(Add BR: systemd although we may be able to move this section to EPEL guidelines: https://fedorahosted.org/fpc/ticket/318) |
(Texinfo scriplets are F27 only. https://pagure.io/packaging-committee/issue/773) |
||
| (46 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
< | {{DISPLAYTITLE:Fedora Packaging Guidelines for RPM Scriptlets}} | ||
<div style="float: right; margin-left: 0.5em;" class="toclimit-2">__TOC__</div> | |||
RPM spec files have several sections which allow packages to run code on installation and removal. These bits of code are called scriptlets and are mostly used to update the running system with information from the package. This page offers a quick overview of RPM scriptlets and a number of common recipes for scriptlets in packages. For a more complete treatment of scriptlets, please see the [http://www.rpm.org/max-rpm-snapshot/ Maximum RPM book]. | |||
The version of RPM in Fedora also has functionality to automatically run scripts when files are placed in certain locations. (See [http://www.rpm.org/wiki/FileTriggers].) This potentially obviates the need for most of the scriptlets on this page, but is not currently implemented in all cases where it could be. | |||
= Syntax = | == Default Shell == | ||
In Fedora, all scriptlets can safely assume they are running under the bash shell unless a different language has been specified. | |||
== Syntax == | |||
The basic syntax is similar to the %build, %install, and other sections of the rpm spec file. The scripts support a special flag, -p which allows the scriptlet to invoke a single program directly rather than having to spawn a shell to invoke the programs. (ie: %post -p /sbin/ldconfig) | The basic syntax is similar to the %build, %install, and other sections of the rpm spec file. The scripts support a special flag, -p which allows the scriptlet to invoke a single program directly rather than having to spawn a shell to invoke the programs. (ie: %post -p /sbin/ldconfig) | ||
When scriptlets are called, they will be supplied aith an argument. This argument, accessed via $1 (for shell scripts) is the number of packages of this name which will be left on the system when the action completes, except for %pretrans and %posttrans which are always run with $1 as 0.. So for the common case of install, upgrade, and uninstall we have: | |||
{| border="1" | {| border="1" | ||
| Line 39: | Line 39: | ||
...for %pre and %post scripts rather than checking that it equals 2. | ...for %pre and %post scripts rather than checking that it equals 2. | ||
All scriptlets MUST exit with the zero exit status. Because RPM in its default configuration does not execute shell scriptlets with the <code>-e</code> argument to the shell, excluding explicit <code>exit</code> calls (frowned upon with a non-zero argument!), the exit status of the last command in a scriptlet determines its exit status. Most commands in the snippets in this document have a "<code>|| :</code>" appended to them, which is a generic trick to force the zero exit status for those commands whether they worked or not. Usually the most important bit is to apply this to the last command executed in a scriptlet, or to add a separate command such as plain "<code>:</code>" or "<code>exit 0</code>" as the last one in a scriptlet. Note that depending on the case, other error checking/prevention measures may be more appropriate. | |||
Non-zero exit codes from scriptlets can break installs/upgrades/erases such that no further actions will be taken for that package in a transaction (see [[#Scriptlet Ordering]] below), which may for example prevent an old version of a package from being erased on upgrades, leaving behind duplicate rpmdb entries and possibly stale, unowned files on the filesystem. There are some cases where letting the transaction to proceed when some things in scriptlets failed may result in partially broken setup. It is however often limited to that package only whereas letting a transaction to proceed with some packages dropped out on the fly is more likely to result in broader system wide problems. | |||
= | == Ordering == | ||
The scriptlets in %pre and %post are respectively run before and after a package is installed. The scriptlets %preun and %postun are run before and after a package is uninstalled. The scriptlets %pretrans and %posttrans are run at start and end of a transaction. On upgrade, the scripts are run in the following order: | The scriptlets in %pre and %post are respectively run before and after a package is installed. The scriptlets %preun and %postun are run before and after a package is uninstalled. The scriptlets %pretrans and %posttrans are run at start and end of a transaction. On upgrade, the scripts are run in the following order: | ||
| Line 63: | Line 61: | ||
# %posttrans of new package | # %posttrans of new package | ||
= Writing | === The %pretrans Scriptlet === | ||
