[Freeipa-devel] [PATCH 477] spec file: Add Requires(pre) on selinux-policy
Alexander Bokovoy
abokovoy at redhat.com
Tue Aug 25 12:50:04 UTC 2015
On Tue, 25 Aug 2015, Jan Cholasta wrote:
>On 25.8.2015 14:23, Alexander Bokovoy wrote:
>>On Tue, 25 Aug 2015, Jan Cholasta wrote:
>>>Hi,
>>>
>>>the attached patch fixes <https://fedorahosted.org/freeipa/ticket/5256>.
>>>
>>>Honza
>>>
>>>--
>>>Jan Cholasta
>>
>>>From 216be8de30747f80f490d4e91a7cca4af3e767d6 Mon Sep 17 00:00:00 2001
>>>From: Jan Cholasta <jcholast at redhat.com>
>>>Date: Tue, 25 Aug 2015 14:14:25 +0200
>>>Subject: [PATCH] spec file: Add Requires(pre) on selinux-policy
>>>
>>>This prevents ipa-server-upgrade failures on SELinux AVCs because of old
>>>selinux-policy version.
>>>
>>>https://fedorahosted.org/freeipa/ticket/5256
>>>---
>>>freeipa.spec.in | 1 +
>>>1 file changed, 1 insertion(+)
>>>
>>>diff --git a/freeipa.spec.in b/freeipa.spec.in
>>>index cba91fe..fd73cda 100644
>>>--- a/freeipa.spec.in
>>>+++ b/freeipa.spec.in
>>>@@ -139,6 +139,7 @@ Requires: systemd-units >= 38
>>>Requires(pre): shadow-utils
>>>Requires(pre): systemd-units
>>>Requires(post): systemd-units
>>>+Requires(pre): selinux-policy >= %{selinux_policy_version}
>>>Requires: selinux-policy >= %{selinux_policy_version}
>>>Requires(post): selinux-policy-base
>>>Requires: slapi-nis >= 0.54.2-1
>>If we have it in Requires(pre), we don't need it in Requires, as
>>Requires(pre) is a superset of guarantees that Requires gives you.
>
>Martin (CCed) told me Requires(pre) does not imply Requires.
See http://rpm.org/api/4.4.2.2/tsort.html (available since 2007):
----------------
Since the only way out of a dependency loop is to snip the loop
somewhere, rpm uses hints from Requires: dependencies to distinguish
co-requisite (these are not needed to install, only to use, a package)
from pre-requisite (these are guaranteed to be installed before the
package that includes the dependency) relations.
----------------
>>
>>Requires(pre) ensures that selinux-policy of specific version is
>>installed before pre scripts of freeipa-server would run, be it in the
>>same transaction or in a previous one.
>>
>
>Hmm, ipa-server-upgrade is run in posttrans. Should the Requires(pre)
>be changed to Required(posttrans)?
I don't think there is posttrans target. Perhaps, we can just make sure
Requires(post) is enough.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list