From: Danish Prakash <contact@danishpraka.sh>
To: Vit Mojzis <vmojzis@redhat.com>,
Stefano Brivio <sbrivio@redhat.com>,
passt-dev@passt.top
Cc: Max Chernoff <git@maxchernoff.ca>, pholzing@redhat.com
Subject: Re: [PATCH] spec: use %selinux_requires macro, drop overlapping dependencies
Date: Fri, 21 Nov 2025 18:03:43 +0530 [thread overview]
Message-ID: <348f23a8-c45a-4474-a287-ead01c9df6da@danishpraka.sh> (raw)
In-Reply-To: <4c552ad9-ab11-4011-aee8-1f9f1246f863@redhat.com>
On 11/13/25 5:34 PM, Vit Mojzis wrote:
>>>> -%package selinux
>>>> -BuildArch: noarch
>>>> -Summary: SELinux support for passt and pasta
>>>> -Requires: selinux-policy-%{selinuxtype}
>>>> -Requires: container-selinux
>>>> -Requires(post): selinux-policy-%{selinuxtype}
>>>> +%package selinux
>>>> +BuildArch: noarch
>>>> +Summary: SELinux support for passt and pasta
>>>> +%selinux_requires
>>> I think that we want "%selinux_requires_min" instead, since
>>> "%selinux_requires" also pulls in "policycoreutils-python-utils" (and
>>> hence all of Python).
> Yes, we only recently added this option and selinux_requires_min is what
> you need as long as you're not using semanage (e.g. to customize booleans).
I checked and it seems that %selinux_requires_min is available on >=F43;
I've added a conditional macro use in the patch (v2) and relying on
explicit Requires (same as before) for <F43. Is it possible to pull in a
specific version of selinux-policy-devel to rely on
%selinux_requires_min at all times?
>>> (I'm not very familiar with spec files, but since the RPM macro
>>> "%selinux_requires" is provided by the "selinux-policy" package, do we
>>> also need to add a Requires/BuildRequires for that?)
>
> Yes, BuildRequires: selinux-policy-devel is indeed needed (it will bring
> selinux-policy with it) for RPM to have access to the macro.
> Please test all the "Requires" you removed, because unfortunately
> %selinux_requires gets expanded too late for some of the contents to
> matter (which is why I recomended using this set of "Requires"):
> https://fedoraproject.org/wiki/SELinux/IndependentPolicy#The_Preamble
> (It has been a few years since I tested it last though)
I've tested local builds on F42 and F43, looks good to me, though if
there's a better way to test this, I'd love to do that as well.
regards!
--
danishpraka.sh
next prev parent reply other threads:[~2025-11-21 12:34 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-13 7:22 Danish Prakash
2025-11-13 9:47 ` Max Chernoff
2025-11-13 11:10 ` Stefano Brivio
2025-11-13 12:04 ` Vit Mojzis
2025-11-21 12:33 ` Danish Prakash [this message]
2025-11-21 12:47 ` [PATCH v2] spec: use %selinux_requires_min " Danish Prakash
2025-11-23 7:37 ` Max Chernoff
2025-11-27 22:33 ` Stefano Brivio
2025-12-08 10:37 ` Stefano Brivio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=348f23a8-c45a-4474-a287-ead01c9df6da@danishpraka.sh \
--to=contact@danishpraka.sh \
--cc=git@maxchernoff.ca \
--cc=passt-dev@passt.top \
--cc=pholzing@redhat.com \
--cc=sbrivio@redhat.com \
--cc=vmojzis@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).