[Rpm-maint] [PATCH 10/19] Add new policy requires tag to spec file format
Panu Matilainen
pmatilai at laiskiainen.org
Tue Mar 30 07:51:09 UTC 2010
On Thu, 4 Mar 2010, Panu Matilainen wrote:
> On Tue, 2 Feb 2010, Steve Lawrence wrote:
>
>> The PolicyRequires tag is used to specify which versions of packages are
>> required by policies installed in the module. The PolicyRequires tag has
>> the same syntax as the Requires tag.
>>
>> Assume libselinux-1.2 is installed on the system. Package foo-1.0 has a
>> policy module that 'Requires: libselinux >= 1.3'. Running the command:
>>
>> rpm -Uvh foo-1.0.rpm libselinux-1.3.rpm
>>
>> would meet all normal dependencies. However, the policy installation
>> would still fail because a policy module in foo requires a newer version
>> of libselinux than is on the system at the time of policy installation
>> (at the beginning of the transaction). The solution would be to install
>> the packages in two separate transactions:
>>
>> rpm -Uvh libselinux-1.3.rpm
>> rpm -Uvh foo-1.0.rpm
>>
>> However, this is unintuitive and not always possible.
>>
>> The new PolicyRequires directive solves this problem. The directive is
>> simply a list of dependencies, in the same format as the Requires tag,
>> that specifies what packages must already be installed at the start of
>> a transaction for policy modules to be successfully installed. This will
>> most commonly be packages like libselinux or checkpolicy.
>
> This is another sub-case of a more generic problem and deserves a generic
> solution.
>
> rpmlib() dependencies are pretty much the same as this: they must be
> satistied by the rpm running the transaction in question and can't be
> resolved by adding more/newer packages to the set.
FWIW, one side of this is now implemented in rpm.org HEAD: dependencies
with RPMSENSE_PRETRANS bit enabled are not looked up in the
to-be-installed package set and must be satisfied by whatever is on the
system at the beginning of the transaction:
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=c0eb82dd1f2102f2b4899c1e7232086c41d2e805
This lets %pretrans scriptlet dependencies to be expressed correctly, and
AFAICT does in effect the same as the POLICYREQUIRES patch. Note however
that such dependencies practically (and intentionally) prevent
installation to empty chroot, unless the dependency is on rpmlib()
provide. That's what "correctly expressed" is about wrt %pretrans
dependencies, and anything similar.
- Panu -
More information about the Rpm-maint
mailing list