Bug 2283639

Summary: scriptlet error: /usr/sbin/rm: No such file or directory
Product: [Fedora] Fedora Reporter: Kamil Páral <kparal>
Component: swtpmAssignee: Stefan Berger <stefanb>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 40CC: awilliam, davide, marcandre.lureau, robert.hinson, stefanb
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: swtpm-0.8.1-12.fc40 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-05-31 01:16:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kamil Páral 2024-05-28 13:19:23 UTC 
Description of problem:
When upgrading to swtpm-selinux-0.8.1-11.fc40.noarch:

dnf-3[1617]:   Running scriptlet: swtpm-selinux-0.8.1-11.fc40.noarch                  43/235
dnf-3[1617]: /var/tmp/rpm-tmp.Iw1Js9: line 13: /usr/sbin/rm: No such file or directory
dnf-3[1617]: /var/tmp/rpm-tmp.Iw1Js9: line 13: /usr/sbin/rm: No such file or directory
dnf-3[1617]: /var/tmp/rpm-tmp.Iw1Js9: line 13: /usr/sbin/rm: No such file or directory


There seems to be a clear typo in the rm binary path, it's in /usr/bin.


Version-Release number of selected component (if applicable):
swtpm-selinux-0.8.1-11.fc40
Comment 1 Stefan Berger 2024-05-28 13:51:06 UTC 
I can recreate the issue when upgrading to 0.8.1-11 from 0.8.1-10 but not when downgrading from -11 to -10.

Here is one relevant scripts in swtpm-selinux-0.8.1-11.fc40.noarch:

postinstall scriptlet (using /bin/sh):
for pp in /usr/share/selinux/packages/swtpm.pp \
          /usr/share/selinux/packages/swtpm_svirt.pp \
          /usr/share/selinux/packages/swtpm_libvirt.pp; do

if [ -e /etc/selinux/config ]; then
  . /etc/selinux/config
fi
_policytype=targeted
if [ -z "${_policytype}" ]; then
  _policytype="targeted"
fi
if [ "${SELINUXTYPE}" = "${_policytype}" ]; then
  /usr/sbin/rm -rf /var/lib/selinux/${_policytype}/active/modules/400/extra_varrun        <--------------
  /usr/sbin/semodule -n -s ${_policytype} -X 200 -i ${pp} || :
  /usr/sbin/selinuxenabled && /usr/sbin/load_policy || :
  /usr/libexec/selinux/varrun-convert.sh ${_policytype}
fi

done
restorecon /usr/bin/swtpm


Here's the source from the rpm spec:

%post selinux
for pp in /usr/share/selinux/packages/swtpm.pp \
          /usr/share/selinux/packages/swtpm_svirt.pp \
          /usr/share/selinux/packages/swtpm_libvirt.pp; do
  %selinux_modules_install -s %{selinuxtype} ${pp}
done
restorecon %{_bindir}/swtpm

None of these have /usr/sbin/rm explicitly in them but they use macros:

/usr/lib/rpm/macros.d/macros.selinux-policy

# %selinux_modules_install [-s <policytype>] [-p <modulepriority>] module [module]...
%selinux_modules_install("s:p:") \
if [ -e /etc/selinux/config ]; then \
  . /etc/selinux/config \
fi \
_policytype=%{-s*} \
if [ -z "${_policytype}" ]; then \
  _policytype="targeted" \
fi \
if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \
  %{_bindir}/rm -rf %{_sharedstatedir}/selinux/${_policytype}/active/modules/400/extra_varrun || : \
  %{_sbindir}/semodule -n -s ${_policytype} -X %{!-p:200}%{-p*} -i %* || : \
  %{_sbindir}/selinuxenabled && %{_sbindir}/load_policy || : \
  %{_libexecdir}/selinux/varrun-convert.sh ${_policytype} || : \
fi \
%{nil}


_bindir changed?? I don't see changes in the swtpm.spec file related to _bindir.

Here's the --spec output for the -10 package:

postinstall scriptlet (using /bin/sh):
for pp in /usr/share/selinux/packages/swtpm.pp \
          /usr/share/selinux/packages/swtpm_svirt.pp \
          /usr/share/selinux/packages/swtpm_libvirt.pp; do

if [ -e /etc/selinux/config ]; then
  . /etc/selinux/config
fi
_policytype=targeted
if [ -z "${_policytype}" ]; then
  _policytype="targeted"
fi
if [ "${SELINUXTYPE}" = "${_policytype}" ]; then
  /usr/sbin/semodule -n -s ${_policytype} -X 200 -i ${pp} || :
  /usr/sbin/selinuxenabled && /usr/sbin/load_policy || :
fi

done
restorecon /usr/bin/swtpm


Ah, rm was added recently. I guess it must have been a temporary issue with the SELinux macros where rm was added maybe with {_sbindir}/rm .
Comment 2 Fedora Update System 2024-05-28 14:53:26 UTC 
FEDORA-2024-cc2e1f4871 (swtpm-0.8.1-12.fc40) has been submitted as an update to Fedora 40.
https://bodhi.fedoraproject.org/updates/FEDORA-2024-cc2e1f4871
Comment 3 Fedora Update System 2024-05-29 03:46:01 UTC 
FEDORA-2024-cc2e1f4871 has been pushed to the Fedora 40 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-cc2e1f4871`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-cc2e1f4871

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 4 Stefan Berger 2024-05-30 17:58:15 UTC 
*** Bug 2284009 has been marked as a duplicate of this bug. ***
Comment 5 Fedora Update System 2024-05-31 01:16:45 UTC 
FEDORA-2024-cc2e1f4871 (swtpm-0.8.1-12.fc40) has been pushed to the Fedora 40 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 6 Adam Williamson 2024-05-31 22:14:21 UTC 
Yeah, this was a bug in the selinux macros, I fixed it: https://src.fedoraproject.org/rpms/selinux-policy/c/e66f4c2f3673833ae0aac94fd60dbeb061c5b088?branch=rawhide

anything built while the macros were broken would have this bug if it used the broken macro. I couldn't figure out a reliable way to search and find them all, though.