On Tue, Aug 25, 2015 at 03:50:04PM +0300, Alexander Bokovoy wrote:
> On Tue, 25 Aug 2015, Jan Cholasta wrote:
> > On 25.8.2015 14:23, Alexander Bokovoy wrote:
> > > On Tue, 25 Aug 2015, Jan Cholasta wrote:
> > > > +Requires(pre): selinux-policy >= %{selinux_policy_version}
> > > >  Requires: selinux-policy >= %{selinux_policy_version}
> > >
> > > If we have it in Requires(pre), we don't need it in Requires, as
> > > Requires(pre) is a superset of guarantees that Requires gives you.
> >
> > Martin (CCed) told me Requires(pre) does not imply Requires.
> See http://rpm.org/api/ (available since 2007):
> ----------------
> Since the only way out of a dependency loop is to snip the loop
> somewhere, rpm uses hints from Requires: dependencies to distinguish
> co-requisite (these are not needed to install, only to use, a package)
> from pre-requisite (these are guaranteed to be installed before the
> package that includes the dependency) relations.

However, this section seems to only apply to loop resolution. Note


says about Requires(pre)

        * It ensures that the package providing /usr/sbin/useradd is
          installed before this package. In presence of dependency
          loops, scriptlet dependencies are the only way to ensure
          correct install order.
        * If there are no other dependencies on the package providing
          /usr/sbin/useradd, that package is permitted to be removed
          from the system after installation(!) 

        It's a fairly common mistake to replace legacy PreReq
        dependencies with Requires(pre), but this is not the
        same, due to the latter point above! 

So I'd say that Requires(pre) does not imply Requires and if we only
do Requires(pre): selinux-policy >= %{selinux_policy_version}, after
the installation, anybody can downgrade the selinux-policy package.
Heck, even in that ipa-server upgrading transaction, there could be
a selinux-policy downgrade operation, which would leave the newer
version for ipa-server's pre but install older version of
selinux-policy after it's done with ipa-server.

Yes, it's just a theoretical situation but we should not shortcut
Requires with Requires(pre), it might teach people reading the .spec
files bad habits.

Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to