sopos
commented
2 years ago The scriptlet use rpm -V directly to check for changed of fapolicyd.rules. Better way would be to use some internal call but I do not know if there is any.
Closed sopos closed 2 years ago
sopos
commented
2 years ago The scriptlet use rpm -V directly to check for changed of fapolicyd.rules. Better way would be to use some internal call but I do not know if there is any.
sopos
commented
2 years ago There's also an updated test for the updated behavior https://github.com/RedHat-SP-Security/tests/tree/sopos-rules-d-default-rules-maintained/fapolicyd/Sanity/rules-d
radosroka
commented
2 years ago We cannot use rpm inside of spec file scriptlets. It can result in undefined behavior(recursion).
sopos
commented
2 years ago As I noted, it would be good to replace it with something else, but I do not know with what. This rpm -V actually works though.
This patch allows to identify the current rules are still the default ones. If so, the rules are to be updated automatically by rpm.
The same applies to package removal. If the rules are still the default ones, they'll be removed automatically by rpm.