On 11/13/25 5:34 PM, Vit Mojzis wrote:
-%package selinux -BuildArch: noarch -Summary: SELinux support for passt and pasta -Requires: selinux-policy-%{selinuxtype} -Requires: container-selinux -Requires(post): selinux-policy-%{selinuxtype} +%package selinux +BuildArch: noarch +Summary: SELinux support for passt and pasta +%selinux_requires I think that we want "%selinux_requires_min" instead, since "%selinux_requires" also pulls in "policycoreutils-python-utils" (and hence all of Python). Yes, we only recently added this option and selinux_requires_min is what you need as long as you're not using semanage (e.g. to customize booleans).
I checked and it seems that %selinux_requires_min is available on >=F43;
I've added a conditional macro use in the patch (v2) and relying on
explicit Requires (same as before) for (I'm not very familiar with spec files, but since the RPM macro
"%selinux_requires" is provided by the "selinux-policy" package, do we
also need to add a Requires/BuildRequires for that?) Yes, BuildRequires: selinux-policy-devel is indeed needed (it will bring
selinux-policy with it) for RPM to have access to the macro.
Please test all the "Requires" you removed, because unfortunately
%selinux_requires gets expanded too late for some of the contents to
matter (which is why I recomended using this set of "Requires"):
https://fedoraproject.org/wiki/SELinux/IndependentPolicy#The_Preamble
(It has been a few years since I tested it last though) I've tested local builds on F42 and F43, looks good to me, though if
there's a better way to test this, I'd love to do that as well.
regards!
--
danishpraka.sh