Is that really neccessary? Nevermind the bug in RPM that allows you to erase policycoreutlils without warning. A quick glance at the specfile makes me think that just fixing the %post scripts to politely look for restorecon before trying to call it. And policycoreutils has it's own baggage. Help, save us from dep bloat.
You can turn off all selinux parts/dependencies by selinux macro. But if we use selinux we need the restorecon and policycoreutils...
THat's my point. When one chooses not to use selinux, then bind should not create arbitrary dependencies. Especially when: - the deps are only in %post scripts that can be easily fixed with a simple [ -e /sbin/restorecon ] && /sbin/restorecon yadda - there already exists an unfixed bug in rpm that prevents enforcement of this dep until it's too late In other words, if they have bind and selinux, then restorecon sure. But why exactly is restorecon needed for bind without selinux? This is arbitrary and unneccsary complexity. Especially since policycoreutils drags in even *more* package deps.
I think the best fix could be put "[ -e /selinux/enforce ] && [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ;" into %if %{selinux} %endif statement. If exists bug in rpm it could be fixed in future and all could works fine. I'm going to fix this problem in rawhide