New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove obsolete selinux modules #23568
Conversation
Pull Request assignmentSubmitter: @plsph sec-policy/selinux-base-policy: @gentoo/selinux Linked bugsNo bugs to link found. If your pull request references any of the Gentoo bug reports, please add appropriate GLEP 66 tags to the commit message and request reassignment. If you do not receive any reply to this pull request, please open or link a bug to attract the attention of maintainers. Missing GCO sign-offPlease read the terms of Gentoo Certificate of Origin and acknowledge them by adding a sign-off to all your commits. In order to force reassignment and/or bug reference scan, please append Docs: Code of Conduct ● Copyright policy (expl.) ● Devmanual ● GitHub PRs ● Proxy-maint guide |
Pull request CI reportReport generated at: 2021-12-29 20:11 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
Signed-off-by: Grzegorz Filo <gf578@wp.pl>
df04fd5
to
e409b5d
Compare
Pull request CI reportReport generated at: 2021-12-30 14:25 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch on the hotplug removal! this looks pretty good, just would prefer a small change which should be easier to maintain going forward :)
Thanks and happy new year!
@@ -27,6 +27,7 @@ BDEPEND=" | |||
sys-apps/checkpolicy | |||
sys-devel/m4" | |||
|
|||
OLD_MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ooh good catch on the hotplug removal. This mostly looks good but i think i'd rather change OLD_MODS to just be the list of modules to remove instead of needing to be a copy of all of them. that'd be less of a maintenance burden i think,
The issue is I have bumps scripted so copying MODS to OLD_MODS is complicated. also I'll keep the modules to remove list for at least a years worth of packages just in case someone does not update regularly and skips some versions
can we change this to OLD_MODS="hotplug"
(or maybe DEL_MODS is nicer?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, no problem, that just need to be aligned with upstream to keep DEL_MODS list up to date.
@@ -105,12 +107,26 @@ pkg_postinst() { | |||
COMMAND="${COMMAND} -i ${i}.pp" | |||
done | |||
|
|||
for i in ${OLD_MODS}; do | |||
if [ -n "${MODS##*$i*}" ]; then | |||
DEL_MODS="${DEL_MODS} ${i}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once the line above is changed to just the list of modules to remove then this loop can be changed to die instead.
maybe something like:
for i in ${OLD_MODS}; do
[[ ${MODS} != *${i}* ]] || die "Duplicate module in MODS and OLD_MODS: ${i}"
done
Signed-off-by: Grzegorz Filo <gf578@wp.pl>
7d9c2b8
to
922deb3
Compare
Sorry for force push, I keep forgeting about Certificate of Origin. |
@@ -27,6 +27,7 @@ BDEPEND=" | |||
sys-apps/checkpolicy | |||
sys-devel/m4" | |||
|
|||
DEL_MODS="hotplug" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tiny nit: I think DEL_MODS
should go underneath MODS
Pull request CI reportReport generated at: 2022-01-01 17:25 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
Signed-off-by: Grzegorz Filo <gf578@wp.pl>
Pull request CI reportReport generated at: 2022-01-01 22:11 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
About the DCO, it looks like your git is misconfigured, i had to use I made some minor changes:
Happy New Year and Thanks for the PR! |
Add cleanup actions to post installation step by identifying removed modules from OLD_MODS list, that is copy from previous ebuild and remove it from selinux module store if installed.
One must maintain OLD_MODS list on each new ebuild by copying it from previous MODS list.