Comment # 6 on bug 1172521 from
(In reply to Marketa Calabkova from comment #5)
> (In reply to Thorsten Kukuk from comment #4)

> > So the %post will never be executed again and can be removed, including the
> > PreReq line.
> 
> With the fix from 2016g it should at least be never executed twice :) .
> Removing the %post phase could cause some problems only to the systems where
> these files are not symlinks, so (according to you) systems which were last
> updated 10 years ago. Yes, there should be no such running system.

SLES 11 SP4, SLES12 and SLES15 have this code, so everybody updating from them
has in every case a "fixed" system. An upgrade from an older version (like SLES
11 SP3) is not supported. 

> Regarding the "PreReq: filesystem, coreutils": I see why it can be removed.
> Just by curiosity: Is it even possible that a system does not have these
> packages later than at the very beginning?

filesystem is always installed due to other dependencies, but in the end not
really required, as RPM will create the directories you need.
coreutils is not necessary installed, there are alternate implementations
possible like busybox-coreutils. If the %post is removed, the timezone package
does not need them anyways. But if %post stays, the "PreReq: coreutils" has to
be replaced with "Requires(post): /usr/bin/rm /usr/bin/ln", as this is what the
package needs.


> > Another question is the "%verify(not link md5 size mtime)
> > %{_datadir}/zoneinfo/posixrules" line.
> > This prevents our tools to find out if somebody tampered with /usr. Which is
> > already bad. As this file is coming from the package itself, I don't see a
> > need for it.
> 
> What does this %verify actually do, please?

The %verify tells rpm what it should do if you call "rpm -V". So this case, rpm
-V timezone will not verify, if the content of the link, the md5 checksum, size
or mtime has changed compared what got installed from the package.


> Yes, it could relink the symlink. And I wonder why this "obsolete" notice
> isn't in an installed man page... More of this, we actually use this feature
> in our spec file to generate posixrules.

The usage of "zic" in the build section is correct, and in the %install section
we have:
ln -sf /etc/localtime      %{buildroot}%{_prefix}/share/zoneinfo/posixrules

So removing the %verify from %{_prefix}/share/zoneinfo/posixrules should be Ok,
 don't see why it should be needed with the current package.


You are receiving this mail because: