Description of problem: Currently there is no option to skip compiling and building the selinux-doc sub-package in the .spec file. There is option to skip/build the various other policies (mls, minimum, targeted etc), but there is no such option for the doc sub-package. Version-Release number of selected component (if applicable): Latest SELinux policy as distributed with FC15 How reproducible: always Steps to Reproduce: 1. rpmbuild -bb selinux-policy.spec 2. 3. Actual results: the -doc sub-package is always created Expected results: an option to include/exclude this sub-package as desired Additional info: The attached patch (made against the .spec file distributed with the latest policy) fixes this.
Created attachment 509924 [details] Patch allowing the doc sub-package to be excluded when building the selinux policy rpm
Looks reasonable.
Lost this in the weeds. Fixed in selinux-policy-3.10.0-83.fc17
OK, seen that I submitted this over 6 months ago - when my rpm-building experience wasn't all that, I have a few optimisations to make (will re-submit a separate patch, if needed - just let me know if that is the case): %if %{?BUILD_DOC:0}%{!?BUILD_DOC:1} %define BUILD_DOC 1 %endif [...] +%if %{BUILD_DOC} make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs +%else +make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers +%endif Could be transformed/optimised with the following: %if %{?BUILD_DOC:0}%{!?BUILD_DOC:1} %define BUILD_DOC 1 %define docs-target install-docs %else %define docs-target %{nil} %endif [...] make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers %{docs-target}
I had done a different optimization but I kind of like yours.
(In reply to comment #4) > %endif > > [...] > > make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n > DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} > PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers > %{docs-target} Is it working for you?
It wants docs_target instead of docs-target. But there is another issue.
Yeah, I didn't actually test it (apparently, Fedora's RPM got confused by the dash in "docs-target"), but the following *does* work (tried and tested - promise!): %if %{?BUILD_DOC:0}%{!?BUILD_DOC:1} %define BUILD_DOC 1 %define docstarget install-docs %else %define docstarget %{nil} %endif [...] make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers %{docstarget} On a separate note - any chance you can get Bug 716632 pulled "out of the weeds" as well?
That one has been fixed for a while. man semodule_expand ... -a Do not check assertions. This will cause the policy to not check any neverallow rules.