On Jan 19, 2014 8:57 PM, "Michael Schwendt" <mschwendt@xxxxxxxxx> wrote:
>
> On Sun, 19 Jan 2014 20:32:26 +0200, Jonathan Dieter wrote:
>
> > If scriptlet failures weren't fatal, we wouldn't have the problem we
> > have now with duplicate packages. We could have just pushed the selinux
> > update,
>
> After installing the previous bad update that breaks scriptlets, how would
> you activate the new selinux policy within the fixed package's %post scriptlet?
> Instead of updating to the package in permissive mode, you would need to
> run the scriptlet contents manually *and* still reinstall any package were
> the scriptlets failed.
I was focusing on the fact that scriptlet failures lead to duplicates in the rpm database, but, you're right, it's not the main problem.
I still think there's a good case for making scriptlet errors non - fatal, but, in this situation, it would have had a minimal benefit.
> > [...] then bumped the release for all updates in the last few pushes,
> > and then rebuilt them.
>
> How do you know which packages a user has tried to install/update _after_
> updating to the bad policy package? It could be any package within the package
> collection that would remain installed but broken because of the scriptlets bug.
> You assume that users have only applied the few updates following the bad
> selinux policy update.
ACK. I didn't think this part through properly.
Jonathan
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
