[Rpm-maint] [PATCH 10/19] Add new policy requires tag to spec file format

Panu Matilainen pmatilai at laiskiainen.org
Thu Mar 4 11:36:25 UTC 2010 

On Tue, 2 Feb 2010, Steve Lawrence wrote:

> The PolicyRequires tag is used to specify which versions of packages are
> required by policies installed in the module. The PolicyRequires tag has
> the same syntax as the Requires tag.
>
> Assume libselinux-1.2 is installed on the system. Package foo-1.0 has a
> policy module that 'Requires: libselinux >= 1.3'. Running the command:
>
> rpm -Uvh foo-1.0.rpm libselinux-1.3.rpm
>
> would meet all normal dependencies. However, the policy installation
> would still fail because a policy module in foo requires a newer version
> of libselinux than is on the system at the time of policy installation
> (at the beginning of the transaction). The solution would be to install
> the packages in two separate transactions:
>
> rpm -Uvh libselinux-1.3.rpm
> rpm -Uvh foo-1.0.rpm
>
> However, this is unintuitive and not always possible.
>
> The new PolicyRequires directive solves this problem. The directive is
> simply a list of dependencies, in the same format as the Requires tag,
> that specifies what packages must already be installed at the start of
> a transaction for policy modules to be successfully installed. This will
> most commonly be packages like libselinux or checkpolicy.

This is another sub-case of a more generic problem and deserves a generic 
solution.

rpmlib() dependencies are pretty much the same as this: they must be 
satistied by the rpm running the transaction in question and can't be 
resolved by adding more/newer packages to the set.

What this needs is essentially RPMSENSE_RUNTIME (and make RPMSENSE_RPMLIB 
a subcase/equivalent of that). The tricky part is again initial install to 
chroot: you can't look into the target rpmdb for providers as there will 
be none. Does libselinux export its version through API? If so, it could 
be used to generate an rpmlib()-style provide at runtime. Looking at hosts 
rpmdb is not really an option as it might not even exist (installer 
run-time image for example)

 	- Panu -

More information about the Rpm-maint mailing list