[Rpm-maint] [PATCH 04/19] Add new %policy section to the spec file format
Panu Matilainen
pmatilai at laiskiainen.org
Thu Mar 4 09:31:20 UTC 2010
On Tue, 2 Feb 2010, Steve Lawrence wrote:
> The %policy section is similar to other sections (%files, %pre, %post,
> etc.) in that you can provide a string and -n after the declaration to
> specify policy should be added to a subpackage.
Rather than replace %policy with something that has a completely different
syntax and meaning, just mark %policy as deprecated and use a new keyword,
%sepolicy comes to mind. The old %policy can be turned into a no-op (which
is for all practical purposes already is, as it's not possible to use it),
but leaving it alone will allow packages including it to build.
>
> For example:
>
> %policy
> # policy in this section will be added to the main package
>
> %policy foo
> # policy in this section will be added to the '<mainpackage>-foo' subpackage
>
> %policy -n bar
> # policy in this section will be added to the 'bar' subpackage
>
> The %policy section contains zero or more %module directives, each of
> which specifies a path into the build directory of a policy file, for
> example:
>
> %module policies/foo.pp
> %module policies/bar.pp
%module is an awfully generic term, and one that I could think of wanting
to use for other purposes. Some "namespacing" would be preferred, eg
"%semodule"
>
> After each %module directive can be zero or more options, specified in
> the same format as Preamble tags. The current options are:
>
> Base: Whether or not the module is a base module. Values can be
> yes/1 or no/0. Defaults to no/0 if not given.
>
> Name: The name of the module. If not given, we assume the name is
> the basename of the module file with file extensions removed
Are the cases where the basename of the module can be different from the
modules internal name in practise? If so, ok... but do use a different
keyword for it, "Name" gets easily mixed up with the actual package name
tag.
> Obsoletes: One or more space-separated strings specifying which modules
> are obsoleted by a module. Obsoleted modules are removed and
> the new modules are installed. An example of when this might
> be used is in policy renames. For example, if we renamed
> foo.pp to bar.pp, we would specify that bar obsoletes foo. If
> not specified, it is assumed the module obsoletes nothing.
Shouldn't this information really be in the selinux module itself, with
(lib)semanage handling it? Requiring rpm to handle policy renames seems
just wrong to me - rpm might want to know about obsoleted policies
(depending on other implementation details) but it shouldn't have to
*manage* this.
Or maybe I'm missing something in the big picture...
- Panu -
More information about the Rpm-maint
mailing list