Note that the <code>%pretrans</code> scriptlet will, in the particular case of system installation, run before anything at all has been installed. This implies that it cannot have any dependencies at all. For this reason, <code>%pretrans</code> is best avoided, but if used it MUST (by necessity) be written in Lua. See http://rpm.org/user_doc/lua.html for more information. | |||
== Writing Scriptlets == | |||
Some tips for writing good scriptlets | Some tips for writing good scriptlets | ||
== Saving state between scriptlets == | === Saving state between scriptlets === | ||
Sometimes a scriptlet needs to save some state from an earlier running scriptlet in order to use it at a later running scriptlet. This is especially common when trying to optimize the scriptlets. Examples: | Sometimes a scriptlet needs to save some state from an earlier running scriptlet in order to use it at a later running scriptlet. This is especially common when trying to optimize the scriptlets. Examples: | ||
| Line 76: | Line 78: | ||
To address these issues scriptlets that run earlier need to write out information that is used in <code>%posttrans</code>. We recommend using a subdirectory of <code>%{_localstatedir}/lib/rpm-state/</code> for that. For instance, the eclipse plugin scripts touch a file in <code>%{_localstatedir}/lib/rpm-state/eclipse/</code> when they're installed. The <code>%posttrans</code> runs a script that checks if that file exists. If it does, it performs its action and then deletes the file. That way the script only performs its action once per transaction. | To address these issues scriptlets that run earlier need to write out information that is used in <code>%posttrans</code>. We recommend using a subdirectory of <code>%{_localstatedir}/lib/rpm-state/</code> for that. For instance, the eclipse plugin scripts touch a file in <code>%{_localstatedir}/lib/rpm-state/eclipse/</code> when they're installed. The <code>%posttrans</code> runs a script that checks if that file exists. If it does, it performs its action and then deletes the file. That way the script only performs its action once per transaction. | ||
=== Macros === | |||
If RPM file triggers are not appropriate, complex scriptlets which are shared between multiple packages MAY be placed in RPM macros. This has two benefits: | |||
* The standard package authors only have to remember the macros, not the complex stuff that it does | |||
* The macros' implementations may change without having to update the package | |||
When writing the macros, the FPC will still want to review the macros (and perhaps include the implementation of the macros in the guideline to show packagers what's happening behind the scenes). | |||
One principle that the FPC follows is that macros generally don't contain the start of scriptlet tags (for instance, <code>%pre</code>) because this makes it difficult to do additional work in the scriptlet. This also means that a single macro can not be defined to do things in both <code>%pre</code> and <code>%post</code>. Instead, write one macro that performs the actions in <code>%pre</code> and a separate macro that performs the actions in <code>%post</code>. This principle makes it so that all spec files can use your macros in the same manner even if they already have a <code>%pre</code> or <code>%post</code> defined. | |||
Of course, in the above situation it is better to use RPM file triggers if at all possible. | |||
== Snippets == | |||
=== Shared Libraries === | |||
On Fedora 28 and newer, no scriptlets are required when shared libraries are installed. However, the following scriptlets MAY be used, as they will simply evaluate to nothing on newer Fedora releases. | |||
On Fedora 27 and older, ldconfig MUST be called properly in order to regenerate the dynamic linker's cache. If the package or subpackage has no existing <code>%post</code> or <code>%postun</code> scriptlets, simply include the <code>%ldconfig_scriptlets</code> macro on its own line before the %files list. | |||
<pre> | |||
[...] | |||
%install | |||
# Install the program | |||
%ldconfig_scriptlets libs | |||
%files libs | |||
%license GPL | |||
[...] | |||
</pre> | |||
Using the <code>%ldconfig_scriptlets</code> macro will automatically generate a dependency on ldconfig where necessary. The macro will do nothing at all on F28 and later releases. | |||
If the package or subpackage already has existing <code>%post</code> or <code>%postun</code> scriptlet, then use of <code>%ldconfig_scriptlets</code> will cause an error. You can use <code>%ldconfig_post</code> or <code>%ldconfig_postun</code> individually to generate a scriptlet which doesn't already conflict. | |||
