database/mariadb-columnstore-engine
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-columnstore-engine.git synced 2025-11-05 04:50:35 +03:00
Code Activity

fix(installation): set selinux policy handling to the existing build/postInstall_storage_engine.sh and build/preUn_storage_engine.sh

Browse Source
This commit is contained in:
Leonid Fedorov
2025-08-28 06:48:12 +00:00
committed by Leonid Fedorov
parent 06889082f1
commit 3fea9bf825
5 changed files with 23 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
build/postInstall_storage_engine.sh
View File

@@ -8,3 +8,19 @@ fi
mkdir -p /var/lib/columnstore/local mkdir -p /var/lib/columnstore/local
columnstore-post-install --rpmmode=$rpmmode columnstore-post-install --rpmmode=$rpmmode
# Attempt to load ColumnStore SELinux policy (best-effort, no hard dependency)
POLICY_PATH="/usr/share/columnstore/policy/selinux/columnstore.pp"
if command -v getenforce >/dev/null 2>&1 && command -v semodule >/dev/null 2>&1; then
MODE=$(getenforce 2>/dev/null || echo Disabled)
case "$MODE" in
Enforcing|Permissive)
if [ -r "$POLICY_PATH" ]; then
semodule -i "$POLICY_PATH" || true
fi
;;
*)
:
;;
esac
fi

7
build/preUn_storage_engine.sh
View File

@@ -10,6 +10,13 @@ fi
if [ $rpmmode = erase ]; then if [ $rpmmode = erase ]; then
columnstore-pre-uninstall columnstore-pre-uninstall
# Best-effort removal of ColumnStore SELinux policy on erase
if command -v semodule >/dev/null 2>&1; then
if semodule -l 2>/dev/null | grep -q '^columnstore\b'; then
semodule -r columnstore || true
fi
fi
fi fi
exit 0 exit 0

28
build/selinux_policy_rpm_post.sh
View File

@@ -1,28 +0,0 @@
#!/bin/sh
# Post-install script to load ColumnStore SELinux policy if SELinux is enabled
# This script must not introduce new runtime dependencies; it only uses coreutils and typical SELinux tools if present.
set -e
POLICY_PATH="/usr/share/columnstore/policy/selinux/columnstore.pp"
# If SELinux tooling is not present, or policy file missing, silently exit
command -v getenforce >/dev/null 2>&1 || exit 0
command -v semodule >/dev/null 2>&1 || exit 0
# Only attempt to install when SELinux is enforcing or permissive
MODE=$(getenforce 2>/dev/null || echo Disabled)
case "$MODE" in
Enforcing|Permissive)
if [ -r "$POLICY_PATH" ]; then
# Install or upgrade the module; do not fail the entire package if this fails
semodule -i "$POLICY_PATH" || true
fi
;;
*)
# Disabled or unknown, do nothing
:
;;
esac
exit 0

15
build/selinux_policy_rpm_postun.sh
View File

@@ -1,15 +0,0 @@
#!/bin/sh
# Post-uninstall script to remove ColumnStore SELinux policy module if present
# No new runtime dependencies; use SELinux tools only if available.
set -e
# If SELinux tooling is not present, silently exit
command -v semodule >/dev/null 2>&1 || exit 0
# Remove the module if it is installed; do not fail package removal if this fails
if semodule -l 2>/dev/null | grep -q '^columnstore\b'; then
semodule -r columnstore || true
fi
exit 0

35
cmake/selinux_policy.cmake
View File

@@ -63,38 +63,3 @@ install(
COMPONENT columnstore-engine COMPONENT columnstore-engine
) )
# Register RPM post-install and post-uninstall scripts for the component
set(_selinux_post "${CMAKE_CURRENT_LIST_DIR}/../build/selinux_policy_rpm_post.sh")
set(_selinux_postun "${CMAKE_CURRENT_LIST_DIR}/../build/selinux_policy_rpm_postun.sh")
# POST_INSTALL: preserve existing script if set by wrapping it
if(EXISTS "${_selinux_post}")
if(DEFINED CPACK_RPM_columnstore-engine_POST_INSTALL_SCRIPT_FILE
AND CPACK_RPM_columnstore-engine_POST_INSTALL_SCRIPT_FILE
)
set(_orig_post "${CPACK_RPM_columnstore-engine_POST_INSTALL_SCRIPT_FILE}")
set(_wrap_post "${SELINUX_BUILD_DIR}/post_install_wrapper.sh")
file(WRITE "${_wrap_post}" "#!/bin/sh\n\n'${_orig_post}' \"$@\" || true\n'${_selinux_post}' \"$@\" || true\n")
execute_process(COMMAND ${CMAKE_COMMAND} -E chmod +x "${_wrap_post}")
set(CPACK_RPM_columnstore-engine_POST_INSTALL_SCRIPT_FILE "${_wrap_post}")
else()
set(CPACK_RPM_columnstore-engine_POST_INSTALL_SCRIPT_FILE "${_selinux_post}")
endif()
endif()
# POST_UNINSTALL: preserve existing script if set by wrapping it
if(EXISTS "${_selinux_postun}")
if(DEFINED CPACK_RPM_columnstore-engine_POST_UNINSTALL_SCRIPT_FILE
AND CPACK_RPM_columnstore-engine_POST_UNINSTALL_SCRIPT_FILE
)
set(_orig_postun "${CPACK_RPM_columnstore-engine_POST_UNINSTALL_SCRIPT_FILE}")
set(_wrap_postun "${SELINUX_BUILD_DIR}/post_uninstall_wrapper.sh")
file(WRITE "${_wrap_postun}"
"#!/bin/sh\n\n'${_orig_postun}' \"$@\" || true\n'${_selinux_postun}' \"$@\" || true\n"
)
execute_process(COMMAND ${CMAKE_COMMAND} -E chmod +x "${_wrap_postun}")
set(CPACK_RPM_columnstore-engine_POST_UNINSTALL_SCRIPT_FILE "${_wrap_postun}")
else()
set(CPACK_RPM_columnstore-engine_POST_UNINSTALL_SCRIPT_FILE "${_selinux_postun}")
endif()
endif()