[Bug 249522] Review Request: sepostgresql - Security-Enhanced PostgreSQL

[bugzilla at redhat.com]

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request:  sepostgresql - Security-Enhanced PostgreSQL


https://bugzilla.redhat.com/show_bug.cgi?id=249522





------- Additional Comments From kaigai at kaigai.gr.jp  2007-08-27 18:43 EST -------
(In reply to comment #48)
> For example, the PL and -test subpackages Require: postgresql-server, which
> would mean you'd have to duplicate those as se-specific versions.

Indeed, you are correct. It's a demerit of using Conflict: tag.

> I don't see the reason why you can't make it install parallel files with
> different names (sepostgres etc).
> The argument that some error messages include the program name seems a bit
> silly, and it's been awhile since there were any hard dependencies on the
> executable name.

I don't say it is not possible, but I was anxious about this change may
invoke unexpected problems.

pg_ctl and initdb invoke the hardcoded "postgres", so we have to patch them
in the sepostgresql package at least.

Just I confirmed the /usr/bin/postgres source. Several codes seems invoke
the hardcoded "postgres", but most of them are enclosed by "#ifdef 
EXEC_BACKEND",
so it seems to me the binary name does not give us any significant affect.

OK, I try to rename the binary, and confirm its works.

> Rather than Conflicts: postgresql-server, I wonder whether you shouldn't be
> trying to Require: postgresql-server = %{version} so that you can share
> whichever files are in common, instead of shipping duplicates.

Maybe, we can omit any libraries (like utf8_and_euc_jp.so) and timezone data.

Thanks,

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.