Bug 971429

Summary: Postinstall scriptlet for tomcat6 and tomcat7 not executed in update
Product: [JBoss] JBoss Enterprise Web Server 2 Reporter: Michal Haško <mhasko>
Component: tomcat6, tomcat7Assignee: David Knox <dknox>
Status: CLOSED CURRENTRELEASE QA Contact: Libor Fuka <lfuka>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 2.0.1, unspecifiedCC: jclere, jdoyle, lfuka, mhasko, mhusnain, myarboro, pslavice, rsvoboda, weli
Target Milestone: ---   
Target Release: 2.0.1   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
When an existing package was upgraded in JBoss Enterprise Web Server, the postinstall script for tomcat6 and tomcat7 were not run. As a result, selinux policies were not updated after the upgrade. A fix is included in JBoss Enterprise Web Server 2.0.1 to address this problem. As a result, the postinstall script is run after an upgrade as expected and selinux policies update.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-03 12:57:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
propose patch none

Description Michal Haško 2013-06-06 13:35:15 UTC 
Description of problem:
The postinstall scriptlet of tomcat6 and tomcat7 is not executed when upgrading an already existed package. This results in the selinux policies not being updated.

Cause of the problem:
if [ $1 -eq 1 ] ... then
   ...
   /usr/sbin/semodule -i /etc/tomcat6/selinux/packages/tomcat6/tomcat6.pp 2>/dev/null ||:
fi

The usage of [ $1 -eq 1 ] prevents the underlying code to be executed after upgrade of package. (see http://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Syntax)
Also, calling semodule in the scriptlet was previously broken (see bz#969002), so the policy was not installed at all. So upgrading tomcat would still not install the policy.

Version-Release number of selected component (if applicable):
tomcat6-6.0.37-3_patch_01.ep6.el6
tomcat6-6.0.37-3_patch_01.ep6.el5
tomcat7-7.0.40-1_patch_01.ep6.el6
tomcat7-7.0.40-2_patch_01.ep6.el5
Comment 1 Misha H. Ali 2013-06-14 06:28:34 UTC 
Are you sure this is a resolved issue, Libor? I can't spot any details about the fix so have created a fairly general release note entry.
Comment 2 Libor Fuka 2013-06-14 07:06:48 UTC 
It will be fixed in CR2.
Comment 3 David Knox 2013-06-17 15:27:57 UTC 
Created attachment 762071 [details]
propose patch

please review and comment.
Comment 8 Michal Haško 2013-06-26 14:14:34 UTC 
A problem is still present in postinstall scriptlet of tomcat7-7.0.40-8_patch_01.ep6.el5

/usr/sbin/semodule -i /etc/tomcat7/selinux/packages/tomcat7/tomcat7.pp %2>/dev/null ||:

There is syntactic error at the redirection which causes semodule to fail.
Comment 11 David Knox 2013-06-27 21:54:18 UTC 
it's fixed in git. affected only the ep-6-rhel-5 branch of tomcat7.
Comment 12 Jean-frederic Clere 2013-06-28 05:37:17 UTC 
blocker?
Something like can't update = yes it is a blocker.
Bug still present (policy not updated) = no it isn't a blocker.
Comment 13 Michal Haško 2013-06-28 12:11:01 UTC 
VERIFIED on:
tomcat6-6.0.37-8_patch_01.ep6.el5
tomcat7-7.0.40-9_patch_01.ep6.el5
tomcat6-6.0.37-10_patch_01.ep6.el6
tomcat7-7.0.40-5_patch_01.ep6.el6