Details
-
Bug
-
Resolution: Fixed
-
Minor
-
Lustre 2.15.3
-
llnl build farm
lustre 2.15.3_3.llnl
-
3
-
9223372036854775807
Description
The l_getsepol utility does not build in our buildfarm because openssl-devel is not installed. The only "BuildRequires: openssl-devel" is for "with gss" and we aren't using gss.
Attachments
Issue Links
- is related to
-
LU-11914 Build error for l_getsepol.c due to missing openssl/evp.h
-
- Resolved
-
Activity
Can we get a second review on the b2_15 backport this week if possible? Thanks!
"Gian-Carlo DeFazio <defazio1@llnl.gov>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/54190
Subject: LU-17226 build: create config option for l_getsepol
Project: fs/lustre-release
Branch: b2_15
Current Patch Set: 1
Commit: 2c3e803bea474fc141702925e6c846e709fc2323
"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/52849/
Subject: LU-17226 build: create config option for l_getsepol
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 2777adcabd1032ddb886f913fa04d82a292ab379
"Gian-Carlo DeFazio <defazio1@llnl.gov>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/52849
Subject: LU-17226 build: create config option for l_getsepol
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: deddcb57ab27ba7fb4b961ce0aa51db7f1129612
Yes, good point Olaf.
There is currently no config flag to disable l_getsepol build. Would that help with "mock", if we build l_getsepol by default but give the ability to disable via --disable-l_getsepol or something?
Otherwise we can add openssl-devel to the BuildRequires as default, if it is not a too strong requirement.
Thanks!
> So maybe the most suitable fix could be to improve the config check so that we simply do not build l_getsepol if openssl-devel is not available.
I believe this is what is currently implemented. But this contradicts the way "mock" (the build tool used by fedora, redhat, and others) work. It extracts BuildRequires from the spec file and installs the named packages in the build environment, and then performs the build. This then provides verification that the actual build requirements and the advertised build requirements are consistent.
> This binary is not strictly required to be able to run a Lustre client with SELinux enabled, it is only needed if 'send_sepol' is explicitly activated (it is off by default).
If there is a config flag to enable the builder to separately decide whether or not to build l_getsepol (I'm guessing not)? If not, then shouldn't we always require openssm to be consistent with that?
Today we have this in the .spec file for the lustre (or lustre-client) package:
%if %{with gss}
BuildRequires: krb5-devel openssl-devel
%endif
%if "%{_vendor}" == "redhat" || "%{_vendor}" == "fedora" || "%{_vendor}" == "openEuler"
#suse don't support selinux
BuildRequires: pkgconfig(libselinux)
%endif
So we already have a require on libselinux, but indeed a require on openssl-devel only for "with gss".
I think it could be too strong to require openssl-devel in all cases.
So maybe the most suitable fix could be to improve the config check so that we simply do not build l_getsepol if openssl-devel is not available. This binary is not strictly required to be able to run a Lustre client with SELinux enabled, it is only needed if 'send_sepol' is explicitly activated (it is off by default).
"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/54190/
Subject:
LU-17226build: create config option for l_getsepolProject: fs/lustre-release
Branch: b2_15
Current Patch Set:
Commit: e12e831794cd172ba687567b7b50548740d83b49