This is pragmatic choice. (Upcomming) OpenSCAP-Daemon will need to
import openscap-containers python fragments. We decide to fail in
run-time when atomic features of OpenSCAP-Daemon are used on other
architectures.
The only reason is that /usr/bin/oscap-docker file has been previously
released (for 2 months) in openscap-utils package. On the other hand
architecture of oscap-docker changed and now requires atomic to run.
Update to the latest upstream. Upstream dropped selinux policy due to
bug rhbz#1209969. We should drop the sub-package as well. However, we
cannot obsolete selinux noarch sub-package from base package that is
arch. Otherwise we risk for things to slip through cracks as they did
with rhbz#1028706. Ideas?
Also introduce new probe for symlink_test.
The symlink libopenscap_sce.so is supposed to be consumed
by linker, but not by a run-time. The symlink is not assured
to point-out to the latest shared object (otherwise libtool
authors would not introduced such symlink).
This fix should enable use of SCE without openscap-engine-sce-devel
package installed.
The scap-secrity-guide package will bring this directive instead.
Addressing (rhbz#1028706):
openscap update incorrectly pulls in piles of 32bit packages
The Packaging:Guidelines#Requiring_Base_Package explicitly prohibits this
by:
When a subpackage requires the base package, it must do so using
a fully versioned arch-specific (for non-noarch packages) dependency.
^^^
Addressing:
BuildError: mismatch when analyzing openscap-content-sectool-0.9.13-5.fc21.noarch.rpm, rpmdiff output was:
removed REQUIRES openscap(armv7hl-32) = 0.9.13-5.fc21
removed REQUIRES openscap-engine-sce(armv7hl-32)
added REQUIRES openscap(x86-64) = 0.9.13-5.fc21
added REQUIRES openscap-engine-sce(x86-64)