From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ZNcT5sFF;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by passt.top (Postfix) with ESMTPS id C8F9C5A061E
	for <passt-dev@passt.top>; Thu, 13 Nov 2025 13:04:09 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1763035448;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=XQzKYLx9jILaHVhIcgpfNjeSYIRyp4lA13BA66yqe+M=;
	b=ZNcT5sFFWr/3pGEOj+qQpidmRDhppRPyAw1LKVvS6MhxzzeYVk/WrSraxmDcijnaMcbheR
	vzYZTYJgRsiVL8X2aAgC6Fl0C6QTyN8MGt96EeP8VmVsOsh2J7EQOvSNh60NAyefblSZbe
	EEui2gt27n+ngnjUpJgsiYOEn8fateY=
Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com
 [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-416-4yZS6-m-MYuspHYeJcOMug-1; Thu, 13 Nov 2025 07:04:07 -0500
X-MC-Unique: 4yZS6-m-MYuspHYeJcOMug-1
X-Mimecast-MFC-AGG-ID: 4yZS6-m-MYuspHYeJcOMug_1763035446
Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-6409cea8137so1312882a12.1
        for <passt-dev@passt.top>; Thu, 13 Nov 2025 04:04:07 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1763035446; x=1763640246;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=XQzKYLx9jILaHVhIcgpfNjeSYIRyp4lA13BA66yqe+M=;
        b=rzltSDZF82kvOxJX6ilLbc0ZSl2Dk7BcFQ9loU21d5HWE11Zf6Zx+KzlEOFdKlClhO
         ncQXkrE5zf6qaUxF5ffShAjQH8VO9MwRScToKDK5Mme/uEhoWVQ0uOmDuEdK87bOJ7jh
         ZecmjSc7VQMuuqwb1jy8PxP5j5AnU1oP+VJyzSPkDZK3fInMvCvY607TFGKEMs+fvW7k
         3wHwITUmkvb+gA4dPDOpNLt2EqerbFG0vfVeRkmR3A1nJsHXzjEUq6soZw4vBSfVOPYf
         OYIMd6O7v15a2Rw7cBNt6/x4p3LQ2ZxzF2hdyKpqRnf2PEQ1C9cYkYH7o0+pdz/b64Pr
         eO0A==
X-Forwarded-Encrypted: i=1; AJvYcCW+Cvp0evVS/x7XhaF23VyKSLP17ISCiUDQGj5+3e2UzYhKunS4IhvYwb7glbcBRzV3LgpBnO9VHX8=@passt.top
X-Gm-Message-State: AOJu0Yx8YEMou9dL8JT7dZM6VCZOR3J49tlycqDBShW8K0gS1Fcd658M
	djDQqtrm0TWFPupxceN574tj30UhffCbzvHwYX9sBCuTlw4N6a6q1g1+lGZv5NCA83n881WfewQ
	s4Iu6oLBLq0bUdRjzGpunwRgpM1wPIpFH2iEKGada9iFwsH5n258CAQ==
X-Gm-Gg: ASbGncsalFNpxD28dQ4ZUCscY6lweqQrgljE0CYjrv9cRXeTsqTezdq5O5G6wfZgtDA
	eEFH0ZSEMX+myYphHKoPRnPiPauQ9elQDpymJUrpUiA2d+6vV/Jbzv6qraqCIwSjw91gO6rhJ9R
	JfOOxDm1yrLZxWNReRx4s1IXMMT9odjC1wuYN+IjVhwE74Yl/Bz73B2pOnfYfEVI+chYw8BmT+U
	ulV5njcXMccX9mA2NXCsIxTyzl8nYFhzanBiSTJH0qeno82OU+c5Qb1Azt6UbFaeXBc7/P5GwWL
	LGwpA/gca7EE6+TgFURPXAf/JwWmvOZf1OcA2AujL7jNpUnSEa7Qmg+HKM5FKbEnE/E5RYSEHkx
	b
X-Received: by 2002:aa7:da52:0:b0:641:5a05:c72f with SMTP id 4fb4d7f45d1cf-64334d04c99mr1819809a12.16.1763035446055;
        Thu, 13 Nov 2025 04:04:06 -0800 (PST)
X-Google-Smtp-Source: AGHT+IF2Go3PqV43alIzypJiDL6SxXF16AyynPXOwrJKStiepUhqtx812iAK9ei4pPY4wrK4LRLQOA==
X-Received: by 2002:aa7:da52:0:b0:641:5a05:c72f with SMTP id 4fb4d7f45d1cf-64334d04c99mr1819786a12.16.1763035445597;
        Thu, 13 Nov 2025 04:04:05 -0800 (PST)
Received: from [192.168.0.164] ([212.4.152.23])
        by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-6433a3f96e2sm1357819a12.16.2025.11.13.04.04.03
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Thu, 13 Nov 2025 04:04:04 -0800 (PST)
Message-ID: <4c552ad9-ab11-4011-aee8-1f9f1246f863@redhat.com>
Date: Thu, 13 Nov 2025 13:04:02 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH] spec: use %selinux_requires macro, drop overlapping
 dependencies
To: Stefano Brivio <sbrivio@redhat.com>, passt-dev@passt.top
References: <20251113072256.4034068-1-contact@danishpraka.sh>
 <8b1f10d9a674474e6d042b27cdee8d230bd15c0c.camel@maxchernoff.ca>
 <20251113121014.7c89b322@elisabeth>
From: Vit Mojzis <vmojzis@redhat.com>
In-Reply-To: <20251113121014.7c89b322@elisabeth>
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: pw_fHW2YBX2a26o1eSVmYpZnY46UZC5thFriWV1SKHM_1763035446
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-MailFrom: vmojzis@redhat.com
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation
Message-ID-Hash: U7PWP4WVU5NUB6UO3SFGH6MQ5WGPIODS
X-Message-ID-Hash: U7PWP4WVU5NUB6UO3SFGH6MQ5WGPIODS
X-Mailman-Approved-At: Thu, 13 Nov 2025 13:40:12 +0100
CC: Max Chernoff <git@maxchernoff.ca>, Danish Prakash <contact@danishpraka.sh>, pholzing@redhat.com
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/4c552ad9-ab11-4011-aee8-1f9f1246f863@redhat.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/U7PWP4WVU5NUB6UO3SFGH6MQ5WGPIODS/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

