The commands should always end || : , because by policy we should
ensure RPM scriptlets always exit 0:
https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax
Also, rm is in _bindir, not _sbindir.
This seems to have caused a failed test for an nbdkit update:
https://openqa.fedoraproject.org/tests/2628713#
the live image build failed because of a scriptlet error that
seems to be caused by this:
INFO:anaconda.modules.payloads.payload.dnf.transaction_progress:Configuring (running scriptlet for): nbdkit-selinux-1.39.6-1.fc41.noarch 1715870254 02561380439e4e22473970fa46db331b277dc254650fdcb96130a056cadaf02f
INFO:dnf.rpm:/var/tmp/rpm-tmp.ycmrWv: line 10: /usr/sbin/rm: No such file or directory
warning: %post(nbdkit-selinux-1.39.6-1.fc41.noarch) scriptlet failed, exit status 1
ERROR:dnf.rpm:Error in POSTIN scriptlet in rpm package nbdkit-selinux
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Various updating and installing scenarios are now supported:
- using rpm triggers for other packages in selinux-policy
- inside the selinux_modules_install and selinux_modules_uninstall
rpm macros when selinux subpackages are being built
Remove git from BuildRequires in %selinux_requires
In %selinux_requires macro, as part of BuildRequires is also git
package. It looks like some leftover and this commit removes it.
Upstream repo: https://github.com/fedora-selinux/selinux-policy-macros
There's no unified practice how to install SELinux modules from packages
and how to relabel a filesystem after the change. This update provides
several new macros which should help maintainers with the process.
%selinux_relabel_pre [-s <policytype>]
- backups the current file_contexts for later use with fixfiles
%selinux_relabel_post [-s <policytype>]
- relabels a filesystem based on changes in file_contexts using fixfiles
%selinux_modules_install [-s <policytype>] module [module]...
%selinux_modules_uninstall [-s <policytype>] module [module]...
- install and uninstall modules to the priority 200