packaging: rpm scriptlet cleanup, handle -p /sbin/ldconfig

The RPM documention indicates that during an rpm install or erase, the
script(lets): %post, %preun, and %postun (and %pre, %build, %install,
etc.) are copied to a temp file, and then the temp file is run as a
(/bin/sh or bash) script.

Unfortunately the documentation is not clear about how rpmbuild and/or
rpm determine where the end of any scriptlet is when it is copied to
the file.

Most things in the key-manager.spec work correctly as is. These are the
%preun, %post, and %postun scriptlets that are "closed" by a following
%preun, %post, and %postun, or potentially another scriptlet, e.g.
%file.

The ones that don't work correctly (only one actually) are those where
there is a comment in the spec file before it is closed by another
scriptlet. Further complicating things is that the type of scriptlet
affects what rpm does and what `rpm -qp --scripts ...` shows.

The specific one that didn't work was the
"postun -n libkey-manager-client -p /sbin/ldconfig" scriptlet.
It is followed by a comment before being "closed" by the %files section (or
scriptlet). It can be written two ways:
"%postun -n libkey-manager-client\n/sbin/ldconfig"
or "%postun -n libkey-manager-client -p /sbin/ldconfig".
Either way it's written, `rpm -qp --scripts libkey-manager-client...`
will include the comment lines between the %postun line and the following %files line.

But the way rpm executes these depends on how they're written. If
written as "%postun -n libkey-manager-client\n/sbin/ldconfig" rpm will simply run
/sbin/ldconfig with no command line options, i.e.
  execve ("/sbin/ldconfig", [ "/sbin/ldconfig" ], [ ]);

But when written as "%postun -n libkey-manager-client -p /sbin/ldconfig",
it will copy the comment lines to a temp file, and pass the temp file name and "1"
 as (command line) parameters, i.e.
  execve ("/sbin/ldconfig", [ "/sbin/ldconfig", "/tmp/tmpXXXXXX", "1" ],
          [ ]);

Which results in ldconfig exiting with an error. (Remember, both ways show
the comment in `rpm -qp --scripts ...`)

Problematic comment line was removed and whole file comments style was adjusted.
Additionally some cleanup was performed.

Change-Id: I966f0930d7a7b46b401f399aaf2e5c748edc0a1f

diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec
index 7fd375c..7102e50 100644 (file)
--- a/packaging/key-manager.spec
+++ b/packaging/key-manager.spec
@@ -67,9 +67,6 @@ BuildRequires: lcov
 %global misc_dir %{?TZ_SYS_DATA:%TZ_SYS_DATA/ckm-misc}%{!?TZ_SYS_DATA:%/opt/data/ckm-misc}
 %global coverage_dir %{?TZ_SYS_DATA:%TZ_SYS_DATA/ckm-coverage}%{!?TZ_SYS_DATA:%/opt/data/ckm-coverage}
 %global bin_dir %{?TZ_SYS_BIN:%TZ_SYS_BIN}%{!?TZ_SYS_BIN:%_bindir}
-# image creation error occured if /usr/sbin used for ldconfig
-#%global sbin_dir %{?TZ_SYS_SBIN:%TZ_SYS_SBIN}%{!?TZ_SYS_SBIN:%_sbindir}
-%global sbin_dir /sbin
 %global ro_etc_dir %{?TZ_SYS_RO_ETC:%TZ_SYS_RO_ETC}%{!?TZ_SYS_RO_ETC:/etc}
 %global run_dir %{?TZ_SYS_RUN:%TZ_SYS_RUN}%{!?TZ_SYS_RUN:/var/run}
 %global initial_values_dir_ro %{ro_data_dir}/initial_values
@@ -86,8 +83,8 @@ application to sign and verify (DSA/RSA/ECDSA) signatures.
 Summary:    Central Key Manager (common libraries)
 Group:      Security/Libraries
 License:    Apache-2.0
-Requires(post): %{sbin_dir}/ldconfig
-Requires(postun): %{sbin_dir}/ldconfig
+Requires(post): /sbin/ldconfig
+Requires(postun): /sbin/ldconfig
 
 %description -n libkey-manager-common
 Central Key Manager package (common library)
@@ -98,8 +95,8 @@ Group:      Security/Libraries
 License:    Apache-2.0
 Requires:   key-manager = %{version}-%{release}
 Requires:   libkey-manager-common = %{version}-%{release}
-Requires(post): %{sbin_dir}/ldconfig
-Requires(postun): %{sbin_dir}/ldconfig
+Requires(post): /sbin/ldconfig
+Requires(postun): /sbin/ldconfig
 
