GNU bug report logs -
#44649
1.2.0rc0 tarball includes guix-daemon.cil.in
Previous Next
Reported by: Daniel Brooks <db48x <at> db48x.net>
Date: Sun, 15 Nov 2020 00:52:01 UTC
Severity: normal
Found in version 1.2.0
Done: Marius Bakke <marius <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 44649 in the body.
You can then email your comments to 44649 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org
:
bug#44649
; Package
guix
.
(Sun, 15 Nov 2020 00:52:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Daniel Brooks <db48x <at> db48x.net>
:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org
.
(Sun, 15 Nov 2020 00:52:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
It should instead include the guix-daemon.cil file which was built from
it. The .in file has unsubstituted variabels in it which make it useless
as an SELinux policy.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#44649
; Package
guix
.
(Sun, 15 Nov 2020 14:58:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 44649 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Daniel Brooks <db48x <at> db48x.net> writes:
> It should instead include the guix-daemon.cil file which was built from
> it. The .in file has unsubstituted variabels in it which make it useless
> as an SELinux policy.
Actually I think both should be included. The processed file will work
for 99% of users, and the template is needed for the 1% that use a
different store directory.
@Ludo: WDYT about the attached patch for version-1.2.0?
[0001-maint-Install-the-processed-SELinux-policy-file-in-a.patch (text/x-patch, inline)]
From 8b77d853a4c9503df61fb75190d562206d1de1d2 Mon Sep 17 00:00:00 2001
From: Marius Bakke <marius <at> gnu.org>
Date: Sun, 15 Nov 2020 15:56:04 +0100
Subject: [PATCH] maint: Install the processed SELinux policy file in addition
to the template.
This fixes <https://bugs.gnu.org/44649>.
Reported by Daniel Brooks <db48x <at> db48x.net>.
* Makefile.am (dist_selinux_policy_DATA): New target.
---
Makefile.am | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index 5b84d74f08..4c061db3ca 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -561,8 +561,10 @@ dist_zshcompletion_DATA = etc/completion/zsh/_guix
# Fish completion file.
dist_fishcompletion_DATA = etc/completion/fish/guix.fish
-# SELinux policy
+# SELinux policy. Install both the template and the compiled version so
+# it works "out of the box", but can be rebuilt as necessary.
nodist_selinux_policy_DATA = etc/guix-daemon.cil.in
+dist_selinux_policy_DATA = etc/guix-daemon.cil
EXTRA_DIST += \
HACKING \
--
2.29.2
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#44649
; Package
guix
.
(Sun, 15 Nov 2020 15:10:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 44649 <at> debbugs.gnu.org (full text, mbox):
Marius Bakke <marius <at> gnu.org> writes:
> Actually I think both should be included. The processed file will work
> for 99% of users, and the template is needed for the 1% that use a
> different store directory.
Fair enough.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#44649
; Package
guix
.
(Sun, 15 Nov 2020 20:20:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 44649 <at> debbugs.gnu.org (full text, mbox):
Hi,
Daniel Brooks <db48x <at> db48x.net> skribis:
> It should instead include the guix-daemon.cil file which was built from
> it. The .in file has unsubstituted variabels in it which make it useless
> as an SELinux policy.
Yes, but running “./configure” gives you the ‘etc/guix-daemon.cil’ for
your configuration. What’s wrong with that?
Marius: common practice is to not include instantiated templates; we
wouldn’t use templates in the first place if contents were always the
same. :-)
Thanks,
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#44649
; Package
guix
.
(Sun, 15 Nov 2020 21:03:01 GMT)
Full text and
rfc822 format available.
Message #17 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Daniel Brooks 写道:
> Marius Bakke <marius <at> gnu.org> writes:
>
>> Actually I think both should be included. The processed file
>> will work
>> for 99% of users, and the template is needed for the 1% that
>> use a
>> different store directory.
>
> Fair enough.
Is a pre-generated .cil file required to run ./configure at all on
some systems? How's it different from, say, the Makefile which is
also generated later?
Kind regards,
T G-R
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#44649
; Package
guix
.
(Sun, 15 Nov 2020 21:03:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#44649
; Package
guix
.
(Sun, 15 Nov 2020 21:25:01 GMT)
Full text and
rfc822 format available.
Message #23 received at 44649 <at> debbugs.gnu.org (full text, mbox):
Ludovic Courtès <ludo <at> gnu.org> writes:
> Yes, but running “./configure” gives you the ‘etc/guix-daemon.cil’ for
> your configuration. What’s wrong with that?
>
> Marius: common practice is to not include instantiated templates; we
> wouldn’t use templates in the first place if contents were always the
> same. :-)
That's true; I'd forgotten about that. The reason I mention it is that
it would be nice if guix-install.sh could set up the selinux policy. I
guess this is the only step that would need to run configure.
db48x
Reply sent
to
Marius Bakke <marius <at> gnu.org>
:
You have taken responsibility.
