On 08/25/2015 04:37 PM, Jan Cholasta wrote: > On 25.8.2015 14:50, Alexander Bokovoy wrote: >> On Tue, 25 Aug 2015, Jan Cholasta wrote: >>> On 25.8.2015 14:23, Alexander Bokovoy wrote: >>>> On Tue, 25 Aug 2015, Jan Cholasta wrote: >>>>> Hi, >>>>> >>>>> the attached patch fixes >>>>> <https://fedorahosted.org/freeipa/ticket/5256>. >>>>> >>>>> Honza >>>>> >>>>> -- >>>>> Jan Cholasta >>>> >>>>> From 216be8de30747f80f490d4e91a7cca4af3e767d6 Mon Sep 17 00:00:00 2001 >>>>> From: Jan Cholasta <[email protected]> >>>>> Date: Tue, 25 Aug 2015 14:14:25 +0200 >>>>> Subject: [PATCH] spec file: Add Requires(pre) on selinux-policy >>>>> >>>>> This prevents ipa-server-upgrade failures on SELinux AVCs because of >>>>> old >>>>> selinux-policy version. >>>>> >>>>> https://fedorahosted.org/freeipa/ticket/5256 >>>>> --- >>>>> freeipa.spec.in | 1 + >>>>> 1 file changed, 1 insertion(+) >>>>> >>>>> diff --git a/freeipa.spec.in b/freeipa.spec.in >>>>> index cba91fe..fd73cda 100644 >>>>> --- a/freeipa.spec.in >>>>> +++ b/freeipa.spec.in >>>>> @@ -139,6 +139,7 @@ Requires: systemd-units >= 38 >>>>> Requires(pre): shadow-utils >>>>> Requires(pre): systemd-units >>>>> Requires(post): systemd-units >>>>> +Requires(pre): selinux-policy >= %{selinux_policy_version} >>>>> Requires: selinux-policy >= %{selinux_policy_version} >>>>> Requires(post): selinux-policy-base >>>>> Requires: slapi-nis >= 0.54.2-1 >>>> If we have it in Requires(pre), we don't need it in Requires, as >>>> Requires(pre) is a superset of guarantees that Requires gives you. >>> >>> Martin (CCed) told me Requires(pre) does not imply Requires. >> See http://rpm.org/api/4.4.2.2/tsort.html (available since 2007): >> ---------------- >> Since the only way out of a dependency loop is to snip the loop >> somewhere, rpm uses hints from Requires: dependencies to distinguish >> co-requisite (these are not needed to install, only to use, a package) >> from pre-requisite (these are guaranteed to be installed before the >> package that includes the dependency) relations. >> ---------------- >> >>>> >>>> Requires(pre) ensures that selinux-policy of specific version is >>>> installed before pre scripts of freeipa-server would run, be it in the >>>> same transaction or in a previous one. >>>> >>> >>> Hmm, ipa-server-upgrade is run in posttrans. Should the Requires(pre) >>> be changed to Required(posttrans)? >> I don't think there is posttrans target. Perhaps, we can just make sure >> Requires(post) is enough. > > OK, let's try that. Updated patch attached. >
Will this really make a difference? I thought the problem is caused by selinux-policy being installed after freeipa-server package upgrade. We already have Requires on selinux-policy, so I am not sure what is actually changed by this patch. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
