This series extends libsemanage and semodule with optional capability to
detect external changes to modules and perform a rebuild if there are
any. See patch 5 for motivation and more details.
The first four patches are preparatory cleanup/refactoring, patch 5
implements the libsemanage side of the feature described above, and
patch 6 adds a command-line option to semodule that allows to turn on
the feature.
Default behavior of libsemanage and semodule is not changed (apart from
added checksum calculation on each transaction, which however seems to
add no noticeable overhead based on benchmarks - see patch 5 for
details).
Another minor difference is a slightly different format of the checksum
string printed by `semodule --checksum ...` (see patch 2).
v2:
- fix a spelling mistake found by James Carter
- eliminate 'rebuild' goto label from semanage_direct_commit()
- extract some of the semanage_direct_commit() cleanups into a separate
patch
- unify checksum string format (semodule --checksum and the internal
store checksum now use the same format and a common formatting helper)
- also the semanage_module_compute_checksum() is updated to do the
formatting rather than leaving it up to semodule
- add missing space for null terminator to the checksum string buffers
- make the semantics of check_ext_changes more natural (and make them
actually match the documentation)
- before: had to be used along with the rebuild flag to have an effect
if no other changes are being done in the transaction
- now: check_ext_changes == 1 simply forces a rebuild any time module
content changes are detected (i.e. it's kind of a conditional
version of -B)
- also now: rebuild + check_ext_changes == rebuild
- rename --smart to --rebuild-if-modules-changed (it's long, but it's
the least ambiguous I could come up with)
- also update semodule.8 man page
- update commit messages to reflect new naming and behavior
Ondrej Mosnacek (6):
libsemanage: add missing include to boolean_record.c
semodule,libsemanage: move module hashing into libsemanage
libsemanage: move compressed file handling into a separate object
libsemanage: clean up semanage_direct_commit() a bit
libsemanage: optionally rebuild policy when modules are changed
externally
semodule: add command-line option to detect module changes
libsemanage/include/semanage/handle.h | 5 +
libsemanage/include/semanage/modules.h | 26 +
libsemanage/src/boolean_record.c | 4 +-
libsemanage/src/compressed_file.c | 224 ++++++++
libsemanage/src/compressed_file.h | 78 +++
libsemanage/src/direct_api.c | 541 ++++++++----------
libsemanage/src/direct_api.h | 4 -
libsemanage/src/handle.c | 11 +-
libsemanage/src/handle.h | 1 +
libsemanage/src/libsemanage.map | 5 +
libsemanage/src/modules.c | 59 ++
libsemanage/src/modules.h | 3 +
libsemanage/src/semanage_store.c | 53 +-
libsemanage/src/semanage_store.h | 1 +
.../src/semanageswig_python_exception.i | 8 +
.../semodule => libsemanage/src}/sha256.c | 0
.../semodule => libsemanage/src}/sha256.h | 0
policycoreutils/semodule/Makefile | 2 +-
policycoreutils/semodule/semodule.8 | 7 +
policycoreutils/semodule/semodule.c | 85 ++-
20 files changed, 721 insertions(+), 396 deletions(-)
create mode 100644 libsemanage/src/compressed_file.c
create mode 100644 libsemanage/src/compressed_file.h
rename {policycoreutils/semodule => libsemanage/src}/sha256.c (100%)
rename {policycoreutils/semodule => libsemanage/src}/sha256.h (100%)
--
2.34.1
