Simplify the %post and %postinstall script stuff, it was broken

This approach had multiple problems. The most obvious is a typo - it had `%-bindir` instead of `%_bindir`. But you also cannot mix a %define into a %post script as was being done here, that just doesn't work, you can't track state between scriptlets like that. And the `%if` in %posttrans would be resolved at package build time, not at %posttrans run time. (I think the syntax was wrong anyway). This whole approach was irredeemably broken. To get things back to a working state quickly, let's just do it in a simple-but-dumb way: always run the scripts in %posttrans, run them in %post if `ln` is available (with the typo fixed). This means we'll often run them twice, but I don't think that actually hurts anything. We can refine from here if desired. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2020-06-16 12:43:54 -07:00 · 2020-06-16 12:43:54 -07:00 · a430e4124c
commit a430e4124c
parent 34155d6cbe
1 changed files with 5 additions and 7 deletions
--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@ -307,11 +307,10 @@ fi
 #  # when upgrading or downgrading
 #fi
 # if ln is available, go ahead and run the ca-legacy and update
-# scripts. If not, what until %posttrans.
-if [ -x %{-bindir}/ln ]; then
+# scripts. If not, wait until %posttrans.
+if [ -x %{_bindir}/ln ]; then
 %{_bindir}/ca-legacy install
 %{_bindir}/update-ca-trust
-%define caupdatecomplete 1
 fi

 %posttrans
@ -322,12 +321,11 @@ fi
 # ca-certificates depends on coreutils
 # coreutils depends on openssl
 # openssl depends on ca-certificates
-# in that case, we want to complete the install in
-# %posttrans when ln is available
-%if ! %{caupdatecomplete}
+# so we run the scripts here too, in case we couldn't run them in
+# post. If we *could* run them in post this is an unnecessary
+# duplication, but it shouldn't hurt anything
 %{_bindir}/ca-legacy install
 %{_bindir}/update-ca-trust
-%endif

 %files
 %dir %{_sysconfdir}/ssl