RPM Community Forums

Mailing List Message of <rpm-devel>

Re: %post-script prerequisites

From: Jeff Johnson <n3npq@mac.com>
Date: Wed 24 Sep 2008 - 18:55:49 CEST
Message-id: <E7517678-B379-46C6-8E4D-37399EAB4A32@mac.com>

On Sep 24, 2008, at 12:42 PM, Alexey Tourbin wrote:

> On Wed, Sep 24, 2008 at 12:26:10PM -0400, Jeff Johnson wrote:
>> You do know that bash --rpm-requires will extract
>> dependencies for all scriptlets, not just %post and %preun,
>> automagically for several years now?
> Think about this again: package foo has program /usr/bin/update-foo,
> which is invoked in %post-script of the package.  The program is  
> linked
> with e.g. libglib-2.0.so.0(GLIB_2.18), and we have the dependency
> "Requires: libglib-2.0.so.0(GLIB_2.18)".  However, this is merely
> "Requires".  To run /usr/bin/update-foo in the %post script reliably,
> that must be "Requires(post)".  Or otherwise there's a possibility  
> that,
> despite topological reordering, glib2 gets installed or upgraded after
> foo, and so the %post scriptlet fails miserably.
> So, there's a general problem: if you both package a program and run
> it in the %post-script (in the very same package), then bare Requires
> are not enough: some of them (namely, which are used by the program)
> should also become Requires(post).


IMHO, there are several flaws in the above.

The fundamental flaw (imho) is trying to add secondary
dependencies to a package node in the dependency graph.

If the chain A -> B -> C is necessary for running /usr/bin/update-foo
in a script, then A should have
	Requires: B
and B should have
	Requires: C
and the dependency graph should be assembled dynamically,
not added statically to A.

Note that the implicit secondary dependencies duplicate
information, and duplicate information which differs is
a nightmare to diagnose.

rpm __MUST__ attempt to dynamically construct the
dependency graph. The reliability of the dynamic
construction of the dependency graph is as good (or bad) as
the dependency data. If you are missing
	Requires: C
in the B package which causes a scriptlet in A to fail,
the better approach is to attach the missing edge to B,
not to A.

Sure there are loops, and other impediments to turning
a graph into a tree that can be ordered. But adding secondary
dependencies to a package node doesn't begin to address
those issue, and (imho) actually makes matters worse because
the information is static, and can differ.

Also your claim

> To run /usr/bin/update-foo in the %post script reliably,
> that must be "Requires(post)".

is false. The "(post) marker limits the context where a
dependency applies, and does not improve reliability at all.

But have fun!

73 de Jeff
Received on Wed Sep 24 18:56:59 2008
Driven by Jeff Johnson and the RPM project team.
Hosted by OpenPKG and Ralf S. Engelschall.
Powered by FreeBSD and OpenPKG.