Within an existing <code>%post</code> or <code>%postun</code> scriptlet, use <code>%{?ldconfig}</code> on its own line to call ldconfig on those releases which need it. This will do nothing when not needed. When calling ldconfig in this way, you MUST also have the proper dependency on /sbin/ldconfig: <code>Requires(post): /sbin/ldconfig</code> and/or <code>Requires(postun): /sbin/ldconfig</code> as appropriate. (This will generate an unnecessary dependency on releases which do not strictly need it, but this does no harm.) | |||
= | === Linker Configuration Files === | ||
Packages which place linker configuration files in <code>/etc/ld.so.config.d</code> MUST call ldconfig in <code>%post</code> and <code>%postun</code> (on all Fedora releases) even if they install no actual libraries. They MUST NOT use the <code>%ldconfig</code>, <code>%ldconfig_post</code>, <code>%ldconfig_postun</code> or <code>%ldconfig_scriptlets</code> macros to do this, since these macros do not have any effect on Fedora 28 and newer. Instead simply call <code>/sbin/ldconfig</code> directly in both <code>%post</code> and <code>%postun</code> as well as adding the necessary dependencies when necessary: | |||
<pre> | <pre> | ||
%post -p /sbin/ldconfig | |||
%postun -p /sbin/ldconfig | |||
</pre> | |||
or, as part of existing <code>%post</code> or <code>%postun</code> scriptlets: | |||
<pre> | |||
Requires(post): /sbin/ldconfig | |||
Requires(postun): /sbin/ldconfig | |||
[...] | |||
%post | %post | ||
[...] | |||
/sbin/ldconfig | /sbin/ldconfig | ||
[...] | |||
%postun | %postun | ||
[...] | |||
/sbin/ldconfig | /sbin/ldconfig | ||
[...] | |||
</pre> | </pre> | ||
In addition, in Fedora 28 or newer the following applies: If the configuration file added to <code>/etc/ld.so.conf.d</code> specifies a directory into which other other packages may install files, and that directory is not located in the directory hierarchy beneath one of <code>/lib</code>, <code>/usr/lib</code, <code>/lib64</code> or <code>/usr/lib64</code>, then the package adding the configuration file MUST also include the following file triggers which cause ldconfig to be run automatically when necessary: | |||
<pre> | <pre> | ||
% | %transfiletriggerin -P 2000000 -- DIRECTORIES | ||
% | /sbin/ldconfig | ||
%transfiletriggerpostun -P 2000000 -- DIRECTORIES | |||
/sbin/ldconfig | |||
</pre> | </pre> | ||
Replace <code>DIRECTORIES</code> with the space-separated list of directories which the package adds to to the library search path via the configuration files in <code>/etc/ld.so.conf.d</code>. | |||
== Users and groups == | |||
=== Users and groups === | |||
These are discussed on a [[Packaging/UsersAndGroups| separate page]] | These are discussed on a [[Packaging/UsersAndGroups| separate page]] | ||
=== GConf === | |||
== | |||
GConf is a configuration scheme currently used by the GNOME desktop. Programs which use it setup default values in a [NAME] .schemas file which is installed under %{_sysconfdir}/gconf/schemas/[NAME] .schemas. These defaults are then registered with the gconf daemon which monitors the configuration values and alerts applications when values the applications are interested in change. The schema files also provide documentation about what each value in the configuration system means (which gets displayed when you browse the database in the gconf-editor program). | GConf is a configuration scheme currently used by the GNOME desktop. Programs which use it setup default values in a [NAME] .schemas file which is installed under %{_sysconfdir}/gconf/schemas/[NAME] .schemas. These defaults are then registered with the gconf daemon which monitors the configuration values and alerts applications when values the applications are interested in change. The schema files also provide documentation about what each value in the configuration system means (which gets displayed when you browse the database in the gconf-editor program). | ||
| Line 193: | Line 228: | ||
the list of schemas that this package currently provides and removes them for us. | the list of schemas that this package currently provides and removes them for us. | ||
=== Rebuilds for changes to macros === | ==== Rebuilds for changes to macros ==== | ||
When macros change, packages that make use of them have to be rebuilt to | When macros change, packages that make use of them have to be rebuilt to | ||
pick up the changes. This repoquery command can be used to find the schema | pick up the changes. This repoquery command can be used to find the schema | ||
| Line 201: | Line 236: | ||
</pre> | </pre> | ||
=== EPEL Notes === | ==== EPEL Notes ==== | ||
EPEL does not have macros.gconf2, so please follow the instructions found here: [[Packaging:EPEL#GConf]] | EPEL does not have macros.gconf2, so please follow the instructions found here: [[Packaging:EPEL#GConf]] | ||
== | === Texinfo === | ||
{{admon/note|F27 only|This scriptlet SHOULD NOT be used in Fedora 28 or later.}} | |||
The GNU project and many other programs use the texinfo file format for much of its documentation. These info files are usually located in /usr/share/info/. | The GNU project and many other programs use the texinfo file format for much of its documentation. These info files are usually located in /usr/share/info/. | ||
When installing or removing a package, install-info from the info package takes care of adding the newly installed files to the main info index and removing them again on deinstallation. | When installing or removing a package in Fedora 27, install-info from the info package takes care of adding the newly installed files to the main info index and removing them again on deinstallation. (In Fedora 28 and newer, this is done automatically and no scriptlets are required.) | ||
<pre> | <pre> | ||
| Line 298: | Line 260: | ||
These two scriptlets tell install-info to add entries for the info pages to the main index file on installation and remove them at erase time. The "|| :" in this case prevents failures that would typically affect systems that have been configured not to install any %doc files, or have read-only mounted, %_netsharedpath /usr/share. | These two scriptlets tell install-info to add entries for the info pages to the main index file on installation and remove them at erase time. The "|| :" in this case prevents failures that would typically affect systems that have been configured not to install any %doc files, or have read-only mounted, %_netsharedpath /usr/share. | ||
=== Systemd === | |||
== | Packages containing systemd unit files need to use scriptlets to ensure proper handling of those services. Services can either be enabled or disabled by default. To determine which case your specific service falls into, please refer to FESCo's policy here: [[Packaging:DefaultServices]]. On upgrade, a package may only restart a service if it is running; it may not start it if it is off. Also, the service may not enable itself if it is currently disabled. | ||
==== Scriptlets ==== | |||
== | The systemd package provides a set of helper macros to handle systemd scriptlet operations. These macros support systemd "presets", as documented in [[Features/PackagePresets]]. The <code>%systemd_requires</code> macro is a shortcut for listing the per-scriptlet dependencies on systemd. | ||
<pre> | <pre> | ||
%{?systemd_requires} | |||
BuildRequires: systemd | |||
[...] | |||
%post | %post | ||
%systemd_post apache-httpd.service | |||
% | %preun | ||
%systemd_preun apache-httpd.service | |||
%postun | %postun | ||
%systemd_postun_with_restart apache-httpd.service | |||
</pre> | </pre> | ||
Some services do not support being restarted (e.g. D-Bus and various storage daemons). If your service should not be restarted upon upgrade, then use the following <code>%postun</code> scriptlet instead of the one shown above: | |||
<pre> | <pre> | ||
%postun | %postun | ||
%systemd_postun apache-httpd.service | |||
% | |||
</pre> | </pre> | ||
If your package includes one or more systemd units that need to be enabled by default on package installation, they MUST be covered by the [[Packaging:DefaultServices | Fedora preset policy]]. | |||
If a package is suitable for installation without systemd (in a container image, for example) and does not require any of the systemd mechanisms such as tmpfiles.d, then the <code>%systemd_ordering</code> macro MAY be used instead of the <code>%systemd_requires</code> macro. | |||
=== | ===== User units ===== | ||
There are additional macros for user units (those installed under <code>%_userunitdir</code>) that should be used similarly to those for system units. These enable and disable user units according to presets, and are <code>%systemd_user_post</code> (to be used in <code>%post</code>) and <code>%systemd_user_preun</code> (to be used in <code>%preun</code>). | |||
<pre> | <pre> | ||
%{?systemd_requires} | |||
BuildRequires: systemd | BuildRequires: systemd | ||
[...] | [...] | ||
%post | %post | ||
% | %systemd_user_post %{name}.service | ||
%preun | %preun | ||
% | %systemd_user_preun %{name}.service | ||
</pre> | |||
===== Macro details ===== | |||
For details on what these macros evaluate to, refer to the following sources:<br> | |||
https://github.com/systemd/systemd/blob/master/src/core/macros.systemd.in,<br> | |||
https://github.com/systemd/systemd/blob/master/src/core/triggers.systemd.in and<br> | |||
http://www.freedesktop.org/software/systemd/man/daemon.html. | |||
[[Category:Packaging guidelines]] | |||
=== Shells === | |||
<code>/etc/shells</code> is a text file which controls whether an application can be used as a system login shell of users. It contains the set of valid shells which can be used in the system. If you are packaging a new shell, you need to add entries to this file that reference the added shells. See: <code>man 5 SHELLS</code> for more information. | |||
