From a430e4124c43385b25990e67bccd738471b452dd Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Jun 16 2020 19:43:54 +0000 Subject: Simplify the %post and %postinstall script stuff, it was broken This approach had multiple problems. The most obvious is a typo - it had `%-bindir` instead of `%_bindir`. But you also cannot mix a %define into a %post script as was being done here, that just doesn't work, you can't track state between scriptlets like that. And the `%if` in %posttrans would be resolved at package build time, not at %posttrans run time. (I think the syntax was wrong anyway). This whole approach was irredeemably broken. To get things back to a working state quickly, let's just do it in a simple-but-dumb way: always run the scripts in %posttrans, run them in %post if `ln` is available (with the typo fixed). This means we'll often run them twice, but I don't think that actually hurts anything. We can refine from here if desired. Signed-off-by: Adam Williamson --- diff --git a/ca-certificates.spec b/ca-certificates.spec index ba48c33..c777c67 100644 --- a/ca-certificates.spec +++ b/ca-certificates.spec @@ -307,11 +307,10 @@ fi # # when upgrading or downgrading #fi # if ln is available, go ahead and run the ca-legacy and update -# scripts. If not, what until %posttrans. -if [ -x %{-bindir}/ln ]; then +# scripts. If not, wait until %posttrans. +if [ -x %{_bindir}/ln ]; then %{_bindir}/ca-legacy install %{_bindir}/update-ca-trust -%define caupdatecomplete 1 fi %posttrans @@ -322,12 +321,11 @@ fi # ca-certificates depends on coreutils # coreutils depends on openssl # openssl depends on ca-certificates -# in that case, we want to complete the install in -# %posttrans when ln is available -%if ! %{caupdatecomplete} +# so we run the scripts here too, in case we couldn't run them in +# post. If we *could* run them in post this is an unnecessary +# duplication, but it shouldn't hurt anything %{_bindir}/ca-legacy install %{_bindir}/update-ca-trust -%endif %files %dir %{_sysconfdir}/ssl