From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QobWx-00050C-UV for garchives@archives.gentoo.org; Wed, 03 Aug 2011 13:30:40 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CCE4721C1F2; Wed, 3 Aug 2011 13:30:27 +0000 (UTC) Received: from mail-ey0-f174.google.com (mail-ey0-f174.google.com [209.85.215.174]) by pigeon.gentoo.org (Postfix) with ESMTP id E296821C0F9 for ; Wed, 3 Aug 2011 13:30:05 +0000 (UTC) Received: by eyx24 with SMTP id 24so665020eyx.33 for ; Wed, 03 Aug 2011 06:30:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:date:from:to:subject:message-id:references:mime-version :content-type:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=O87EdM1mW50g0DiSBX60SgZflw03SDK/y0HE5rYVmQU=; b=ZS7cUvcDl+5UTETHlzK2Gf+ItLl6S+gXXOD2Sk7Kx5ghGceJEVONYb/GYwCd0YWAxS ijTRbRI9YF8KYVXnXhyibT86ynuZynr06K7vJXwpUI9ObVxSsttIBnVUcAj7qPtHKAPG ihERGMAjAx4UXUSOuI1e01zvgJQwRMUycSr2E= Received: by 10.14.30.165 with SMTP id k37mr2223582eea.13.1312378205108; Wed, 03 Aug 2011 06:30:05 -0700 (PDT) Received: from siphos.be ([83.101.67.57]) by mx.google.com with ESMTPS id x4sm350200eef.21.2011.08.03.06.30.02 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 03 Aug 2011 06:30:03 -0700 (PDT) Sender: Sven Vermeulen Date: Wed, 3 Aug 2011 15:29:33 +0200 From: Sven Vermeulen To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] Update on selinux-policy-2 eclass Message-ID: <20110803132932.GA9734@siphos.be> References: <20110802071925.GA7706@siphos.be> <1312369154.10155.31.camel@tablet> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <1312369154.10155.31.camel@tablet> User-Agent: Mutt/1.5.21 (2010-09-15) Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: 1ca87143e8974ae7c80fe2d86e578bf1 On Wed, Aug 03, 2011 at 02:59:14PM +0400, Peter Volkov wrote: > =D0=92 =D0=92=D1=82=D1=80, 02/08/2011 =D0=B2 09:19 +0200, Sven Vermeule= n =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > > To allow for more manageable patching on our selinux policies (since = Matthew > > will bombard me anyhow with things to fix ;-) and not to clutter the = files/ > > directory in the Portage tree, I've been meaning to update the > > selinux-policy-2 eclass to support reusing the patchbundles offered b= y the > > selinux-base-policy releases. The result can currently be seen at > > http://bit.ly/owGhAs but, unless people object, I'll be pushing this = eclass > > to the hardened-dev overlay tomorrow (in an eclass/ directory) withou= t > > changing the eclass name ("bumping") since it doesn't change anything= for > > existing ebuilds. >=20 > First of all thank you for all this job you are doing. Here are just > general comments on how to clean code a bit: Thanks for the feedback. I've incorporated most of the changes you suggested. The eclass is currently in the hardened-dev overlay (you can v= iew it at http://bit.ly/oJdMVz) with the changes included. I'd like to reply to a few of your suggestions (to show you I didn't igno= re them and to solicit some reaction or suggestions too ;-) > 4. [ -n "${POLICY_PATCH}" ] > generally it's better to use bash tests [[ ]] and avoid quotation. For POLICY_PATCH, I'll keep the quotation(s) because it can contain multi= ple patches (space-separated). > 8.=20 > selinux-policy-2_src_compile() { > for i in ${POLICY_TYPES}; do > make NAME=3D$i -C "${S}"/${i} || die "${i} compile failed" > Is parallel build unsupported here? May be emake? It isn't supported out-of-the-box. I would have to create a Makefile here (from within the eclass) to allow parallel builds, but I think that would make it less obvious of what is going on here. Also, the make operation takes about 2 seconds on a moderate CPU and I assume that most users set their POLICY_TYPES to the type they use (and n= ot more), so the gain here is minimal. Also, emake fails here, it complains about a missing file: /bin/sh: tmp/ldap.mod.fc: No such file or directory whereas with just "make" it works well. The Makefile used is probably the fault here, but I'm no wizard in these things and since "just" make works= , I'll stick with that ;) Wkr, Sven Vermeulen