Created attachment 1583610 [details] kickstart file Description of problem: Kickstart installation of either: - @^xfce-desktop-environment and @workstation-product or - @^workstation-product-environment and @xfce-desktop fails with text: Error in POSTIN scriptlet in rpm package flatpak-selinux Leaving out the 2nd part works. Installing the 2nd part after installation is done works too. I could not select 'flatpak-selinux' as component in this bugzilla, hence I used 'flatpak'. Version-Release number of selected component (if applicable): flatpak-selinux-1.4.1-1.fc30.x86_64 How reproducible: easy, 100% Steps to Reproduce: 0. upload WS_lbox178 somewhere 1. download https://download.fedoraproject.org/pub/fedora/linux/releases/30/Workstation/x86_64/iso/Fedora-Workstation-netinst-x86_64-30-1.2.iso 2. start computer with that ISO file 3. in Fedora menu press tab key and use this text and press enter: vmlinuz initrd=initrd.img ks=http://path/to/WS_lbox178 4. wait for error message to appear Actual results: Installation aborts with text: ---8<--- Error The following error occurred while installing. This is a fatal error and installation will be aborted. DNF error: Error in POSTIN scriptlet in rpm package flatpak-selinux ---8<--- Expected results: installation should finish without problem or error message. Like it did some weeks ago. Additional info: Workarounds: 1) add "-flatpak-selinux" to %packages 2) use only "fedora" repository for installation; do not use "updates" repository
Created attachment 1583611 [details] a file from /tmp ; output of RPM packages
Created attachment 1583612 [details] the other log files from /tmp
for what it is worth: I tracked the installed packages; put their names in the kickstart file; disabled the groups in the kickstart file, enabled "@^minimal-environment", and started another installation. The total number of packages was smaller than before. The installation finished without problems. The GNOME/Xfce combination is required to trigger the problem.
I also got this error and I think I found the root cause. flatpak-selinux has %post script: https://src.fedoraproject.org/rpms/flatpak/blob/f30/f/flatpak.spec#_167 %selinux_modules_install %{_datadir}/selinux/packages/flatpak.pp.bz2 which expands to: postinstall scriptlet (using /bin/sh): . /etc/selinux/config _policytype= if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -s ${_policytype} -X 200 -i /usr/share/selinux/packages/flatpak.pp.bz2 /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fi The problem is that /etc/selinux/config is in $ rpm -qf /etc/selinux/config selinux-policy-3.14.3-39.fc30.noarch however flatpak-selinux have only weak requires like this: Requires: selinux-policy >= %{_selinux_policy_version} however it must be the stronger (note the extra post) Requires(post): selinux-policy >= %{_selinux_policy_version} The problem can be seen in rpm db: $ rpm -q --qf '%{name} %{INSTALLTIME}\n' flatpak-selinux selinux-policy flatpak-selinux 1561488293 selinux-policy 1561488294 selinux-policy is installed after flatpak-selinux
Created attachment 1587455 [details] Protect sourcing of /etc/selinux/config Patch to protect all sourcing of /etc/selinux/config.
Sorry, should be added to https://bugzilla.redhat.com/show_bug.cgi?id=1723940