As this file can be edited by sysadmins, we need to first determine if relevant lines are already in the file. | |||
If they don't already exist then we just need to echo the shell's binary path to the file. Since the UsrMove Feature in Fedora 17 made <code>/bin</code> a symlink to <code>/usr/bin</code> we need to place both paths into the <code>/etc/shells</code> file. Here is an example of the scriptlet to package with shell named "foo": | |||
<pre> | <pre> | ||
%post | %post | ||
if [ $1 | if [ "$1" = 1 ]; then | ||
if [ ! -f %{_sysconfdir}/shells ] ; then | |||
echo "%{_bindir}/foo" > %{_sysconfdir}/shells | |||
echo "/bin/foo" >> %{_sysconfdir}/shells | |||
else | |||
grep -q "^%{_bindir}/foo$" %{_sysconfdir}/shells || echo "%{_bindir}/foo" >> %{_sysconfdir}/shells | |||
if [ | grep -q "^/bin/foo$" %{_sysconfdir}/shells || echo "/bin/foo" >> %{_sysconfdir}/shells | ||
/bin/ | |||
/bin/ | |||
fi | fi | ||
%postun | %postun | ||
if [ "$1" = 0 ] && [ -f %{_sysconfdir}/shells ] ; then | |||
if [ $1 - | sed -i '\!^%{_bindir}/foo$!d' %{_sysconfdir}/shells | ||
sed -i '\!^/bin/foo$!d' %{_sysconfdir}/shells | |||
fi | fi | ||
</pre> | </pre> | ||
[[Category:Packaging guidelines]] | [[Category:Packaging guidelines]] | ||
Revision as of 16:59, 15 June 2018
RPM spec files have several sections which allow packages to run code on installation and removal. These bits of code are called scriptlets and are mostly used to update the running system with information from the package. This page offers a quick overview of RPM scriptlets and a number of common recipes for scriptlets in packages. For a more complete treatment of scriptlets, please see the Maximum RPM book.
The version of RPM in Fedora also has functionality to automatically run scripts when files are placed in certain locations. (See [1].) This potentially obviates the need for most of the scriptlets on this page, but is not currently implemented in all cases where it could be.
Default Shell
In Fedora, all scriptlets can safely assume they are running under the bash shell unless a different language has been specified.
Syntax
The basic syntax is similar to the %build, %install, and other sections of the rpm spec file. The scripts support a special flag, -p which allows the scriptlet to invoke a single program directly rather than having to spawn a shell to invoke the programs. (ie: %post -p /sbin/ldconfig)
When scriptlets are called, they will be supplied aith an argument. This argument, accessed via $1 (for shell scripts) is the number of packages of this name which will be left on the system when the action completes, except for %pretrans and %posttrans which are always run with $1 as 0.. So for the common case of install, upgrade, and uninstall we have:
| install | upgrade | uninstall | |
| %pretrans | $1 == 0 | $1 == 0 | (N/A) |
| %pre | $1 == 1 | $1 == 2 | (N/A) |
| %post | $1 == 1 | $1 == 2 | (N/A) |
| %preun | (N/A) | $1 == 1 | $1 == 0 |
| %postun | (N/A) | $1 == 1 | $1 == 0 |
| %posttrans | $1 == 0 | $1 == 0 | (N/A) |
Note that these values will vary if there are multiple versions of the same package installed (This mostly occurs with parallel installable packages such as the kernel and multilib packages. However, it can also occur when errors prevent a package upgrade from completing.) So it is a good idea to use this construct:
%pre if [ $1 -gt 1 ] ; then fi
...for %pre and %post scripts rather than checking that it equals 2.
All scriptlets MUST exit with the zero exit status. Because RPM in its default configuration does not execute shell scriptlets with the -e argument to the shell, excluding explicit exit calls (frowned upon with a non-zero argument!), the exit status of the last command in a scriptlet determines its exit status. Most commands in the snippets in this document have a "|| :" appended to them, which is a generic trick to force the zero exit status for those commands whether they worked or not. Usually the most important bit is to apply this to the last command executed in a scriptlet, or to add a separate command such as plain ":" or "exit 0" as the last one in a scriptlet. Note that depending on the case, other error checking/prevention measures may be more appropriate.
Non-zero exit codes from scriptlets can break installs/upgrades/erases such that no further actions will be taken for that package in a transaction (see #Scriptlet Ordering below), which may for example prevent an old version of a package from being erased on upgrades, leaving behind duplicate rpmdb entries and possibly stale, unowned files on the filesystem. There are some cases where letting the transaction to proceed when some things in scriptlets failed may result in partially broken setup. It is however often limited to that package only whereas letting a transaction to proceed with some packages dropped out on the fly is more likely to result in broader system wide problems.
