DevHeads.net

Does -devel package name only indicate "C" development packages?

<a href="https://bugzilla.redhat.com/show_bug.cgi?id=962081" title="https://bugzilla.redhat.com/show_bug.cgi?id=962081">https://bugzilla.redhat.com/show_bug.cgi?id=962081</a>

I have a request to change the name of selinux-policy-devel to
selinux-policy-devel-support, since

"everywhere else in the distro -devel means just header files in c and not any
other development tools and we have several scripts that assume that's the case."

selinux-policy-devel contains interface files and tools required to build
selinux-policy. It also currently contains the man pages, which I can move to
the base package.

selinux-policy-devel has existed I believe since at least Fedora 5, and is
fairly well known as a package (Google Knowledge) I hesitate to change the
name of this package, but if Fedora Packaging guidelines or consensus requires
it, I will.

* Tue Jun 20 2006 Dan Walsh < ... at redhat dot com> 2.2.47-5
- - Break out selinux-devel package

Comments

Re: Does -devel package name only indicate "C" development packa

By Adam Williamson at 05/18/2013 - 13:12

On Sat, 2013-05-18 at 06:18 -0400, Daniel J Walsh wrote:
Well, there may have been some signals crossed somewhere. I've been part
of the discussion about reducing the size of the desktop spin.
selinux-policy-devel doesn't look bad to me, the one that looks like a
problem is policycoreutils-devel :

"The policycoreutils-devel package contains the management tools use to
develop policy in an SELinux environment."

Now *that* is a non-standard interpretation of the -devel suffix. And
policycoreutils-devel requires selinux-policy-devel - a package of
'runtime' stuff depending on a package of 'build time' stuff - and
various 'runtime' packages depend on policycoreutils-devel, notably the
SELinux troubleshooting thing, because policycoreutils-devel contains
audit2allow.

That's the thicket we are trying to unpick, I believe.

Re: Does -devel package name only indicate "C" development packa

By Rahul Sundaram at 05/18/2013 - 13:41

On 05/18/2013 01:12 PM, Adam Williamson wrote:
Rahul

Re: Does -devel package name only indicate "C" development packa

By Adam Williamson at 05/18/2013 - 14:25

On Sat, 2013-05-18 at 13:41 -0400, Rahul Sundaram wrote:
And to make things clear there - the fact that policycoreutils and
policycoreutils-devel are split is not exactly a problem, in fact it's
making things better, it's just the nomenclature is off and it seems
like the dependency of pcu-devel on selinux-policy-devel is sub-optimal
and might be improveable.

Re: Does -devel package name only indicate "C" development packa

By Daniel J Walsh at 05/20/2013 - 08:45

On 05/18/2013 02:25 PM, Adam Williamson wrote:
Most people do
# grep BROKENAPP /var/log/audit/audit.log | audit2allow -M mybrokenapp
# semodule -i mybrokenapp.pp

Which does not require selinux-policy-devel, however if you run audit2allow
- -R it does, and this is something I suggest people look at when building local
policy modules.

I can hack up audit2allow to suggest which packages to install depending on
the command options, we already have some of this.

The real trigger for the problem is setroubleshoot-server requires sepolicy
and audit2allow which brings in policycoreutils-devel, which brings in
selinux-policy-devel.

I guess I can work to hack out the parts of sepolicy/audit2allow that
setroubleshoot-server actually needs and move that back into policycoreutils,
then it can just require this.

Re: Does -devel package name only indicate "C" development packa

By Tomasz Torcz at 05/18/2013 - 13:22

On Sat, May 18, 2013 at 10:12:52AM -0700, Adam Williamson wrote:
SELinux *management* often means *building* parts of policy. That's
the problem, right?

Re: Does -devel package name only indicate "C" development packa

By Adam Williamson at 05/18/2013 - 13:26

On Sat, 2013-05-18 at 19:22 +0200, Tomasz Torcz wrote:
Right, exactly. 'developing' SELinux policy is not an act of
'development' like writing code, and it's something we quite actively
offer to people at run time - one of the actions the SELinux
troubleshooting GUI offers in many AVC cases is 'run audit2allow to
generate a policy that will allow this action', for instance, hence its
dependency on policycoreutils-devel.

Re: Does -devel package name only indicate "C" development packa

By Richard W.M. Jones at 05/18/2013 - 07:10

OCaml development packages are called ocaml-*-devel. Example:

<a href="http://koji.fedoraproject.org/koji/rpminfo?rpmID=3740331" title="http://koji.fedoraproject.org/koji/rpminfo?rpmID=3740331">http://koji.fedoraproject.org/koji/rpminfo?rpmID=3740331</a>

Note that *.mli files are kind of equivalent to C header files.

But I'd agree with you that anything needed for "development" (that
term interpreted broadly) and not for "use" could go in a -devel
package.

Rich.

Re: Does -devel package name only indicate "C" development packa

By Tomasz Torcz at 05/18/2013 - 06:35

That's some strange interpretation. I completly don't agree with that.

That seems like a perfect description for what -devel is. For normal usage
selinux-policy is required. For building and modification – -devel package. Seems
completely intuitive for me.

About assumptions: does ‘rpmlint selinux-policy.spec‘ complains?

Re: Does -devel package name only indicate "C" development packa

By Nicolas Mailhot at 05/18/2013 - 07:20

Le Sam 18 mai 2013 12:35, Tomasz Torcz a écrit :

Actually, if modification and building can be dissociated, it'd be nice to
keep -devel for building and split the rest in -tools

Re: Does -devel package name only indicate "C" development packa

By =?ISO-8859-2?Q?... at 05/18/2013 - 06:41

Hi,

2013/5/18 Tomasz Torcz < ... at pipebreaker dot pl>

Agree.

I wonder if "-devel means just header files in c" applies to c++ headers as
well?

Re: Does -devel package name only indicate "C" development packa

By David Strauss at 05/18/2013 - 06:37

I agree with Tomasz. "-devel" has always means "files and data
necessary to support use as a build dependency" to me. That's a
superset of C header files.

Re: Does -devel package name only indicate "C" development packa

By Daniel J Walsh at 05/18/2013 - 07:51

On 05/18/2013 06:37 AM, David Strauss wrote: