From e46b929e63a802082e950670d9f2fe8c03af751b Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Tue, 2 Jan 2024 11:15:16 -0500 Subject: [PATCH] Limit %selinux_requires to version, not release Using exact NVR dependencies works well within RPMS from a single SRPM, but otherwise relies on assumptions which do not always hold out. Because %release includes %dist, this is particularly fragile in the context of the Rawhide->ELN->c10s build pipeline. For instance, if a package which uses %selinux_requires gets built for ELN with the rawhide selinux-policy, then .fcNN will be hardcoded into the ELN build, and the ELN build with .elnNNN will never meet the condition (since f > e). --- selinux-policy.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index 3de0b71a..ab7e7cad 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -24,7 +24,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 40.8 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: modules-targeted-base.conf @@ -486,7 +486,7 @@ mv %{buildroot}%{_datadir}/man/man8/style.css %{buildroot}%{_datadir}/selinux/de mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d install -m 644 %{SOURCE102} %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy -sed -i 's/SELINUXPOLICYVERSION/%{version}-%{release}/' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy +sed -i 's/SELINUXPOLICYVERSION/%{version}/' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy sed -i 's@SELINUXSTOREPATH@%{_sharedstatedir}/selinux@' %{buildroot}%{_rpmconfigdir}/macros.d/macros.selinux-policy mkdir -p %{buildroot}%{_unitdir} @@ -814,6 +814,9 @@ exit 0 %endif %changelog +* Tue Jan 02 2024 Yaakov Selkowitz - 40.8-2 +- Limit %%selinux_requires to version, not release + * Thu Dec 21 2023 Zdenek Pytela - 40.8-1 - Allow hypervkvp_t write access to NetworkManager_etc_rw_t - Add interface for write-only access to NetworkManager rw conf