kernel/corenetwork.if.in#L858