I'm looking into a gcl bug (I maintain gcl): https://bugzilla.redhat.com/show_bug.cgi?id=541050.
The problem appears to be that the order of RPM installation is unpredictable. There is a subpackage, gcl-selinux, which provides policy files for use by other packages that build executables with gcl. That package installs a policy, gcl.pp, and then does this in %post:
/usr/sbin/semodule -i %{_datadir}/selinux/packages/gcl/gcl.pp || : /sbin/fixfiles -R gcl restore || :
This works great when the main gcl package is installed first, followed by the gcl-selinux package. However, sometimes RPM installs them in the other order. When that happens, the fixfiles invocation fails because the main package hasn't been installed yet. Then, once the main package is installed, the saved gcl image has the wrong SELinux type, leading to the symptoms described in that bug.
Is there a canonical way of dealing with such issues? I need to run fixfiles after BOTH gcl and gcl-selinux have been installed. How can I ensure that? (I suppose I could invoke fixfiles in %post scripts for both gcl and gcl-selinux, so that whichever one runs last does the right thing, but that seems unclean.) Thank you,
On Mon, Nov 30, 2009 at 10:29:31 -0700, Jerry James loganjerry@gmail.com wrote:
This works great when the main gcl package is installed first, followed by the gcl-selinux package. However, sometimes RPM installs them in the other order. When that happens, the fixfiles invocation fails because the main package hasn't been installed yet. Then, once the main package is installed, the saved gcl image has the wrong SELinux type, leading to the symptoms described in that bug.
Is there a canonical way of dealing with such issues? I need to run fixfiles after BOTH gcl and gcl-selinux have been installed. How can I ensure that? (I suppose I could invoke fixfiles in %post scripts for both gcl and gcl-selinux, so that whichever one runs last does the right thing, but that seems unclean.) Thank you,
Requires(Pre) might solve your problem. If gcl-selinux Requires(Pre):gcl and gcl-selinux runs the fixfiles script in postinstall, I think you will be guaranteed that both gcl-selinux and gcl are installed when the script runs.
Jerry James wrote, at 12/01/2009 02:29 AM +9:00:
I'm looking into a gcl bug (I maintain gcl): https://bugzilla.redhat.com/show_bug.cgi?id=541050.
The problem appears to be that the order of RPM installation is unpredictable. There is a subpackage, gcl-selinux, which provides policy files for use by other packages that build executables with gcl. That package installs a policy, gcl.pp, and then does this in %post:
/usr/sbin/semodule -i %{_datadir}/selinux/packages/gcl/gcl.pp || : /sbin/fixfiles -R gcl restore || :
This works great when the main gcl package is installed first, followed by the gcl-selinux package. However, sometimes RPM installs them in the other order.
Umm, I checked F-12 gcl.spec and there is no such Requires relation between two packages (i.e. -selinux subpackage does not have "Requires: %{name} = %{version}-%{release}" or so), so it is natural that the order is inpredictable.
Regards, Mamoru
Mamoru Tasaka wrote, at 12/01/2009 02:51 AM +9:00:
Jerry James wrote, at 12/01/2009 02:29 AM +9:00:
I'm looking into a gcl bug (I maintain gcl): https://bugzilla.redhat.com/show_bug.cgi?id=541050.
The problem appears to be that the order of RPM installation is unpredictable. There is a subpackage, gcl-selinux, which provides policy files for use by other packages that build executables with gcl. That package installs a policy, gcl.pp, and then does this in %post:
/usr/sbin/semodule -i %{_datadir}/selinux/packages/gcl/gcl.pp || : /sbin/fixfiles -R gcl restore || :
This works great when the main gcl package is installed first, followed by the gcl-selinux package. However, sometimes RPM installs them in the other order.
Umm, I checked F-12 gcl.spec and there is no such Requires relation between two packages (i.e. -selinux subpackage does not have "Requires: %{name} = %{version}-%{release}" or so), so it is natural that the order is inpredictable.
Ah, rather gcl package has "Requires: gcl-selinux = %{version}-%{release}", so currently I am not sure what you want.
Mamoru
On Mon, Nov 30, 2009 at 10:55 AM, Mamoru Tasaka mtasaka@ioa.s.u-tokyo.ac.jp wrote:
Ah, rather gcl package has "Requires: gcl-selinux = %{version}-%{release}", so currently I am not sure what you want.
Ah, right, I'd forgotten that we did that to satisfy the need for a couple of other packages to have access to the policy without dragging gcl itself in. So all I need to do is move the fixfiles invocation to the main package's %post. Thank you!
On Mon, Nov 30, 2009 at 11:00:49 -0700, Jerry James loganjerry@gmail.com wrote:
On Mon, Nov 30, 2009 at 10:55 AM, Mamoru Tasaka mtasaka@ioa.s.u-tokyo.ac.jp wrote:
Ah, rather gcl package has "Requires: gcl-selinux = %{version}-%{release}", so currently I am not sure what you want.
Ah, right, I'd forgotten that we did that to satisfy the need for a couple of other packages to have access to the policy without dragging gcl itself in. So all I need to do is move the fixfiles invocation to the main package's %post. Thank you!
I don't believe that would be correct. I think you need Requires(Post) or Requires(Pre) to make sure a package is installed when pre or post scripts are run.
On Mon, Nov 30, 2009 at 11:08 AM, Bruno Wolff III bruno@wolff.to wrote:
I don't believe that would be correct. I think you need Requires(Post) or Requires(Pre) to make sure a package is installed when pre or post scripts are run.
OK, will do. Thanks for the help.
Jerry James wrote:
Is there a canonical way of dealing with such issues? I need to run fixfiles after BOTH gcl and gcl-selinux have been installed. How can I ensure that? (I suppose I could invoke fixfiles in %post scripts for both gcl and gcl-selinux, so that whichever one runs last does the right thing, but that seems unclean.) Thank you,
Maybe use %posttrans?
Kevin Kofler
devel@lists.stg.fedoraproject.org