Bug 1683365

Summary: Shell script cannot be used in %pretrans (breaks compose)
Product: [Fedora] Fedora Reporter: Adam Williamson <awilliam>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: rawhideCC: dwalsh, kevin, lvrabec, mgrepl, plautrba, pmatilai, vmojzis, zpytela
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-04-05 17:58:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Adam Williamson 2019-02-26 17:16:19 UTC 
As discussed in https://pagure.io/dusty/failed-composes/issue/1518 , a recent selinux-policy package build broke Rawhide compose.

The problem is this commit: https://src.fedoraproject.org/rpms/selinux-policy/c/46c51e1cb2c7ece4c50ee988034e3a0379dd2bf3?branch=master (from https://src.fedoraproject.org/rpms/selinux-policy/pull-request/15 ). It uses shell script in `%pretrans`. As explained at http://rpm.org/user_doc/lua.html , this is not valid:

"The internal interpreter can run when there’s nothing at all installed yet, because it doesn’t need to be forked. Consider the initial install phase: before even /bin/sh is available to execute the simplest shell built-in commands, the shell’s dependencies will have to be installed. What if some of those need scriptlets? Internal Lua is the only thing that can reliably run in %pretrans. On initial system installation, there’s absolutely nothing in the environment where %pretrans scriptlets execute. This is a condition you cannot even detect with any other means: testing for existence of a file or directory would otherwise require a shell, which is not there."

So, you can't do that. Please either convert the %pretrans uses to use RPM lua not shell script, or find a different way of doing this.
Comment 1 Kevin Fenzi 2019-02-26 17:28:52 UTC 
I went ahead and untagged this build so we can get a compose and until it's sorted out.
Comment 2 Lukas Vrabec 2019-02-27 09:51:47 UTC 
Adam, Kevin, 

I reverted it, and we'll rewrite it in lua in future. 

https://koji.fedoraproject.org/koji/buildinfo?buildID=1216659