Re: [libvirt PATCH 09/13] selinux: introduce meson option for selinux policy install

On Tue, Aug 10, 2021 at 11:10:56AM +0200, Pavel Hrdina wrote: > On Fri, Aug 06, 2021 at 06:48:06PM +0100, Daniel P. Berrangé wrote: > > The /etc/os-release file may not even exist on OS and checking specific > > OS names / versions in the build rules duplicates conditions that are > > set in the RPM. > > > > Instead we just look for existance of the tools we need to build the > > policy module. In doing so, we also introduce '-Dselinux_policy' > > feature flag to let it be controlled explicitly. > > > > Since some versions will have an SELinux policy that is too old, we also > > need to do a feature check for the newest interface(s) that we require. > > Currently this is achieved by looking for "systemd_machined_stream_connect". > > The "macro-expander" command can be used to check for SELinux policy > > interfaces, as it will return empty string for any that don't exist. > > > > Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com&gt; > > --- > > libvirt.spec.in | 7 ++++++ > > meson.build | 1 + > > meson_options.txt | 1 + > > src/security/meson.build | 13 +--------- > > src/security/selinux/meson.build | 43 ++++++++++++++++++++++++++------ > > 5 files changed, 46 insertions(+), 19 deletions(-) > > [...] > > > diff --git a/src/security/selinux/meson.build b/src/security/selinux/meson.build > > index dda8730141..af5a5e38cb 100644 > > --- a/src/security/selinux/meson.build > > +++ b/src/security/selinux/meson.build > > @@ -1,10 +1,39 @@ > > -semod_prog = find_program('semodule_package') > > -checkmod_prog = find_program('checkmodule') > > -bzip2_prog = find_program('bzip2') > > +selinux_policy_opt = get_option('selinux_policy') > > +selinux_policy = false > > +if not selinux_policy_opt.disabled() > > + semod_prog = find_program('semodule_package', required: selinux_policy_opt) > > + checkmod_prog = find_program('checkmodule', required: selinux_policy_opt) > > + macroexpander_prog = find_program('macro-expander', required: selinux_policy_opt) > > + bzip2_prog = find_program('bzip2') > > Here we should use `, required: selinux_policy_opt` as well, otherwise > missing bzip2 would fail the `meson setup` phase if `selinux_policy_opt` > is `auto`. I wonder if we should also actally check for 'sed' and 'm4' since the script we're calling out to will invoke them too.