[Freeipa-devel] [PATCH 477] spec file: Add Requires(pre) on selinux-policy
Jan Cholasta
jcholast at redhat.com
Tue Aug 25 14:37:50 UTC 2015
On 25.8.2015 14:50, Alexander Bokovoy wrote:
> On Tue, 25 Aug 2015, Jan Cholasta wrote:
>> On 25.8.2015 14:23, Alexander Bokovoy wrote:
>>> On Tue, 25 Aug 2015, Jan Cholasta wrote:
>>>> Hi,
>>>>
>>>> the attached patch fixes
>>>> <https://fedorahosted.org/freeipa/ticket/5256>.
>>>>
>>>> Honza
>>>>
>>>> --
>>>> Jan Cholasta
>>>
>>>> From 216be8de30747f80f490d4e91a7cca4af3e767d6 Mon Sep 17 00:00:00 2001
>>>> From: Jan Cholasta <jcholast at redhat.com>
>>>> Date: Tue, 25 Aug 2015 14:14:25 +0200
>>>> Subject: [PATCH] spec file: Add Requires(pre) on selinux-policy
>>>>
>>>> This prevents ipa-server-upgrade failures on SELinux AVCs because of
>>>> old
>>>> selinux-policy version.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/5256
>>>> ---
>>>> freeipa.spec.in | 1 +
>>>> 1 file changed, 1 insertion(+)
>>>>
>>>> diff --git a/freeipa.spec.in b/freeipa.spec.in
>>>> index cba91fe..fd73cda 100644
>>>> --- a/freeipa.spec.in
>>>> +++ b/freeipa.spec.in
>>>> @@ -139,6 +139,7 @@ Requires: systemd-units >= 38
>>>> Requires(pre): shadow-utils
>>>> Requires(pre): systemd-units
>>>> Requires(post): systemd-units
>>>> +Requires(pre): selinux-policy >= %{selinux_policy_version}
>>>> Requires: selinux-policy >= %{selinux_policy_version}
>>>> Requires(post): selinux-policy-base
>>>> Requires: slapi-nis >= 0.54.2-1
>>> If we have it in Requires(pre), we don't need it in Requires, as
>>> Requires(pre) is a superset of guarantees that Requires gives you.
>>
>> Martin (CCed) told me Requires(pre) does not imply Requires.
> See http://rpm.org/api/4.4.2.2/tsort.html (available since 2007):
> ----------------
> Since the only way out of a dependency loop is to snip the loop
> somewhere, rpm uses hints from Requires: dependencies to distinguish
> co-requisite (these are not needed to install, only to use, a package)
> from pre-requisite (these are guaranteed to be installed before the
> package that includes the dependency) relations.
> ----------------
>
>>>
>>> Requires(pre) ensures that selinux-policy of specific version is
>>> installed before pre scripts of freeipa-server would run, be it in the
>>> same transaction or in a previous one.
>>>
>>
>> Hmm, ipa-server-upgrade is run in posttrans. Should the Requires(pre)
>> be changed to Required(posttrans)?
> I don't think there is posttrans target. Perhaps, we can just make sure
> Requires(post) is enough.
OK, let's try that. Updated patch attached.
--
Jan Cholasta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-477.1-spec-file-Add-Requires-pre-on-selinux-policy.patch
Type: text/x-patch
Size: 924 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150825/0773b28b/attachment.bin>
More information about the Freeipa-devel
mailing list