From bbd4056045501a5e9cbe756ecd19872ad7a69d72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 13 Jul 2024 20:10:04 +0200 Subject: [PATCH] Call binaries without full path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin, programs are moved from /usr/sbin/alternatives to /usr/bin/alternatives. Provisions have been made to create a compat symlink on traditional systems, so that both paths work and packages that use paths under /usr/sbin do not need to be rebuilt. Unfortunately, on ostree systems, the compat symlinks are missing, so using absolute paths causes problems (https://bodhi.fedoraproject.org/updates/FEDORA-2024-3aafcac6a8). There is no reason for or benefit from specifying the full path to binaries in scriptlets because the scriptlets are called with a well-defined $PATH. When we drop the full path, they work fine no matter where exactly the binary is installed. An additional problem with full paths is that they are specified using macros, and the macro works fine within a package, but they is no guarantee that different builds of different packages at different times use the same definition of %_sbindir. I also changed /bin/echo → echo. The shell builtin is good enough, we don't need to spawn a separate process. Related: RHEL-54303 --- rpm.macros | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/rpm.macros b/rpm.macros index 6661955c..c5c73772 100644 --- a/rpm.macros +++ b/rpm.macros @@ -55,9 +55,9 @@ if [ -z "${_policytype}" ]; then \ _policytype="targeted" \ fi \ if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ - %{_bindir}/rm -rf %{_sharedstatedir}/selinux/${_policytype}/active/modules/400/extra_varrun || : \ - %{_sbindir}/semodule -n -s ${_policytype} -X %{!-p:200}%{-p*} -i %* || : \ - %{_sbindir}/selinuxenabled && %{_sbindir}/load_policy || : \ + rm -rf %{_sharedstatedir}/selinux/${_policytype}/active/modules/400/extra_varrun || : \ + semodule -n -s ${_policytype} -X %{!-p:200}%{-p*} -i %* || : \ + selinuxenabled && load_policy || : \ %{_libexecdir}/selinux/varrun-convert.sh ${_policytype} || : \ fi \ %{nil} @@ -73,9 +73,9 @@ if [ -z "${_policytype}" ]; then \ fi \ if [ $1 -eq 0 ]; then \ if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ - %{_bindir}/rm -rf %{_sharedstatedir}/selinux/${_policytype}/active/modules/400/extra_varrun || : \ - %{_sbindir}/semodule -n -X %{!-p:200}%{-p*} -s ${_policytype} -r %* &> /dev/null || : \ - %{_sbindir}/selinuxenabled && %{_sbindir}/load_policy || : \ + rm -rf %{_sharedstatedir}/selinux/${_policytype}/active/modules/400/extra_varrun || : \ + semodule -n -X %{!-p:200}%{-p*} -s ${_policytype} -r %* &> /dev/null || : \ + selinuxenabled && load_policy || : \ %{_libexecdir}/selinux/varrun-convert.sh ${_policytype} || : \ fi \ fi \ @@ -83,7 +83,7 @@ fi \ # %selinux_relabel_pre [-s ] %selinux_relabel_pre("s:") \ -if %{_sbindir}/selinuxenabled; then \ +if selinuxenabled; then \ if [ -e /etc/selinux/config ]; then \ . /etc/selinux/config \ fi \ @@ -107,9 +107,9 @@ _policytype=%{-s*} \ if [ -z "${_policytype}" ]; then \ _policytype="targeted" \ fi \ -if %{_sbindir}/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ +if selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ if [ -f %{_file_context_file_pre} ]; then \ - %{_sbindir}/fixfiles -C %{_file_context_file_pre} restore &> /dev/null \ + fixfiles -C %{_file_context_file_pre} restore &> /dev/null \ rm -f %{_file_context_file_pre} \ fi \ fi \ @@ -125,9 +125,9 @@ if [ -z "${_policytype}" ]; then \ _policytype="targeted" \ fi \ if [ -d "%{_selinux_store_policy_path}" ]; then \ - LOCAL_MODIFICATIONS=$(%{_sbindir}/semanage boolean -E) \ + LOCAL_MODIFICATIONS=$(semanage boolean -E) \ if [ ! -f %_file_custom_defined_booleans ]; then \ - /bin/echo "# This file is managed by macros.selinux-policy. Do not edit it manually" > %_file_custom_defined_booleans \ + echo "# This file is managed by macros.selinux-policy. Do not edit it manually" > %_file_custom_defined_booleans \ fi \ semanage_import='' \ for boolean in %*; do \ @@ -138,20 +138,20 @@ if [ -d "%{_selinux_store_policy_path}" ]; then \ semanage_import="${semanage_import}\\nboolean -m -$boolean_value $boolean_name" \ boolean_customized_string=$(grep "$boolean_name\$" %_file_custom_defined_booleans | tail -n 1) \ if [ -n "$boolean_customized_string" ]; then \ - /bin/echo $boolean_customized_string >> %_file_custom_defined_booleans \ + echo $boolean_customized_string >> %_file_custom_defined_booleans \ else \ - /bin/echo $boolean_local_string >> %_file_custom_defined_booleans \ + echo $boolean_local_string >> %_file_custom_defined_booleans \ fi \ else \ semanage_import="${semanage_import}\\nboolean -m -$boolean_value $boolean_name" \ - boolean_default_value=$(LC_ALL=C %{_sbindir}/semanage boolean -l | grep "^$boolean_name " | sed 's/[^(]*([^,]*, *\\(on\\|off\\).*/\\1/') \ - /bin/echo "boolean -m --$boolean_default_value $boolean_name" >> %_file_custom_defined_booleans \ + boolean_default_value=$(LC_ALL=C semanage boolean -l | grep "^$boolean_name " | sed 's/[^(]*([^,]*, *\\(on\\|off\\).*/\\1/') \ + echo "boolean -m --$boolean_default_value $boolean_name" >> %_file_custom_defined_booleans \ fi \ done; \ - if %{_sbindir}/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ - /bin/echo -e "$semanage_import" | %{_sbindir}/semanage import -S "${_policytype}" \ + if selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ + echo -e "$semanage_import" | semanage import -S "${_policytype}" \ elif test -d /usr/share/selinux/"${_policytype}"/base.lst; then \ - /bin/echo -e "$semanage_import" | %{_sbindir}/semanage import -S "${_policytype}" -N \ + echo -e "$semanage_import" | semanage import -S "${_policytype}" -N \ fi \ fi \ %{nil} @@ -177,10 +177,10 @@ if [ -d "%{_selinux_store_policy_path}" ]; then \ fi \ fi \ done; \ - if %{_sbindir}/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ - /bin/echo -e "$semanage_import" | %{_sbindir}/semanage import -S "${_policytype}" \ + if selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ + echo -e "$semanage_import" | semanage import -S "${_policytype}" \ elif test -d /usr/share/selinux/"${_policytype}"/base.lst; then \ - /bin/echo -e "$semanage_import" | %{_sbindir}/semanage import -S "${_policytype}" -N \ + echo -e "$semanage_import" | semanage import -S "${_policytype}" -N \ fi \ fi \ %{nil}