Changeset: b8e5e952ba93 for MonetDB URL: https://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=b8e5e952ba93 Added Files: cmake/Modules/FindAwk.cmake misc/selinux/CMakeLists.txt misc/selinux/ChangeLog-Archive misc/selinux/ChangeLog.Jun2020 misc/selinux/monetdb.fc.in misc/selinux/monetdb.if misc/selinux/monetdb.te misc/selinux/post_install_script_file.in misc/selinux/post_uninstall_script_file.in misc/selinux/selinux_types.awk Removed Files: buildtools/selinux/ChangeLog-Archive buildtools/selinux/ChangeLog.Jun2020 Modified Files: CMakeLists.txt cmake/Modules/FindSemodule.cmake cmake/monetdb-findpackages.cmake cmake/monetdb-functions.cmake cmake/monetdb-rpm-packages.cmake documentation/source/cmake.rst misc/CMakeLists.txt Branch: default Log Message:
add cmake code to handle selinux configuration diffs (truncated from 496 to 300 lines): diff --git a/CMakeLists.txt b/CMakeLists.txt --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -55,7 +55,6 @@ include(monetdb-toolchain) monetdb_default_toolchain() #monetdb_default_compiler_options() - include(monetdb-defines) monetdb_hg_revision() diff --git a/cmake/Modules/FindAwk.cmake b/cmake/Modules/FindAwk.cmake new file mode 100644 --- /dev/null +++ b/cmake/Modules/FindAwk.cmake @@ -0,0 +1,20 @@ +#[[ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# Copyright 1997 - July 2008 CWI, August 2008 - 2020 MonetDB B.V. +#]] + +find_program(AWK_EXECUTABLE NAMES awk + DOC "awk" +) + +include(FindPackageHandleStandardArgs) + +find_package_handle_standard_args(Awk + DEFAULT_MSG + AWK_EXECUTABLE +) + +mark_as_advanced(AWK_EXECUTABLE) diff --git a/cmake/Modules/FindSemodule.cmake b/cmake/Modules/FindSemodule.cmake --- a/cmake/Modules/FindSemodule.cmake +++ b/cmake/Modules/FindSemodule.cmake @@ -7,7 +7,7 @@ #]] find_program(SEMODULE_EXECUTABLE NAMES semodule - DOC "Manage selinux policy mocules" + DOC "Manage selinux policy modules" ) include(FindPackageHandleStandardArgs) diff --git a/cmake/monetdb-findpackages.cmake b/cmake/monetdb-findpackages.cmake --- a/cmake/monetdb-findpackages.cmake +++ b/cmake/monetdb-findpackages.cmake @@ -114,5 +114,6 @@ find_package(Rpmbuild) find_package(DpkgBuildpackage) find_package(Reprepro) find_package(Semodule) +find_package(Awk) # vim: set ts=2:sw=2:et diff --git a/cmake/monetdb-functions.cmake b/cmake/monetdb-functions.cmake --- a/cmake/monetdb-functions.cmake +++ b/cmake/monetdb-functions.cmake @@ -159,6 +159,7 @@ function(monetdb_cmake_summary) message(STATUS "Dpkg-buildpackage: ${DPKGBUILDPACKAGE_FOUND}") message(STATUS "Reprepro: ${REPREPRO_FOUND}") message(STATUS "Semodule: ${SEMODULE_FOUND}") + message(STATUS "Awk: ${AWK_FOUND}") message(STATUS "flags: ${CMAKE_C_FLAGS}") message(STATUS "-----------------------------------------") message(STATUS "") @@ -343,3 +344,27 @@ function(monetdb_debian_extra_files) ${CMAKE_INSTALL_DATAROOTDIR}/doc/monetdb5-server COMPONENT server) endfunction() + +function(find_selinux_types) + # The execute_process does not handle the single quotes around the awk + # command well. That is why we run it from the file. Be careful that the + # awk command is on a single line. Otherwise the output is not on a single + # line, which is needed to convert it to a cmake list. + # If the command fails, or awk is not found, we set a default list. + if(AWK_FOUND) + execute_process(COMMAND ${AWK_EXECUTABLE} "-f" "${CMAKE_SOURCE_DIR}/misc/selinux/selinux_types.awk" "/etc/selinux/config" + WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}" + RESULT_VARIABLE AWK_RETURN_CODE + OUTPUT_VARIABLE AWK_OUTPUT_RES + ERROR_VARIABLE AWK_ERROR_RES + OUTPUT_STRIP_TRAILING_WHITESPACE) + if(AWK_RETURN_CODE EQUAL 0 AND AWK_OUTPUT_RES) + set(SELINUX_TYPES "${AWK_OUTPUT_RES}" PARENT_SCOPE) + else() + message(WARNING "Unable to get selinux types. Using defaults.") + set(SELINUX_TYPES "mls targeted" PARENT_SCOPE) + endif() + else() + set(SELINUX_TYPES "mls targeted" PARENT_SCOPE) + endif() +endfunction() diff --git a/cmake/monetdb-rpm-packages.cmake b/cmake/monetdb-rpm-packages.cmake --- a/cmake/monetdb-rpm-packages.cmake +++ b/cmake/monetdb-rpm-packages.cmake @@ -135,6 +135,8 @@ set(CPACK_RPM_selinux_PACKAGE_SUMMARY "S set(CPACK_RPM_selinux_PACKAGE_ARCHITECTURE "noarch") set(CPACK_RPM_selinux_PACKAGE_REQUIRES_POST "MonetDB5-server%{?_isa} = %{version}-%{release}, %{name}-SQL-server5%{?