Mandos on Fedora/RHEL

Nathanael Noblet nathanael at gnat.ca
Sun Oct 27 23:49:36 CET 2013 

On 10/26/2013 07:32 PM, Teddy Hogeborn wrote:
> Nathanael Noblet <nathanael at gnat.ca> writes:
>
>> Now onto systemd service file creation
> Actually, I've been working on that.  I just committed support of
> systemd to trunk.
Good stuff, I think Erik's rpm also included a systemd file. I haven't 
looked at either but that's one less thing to worry about.
>> and dracut integration.
> I've yet to look seriously into this.

I'll take a look at it this week. I've never dug too deeply in there 
however I can't imagine its overly more complicated than any other 
initramfs type system.


>> One of the things I know we'll have problems with is your Makefile
>> hardcodes the lib directory to /usr/lib,
> Um, say what?  We do?  Where?  Do you mean the /usr/lib/mandos
> directory?  Note that we do not actually install *libraries* as such, we
> only want a application-specific directory for Mandos client binaries to
> be installed into the initramfs image.  They *are* binaries, so they
> cannot go into /usr/share.

So I think in this case I think they belong in fedora in /usr/libexec. 
Either way I would expect /usr/lib is against Fedora packaging for a 
64bit build. It may be fine for 32 but definitely not 64. Though I'm 
pretty sure that in Fedora they use libexec for programs that aren't 
ever really meant to be called by a user. They have a draft guideline 
here: 
http://fedoraproject.org/wiki/Libexecdir_clarification_packaging_draft


>> and in a multi-lib situation x86_64 arches for fedora are /usr/lib64,
> If I read the Debian standards correctly, they *prohibit* /usr/lib64,
> and mandate /usr/lib instead, and *permits* /usr/lib/x86_64-linux-gnu as
> an option.  How should a mere Makefile detect where to install stuff?
> What do others do?
So I think in most cases projects have a configure script that auto 
generates the Makefile. Distros can pass all their directory paths for 
everything to configure knows where to place it all. In a compiled 
distro this often results in compile time definitions passed through gcc 
or other compilation software.

>
> (Note that the initramfs creation hook script would also need to be
> updated to copy the files from the right place.)
Good to know, though I'm sure I would have run into the issue.

So to include mandos in Fedora there are already some Makefile patches 
that will be required (for example the way the buildsystem works the 
installation of the /var/lib/mandos directory with install --user=x 
--group=y fails. The rpm system has a method for setting desired 
ownership and mode in the file manifest. In anycase, here's how I 
basically modified the Makefile. Once I have all the changes Fedora 
would require we can go over the required patches to see if we can have 
a system that uses your defaults but can be overridden for other distros 
easily.

In the meantime I did this as one patch to the Makefile

ifndef LIBDIR
LIBDIR=lib
endif

then in your install-server and install-client where it has 
$(PREFIX)/lib/ I've changed them to $(PREFIX)/$(LIBDIR)...

That way your default remains however I can do in the build spec

LIBDIR=%{_libexec} make install and it installs to /usr/libexec

The other solution would be to modify the project to use a configure 
file and makefile with definition creation for any files needing 
compilation, python setup files or what not. At the moment it doesn't 
matter to me which way you'd prefer to go but if you are amenable to 
either option would be awesome.

Sincerely,
-- 
Nathanael

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20131027/cd8c1c82/attachment.html>

More information about the Mandos-Dev mailing list