Limit %selinux_requires to version, not release

Using exact NVR dependencies works well within RPMS from a single SRPM,
but otherwise relies on assumptions which do not always hold out.
Because %release includes %dist, this is particularly fragile in the
context of the Rawhide->ELN->c10s build pipeline.  For instance, if a
package which uses %selinux_requires gets built for ELN with the rawhide
selinux-policy, then .fcNN will be hardcoded into the ELN build, and the
ELN build with .elnNNN will never meet the condition (since f > e).
This commit is contained in:
Yaakov Selkowitz 2024-01-02 11:15:16 -05:00
parent 68923ff3dd
commit e46b929e63

View File

@ -24,7 +24,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 40.8
Release: 1%{?dist}
Release: 2%{?dist}
License: GPL-2.0-or-later
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
Source1: modules-targeted-base.conf
@ -486,7 +486,7 @@ mv %{buildroot}%{_datadir}/man/man8/style.css %{buildroot}%{_datadir}/selinux/de
mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d
install -m 644 %{SOURCE102} %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy
sed -i 's/SELINUXPOLICYVERSION/%{version}-%{release}/' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy
sed -i 's/SELINUXPOLICYVERSION/%{version}/' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy
sed -i 's@SELINUXSTOREPATH@%{_sharedstatedir}/selinux@' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy
mkdir -p %{buildroot}%{_unitdir}
@ -814,6 +814,9 @@ exit 0
%endif
%changelog
* Tue Jan 02 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 40.8-2
- Limit %%selinux_requires to version, not release
* Thu Dec 21 2023 Zdenek Pytela <zpytela@redhat.com> - 40.8-1
- Allow hypervkvp_t write access to NetworkManager_etc_rw_t
- Add interface for write-only access to NetworkManager rw conf