build: gate SELinux utilities behind feat_selinux

[xtqqczze]

Closes #12320
Contributes to #12394
Contributes to #4400

Avoid building chcon and runcon when feat_selinux is not enabled.

Context: #8795, #10360

cc: @naoNao89

[codspeed-hq]

Merging this PR will not alter performance

✅ 319 untouched benchmarks
⏩ 46 skipped benchmarks¹

---

_{Comparing xtqqczze:features-feat_selinux (b6c7276) with main (02768bc)}

Footnotes

1. 46 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

[github-actions]

GNU testsuite comparison:

GNU test failed: tests/cp/parent-perm-race. tests/cp/parent-perm-race is passing on 'main'. Maybe you have to rebase?
Skip an intermittent issue tests/cut/bounded-memory (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/date/date-locale-hour (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/tail/symlink (passes in this run but fails in the 'main' branch)

[xtqqczze]

GnuTests / Aggregate GNU test results (pull_request) failure tracked by #12466.

[naoNao89]

dep cleanup is oke , but still need a temporary stub or fallback because Linux packaging expects these coreutils binaries to exist. If SELinux is disabled, chcon/runcon should exist and fail clearly, not be silently omitted.

check this

$ cargo build -p uu_chcon -p uu_runcon --target-dir /tmp/pr-bug-test
   Compiling uu_runcon v0.8.0
   Compiling uu_chcon v0.8.0
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.64s

$ echo $?
0

$ ls /tmp/pr-bug-test/debug/chcon /tmp/pr-bug-test/debug/runcon
ls: /tmp/pr-bug-test/debug/chcon: No such file or directory
ls: /tmp/pr-bug-test/debug/runcon: No such file or directory

So cargo build -p uu_chcon succeeds, but the binary is not produced. cargo build --bins also only prints a warning and exits 0:

warning: target filter `bins` specified, but no targets matched; this is a no-op
Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.12s

After my fix, the same build produces both binaries, and running them gives the intended stub error:

$ cargo build -p uu_chcon -p uu_runcon --target-dir /tmp/pr-fix-test
Finished `dev` profile [unoptimized + debuginfo] target(s) in 1.00s

$ ls /tmp/pr-fix-test/debug/chcon /tmp/pr-fix-test/debug/runcon
/tmp/pr-fix-test/debug/chcon
/tmp/pr-fix-test/debug/runcon

$ /tmp/pr-fix-test/debug/chcon
chcon: SELinux is not supported on this platform

$ /tmp/pr-fix-test/debug/runcon
runcon: SELinux is not supported on this platform

u can cherry-pick my commit if you want: a5b2b8b371eabdbb10129cd7113d029c40ce2b8f

[oech3]

GNU no linger build them by default. For example, Arch's coreutils package does not have them. Also eprintln! only stubs are not useful for compatibility for scripts.

[naoNao89]

agree

reproduce is only meant to show the Cargo failure mode: with required-features on the [[bin]] target, cargo build -p uu_chcon exits 0 while producing no chcon binary. can be surprising for CI or package scripts that treat a successful package build as meaning the expected artifacts were produced

so the question is policy:

1. Mirror GNU/common non-SELinux distro behavior: if SELinux is unavailable, omit chcon/runcon
2. Keep deterministic artifacts: if uu_chcon/uu_runcon are selected for build, produce a binary. when SELinux is unavailable, make it fail clearly at runtime

my commit implements the second option

[naoNao89]

hmm, my concern is enterprise or pkg determinism. uutils is not just a toy replacement, it targets serious distro/server use, including Ubuntu integration and cross-platform coreutils compatibility

[oech3]

Upstream (GNU) sometimes do breaking change if they considered they should do that. In my opinion, consumers should be changed too in those cases.

[oech3]

Option 2 is sometimes not ideal. If we published nohup.exe unix-stubs for Windows, it can be incorrectly used on MSYS2 and breaks scripts (*con are not used at MSYS2, but they are just broken).

So I prefer complile_error!(), but it breaks cargo check.