Bug 1395531
| Summary: | dnfdaemon package requires many SELinux-related dependencies | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Kevin Kofler <kevin> | ||||
| Component: | dnfdaemon | Assignee: | Neal Gompa <ngompa13> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | rawhide | CC: | ngompa13, tim.lauridsen | ||||
| Target Milestone: | --- | Keywords: | FutureFeature, Reopened | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | dnfdaemon-0.3.16-11.fc26 dnfdaemon-0.3.16-3.fc25 dnfdaemon-0.3.16-3.fc24 | Doc Type: | Enhancement | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-04-17 20:53:19 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 661442 | ||||||
| Attachments: |
|
||||||
|
Description
Kevin Kofler
2016-11-16 05:54:04 UTC
(My system is not actually all that minimal at all, but it did have all the SELinux stuff I got away with removing removed.) Two valid approaches for SELinux stuff in Fedora: * Creating a selinux subpackage that provides an SELinux module * Upstreaming the necessary fixes into selinux-policy In the former approach, the subpackage must be required by the main package (Fedora policy). This is the way to get it done quickly. The latter approach may take more time, and won't necessarily fix it for everyone, depending on whether selinux-policy changes are backported to all Fedora releases or not. The way that the SELinux support is done in here is not an acceptable path for Fedora. There is no approach, short term, that will fix your problem, Kevin. > In the former approach, the subpackage must be required by the main package
> (Fedora policy).
Why would a Recommends not be enough?
To elaborate on this, if you use Requires to drag in the -selinux subpackage, you may as well not make a subpackage, it does not buy us anything. If you use Recommends, on the other hand, it allows people to opt out. Another approach (probably even better) would be to use boolean dependencies (conditional on selinux-policy), but they are not currently allowed in Requires and Recommends due to technical limitations (https://fedoraproject.org/wiki/Packaging:Guidelines#Rich.2FBoolean_dependencies), so you would have to do the reverse: %package selinux # note and, not if: http://rpm.org/user_doc/boolean_dependencies.html#cautionary-tale-about-if Supplements: (dnfdaemon and selinux-policy) Requires(pre): policycoreutils-python-utils Requires(post): policycoreutils-python-utils This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. If you propose a dist-git patch with the subpackage thing, I'd apply it. Created attachment 1265604 [details]
dist-git patch fixing this bug
Does this look right?
dnfdaemon-0.3.16-11.fc26 dnfdragora-1.0.0-8.git20170330.f30c75c.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-171efc2a0f dnfdaemon-0.3.16-11.fc26, dnfdragora-1.0.0-8.git20170330.f30c75c.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-171efc2a0f dnfdaemon-0.3.16-11.fc26 dnfdragora-1.0.0-10.git20170401.d018d08.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-171efc2a0f dnfdaemon-0.3.16-11.fc26, dnfdragora-1.0.0-11.git20170401.b97db68.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-171efc2a0f dnfdaemon-0.3.16-11.fc26, dnfdragora-1.0.0-11.git20170401.b97db68.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report. dnfdaemon-0.3.16-3.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-6250e8f561 dnfdaemon-0.3.16-3.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-6250e8f561 dnfdaemon-0.3.16-3.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-a3fe6845d2 dnfdaemon-0.3.16-3.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report. dnfdaemon-0.3.16-3.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-a3fe6845d2 dnfdaemon-0.3.16-3.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. |