On Tue, Sep 24, 2019 at 9:58 AM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On 9/24/19 6:51 AM, Ondrej Mosnacek wrote: > > On Mon, Sep 23, 2019 at 4:11 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > >> On 9/23/19 5:58 AM, Ondrej Mosnacek wrote: > >>> Right now, test_policy.pp is rebuilt on every make invocation. Tweak the > >>> Makefile so that it is only build when it hasn't been built, it has been > >>> cleaned, or the source files changed. > >> > >> It also needs to be rebuilt if anything under > >> /usr/share/selinux/devel/include has changed e.g. upon an update of > >> selinux-policy-devel. > > > > I am now testing a version that always executes the `$(MAKE) -C > > test_policy -f $(POLDEV)/Makefile test_policy.pp` step, relying on the > > system Makefile to rebuild the pp as needed (there already are proper > > dependencies on the include files). However, the package manager on > > Fedora preserves the timestamps of the installed files (from package > > build time), which means that make doesn't always detect that the > > files are newer than the already built policy package. > > > > So it looks like we don't have any other choice than to always rebuild > > if we really need to auto-react to changing system files. > > I'd rather err on the side of rebuilding too often than using stale policy. That would be my preference as well. In fact, I actually recommend doing a 'make clean' before building and running the tests simply to make sure everything in the dependency list and toolchain is still working properly with the bits in the test suite. -- paul moore www.paul-moore.com
