package/refpolicy: test REFPOLICY_EXTRA_MODULES_DIR differently

REFPOLICY_EXTRA_MODULES_DIRS contains $(PACKAGES_SELINUX_EXTRA_MODULES_DIRS) which is filled in by package/pkg-generic.mk with the list of packages that have a selinux/ sub-directory. Due to how variable expansion works, if there is an ifeq/ifneq test of REFPOLICY_EXTRA_MODULES_DIRS, it will only see the value of REFPOLICY_EXTRA_MODULES_DIRS with the list of packages *before* refpolicy in alphabetic ordering. This means that packages after refpolicy in alphabetic ordering would not be taken into account. To fix this, we switch to an $(if ...) test, which allows the variable to really be evaluated during the refpolicy build. This makes sures the expansion is correct. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-10-06 13:57:26 +02:00 · 2020-10-06 13:57:26 +02:00 · 717643ae7c
commit 717643ae7c
parent 0e09875f09
1 changed files with 3 additions and 3 deletions
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@ -71,7 +71,6 @@ REFPOLICY_MODULES = \
 	$(foreach d,$(REFPOLICY_EXTRA_MODULES_DIRS),\
 		$(basename $(notdir $(wildcard $(d)/*.te))))

-ifneq ($(REFPOLICY_EXTRA_MODULES_DIRS),)
 define REFPOLICY_COPY_EXTRA_MODULES
 	mkdir -p $(@D)/policy/modules/buildroot
 	rsync -au $(addsuffix /*,$(REFPOLICY_EXTRA_MODULES_DIRS)) \
@ -81,7 +80,6 @@ define REFPOLICY_COPY_EXTRA_MODULES
 			$(@D)/policy/modules/buildroot/metadata.xml; \
 	fi
 endef
-endif

 # In the context of a monolithic policy enabling a piece of the policy as
 # 'base' or 'module' is equivalent, so we enable them as 'base'.
@ -106,7 +104,9 @@ define REFPOLICY_CONFIGURE_CMDS
 	$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
 	$(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
 	$(REFPOLICY_CONFIGURE_SYSTEMD)
-	$(REFPOLICY_COPY_EXTRA_MODULES)
+	$(if $(REFPOLICY_EXTRA_MODULES_DIRS), \
+		$(REFPOLICY_COPY_EXTRA_MODULES)
+	)
 	$(REFPOLICY_MAKE) -C $(@D) bare conf
 	$(REFPOLICY_CONFIGURE_MODULES)
 endef