Hi,

On 11/13/25 12:10 PM, Stefano Brivio wrote:
> Adding Vit as author of some parts now changed by this patch. Full
> discussion thread at:
>
>    https://archives.passt.top/passt-dev/20251113072256.4034068-1-contact@danishpraka.sh/
>
> On Thu, 13 Nov 2025 02:47:42 -0700
> Max Chernoff <git@maxchernoff.ca> wrote:
>
>> Hi Danish,
>>
>> On Thu, 2025-11-13 at 12:52 +0530, Danish Prakash wrote:
>>> Also, drop unused preun policycoreutils requires.
>>>
>>> Signed-off-by: Danish Prakash <contact@danishpraka.sh>
>>> ---
>>>   contrib/fedora/passt.spec | 20 ++++++++------------
>>>   1 file changed, 8 insertions(+), 12 deletions(-)
>>>
>>> diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec
>>> index d1bcf4a74338..cab2bb4c409b 100644
>>> --- a/contrib/fedora/passt.spec
>>> +++ b/contrib/fedora/passt.spec
>>> @@ -34,19 +34,15 @@ for network namespaces: traffic is forwarded using a tap interface inside the
>>>   namespace, without the need to create further interfaces on the host, hence not
>>>   requiring any capabilities or privileges.
>>>
>>> -%package		selinux
>>> -BuildArch:		noarch
>>> -Summary:		SELinux support for passt and pasta
>>> -Requires:		selinux-policy-%{selinuxtype}
>>> -Requires:		container-selinux
>>> -Requires(post):		selinux-policy-%{selinuxtype}
>>> +%package		    selinux
>>> +BuildArch:		    noarch
>>> +Summary:		    SELinux support for passt and pasta
>>> +%selinux_requires
>> I think that we want "%selinux_requires_min" instead, since
>> "%selinux_requires" also pulls in "policycoreutils-python-utils" (and
>> hence all of Python).
Yes, we only recently added this option and selinux_requires_min is what 
you need as long as you're not using semanage (e.g. to customize booleans).

>>
>> (I'm not very familiar with spec files, but since the RPM macro
>> "%selinux_requires" is provided by the "selinux-policy" package, do we
>> also need to add a Requires/BuildRequires for that?)

Yes, BuildRequires: selinux-policy-devel is indeed needed (it will bring 
selinux-policy with it) for RPM to have access to the macro.
Please test all the "Requires" you removed, because unfortunately 
%selinux_requires gets expanded too late for some of the contents to 
matter (which is why I recomended using this set of "Requires"): 
https://fedoraproject.org/wiki/SELinux/IndependentPolicy#The_Preamble 
(It has been a few years since I tested it last though)

>>
>>> +Requires:		    container-selinux
>>> +Requires:		    selinux-policy-%{selinuxtype}
>> I think that "selinux-policy-%{selinuxtype}" is included via
>> "%selinux_requires" above.

It is not. %selinux_requires does not specify which one of 
selinux-policy-{mls|minimum|targeted|atomotive} to install.

>>
>>>   Requires(post):		container-selinux
>>> -Requires(post):		policycoreutils
>>> -Requires(post):		libselinux-utils
>>> -Requires(preun):	policycoreutils
>>> -BuildRequires:		selinux-policy-devel
>>> -BuildRequires:		pkgconfig(systemd)
>>> -Recommends:		selinux-policy-%{selinuxtype} >= %{selinux_policy_version}
>>> +Requires(post):		selinux-policy-%{selinuxtype}
>>> +Recommends:		    selinux-policy-%{selinuxtype} >= %{selinux_policy_version}
You can drop the Recommends, since that is part of the macro.
We recently replaced the original hard "Requires" with "Recommends" 
(along with a Requires for the "stable version"). So the original reason 
for removing the macro from your package is mostly gone.

Vit
>>>   %description selinux
>>>   This package adds SELinux enforcement to passt(1), pasta(1), passt-repair(1).
>> Everything else looks good to me.
>>
>> Thanks,
>> -- Max
>>