On Wed, 26 Aug 2015, Jan Pazdziora wrote:
On Tue, Aug 25, 2015 at 03:50:04PM +0300, Alexander Bokovoy wrote:
On Tue, 25 Aug 2015, Jan Cholasta wrote:
> On 25.8.2015 14:23, Alexander Bokovoy wrote:
> > On Tue, 25 Aug 2015, Jan Cholasta wrote:
> > > +Requires(pre): selinux-policy >= %{selinux_policy_version}
> > > Requires: selinux-policy >= %{selinux_policy_version}
> >
> > If we have it in Requires(pre), we don't need it in Requires, as
> > Requires(pre) is a superset of guarantees that Requires gives you.
>
> Martin (CCed) told me Requires(pre) does not imply Requires.
See http://rpm.org/api/4.4.2.2/tsort.html (available since 2007):
----------------
Since the only way out of a dependency loop is to snip the loop
somewhere, rpm uses hints from Requires: dependencies to distinguish
co-requisite (these are not needed to install, only to use, a package)
from pre-requisite (these are guaranteed to be installed before the
package that includes the dependency) relations.
However, this section seems to only apply to loop resolution. Note
that
http://www.rpm.org/wiki/PackagerDocs/MoreOnDependencies
says about Requires(pre)
* It ensures that the package providing /usr/sbin/useradd is
installed before this package. In presence of dependency
loops, scriptlet dependencies are the only way to ensure
correct install order.
* If there are no other dependencies on the package providing
/usr/sbin/useradd, that package is permitted to be removed
from the system after installation(!)
It's a fairly common mistake to replace legacy PreReq
dependencies with Requires(pre), but this is not the
same, due to the latter point above!
So I'd say that Requires(pre) does not imply Requires and if we only
do Requires(pre): selinux-policy >= %{selinux_policy_version}, after
the installation, anybody can downgrade the selinux-policy package.
Heck, even in that ipa-server upgrading transaction, there could be
a selinux-policy downgrade operation, which would leave the newer
version for ipa-server's pre but install older version of
selinux-policy after it's done with ipa-server.
Yes, it's just a theoretical situation but we should not shortcut
Requires with Requires(pre), it might teach people reading the .spec
files bad habits.
Well, in that case having both Requires and Requires(post) is a
necessity, it seems.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code