Building systemd-selinux check fails

[Sariyn]

When I build systemd-selinux, I get a lot of check failures at the end and makepkg fails. I can bypass with -nocheck but this is not indicated in the build instructions on the Wiki. Is it normal to get check fails for this package that can be safely ignored, or should I not proceed with the install? If it is normal, the wiki should probably be updated to reflect that.

[fishilico]

Getting check failures depend on the way the package is being built:

• If systemd-selinux is built directly withmakepkg on a system without SELinux or with a SELinux policy in permissive mode, no test should fail.
• On a system with a SELinux policy is enabled in enforcing mode, many tests fail because the test programs are not allowed to interact with the journal and some services.

How are you building the package? Does "the Wiki" refers to https://wiki.archlinux.org/index.php/SELinux or another page on another wiki? By the way, did you try building the official systemd package from source, for example with asp checkout systemd && cd systemd/repos/core-x86_64 && makepkg? If yes, did checks pass?

[sorin-mihai]

I never got the time to investigate properly, so I've been ignoring this problem for a very long time, I'd say around 6 months at least, and I just kept disabling the check before rebuilding. I thought it's a problem just on my system, because of some variables that I can't figure out. systemd in [core] is being rebuilt on each update, so I doubt it's failing on that build system. In my system, SELinux is in permisive mode with policy refpolicy-arch.

Here is the full output of the makepkg for systemd: https://gist.githubusercontent.com/sorin-mihai/f05348a48d82913885f35d9c9442a79b/raw/05783a07bb27bc979a4f2605a8360483cba48e5d/gistfile1.txt

And here is the testlog for the same build: https://gist.githubusercontent.com/sorin-mihai/6e8849375b377aa6695976d47f9e43e0/raw/a45d12fc07ddf13a52b85f1e88fd731a133e6744/testlog.txt

I can provide the same for a systemd-selinux build if really needed, but I think I'd get the same kind of errors.

[Sariyn]

Thank you for your replies, telling me it shouldn't usually fail was very helpful in getting to the bottom of this, now I can build systemd-selinux without any check failures. Here was my problem in case it can be helpful, but I kind of think a wiki update may still be necessary if my problem is consistent with others.

• Primarily, I was running the build in chroot. This looked like the biggest cause of the check fails. The wiki did not say not to, and as per the guidelines in "https://wiki.archlinux.org/index.php/Arch_Build_System" I always default to chroot when building large system packages.

• So I forgoed the chroot, and so far, so good. However there was one single check failure remaining, test-clock. Looking at the source code "https://fossies.org/linux/systemd/src/test/test-clock.c" it appeared it was trying to access /etc/adjtime. However, this file on my system had the read flag for group/other turned off. This is probably because my default umask is o-rwx. I set the correct permissions on the file and systemd-selinux built start to end with no check fails.

Thanks again!

[fishilico]

For your information, makechrootpkg from Arch Linux's devtools does not use chroot but systemd-nspawn (cf. https://github.com/archlinux/devtools/blob/20190329/makechrootpkg.in#L414 and https://github.com/archlinux/devtools/blob/20190329/arch-nspawn.in#L117). systemd-nspawn feels like a chroot, but with some namespaces that are configured in a way to behave more like a real system.

On my system, I do not use makechrootpkg directly for building packages because the last time I tried to use it, it required root privileges to build packages (contrary to makepkg, and contrary to other build systems that use chroot with fakeroot and fakechroot).