|
 |
f85957f |
This patch is to fix bug #137863
|
|
|
f85957f |
|
|
|
f85957f |
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137863
|
|
|
f85957f |
|
|
|
f85957f |
The problem arose when the SELinux security policy detected mailman
|
|
|
f85957f |
attempting to open files under /usr/src/build (i.e. the buildroot
|
|
|
f85957f |
where the RPM is created). It was a bit of a mystery what in mailmain
|
|
|
f85957f |
was causing access to a hardcoded absolute path that only exists on
|
|
|
f85957f |
the machine mailman was built on and doesn't exist on the machine it
|
|
|
f85957f |
was installed on. It was finally determined the path had been embedded
|
|
|
f85957f |
in the .pyc files when they were compiled during the build
|
|
|
f85957f |
process. These path names are used as debug output when exceptions
|
|
|
f85957f |
occur in the .pyc file (e.g. file, line number in stack traces). The
|
|
|
f85957f |
SELinux security violations occurred only after a python exception
|
|
|
f85957f |
occurred in mailman. The solution to supply the "ddir" parameter
|
|
|
f85957f |
(debug directory) in the compile_dir function call. Given that mailman
|
|
|
f85957f |
expects to build on the machine and in its install directory it was
|
|
|
f85957f |
never necessary to suppy a "ddir" parameter in addition to "dir"
|
|
|
f85957f |
because they were the same. But when building for an alternate
|
|
|
f85957f |
installation it is necessary to supply both parameters because they
|
|
|
f85957f |
are different. Note in the default case of building on the target both
|
|
|
f85957f |
$(DESTDIR)$(prefix)" and "$(prefix)" will evaluate to the same value
|
|
|
f85957f |
and the original behavior will be retained.
|
|
|
f85957f |
|
|
|
f85957f |
The compile_dir command used to recurse from the $(prefix)/Mailman
|
|
|
f85957f |
root to find .py files, but this missed .py files also located here:
|
|
|
f85957f |
|
|
|
f85957f |
$(prefix)/bin
|
|
|
f85957f |
$(prefix)/cron
|
|
|
f85957f |
$(prefix)/pythonlib
|
|
|
f85957f |
$(prefix)/scripts
|
|
|
f85957f |
$(prefix)/tests
|
|
|
f85957f |
|
|
|
f85957f |
In particular it missed $(prefix)/pythonlib. When $(prefix)/pythonlib
|
|
|
f85957f |
was added a new problem was observed, that path contained pre-compiled
|
|
|
f85957f |
.pyc files that are unpacked from a codecs tar file and since the .pyc
|
|
|
f85957f |
files already existed in the tar file the compile_dir command skipped
|
|
|
f85957f |
compiling them. This resulting in leaving the wrong debug path in the
|
|
|
f85957f |
.pyc file (the ddir arg to compile_dir). Therefore we added "force" to
|
|
|
f85957f |
the compile_dir command and started the directory recursion one level
|
|
|
f85957f |
higher.
|
|
|
f85957f |
|
|
|
f85957f |
diff -u -r mailman-2.1.5.orig/Makefile.in mailman-2.1.5.pyc/Makefile.in
|
|
|
f85957f |
--- mailman-2.1.5.orig/Makefile.in 2003-03-31 14:26:57.000000000 -0500
|
|
|
f85957f |
+++ mailman-2.1.5.pyc/Makefile.in 2004-11-09 12:49:42.000000000 -0500
|
|
|
f85957f |
@@ -124,7 +124,7 @@
|
|
|
f85957f |
do \
|
|
|
f85957f |
(cd $$d; $(MAKE) DESTDIR=$(DESTDIR) install); \
|
|
|
f85957f |
done
|
|
|
f85957f |
- $(PYTHON) -c 'from compileall import *; compile_dir("$(DESTDIR)$(prefix)/Mailman")'
|
|
|
f85957f |
+ $(PYTHON) -c 'from compileall import *; compile_dir("$(DESTDIR)$(prefix)", 20, "$(prefix)", 1)'
|
|
|
f85957f |
|
|
|
f85957f |
# Only run bin/update if we aren't installing in DESTDIR, as this
|
|
|
f85957f |
# means there are probably no lists to deal with, and it wouldn't
|