[refpolicy] PyXML requirement for refpolicy

Nicolas Iooss nicolas.iooss at m4x.org
Mon Nov 3 20:14:30 UTC 2014


2014-10-31 15:21 GMT+01:00 Christopher J. PeBenito:
> On 10/30/2014 6:05 PM, Nicolas Iooss wrote:
>> Refpolicy INSTALL file says that PyXML is required for building [1].
>> However I haven't got this library on my system and things are working
>> well so I'm wondering what I am missing. A simple "git grep import"
>> shows "from xml.dom.minidom import parse, parseString" in
>> support/sedoctool.py [2] but the xml module has been part of Python
>> since Python 2.0 (according to 2.6 doc [3]) so this is not PyXML.
>> Moreover PyXML main page says this library is no longer maintained [4].
>>
>> Is PyXML still a requirement of refpolicy and if not, is it possible to
>> remove it from the INSTALL file?
> 
> I believe you are correct that it can be removed.  These things should
> work, to verify:
> 
> * 'make conf' will yield doc/policy.xml, which will validate against
> doc/policy.dtd. The makefile already validates, so this checks out.
> * doc/policy.xml should have all of the xml docs from throughout the policy
> * 'make html' should get all the html interface docs
> 
> If that all works, then we can update the INSTALL and other
> documentation to replace PyXML with Python 2.0 in the dependency list.

As I got a new computer a few days ago with a clean Arch Linux
installation, I've been able to test things while being sure PyXML has
never been installed on this system.  Here are my results:

* "make conf && make" works fine, with python 3.4.2, the latest release
of SELinux userspace tools & librairies (2.3) and setools 3.3.8.

* "xmllint --noout --dtdvalid doc/policy.dtd doc/policy.xml" succeeds
and "doc/policy.xml" seems to be a valid XML when opened in a text
editor (i.e. it is not almost empty).

* "make html" produces HTML pages in docs/html and Firefox renders them
correctly (and the links work fine).  While speaking about
documentation, there is a small typo in corenet_raw_bind_generic_node
summary: "genric" is written instead of "generic" [1].

* "make validate" prints "Success", after 740s.

It should be OK to drop PyXML from the INSTALL and the doc and document
the supported Python versions.  Python 2.0 might lack some features
which are used in the support scripts (like "from __future__ import
print_function"?).  I haven't got this version on my systems but I've
tested the build with both Python 2.7.8 and 3.4.2 and it succeeded.  As
Arch Linux is probably not the best distro to establish the lower limit
of supported version numbers, it probably makes more sense to see what
Python version Debian, Fedora and Gentoo currently support.

Thanks,

Nicolas

[1]
https://github.com/TresysTechnology/refpolicy/blob/8a3a8c7e1b829193b238ef8397ee050ed1b67fc3/policy/modules/kernel/corenetwork.if.in#L858



More information about the refpolicy mailing list