_isa} = %{version}-%{release}, /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles") set(CPACK_RPM_selinux_PACKAGE_REQUIRES_POSTUN "MonetDB5-server%{?_isa} = %{version}-%{release}, %{name}-SQL-server5%{?_isa} = %{version}-%{release}, /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles") +set(CPACK_RPM_selinux_POST_INSTALL_SCRIPT_FILE "${CMAKE_BINARY_DIR}/misc/selinux/post_install_script_file") +set(CPACK_RPM_selinux_POST_UNINSTALL_SCRIPT_FILE "${CMAKE_BINARY_DIR}/misc/selinux/post_uninstall_script_file") # Determine the build requires settings for the source build # This add buildsrequirement based on the packages that are diff --git a/documentation/source/cmake.rst b/documentation/source/cmake.rst --- a/documentation/source/cmake.rst +++ b/documentation/source/cmake.rst @@ -30,7 +30,9 @@ MSI The windows packages are located at https://www.monetdb.org/downloads/Windows/Apr2019-SP1/ -### Mac OS X +Mac OS X +======== + The Mac OS X packages are downloaded from https://www.monetdb.org/downloads/MacOSX/ This repository contains a binary tarball and a pkg package. This last one is generated using the "MonetDB.pkgproj" file in the "MacOSX" directory in the source repository. The repository itself is only a download folder, there is no scripting needed to generate the repository itself. The third option to install monetdb on MacOS is to use homebrew. The relevant file is "https://github.com/MonetDB/homebrew-core/blob/master/Formula/monetdb.rb";, the repository is in the MonetDB github organization and is a clone of the homebrew repository. This file will need to be changes after swithing to cmake. The difficult part will likely be to keep this backwards compatible. ``Releasing`` @@ -84,6 +86,39 @@ The find_packages function should define This should give the correct result, because of the way "boolean" values, in combination with empty and non-existing variables work. The only situation where this might go wrong is when the variable explicitly has to have the value 1. This way, we cleanup as much of the legacy variables as possible from the build system. If the build system is setup correctly, the "HAVE_xxxx" variables should not be needed in most cases, because the code will only be build if the value = 1. +Build type +"""""""""" + +Install prefix +"""""""""""""" + +Verbose +""""""" + +Debug find +"""""""""" + +Prefix path +""""""""""" + +Toolchain files +""""""""""""""" + +Custom targets +============== + +Help +"""" + +install +""""""" + +test +"""" + +mtest +""""" + Installing ========== @@ -122,9 +157,6 @@ Numpy detection Since the Python3::Numpy target is not available before version 3.14, we need an alternative. We use a NumPy detection function from a github project: https://raw.githubusercontent.com/fperazzi/davis-2017/master/cmake/FindNumPy.cmake This is MIT licensened, so we can include this in MonetDB. We change the python detection to detect python3, instead of python2. -### Special monetdb_config.h for windows -Now there are two versions of the monetdb_config.h.in , one for windows and one for the rest of the supported OS-es. They should be merged. This is not trivial, because on windows the order in which certain header files are #include-d into the main one is very tricky. And both have a number of obsolete definitions that have to be removed. - shp.h define conflicts ====================== diff --git a/misc/CMakeLists.txt b/misc/CMakeLists.txt --- a/misc/CMakeLists.txt +++ b/misc/CMakeLists.txt @@ -7,3 +7,4 @@ #]] add_subdirectory(python) +add_subdirectory(selinux) diff --git a/misc/selinux/CMakeLists.txt b/misc/selinux/CMakeLists.txt new file mode 100644 --- /dev/null +++ b/misc/selinux/CMakeLists.txt @@ -0,0 +1,84 @@ +#[[ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# Copyright 1997 - July 2008 CWI, August 2008 - 2020 MonetDB B.V. +#]] + +if(SEMODULE_FOUND) + find_selinux_types() + + configure_file(monetdb.fc.in + ${CMAKE_CURRENT_BINARY_DIR}/monetdb.fc + @ONLY) + + # TODO maybe: %{_unitdir}/monetdbd.service + configure_file(post_install_script_file.in + ${CMAKE_CURRENT_BINARY_DIR}/post_install_script_file + @ONLY) + + # TODO: %{_rundir} + configure_file(post_uninstall_script_file.in + ${CMAKE_CURRENT_BINARY_DIR}/post_uninstall_script_file + @ONLY) + + # We don't want to run the selinux makefile in the