[libvirt] [PATCH] Support apparmor in RPM spec
From: "Daniel P. Berrange" <berrange@redhat.com> If libapparmor-devel happens to be installed when building the RPM, it will failed due to unlisted virt-aa-helper in %files. Add support for apparmor in the spec, so that we can explicitly turn it on/off, defaulting to off in all distros. This causes --without-apparmor to be given to configure, preventing the build failures if the user happens to have libapparmor-devel present. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- libvirt.spec.in | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/libvirt.spec.in b/libvirt.spec.in index a3a831f..6212b3c 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -100,6 +100,9 @@ %define with_numactl 0%{!?_without_numactl:%{server_drivers}} %define with_selinux 0%{!?_without_selinux:%{server_drivers}} +# Just hardcode to off, since few people ever have apparmor RPMs installed +%define with_apparmor 0%{!?_without_apparmor:0} + # A few optional bits off by default, we enable later %define with_polkit 0%{!?_without_polkit:0} %define with_capng 0%{!?_without_capng:0} @@ -472,6 +475,9 @@ BuildRequires: avahi-devel %if %{with_selinux} BuildRequires: libselinux-devel %endif +%if %{with_apparmor} +BuildRequires: libapparmor-devel +%endif %if %{with_network} BuildRequires: dnsmasq >= 2.41 BuildRequires: iptables @@ -1268,6 +1274,10 @@ of recent versions of Linux (and other OSes). %define _without_selinux --without-selinux %endif +%if ! %{with_apparmor} + %define _without_apparmor --without-apparmor +%endif + %if ! %{with_hal} %define _without_hal --without-hal %endif @@ -1367,6 +1377,7 @@ of recent versions of Linux (and other OSes). %{?_without_netcf} \ %{?_without_selinux} \ %{?_with_selinux_mount} \ + %{?_without_apparmor} \ %{?_without_hal} \ %{?_without_udev} \ %{?_without_yajl} \ @@ -1835,6 +1846,11 @@ fi %endif %attr(0755, root, root) %{_libexecdir}/libvirt_iohelper + + %if %{with_apparmor} +%attr(0755, root, root) %{_libexecdir}/virt-aa-helper + %endif + %attr(0755, root, root) %{_sbindir}/libvirtd %attr(0755, root, root) %{_sbindir}/virtlockd -- 1.8.3.1
On 07/30/2013 05:06 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
If libapparmor-devel happens to be installed when building the RPM, it will failed due to unlisted virt-aa-helper in %files. Add support for apparmor in the spec, so that we can explicitly turn it on/off, defaulting to off in all distros. This causes --without-apparmor to be given to configure, preventing the build failures if the user happens to have libapparmor-devel present.
Makes sense - we want the spec file to be absolute regardless of the dev's environment. Question - is there a repo somewhere with libapparmor-devel built for Fedora, or does it remain something where I'm best off testing on a Debian-based build?
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- libvirt.spec.in | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
ACK. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
On Tue, Jul 30, 2013 at 06:59:16AM -0600, Eric Blake wrote:
On 07/30/2013 05:06 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
If libapparmor-devel happens to be installed when building the RPM, it will failed due to unlisted virt-aa-helper in %files. Add support for apparmor in the spec, so that we can explicitly turn it on/off, defaulting to off in all distros. This causes --without-apparmor to be given to configure, preventing the build failures if the user happens to have libapparmor-devel present.
Makes sense - we want the spec file to be absolute regardless of the dev's environment.
Question - is there a repo somewhere with libapparmor-devel built for Fedora, or does it remain something where I'm best off testing on a Debian-based build?
I took the SUSE libapparmor source RPM and hacked it until it would build on Fedora. Of course you can't actually use it due to missing kernel support in Fedora, but it was good enough to compile libvirt against. Unfortunately I lost the hacked src.rpm I had when one of my dev machines suffered fielsystem data loss :-( It wasn't all that hard to hack the suse RPM though, so ought to be fairly easy to recreate... Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
participants (2)
-
Daniel P. Berrange -
Eric Blake