[Rpm-maint] [PATCH 10/19] Add new policy requires tag to spec file format

Panu Matilainen pmatilai at laiskiainen.org
Tue Mar 30 07:51:09 UTC 2010 

On Thu, 4 Mar 2010, Panu Matilainen wrote:

> On Tue, 2 Feb 2010, Steve Lawrence wrote:
>
>> The PolicyRequires tag is used to specify which versions of packages are
>> required by policies installed in the module. The PolicyRequires tag has
>> the same syntax as the Requires tag.
>> 
>> Assume libselinux-1.2 is installed on the system. Package foo-1.0 has a
>> policy module that 'Requires: libselinux >= 1.3'. Running the command:
>> 
>> rpm -Uvh foo-1.0.rpm libselinux-1.3.rpm
>> 
>> would meet all normal dependencies. However, the policy installation
>> would still fail because a policy module in foo requires a newer version
>> of libselinux than is on the system at the time of policy installation
>> (at the beginning of the transaction). The solution would be to install
>> the packages in two separate transactions:
>> 
>> rpm -Uvh libselinux-1.3.rpm
>> rpm -Uvh foo-1.0.rpm
>> 
>> However, this is unintuitive and not always possible.
>> 
>> The new PolicyRequires directive solves this problem. The directive is
>> simply a list of dependencies, in the same format as the Requires tag,
>> that specifies what packages must already be installed at the start of
>> a transaction for policy modules to be successfully installed. This will
>> most commonly be packages like libselinux or checkpolicy.
>
> This is another sub-case of a more generic problem and deserves a generic 
> solution.
>
> rpmlib() dependencies are pretty much the same as this: they must be 
> satistied by the rpm running the transaction in question and can't be 
> resolved by adding more/newer packages to the set.

FWIW, one side of this is now implemented in rpm.org HEAD: dependencies 
with RPMSENSE_PRETRANS bit enabled are not looked up in the 
to-be-installed package set and must be satisfied by whatever is on the 
system at the beginning of the transaction: 
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=c0eb82dd1f2102f2b4899c1e7232086c41d2e805

This lets %pretrans scriptlet dependencies to be expressed correctly, and 
AFAICT does in effect the same as the POLICYREQUIRES patch. Note however 
that such dependencies practically (and intentionally) prevent 
installation to empty chroot, unless the dependency is on rpmlib() 
provide. That's what "correctly expressed" is about wrt %pretrans 
dependencies, and anything similar.

 	- Panu -

More information about the Rpm-maint mailing list