PR#388: Limit %selinux_requires to version, not release - rpms/selinux-policy

rpms / selinux-policy

#388 Limit %selinux_requires to version, not release

Merged 4 months ago by zpytela. Opened 5 months ago by yselkowitz.

rpms/ yselkowitz/selinux-policy rawhide into rawhide

Limit %selinux_requires to version, not release

Yaakov Selkowitz • 4 months ago

e46b929

selinux-policy.spec

file modified

+5 -2

		`@@ -24,7 +24,7 @@`
		`Summary: SELinux policy configuration`
		`Name: selinux-policy`
		`Version: 40.8`
		`- Release: 1%{?dist}`
		`+ Release: 2%{?dist}`
		`License: GPL-2.0-or-later`
		`Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz`
		`Source1: modules-targeted-base.conf`
		`@@ -486,7 +486,7 @@`

		`mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d`
		`install -m 644 %{SOURCE102} %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy`
		`- sed -i 's/SELINUXPOLICYVERSION/%{version}-%{release}/' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy`
		`+ sed -i 's/SELINUXPOLICYVERSION/%{version}/' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy`
		`sed -i 's@SELINUXSTOREPATH@%{_sharedstatedir}/selinux@' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy`

		`mkdir -p %{buildroot}%{_unitdir}`
		`@@ -814,6 +814,9 @@`
		`%endif`

		`%changelog`
		`+ * Tue Jan 02 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 40.8-2`
		`+ - Limit %%selinux_requires to version, not release`
		`+`
		`* Thu Dec 21 2023 Zdenek Pytela <zpytela@redhat.com> - 40.8-1`
		`- Allow hypervkvp_t write access to NetworkManager_etc_rw_t`
		`- Add interface for write-only access to NetworkManager rw conf`

yselkowitz commented 5 months ago

Using exact NVR dependencies works well within RPMS from a single SRPM, but otherwise relies on assumptions which do not always hold out. Because %release includes %dist, this is particularly fragile in the context of the Rawhide->ELN->c10s build pipeline. For instance, if a package which uses %selinux_requires gets built for ELN with the rawhide selinux-policy, then .fcNN will be hardcoded into the ELN build, and the ELN build with .elnNNN will never meet the condition (since f > e).

zuul commented 5 months ago

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/37860c7d080f42878ef1560917a582b2

check-for-arches : SUCCESS in 2m 21s
check-for-eln : SUCCESS in 21s
eln-rpm-scratch-build : SUCCESS in 21m 28s
rpm-scratch-build : SUCCESS in 22m 21s
rpm-scratch-build-s390x : SUCCESS in 20m 40s (non-voting)
rpm-scratch-build-ppc64le : SUCCESS in 26m 54s (non-voting)
rpm-scratch-build-i686 : SUCCESS in 25m 35s (non-voting)
rpm-scratch-build-aarch64 : SUCCESS in 20m 28s (non-voting)
rpm-linter : FAILURE in 5m 01s (non-voting)
rpm-rpminspect : SUCCESS in 14m 29s (non-voting)
check-for-sti-tests : SUCCESS in 16s
check-for-fmf-tests : SUCCESS in 17s
rpm-install-test : SUCCESS in 3m 12s
rpm-tmt-test : FAILURE in 2h 16m 33s
rpm-sti-test : FAILURE in 2h 53m 45s

rebased onto e46b929

4 months ago

sgallagh commented 4 months ago

I realize that this came in during the end of December when folks are less likely to be around, but if we can't get a review of this by the end of this week, I'm going to go ahead and merge it as a provenpackager to unblock the CentOS Stream 10 bootstrap efforts. Thanks in advance for your understanding.