Closed sopos closed 2 years ago
The scriptlet use rpm -V
directly to check for changed of fapolicyd.rules. Better way would be to use some internal call but I do not know if there is any.
There's also an updated test for the updated behavior https://github.com/RedHat-SP-Security/tests/tree/sopos-rules-d-default-rules-maintained/fapolicyd/Sanity/rules-d
We cannot use rpm inside of spec file scriptlets. It can result in undefined behavior(recursion).
As I noted, it would be good to replace it with something else, but I do not know with what. This rpm -V
actually works though.
This patch allows to identify the current rules are still the default ones. If so, the rules are to be updated automatically by rpm.
The same applies to package removal. If the rules are still the default ones, they'll be removed automatically by rpm.