2011/8/18 Robert Haas <robertmhaas@gmail.com>:
> On Thu, Aug 18, 2011 at 1:17 PM, Kohei Kaigai <Kohei.Kaigai@emea.nec.com> wrote:
>>> That's lame. I think we need to patch contrib/sepgsql so that it
>>> fails to build in that case, rather than building and then not
>>> working.
>>>
>> It might be the following fix, but I have no idea to generate an error when $(with_selinux) != "yes" on makefile.
>
> Actually, as I look at this more, I think this build system is
> completely mis-designed. Given that you want to build sepgsql,
> selinux is not an optional feature. So the stuff in
> contrib/sepgsql/Makefile that is intended to link against libselinux
> only if --with-selinux was specified at configure time is nonsense.
> We should just ALWAYS try to link against libselinux, and if it's not
> there, then at least it'll fail right away at compile time instead of
> appearing to compile OK but producing an so that then fails to load at
> runtime.
>
> The only actual legitimate purpose of --with-selinux is to allow
> contrib/Makefile to decide whether, when someone tries to build "all
> the contrib modules", we should try to build sepgsql too.
>
I agree.
So, it seems to me we also need to revise configure script, not only
Makefile of sepgsql.
On configure script, we may need to check availability of libselinux
on the build system, independent from --with-selinux.
But it should not raise an error even if appropriate libselinux was not
available; except for the case when --with-selinux was explicitly given.
It just set flags of HAVE_SELINUX, instead.
I injected #error condition in sepgsql.h that shall be fired if user tries
to build contrib/sepgsql module without libselinux.
And, Makefile was revised to link libselinux always.
How about this design?
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>