| 1 |
On Mon, Feb 21, 2011 at 05:49:59PM -0500, Anthony G. Basile wrote: |
| 2 |
> I am in agreement, but I hesitate because moving packages is a pita. If |
| 3 |
> it can be done with minimal disruption, then lets move in that |
| 4 |
> direction. Do you know what current sec-policy/selinux-* are in violation? |
| 5 |
|
| 6 |
A quick check shows: |
| 7 |
selinux-acpi (apm) |
| 8 |
selinux-audio-entropyd (audioentropy) |
| 9 |
selinux-courier-imap (courier) |
| 10 |
selinux-cyrus-sasl (sasl) |
| 11 |
selinux-desktop (xserver xfs mplayer mozilla java mono wine) |
| 12 |
selinux-ftpd (ftp) |
| 13 |
selinux-gnupg (gpg) |
| 14 |
selinux-hal (hal dmidecode) |
| 15 |
selinux-jabber-server (jabber) |
| 16 |
selinux-nfs (rpc) |
| 17 |
selinux-ucspi-tcp (ucspitcp) |
| 18 |
|
| 19 |
The other 193 packages do follow this convention already. |
| 20 |
|
| 21 |
I don't think we need to force a rename. We can just update the |
| 22 |
packages that depend on them (there aren't many yet, so the work should be |
| 23 |
limited) and let the old ones "die" (in a more ideal scenario, all |
| 24 |
sec-policy/ packages are pulled in as dependencies except for the |
| 25 |
selinux-base-policy one). Every time the parent packages are updated, we |
| 26 |
update the old package as well to become "empty". The new package contains |
| 27 |
a blocker on the old package which Portage hopefully resolves correctly (so |
| 28 |
that we don't have a file collision on the /usr/share/selinux/*/*.pp files). |
| 29 |
|
| 30 |
Or, in somewhat more schematic approach... |
| 31 |
|
| 32 |
Phase 1 (as-is) |
| 33 |
=============== |
| 34 |
|
| 35 |
app-crypt/gnupg-A dependson sec-policy/selinux-gnupg-X |
| 36 |
|
| 37 |
Phase 2 |
| 38 |
======= |
| 39 |
|
| 40 |
In one "commit": update gnupg (A->B), selinux-gnupg (X->Y), introduce |
| 41 |
selinux-gpg. As a result, Portage will install selinux-gpg. The blocker |
| 42 |
tells Portage that selinux-gnupg needs to be updated (towards the "empty" |
| 43 |
package) first. For SELinux itself, this doesn't matter as the policy module |
| 44 |
is loaded (even when it has disappeared from /usr/share/selinux/*/*.pp) |
| 45 |
|
| 46 |
app-crypt/gnupg-B dependson sec-policy/selinux-gpg-1 |
| 47 |
sec-policy/selinux-gnupg-Y blocks !~sec-policy/selinux-gnupg-X |
| 48 |
|
| 49 |
Phase 3 (fade-out) |
| 50 |
================== |
| 51 |
|
| 52 |
sec-policy/selinux-gnupg is removed from Portage tree. |
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
BTW, the selinux-desktop one is a weird one and my suggestion would be to |
| 57 |
purge it (it's not manageable). |
| 58 |
|
| 59 |
Wkr, |
| 60 |
Sven Vermeulen |
Archives