 %description -n libkey-manager-client
 Central Key Manager package (client)
@@ -141,8 +138,8 @@ Group:      Security/Libraries
 License:    Apache-2.0
 BuildRequires: pam-devel
 Requires:   key-manager = %{version}-%{release}
-Requires(post): %{sbin_dir}/ldconfig
-Requires(postun): %{sbin_dir}/ldconfig
+Requires(post): /sbin/ldconfig
+Requires(postun): /sbin/ldconfig
 
 %description -n key-manager-pam-plugin
 CKM login/password module to PAM. Used to monitor user login/logout
@@ -155,8 +152,8 @@ License:    Apache-2.0
 BuildRequires: cmake
 BuildRequires: pkgconfig(openssl1.1)
 BuildRequires: pkgconfig(libxml-2.0)
-Requires(post): %{sbin_dir}/ldconfig
-Requires(postun): %{sbin_dir}/ldconfig
+Requires(post): /sbin/ldconfig
+Requires(postun): /sbin/ldconfig
 
 %description -n key-manager-initial-values
 Includes ckm_initial_values tool for initial values XML generation
@@ -231,9 +228,7 @@ make %{?jobs:-j%jobs}
 %install
 %make_install
 
-###############################################################################
 %if ! %{coverage_only}
-###############################################################################
 
 %install_service multi-user.target.wants central-key-manager.service
 %install_service sockets.target.wants central-key-manager-api-control.socket
@@ -242,9 +237,7 @@ make %{?jobs:-j%jobs}
 %install_service sockets.target.wants central-key-manager-api-encryption.socket
 cp -a %{SOURCE1001} %{SOURCE1002} %{SOURCE1003} %{SOURCE1004} %{buildroot}%{_datadir}/
 
-#################### ! %{coverage_only} #######################################
 %endif
-###############################################################################
 
 %pre
 # tzplatform-get sync breaked because of on-development situation. comment out just for temporary
@@ -271,7 +264,7 @@ cp -a %{SOURCE1001} %{SOURCE1002} %{SOURCE1003} %{SOURCE1004} %{buildroot}%{_dat
 #
 #id -u %{user_name} > /dev/null 2>&1
 #if [ $? -eq 1 ]; then
-#    useradd -d /var/lib/empty -s %{sbin_dir}/nologin -r -g %{group_name} %{user_name} > /dev/null 2>&1
+#    useradd -d /var/lib/empty -s /sbin/nologin -r -g %{group_name} %{user_name} > /dev/null 2>&1
 #fi
 
 %post
@@ -311,14 +304,12 @@ if [ $1 = 0 ]; then
     systemctl daemon-reload
 fi
 
-%post -n libkey-manager-common -p %{sbin_dir}/ldconfig
-%post -n libkey-manager-client -p %{sbin_dir}/ldconfig
-%postun -n libkey-manager-common -p %{sbin_dir}/ldconfig
-%postun -n libkey-manager-client -p %{sbin_dir}/ldconfig
+%post -n libkey-manager-common -p /sbin/ldconfig
+%post -n libkey-manager-client -p /sbin/ldconfig
+%postun -n libkey-manager-common -p /sbin/ldconfig
+%postun -n libkey-manager-client -p /sbin/ldconfig
 
-###############################################################################
 %if ! %{coverage_only}
-###############################################################################
 
 %files -n key-manager
 %manifest key-manager.manifest
@@ -401,9 +392,7 @@ fi
 %{bin_dir}/ckm_db_perf
 %misc_dir
 
-#################### ! %{coverage_only} #######################################
 %endif
-###############################################################################
 
 %files -n key-manager-unit-tests
 %manifest key-manager-unit-tests.manifest
@@ -412,15 +401,11 @@ fi
 %{bin_dir}/ckm-unit-tests
 %unit_tests_dir
 
-###############################################################################
 %if "%{build_type}" == "COVERAGE"
-###############################################################################
 
 %files -n key-manager-coverage
 %license LICENSE
 %{bin_dir}/key-manager-coverage.sh
 %coverage_dir
 
-#################### %{build_type} == COVERAGE ################################
 %endif
-###############################################################################