Bugzilla will be upgraded to version 5.0 on December 2, 2018. The outage period for the upgrade will start at 0:00 UTC and have a duration of 12 hours
Bug 971429 - Postinstall scriptlet for tomcat6 and tomcat7 not executed in update
Postinstall scriptlet for tomcat6 and tomcat7 not executed in update
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Web Server 2
Classification: JBoss
Component: tomcat6, tomcat7 (Show other bugs)
2.0.1,unspecified
Unspecified Linux
urgent Severity urgent
: ---
: 2.0.1
Assigned To: David Knox
Libor Fuka
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-06 09:35 EDT by Michal Haško
Modified: 2015-11-01 19:18 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
When an existing package was upgraded in JBoss Enterprise Web Server, the postinstall script for tomcat6 and tomcat7 were not run. As a result, selinux policies were not updated after the upgrade. A fix is included in JBoss Enterprise Web Server 2.0.1 to address this problem. As a result, the postinstall script is run after an upgrade as expected and selinux policies update.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-03 07:57:59 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
propose patch (2.48 KB, patch)
2013-06-17 11:27 EDT, David Knox
no flags Details | Diff

  None (edit)
Description Michal Haško 2013-06-06 09:35:15 EDT
Description of problem:
The postinstall scriptlet of tomcat6 and tomcat7 is not executed when upgrading an already existed package. This results in the selinux policies not being updated.

Cause of the problem:
if [ $1 -eq 1 ] ... then
   ...
   /usr/sbin/semodule -i /etc/tomcat6/selinux/packages/tomcat6/tomcat6.pp 2>/dev/null ||:
fi

The usage of [ $1 -eq 1 ] prevents the underlying code to be executed after upgrade of package. (see http://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Syntax)
Also, calling semodule in the scriptlet was previously broken (see bz#969002), so the policy was not installed at all. So upgrading tomcat would still not install the policy.

Version-Release number of selected component (if applicable):
tomcat6-6.0.37-3_patch_01.ep6.el6
tomcat6-6.0.37-3_patch_01.ep6.el5
tomcat7-7.0.40-1_patch_01.ep6.el6
tomcat7-7.0.40-2_patch_01.ep6.el5
Comment 1 Misha H. Ali 2013-06-14 02:28:34 EDT
Are you sure this is a resolved issue, Libor? I can't spot any details about the fix so have created a fairly general release note entry.
Comment 2 Libor Fuka 2013-06-14 03:06:48 EDT
It will be fixed in CR2.
Comment 3 David Knox 2013-06-17 11:27:57 EDT
Created attachment 762071 [details]
propose patch

please review and comment.
Comment 8 Michal Haško 2013-06-26 10:14:34 EDT
A problem is still present in postinstall scriptlet of tomcat7-7.0.40-8_patch_01.ep6.el5

/usr/sbin/semodule -i /etc/tomcat7/selinux/packages/tomcat7/tomcat7.pp %2>/dev/null ||:

There is syntactic error at the redirection which causes semodule to fail.
Comment 11 David Knox 2013-06-27 17:54:18 EDT
it's fixed in git. affected only the ep-6-rhel-5 branch of tomcat7.
Comment 12 Jean-frederic Clere 2013-06-28 01:37:17 EDT
blocker?
Something like can't update = yes it is a blocker.
Bug still present (policy not updated) = no it isn't a blocker.
Comment 13 Michal Haško 2013-06-28 08:11:01 EDT
VERIFIED on:
tomcat6-6.0.37-8_patch_01.ep6.el5
tomcat7-7.0.40-9_patch_01.ep6.el5
tomcat6-6.0.37-10_patch_01.ep6.el6
tomcat7-7.0.40-5_patch_01.ep6.el6

Note You need to log in before you can comment on or make changes to this bug.