On Tue, Aug 25, 2015 at 03:50:04PM +0300, Alexander Bokovoy wrote: > On Tue, 25 Aug 2015, Jan Cholasta wrote: > > On 25.8.2015 14:23, Alexander Bokovoy wrote: > > > On Tue, 25 Aug 2015, Jan Cholasta wrote: > > > > +Requires(pre): selinux-policy >= %{selinux_policy_version} > > > > Requires: selinux-policy >= %{selinux_policy_version} > > > > > > If we have it in Requires(pre), we don't need it in Requires, as > > > Requires(pre) is a superset of guarantees that Requires gives you. > > > > Martin (CCed) told me Requires(pre) does not imply Requires. > > See http://rpm.org/api/4.4.2.2/tsort.html (available since 2007): > ---------------- > Since the only way out of a dependency loop is to snip the loop > somewhere, rpm uses hints from Requires: dependencies to distinguish > co-requisite (these are not needed to install, only to use, a package) > from pre-requisite (these are guaranteed to be installed before the > package that includes the dependency) relations.
However, this section seems to only apply to loop resolution. Note that http://www.rpm.org/wiki/PackagerDocs/MoreOnDependencies says about Requires(pre) * It ensures that the package providing /usr/sbin/useradd is installed before this package. In presence of dependency loops, scriptlet dependencies are the only way to ensure correct install order. * If there are no other dependencies on the package providing /usr/sbin/useradd, that package is permitted to be removed from the system after installation(!) It's a fairly common mistake to replace legacy PreReq dependencies with Requires(pre), but this is not the same, due to the latter point above! So I'd say that Requires(pre) does not imply Requires and if we only do Requires(pre): selinux-policy >= %{selinux_policy_version}, after the installation, anybody can downgrade the selinux-policy package. Heck, even in that ipa-server upgrading transaction, there could be a selinux-policy downgrade operation, which would leave the newer version for ipa-server's pre but install older version of selinux-policy after it's done with ipa-server. Yes, it's just a theoretical situation but we should not shortcut Requires with Requires(pre), it might teach people reading the .spec files bad habits. -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code