Ordering
The scriptlets in %pre and %post are respectively run before and after a package is installed. The scriptlets %preun and %postun are run before and after a package is uninstalled. The scriptlets %pretrans and %posttrans are run at start and end of a transaction. On upgrade, the scripts are run in the following order:
- %pretrans of new package
- %pre of new package
- (package install)
- %post of new package
- %triggerin of other packages (set off by installing new package)
- %triggerin of new package (if any are true)
- %triggerun of old package (if it's set off by uninstalling the old package)
- %triggerun of other packages (set off by uninstalling old package)
- %preun of old package
- (removal of old package)
- %postun of old package
- %triggerpostun of old package (if it's set off by uninstalling the old package)
- %triggerpostun of other packages (if they're setu off by uninstalling the old package)
- %posttrans of new package
The %pretrans Scriptlet
Note that the %pretrans scriptlet will, in the particular case of system installation, run before anything at all has been installed. This implies that it cannot have any dependencies at all. For this reason, %pretrans is best avoided, but if used it MUST (by necessity) be written in Lua. See http://rpm.org/user_doc/lua.html for more information.
Writing Scriptlets
Some tips for writing good scriptlets
Saving state between scriptlets
Sometimes a scriptlet needs to save some state from an earlier running scriptlet in order to use it at a later running scriptlet. This is especially common when trying to optimize the scriptlets. Examples:
- If a
%posttransneeds to de-register some piece of information when upgrading but the file that has that information is removed when the old package is removed the scriptlets need to save that file during%preor%postso that the script in%posttranscan access it. - If we only want the program in
%posttransto do its work once per-transaction, we may need to write out a flag file so that the%posttransknows whether to perform an action.
To address these issues scriptlets that run earlier need to write out information that is used in %posttrans. We recommend using a subdirectory of %{_localstatedir}/lib/rpm-state/ for that. For instance, the eclipse plugin scripts touch a file in %{_localstatedir}/lib/rpm-state/eclipse/ when they're installed. The %posttrans runs a script that checks if that file exists. If it does, it performs its action and then deletes the file. That way the script only performs its action once per transaction.
Macros
If RPM file triggers are not appropriate, complex scriptlets which are shared between multiple packages MAY be placed in RPM macros. This has two benefits:
- The standard package authors only have to remember the macros, not the complex stuff that it does
- The macros' implementations may change without having to update the package
When writing the macros, the FPC will still want to review the macros (and perhaps include the implementation of the macros in the guideline to show packagers what's happening behind the scenes).
One principle that the FPC follows is that macros generally don't contain the start of scriptlet tags (for instance, %pre) because this makes it difficult to do additional work in the scriptlet. This also means that a single macro can not be defined to do things in both %pre and %post. Instead, write one macro that performs the actions in %pre and a separate macro that performs the actions in %post. This principle makes it so that all spec files can use your macros in the same manner even if they already have a %pre or %post defined.
Of course, in the above situation it is better to use RPM file triggers if at all possible.
Snippets
On Fedora 28 and newer, no scriptlets are required when shared libraries are installed. However, the following scriptlets MAY be used, as they will simply evaluate to nothing on newer Fedora releases.
On Fedora 27 and older, ldconfig MUST be called properly in order to regenerate the dynamic linker's cache. If the package or subpackage has no existing %post or %postun scriptlets, simply include the %ldconfig_scriptlets macro on its own line before the %files list.
[...] %install # Install the program %ldconfig_scriptlets libs %files libs %license GPL [...]
Using the %ldconfig_scriptlets macro will automatically generate a dependency on ldconfig where necessary. The macro will do nothing at all on F28 and later releases.
If the package or subpackage already has existing %post or %postun scriptlet, then use of %ldconfig_scriptlets will cause an error. You can use %ldconfig_post or %ldconfig_postun individually to generate a scriptlet which doesn't already conflict.
Within an existing %post or %postun scriptlet, use %{?ldconfig} on its own line to call ldconfig on those releases which need it. This will do nothing when not needed. When calling ldconfig in this way, you MUST also have the proper dependency on /sbin/ldconfig: Requires(post): /sbin/ldconfig and/or Requires(postun): /sbin/ldconfig as appropriate. (This will generate an unnecessary dependency on releases which do not strictly need it, but this does no harm.)
