Daniel J Walsh wrote:
How about something like the following.
if [ -x /usr/sbin/selinuxenabled -a -f /etc/selinux/config ]; then
. /etc/selinux/config
POLICYFILE=/etc/selinux/%{type}/policy/policy.18
RPMPOLICYFILE=$POLICYFILE.rpmnew
if [ "${SELINUXTYPE}" = "%{type}" -a /usr/sbin/selinuxenabled -a \
-e $RPMPOLICYFILE -a \
$RPMPOLICYFILE -nt $POLICYFILE ]; then
diff -q $RPMPOLICYFILE $POLICYFILE > /dev/null ||
make -C /etc/selinux/%{type}/src/policy load > /dev/null 2>&1
fi
fi
*.rpmnew exists iff the original file was locally modified wrto the md5 contained
within the old package metadata is what to watch out for.
Left over *.rpmnew can/will exist from previous upgrades, nuking *.rpmnew
is recommended and perhaps will simplify some logic, and avoid clock skew issues.
inter-package existence tests like "-x /usr/sbin/selinuxenabled" are tricky
because when and where the scriptlet is run needs to be considered. You might
just as well add a Requires: and rely on the transaction being ordered correctly,
that is likelier to work predictably, and is a simpler script to write.
The whole scheme assumes that ${SELINUXTYPE} changes rarely, but
wot's a girl to do?HTH Isn't rpm annoying? ;-)
73 de Jeff