source directory, so + # we copy these files to the build directory. Now the source directory + # can be read-only. + file(COPY monetdb.if + DESTINATION "${CMAKE_CURRENT_BINARY_DIR}") + file(COPY monetdb.te + DESTINATION "${CMAKE_CURRENT_BINARY_DIR}") + + # Getting awk to generate the list is tricky. So handle the conversion + # to a CMake list using cmake code. + string(REGEX MATCHALL + "([^\ ]+\ |[^\ ]+$)" + SELINUX_TYPES_LIST + "${SELINUX_TYPES}") + # Use three seperate execute_process function calls. If you use one + # call with three commands, they will run in parallel and that will fail. + foreach(SETYPE IN LISTS SELINUX_TYPES_LIST) + STRING(STRIP "${SETYPE}" SETYPE) + execute_process( + COMMAND "make" "NAME=${SETYPE}" "-f" "/usr/share/selinux/devel/Makefile" + WORKING_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}") + execute_process( + COMMAND "mv" ${CMAKE_CURRENT_BINARY_DIR}/monetdb.pp ${CMAKE_CURRENT_BINARY_DIR}/monetdb.pp.${SETYPE} + WORKING_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}") + execute_process( + COMMAND "make" "NAME=${SETYPE}" "-f" "/usr/share/selinux/devel/Makefile" "clean" + WORKING_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}") + endforeach() + + foreach(SETYPE IN LISTS SELINUX_TYPES_LIST) + STRING(STRIP "${SETYPE}" SETYPE) + install(FILES + ${CMAKE_CURRENT_BINARY_DIR}/monetdb.pp.${SETYPE} + DESTINATION + ${CMAKE_INSTALL_DATADIR}/selinux/${SETYPE} + RENAME monetdb.pp + COMPONENT + selinux) + + install(FILES + ${CMAKE_CURRENT_BINARY_DIR}/monetdb.pp.${SETYPE} + DESTINATION + ${CMAKE_INSTALL_DATADIR}/doc + COMPONENT + selinux) + endforeach() + + install(FILES + ChangeLog-Archive + ChangeLog.Jun2020 + ${CMAKE_CURRENT_BINARY_DIR}/monetdb.fc + monetdb.if + monetdb.te + DESTINATION + ${CMAKE_INSTALL_DATADIR}/doc + COMPONENT + selinux) + +endif() diff --git a/buildtools/selinux/ChangeLog-Archive b/misc/selinux/ChangeLog-Archive rename from buildtools/selinux/ChangeLog-Archive rename to misc/selinux/ChangeLog-Archive diff --git a/buildtools/selinux/ChangeLog.Jun2020 b/misc/selinux/ChangeLog.Jun2020 rename from buildtools/selinux/ChangeLog.Jun2020 rename to misc/selinux/ChangeLog.Jun2020 diff --git a/misc/selinux/monetdb.fc.in b/misc/selinux/monetdb.fc.in new file mode 100644 --- /dev/null +++ b/misc/selinux/monetdb.fc.in @@ -0,0 +1,15 @@ +@CMAKE_INSTALL_FULL_BINDIR@/monetdbd -- gen_context(system_u:object_r:monetdbd_exec_t,s0) +@CMAKE_INSTALL_FULL_BINDIR@/mserver5 -- gen_context(system_u:object_r:mserver5_exec_t,s0) +@CMAKE_INSTALL_FULL_LIBDIR@/systemd/system/monetdbd.* gen_context(system_u:object_r:monetdbd_unit_file_t,s0) +@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/monetdb(/.*)? gen_context(system_u:object_r:monetdbd_log_t,s0) +# for some reason we cannot use /run/monetdb here, even though that is the real name +@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/run/monetdb(/.*)? gen_context(system_u:object_r:monetdbd_var_run_t,s0) +# database "farm" +@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/monetdb5/dbfarm(/.*)? gen_context(system_u:object_r:mserver5_db_t,s0) +@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/monetdb5/dbfarm/\.merovingian_properties -- gen_context(system_u:object_r:monetdbd_etc_t,s0) +@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/monetdb5/dbfarm/\.merovingian_lock -- gen_context(system_u:object_r:monetdbd_lock_t,s0) +@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/monetdb5/dbfarm/.*/\.gdk_lock -- gen_context(system_u:object_r:mserver5_lock_t,s0) +@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/monetdb(/.*)? gen_context(system_u:object_r:mserver5_db_t,s0) +@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/monetdb/\.merovingian_properties -- gen_context(system_u:object_r:monetdbd_etc_t,s0) +@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/monetdb/\.merovingian_lock -- gen_context(system_u:object_r:monetdbd_lock_t,s0) +@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/monetdb/.*/\.gdk_lock -- gen_context(system_u:object_r:mserver5_lock_t,s0) diff --git a/misc/selinux/monetdb.if b/misc/selinux/monetdb.if new file mode 100644 --- /dev/null +++ b/misc/selinux/monetdb.if _______________________________________________ checkin-list mailing list checkin-list@monetdb.org https://www.monetdb.org/mailman/listinfo/checkin-list
