Re: Fwd: Automagic dependency on selinux

[Bruno Haible]

Hi Jim,

Johan Hattne wrote:
> ... trouble if e.g. findutils are compiled on a host
> where selinux is present, but run on a system without.

For every somewhat complicated or possibly troublesome connection to an
external package, it makes sense to have a --without-... option.

Paul Eggert wrote:
> The general idea seems sound, but it sounds like it should be a --with option,

James Youngman wrote in <https://savannah.gnu.org/bugs/?30608>
> I sympathise

So here is a proposed patch. Can someone with access to an SELinux machine
please test it? On such a system, run
  $ ./gnulib-tool --create-testdir --dir=/tmp/testdir selinux-h
  $ cd /tmp/testdir
  $ ./configure --without-selinux
  $ make
the observe whether
  1) gllib/selinux/context.h has been created,
  2) HAVE_SELINUX_SELINUX_H is not defined in config.h.


2010-08-28  Bruno Haible  <address@hidden>

        selinux-h: Offer a --without-selinux option.
        * m4/selinux-selinux-h.m4 (gl_HEADERS_SELINUX_SELINUX_H): If
        --without-selinux was specified, skip all tests.
        (gl_LIBSELINUX): Offer --without-selinux option. If it is specified,
        set LIB_SELINUX to empty.
        * m4/selinux-context-h.m4 (gl_HEADERS_SELINUX_CONTEXT_H): Require
        gl_LIBSELINUX. If --without-selinux was specified, replace
        selinux/context.h.
        Reported by Johan Hattne <address@hidden>.

--- m4/selinux-context-h.m4.orig        Sat Aug 28 17:44:38 2010
+++ m4/selinux-context-h.m4     Sat Aug 28 17:27:12 2010
@@ -1,4 +1,4 @@
-# serial 1   -*- Autoconf -*-
+# serial 2   -*- Autoconf -*-
 # Copyright (C) 2006-2007, 2009-2010 Free Software Foundation, Inc.
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -9,8 +9,13 @@
 
 AC_DEFUN([gl_HEADERS_SELINUX_CONTEXT_H],
 [
-  AC_CHECK_HEADERS([selinux/context.h],
-                   [SELINUX_CONTEXT_H=],
-                   [SELINUX_CONTEXT_H=selinux/context.h])
+  AC_REQUIRE([gl_LIBSELINUX])
+  if test "$with_selinux" != no; then
+    AC_CHECK_HEADERS([selinux/context.h],
+                     [SELINUX_CONTEXT_H=],
+                     [SELINUX_CONTEXT_H=selinux/context.h])
+  else
+    SELINUX_CONTEXT_H=selinux/context.h
+  fi
   AC_SUBST([SELINUX_CONTEXT_H])
 ])
--- m4/selinux-selinux-h.m4.orig        Sat Aug 28 17:44:38 2010
+++ m4/selinux-selinux-h.m4     Sat Aug 28 17:39:46 2010
@@ -1,4 +1,4 @@
-# serial 3   -*- Autoconf -*-
+# serial 4   -*- Autoconf -*-
 # Copyright (C) 2006-2007, 2009-2010 Free Software Foundation, Inc.
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -12,41 +12,52 @@
 AC_DEFUN([gl_HEADERS_SELINUX_SELINUX_H],
 [
   AC_REQUIRE([gl_LIBSELINUX])
-  AC_CHECK_HEADERS([selinux/selinux.h])
+  if test "$with_selinux" != no; then
+    AC_CHECK_HEADERS([selinux/selinux.h])
 
-  if test "$ac_cv_header_selinux_selinux_h" = yes; then
-    # We do have <selinux/selinux.h>, so do compile getfilecon.c
-    # and arrange to use its wrappers.
-    AC_LIBOBJ([getfilecon])
-    gl_CHECK_NEXT_HEADERS([selinux/selinux.h])
-    AC_DEFINE([getfilecon], [rpl_getfilecon],
-              [Always use our getfilecon wrapper.])
-    AC_DEFINE([lgetfilecon], [rpl_lgetfilecon],
-              [Always use our lgetfilecon wrapper.])
-    AC_DEFINE([fgetfilecon], [rpl_fgetfilecon],
-              [Always use our fgetfilecon wrapper.])
+    if test "$ac_cv_header_selinux_selinux_h" = yes; then
+      # We do have <selinux/selinux.h>, so do compile getfilecon.c
+      # and arrange to use its wrappers.
+      AC_LIBOBJ([getfilecon])
+      gl_CHECK_NEXT_HEADERS([selinux/selinux.h])
+      AC_DEFINE([getfilecon], [rpl_getfilecon],
+                [Always use our getfilecon wrapper.])
+      AC_DEFINE([lgetfilecon], [rpl_lgetfilecon],
+                [Always use our lgetfilecon wrapper.])
+      AC_DEFINE([fgetfilecon], [rpl_fgetfilecon],
+                [Always use our fgetfilecon wrapper.])
+    fi
+
+    case "$ac_cv_search_setfilecon:$ac_cv_header_selinux_selinux_h" in
+      no:*) # already warned
+        ;;
+      *:no)
+        AC_MSG_WARN([libselinux was found but selinux/selinux.h is missing.])
+        AC_MSG_WARN([AC_PACKAGE_NAME will be compiled without SELinux 
support.])
+    esac
+  else
+    :
   fi
-
-  case "$ac_cv_search_setfilecon:$ac_cv_header_selinux_selinux_h" in
-    no:*) # already warned
-      ;;
-    *:no)
-      AC_MSG_WARN([libselinux was found but selinux/selinux.h is missing.])
-      AC_MSG_WARN([AC_PACKAGE_NAME will be compiled without SELinux support.])
-  esac
 ])
 
 AC_DEFUN([gl_LIBSELINUX],
 [
   AC_REQUIRE([AC_CANONICAL_HOST])
   AC_REQUIRE([AC_CANONICAL_BUILD])
+
+  AC_ARG_WITH([selinux],
+    AS_HELP_STRING([--without-selinux], [do not use SELinux, even on systems 
with SELinux]),
+    [], [with_selinux=maybe])
+
   LIB_SELINUX=
-  gl_save_LIBS=$LIBS
-  AC_SEARCH_LIBS([setfilecon], [selinux],
-                 [test "$ac_cv_search_setfilecon" = "none required" ||
-                  LIB_SELINUX=$ac_cv_search_setfilecon])
+  if test "$with_selinux" != no; then
+    gl_save_LIBS=$LIBS
+    AC_SEARCH_LIBS([setfilecon], [selinux],
+                   [test "$ac_cv_search_setfilecon" = "none required" ||
+                    LIB_SELINUX=$ac_cv_search_setfilecon])
+    LIBS=$gl_save_LIBS
+  fi
   AC_SUBST([LIB_SELINUX])
-  LIBS=$gl_save_LIBS
 
   # Warn if SELinux is found but libselinux is absent;
   if test "$ac_cv_search_setfilecon" = no &&