1 |
On Mon, Feb 21, 2011 at 05:49:59PM -0500, Anthony G. Basile wrote: |
2 |
> I am in agreement, but I hesitate because moving packages is a pita. If |
3 |
> it can be done with minimal disruption, then lets move in that |
4 |
> direction. Do you know what current sec-policy/selinux-* are in violation? |
5 |
|
6 |
A quick check shows: |
7 |
selinux-acpi (apm) |
8 |
selinux-audio-entropyd (audioentropy) |
9 |
selinux-courier-imap (courier) |
10 |
selinux-cyrus-sasl (sasl) |
11 |
selinux-desktop (xserver xfs mplayer mozilla java mono wine) |
12 |
selinux-ftpd (ftp) |
13 |
selinux-gnupg (gpg) |
14 |
selinux-hal (hal dmidecode) |
15 |
selinux-jabber-server (jabber) |
16 |
selinux-nfs (rpc) |
17 |
selinux-ucspi-tcp (ucspitcp) |
18 |
|
19 |
The other 193 packages do follow this convention already. |
20 |
|
21 |
I don't think we need to force a rename. We can just update the |
22 |
packages that depend on them (there aren't many yet, so the work should be |
23 |
limited) and let the old ones "die" (in a more ideal scenario, all |
24 |
sec-policy/ packages are pulled in as dependencies except for the |
25 |
selinux-base-policy one). Every time the parent packages are updated, we |
26 |
update the old package as well to become "empty". The new package contains |
27 |
a blocker on the old package which Portage hopefully resolves correctly (so |
28 |
that we don't have a file collision on the /usr/share/selinux/*/*.pp files). |
29 |
|
30 |
Or, in somewhat more schematic approach... |
31 |
|
32 |
Phase 1 (as-is) |
33 |
=============== |
34 |
|
35 |
app-crypt/gnupg-A dependson sec-policy/selinux-gnupg-X |
36 |
|
37 |
Phase 2 |
38 |
======= |
39 |
|
40 |
In one "commit": update gnupg (A->B), selinux-gnupg (X->Y), introduce |
41 |
selinux-gpg. As a result, Portage will install selinux-gpg. The blocker |
42 |
tells Portage that selinux-gnupg needs to be updated (towards the "empty" |
43 |
package) first. For SELinux itself, this doesn't matter as the policy module |
44 |
is loaded (even when it has disappeared from /usr/share/selinux/*/*.pp) |
45 |
|
46 |
app-crypt/gnupg-B dependson sec-policy/selinux-gpg-1 |
47 |
sec-policy/selinux-gnupg-Y blocks !~sec-policy/selinux-gnupg-X |
48 |
|
49 |
Phase 3 (fade-out) |
50 |
================== |
51 |
|
52 |
sec-policy/selinux-gnupg is removed from Portage tree. |
53 |
|
54 |
|
55 |
|
56 |
BTW, the selinux-desktop one is a weird one and my suggestion would be to |
57 |
purge it (it's not manageable). |
58 |
|
59 |
Wkr, |
60 |
Sven Vermeulen |