Linker Configuration Files
Packages which place linker configuration files in /etc/ld.so.config.d MUST call ldconfig in %post and %postun (on all Fedora releases) even if they install no actual libraries. They MUST NOT use the %ldconfig, %ldconfig_post, %ldconfig_postun or %ldconfig_scriptlets macros to do this, since these macros do not have any effect on Fedora 28 and newer. Instead simply call /sbin/ldconfig directly in both %post and %postun as well as adding the necessary dependencies when necessary:
%post -p /sbin/ldconfig %postun -p /sbin/ldconfig
or, as part of existing %post or %postun scriptlets:
Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig [...] %post [...] /sbin/ldconfig [...] %postun [...] /sbin/ldconfig [...]
In addition, in Fedora 28 or newer the following applies: If the configuration file added to /etc/ld.so.conf.d specifies a directory into which other other packages may install files, and that directory is not located in the directory hierarchy beneath one of /lib, /usr/lib</code, /lib64 or /usr/lib64, then the package adding the configuration file MUST also include the following file triggers which cause ldconfig to be run automatically when necessary:
%transfiletriggerin -P 2000000 -- DIRECTORIES
/sbin/ldconfig
%transfiletriggerpostun -P 2000000 -- DIRECTORIES
/sbin/ldconfig
Replace DIRECTORIES with the space-separated list of directories which the package adds to to the library search path via the configuration files in /etc/ld.so.conf.d.
Users and groups
These are discussed on a separate page
GConf
GConf is a configuration scheme currently used by the GNOME desktop. Programs which use it setup default values in a [NAME] .schemas file which is installed under %{_sysconfdir}/gconf/schemas/[NAME] .schemas. These defaults are then registered with the gconf daemon which monitors the configuration values and alerts applications when values the applications are interested in change. The schema files also provide documentation about what each value in the configuration system means (which gets displayed when you browse the database in the gconf-editor program).
For packaging purposes, we have to disable schema installation during build, and also register the values in the [NAME] .schemas file with the gconf daemon on installation and unregister them on removal. Due to the ordering of the scriptlets, this is a four step process.
Disabling the GConf installation during the package creation can be done like so:
%install
export GCONF_DISABLE_MAKEFILE_SCHEMA_INSTALL=1
make install DESTDIR=$RPM_BUILD_ROOT
...
The GCONF_DISABLE_MAKEFILE_SCHEMA_INSTALL environment variable suppresses the installation of the schema during the building of the package. An alternative for some packages is to pass a configure flag:
%build
%configure --disable-schemas
...
Unfortunately, this configure switch only works if the upstream packager has adapted their Makefile.am to handle it. If the Makefile.am is not configured, this switch won't do anything and you'll need to use the environment variable instead.
Here's the second part:
BuildRequires: GConf2
Requires(pre): GConf2
Requires(post): GConf2
Requires(preun): GConf2
...
%pre
%gconf_schema_prepare schema1 schema2
%gconf_schema_obsolete schema3
In this section we uninstall old schemas during upgrade using one of two macros.
%gconf_schema_prepare is used for any current GConf schemas. It
takes care of uninstalling previous versions of schemas that this package
currently installs. It takes a space separated list of schema names without
path or suffix that the package installs. Note that behind the scenes, this
macro works with the %post scriptlet to only process GConf schemas
if changes have occurred.
%gconf_schema_obsolete is used for schemas that this package
previously provided but no longer does. It will deregister the old schema if
it is present on the system. Nothing will happen if the old schema is not
present. This macro takes a space separated list of schemas to uninstall. One
example of using this might be if the package changed names. If the old schema
was named foo.schemas and the new schema is named
foobar.schemas you'd use:
%gconf_schema_prepare foobar
%gconf_schema_obsolete foo
The next section does the processing of the newly installed schemas:
%post
%gconf_schema_upgrade schema1 schema2
%gconf_schema_upgrade takes a space separated list of schemas that
the package currently installs just like %gconf_schema_prepare.
Behind the scenes, it does the actual work of registering the new version of
the schema and deregistering the old version.
The last section is for unregistering schemas when a package is removed:
%preun
%gconf_schema_remove schema1 schema2
When a package is upgraded rpm invokes the %pre scriptlet to register
and deregister the schemas. When a package is uninstalled, the
%preun scriptlet is used. %gconf_schema_remove takes
the list of schemas that this package currently provides and removes them for us.
Rebuilds for changes to macros
When macros change, packages that make use of them have to be rebuilt to
pick up the changes. This repoquery command can be used to find the schema
including packages to rebuild:
repoquery --whatprovides "/etc/gconf/schemas/*" |sort |uniq |wc -l
EPEL Notes
EPEL does not have macros.gconf2, so please follow the instructions found here: Packaging:EPEL#GConf
Texinfo
F27 only
This scriptlet SHOULD NOT be used in Fedora 28 or later.