(Sun, 15 Nov 2020 22:28:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Daniel Brooks <db48x <at> db48x.net>
:
bug acknowledged by developer.
(Sun, 15 Nov 2020 22:28:01 GMT)
Full text and
rfc822 format available.
Message #28 received at 44649-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes:
> Hi,
>
> Daniel Brooks <db48x <at> db48x.net> skribis:
>
>> It should instead include the guix-daemon.cil file which was built from
>> it. The .in file has unsubstituted variabels in it which make it useless
>> as an SELinux policy.
>
> Yes, but running “./configure” gives you the ‘etc/guix-daemon.cil’ for
> your configuration. What’s wrong with that?
>
> Marius: common practice is to not include instantiated templates; we
> wouldn’t use templates in the first place if contents were always the
> same. :-)
Yes indeed; somehow I thought the bootstrapped tarball also had run
"configure" with the common options, but obviously that's incorrect.
Closing this bug, as there is no reason to special-case this one file.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#44649
; Package
guix
.
(Mon, 16 Nov 2020 08:13:02 GMT)
Full text and
rfc822 format available.
Message #31 received at 44649 <at> debbugs.gnu.org (full text, mbox):
Hi Daniel,
Daniel Brooks <db48x <at> db48x.net> skribis:
> Ludovic Courtès <ludo <at> gnu.org> writes:
>
>> Yes, but running “./configure” gives you the ‘etc/guix-daemon.cil’ for
>> your configuration. What’s wrong with that?
>>
>> Marius: common practice is to not include instantiated templates; we
>> wouldn’t use templates in the first place if contents were always the
>> same. :-)
>
> That's true; I'd forgotten about that. The reason I mention it is that
> it would be nice if guix-install.sh could set up the selinux policy. I
> guess this is the only step that would need to run configure.
Good point! The installed ‘guix’ has that file under
share/selinux/guix-daemon.cil, so perhaps the script could copy it from
there?
HTH,
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#44649
; Package
guix
.
(Mon, 16 Nov 2020 12:13:01 GMT)
Full text and
rfc822 format available.
Message #34 received at 44649 <at> debbugs.gnu.org (full text, mbox):
Ludovic Courtès <ludo <at> gnu.org> writes:
> Good point! The installed ‘guix’ has that file under
> share/selinux/guix-daemon.cil, so perhaps the script could copy it from
> there?
It only has it if you run configure first.
db48x
Information forwarded
to
bug-guix <at> gnu.org
:
bug#44649
; Package
guix
.
(Mon, 16 Nov 2020 12:55:01 GMT)
Full text and
rfc822 format available.
Message #37 received at 44649 <at> debbugs.gnu.org (full text, mbox):
Daniel Brooks <db48x <at> db48x.net> skribis:
> Ludovic Courtès <ludo <at> gnu.org> writes:
>
>> Good point! The installed ‘guix’ has that file under
>> share/selinux/guix-daemon.cil, so perhaps the script could copy it from
>> there?
>
> It only has it if you run configure first.
“The installed ‘guix’” here refers to the one
/var/guix/profiles/per-user/root that ‘guix-install.sh’ installed.
HTH,
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#44649
; Package
guix
.
(Mon, 16 Nov 2020 13:16:02 GMT)
Full text and
rfc822 format available.
Message #40 received at 44649 <at> debbugs.gnu.org (full text, mbox):
Ludovic Courtès <ludo <at> gnu.org> writes:
>>> Good point! The installed ‘guix’ has that file under
>>> share/selinux/guix-daemon.cil, so perhaps the script could copy it from
>>> there?
>>
>> It only has it if you run configure first.
>
> “The installed ‘guix’” here refers to the one
> /var/guix/profiles/per-user/root that ‘guix-install.sh’ installed.
It only has what's in the tarball, which is just guix-daemon.cil.in.
db48x
Information forwarded
to
bug-guix <at> gnu.org
:
bug#44649
; Package
guix
.
(Mon, 16 Nov 2020 16:17:02 GMT)
Full text and
rfc822 format available.
Message #43 received at 44649-done <at> debbugs.gnu.org (full text, mbox):
Daniel Brooks <db48x <at> db48x.net> skribis:
> Ludovic Courtès <ludo <at> gnu.org> writes:
>
>>>> Good point! The installed ‘guix’ has that file under
>>>> share/selinux/guix-daemon.cil, so perhaps the script could copy it from
>>>> there?
>>>
>>> It only has it if you run configure first.
>>
>> “The installed ‘guix’” here refers to the one
>> /var/guix/profiles/per-user/root that ‘guix-install.sh’ installed.
>
> It only has what's in the tarball, which is just guix-daemon.cil.in.
Oh, got it; now that’s a bug, sorry if I had misunderstood all along!
Now fixed in d4031410375834349bc0d56630be86b076a1d704.
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Tue, 15 Dec 2020 12:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 132 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.