The GNU project and many other programs use the texinfo file format for much of its documentation. These info files are usually located in /usr/share/info/.
When installing or removing a package in Fedora 27, install-info from the info package takes care of adding the newly installed files to the main info index and removing them again on deinstallation. (In Fedora 28 and newer, this is done automatically and no scriptlets are required.)
Requires(post): info
Requires(preun): info
...
%post
/sbin/install-info %{_infodir}/%{name}.info %{_infodir}/dir || :
%preun
if [ $1 = 0 ] ; then
/sbin/install-info --delete %{_infodir}/%{name}.info %{_infodir}/dir || :
fi
These two scriptlets tell install-info to add entries for the info pages to the main index file on installation and remove them at erase time. The "|| :" in this case prevents failures that would typically affect systems that have been configured not to install any %doc files, or have read-only mounted, %_netsharedpath /usr/share.
Systemd
Packages containing systemd unit files need to use scriptlets to ensure proper handling of those services. Services can either be enabled or disabled by default. To determine which case your specific service falls into, please refer to FESCo's policy here: Packaging:DefaultServices. On upgrade, a package may only restart a service if it is running; it may not start it if it is off. Also, the service may not enable itself if it is currently disabled.
Scriptlets
The systemd package provides a set of helper macros to handle systemd scriptlet operations. These macros support systemd "presets", as documented in Features/PackagePresets. The %systemd_requires macro is a shortcut for listing the per-scriptlet dependencies on systemd.
%{?systemd_requires}
BuildRequires: systemd
[...]
%post
%systemd_post apache-httpd.service
%preun
%systemd_preun apache-httpd.service
%postun
%systemd_postun_with_restart apache-httpd.service
Some services do not support being restarted (e.g. D-Bus and various storage daemons). If your service should not be restarted upon upgrade, then use the following %postun scriptlet instead of the one shown above:
%postun
%systemd_postun apache-httpd.service
If your package includes one or more systemd units that need to be enabled by default on package installation, they MUST be covered by the Fedora preset policy.
If a package is suitable for installation without systemd (in a container image, for example) and does not require any of the systemd mechanisms such as tmpfiles.d, then the %systemd_ordering macro MAY be used instead of the %systemd_requires macro.
User units
There are additional macros for user units (those installed under %_userunitdir) that should be used similarly to those for system units. These enable and disable user units according to presets, and are %systemd_user_post (to be used in %post) and %systemd_user_preun (to be used in %preun).
%{?systemd_requires}
BuildRequires: systemd
[...]
%post
%systemd_user_post %{name}.service
%preun
%systemd_user_preun %{name}.service
Macro details
For details on what these macros evaluate to, refer to the following sources:
https://github.com/systemd/systemd/blob/master/src/core/macros.systemd.in,
https://github.com/systemd/systemd/blob/master/src/core/triggers.systemd.in and
http://www.freedesktop.org/software/systemd/man/daemon.html.
Shells
/etc/shells is a text file which controls whether an application can be used as a system login shell of users. It contains the set of valid shells which can be used in the system. If you are packaging a new shell, you need to add entries to this file that reference the added shells. See: man 5 SHELLS for more information.
As this file can be edited by sysadmins, we need to first determine if relevant lines are already in the file.
If they don't already exist then we just need to echo the shell's binary path to the file. Since the UsrMove Feature in Fedora 17 made /bin a symlink to /usr/bin we need to place both paths into the /etc/shells file. Here is an example of the scriptlet to package with shell named "foo":
%post
if [ "$1" = 1 ]; then
if [ ! -f %{_sysconfdir}/shells ] ; then
echo "%{_bindir}/foo" > %{_sysconfdir}/shells
echo "/bin/foo" >> %{_sysconfdir}/shells
else
grep -q "^%{_bindir}/foo$" %{_sysconfdir}/shells || echo "%{_bindir}/foo" >> %{_sysconfdir}/shells
grep -q "^/bin/foo$" %{_sysconfdir}/shells || echo "/bin/foo" >> %{_sysconfdir}/shells
fi
%postun
if [ "$1" = 0 ] && [ -f %{_sysconfdir}/shells ] ; then
sed -i '\!^%{_bindir}/foo$!d' %{_sysconfdir}/shells
sed -i '\!^/bin/foo$!d' %{_sysconfdir}/shells
fi