The following error when installing the CentOS 6.3 package.
The message varies slightly in newer 0.9.x packages.
Note that my test is on Scientific Linux 6.3 (a clone of RedHat
6.3 and CentOS
6.3).
I tested multiple machines with the same result. I'm afraid I don't have an actual CentOS
6.3 available to test.
The same error happens on upgrade, as well as install (below)
After install, things seem to be working ok, but presumably this is a bug.
---
$ sudo rpm -ivh xpra-0.9.8-1.el6_3.x86_64.rpm warning: xpra-0.9.8-1.el6_3.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID f18ad6bb: NOKEY Preparing... ########################################### [100%] 1:xpra ########################################### [100%] chcon: can't apply partial context to unlabeled file `/usr/lib/python2.6/site-packages/xpra/x264/codec.so' chcon: can't apply partial context to unlabeled file `/usr/lib/python2.6/site-packages/xpra/vpx/codec.so' /var/tmp/rpm-tmp.UmKUdN: line 4: fg: no job control /var/tmp/rpm-tmp.UmKUdN: line 5: fg: no job control warning: %post(xpra-0.9.8-1.el6_3.x86_64) scriptlet failed, exit status 1
---
$ rpm -qf /usr/lib/python2.6/site-packages/xpra/x264/codec.so xpra-0.9.8-1.el6_3.x86_64
---
$ sudo rpm -e xpra $ sudo rpm -ivh xpra-0.9.0-25.el6.x86_64.rpm warning: xpra-0.9.0-25.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID f18ad6bb: NOKEY Preparing... ########################################### [100%] 1:xpra ########################################### [100%] chcon: can't apply partial context to unlabeled file `/usr/lib/python2.6/site-packages/xpra/x264/codec.so' chcon: can't apply partial context to unlabeled file `/usr/lib/python2.6/site-packages/xpra/vpx/codec.so' warning: %post(xpra-0.9.0-25.el6.x86_64) scriptlet failed, exit status 1
---
$ sudo rpm -e xpra $ sudo rpm -ivh xpra-0.8.8-1.el6.x86_64.rpm warning: xpra-0.8.8-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID f18ad6bb: NOKEY Preparing... ########################################### [100%] 1:xpra ########################################### [100%]
---
$ cat /etc/redhat-release Scientific Linux release 6.3 (Carbon)
The chcon warnings are related to SELinux
:
chcon -t texrel_shlib_t %{python_sitelib}/xpra/x264/codec.so chcon -t texrel_shlib_t %{python_sitelib}/xpra/vpx/codec.so
Can you please try running these two commands to see what the exact problem is?
I've just tried it on CentOS
6.4 and didn't get any such errors during installation.
(you will need to replace python_sitelib
with your arch specific location)
The other two come from these two lines in the spec file:
update-desktop-database &> /dev/null || : touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
No idea why that causes problems, those were suggested as being required for proper packaging (see Packaging Scriptlet Snippets)...
But since I was getting those same errors on CentOS
6.4, I have now removed this crap from the non-Fedora packaging as of r4039.
(this will be part of 0.10.0 - I may backport if there is another 0.9.x release)
Thanks. Not having much luck, I know little about SELinux. But I did try and use the 'full' context name and that did not help. I cannot find a way to, maybe, 'label' the file(?)
Here are all my attempts below.
$ sudo chcon -v -t texrel_shlib_t /usr/lib/python2.6/site-packages/xpra/x264/codec.so changing security context of `/usr/lib/python2.6/site-packages/xpra/x264/codec.so' chcon: can't apply partial context to unlabeled file `/usr/lib/python2.6/site-packages/xpra/x264/codec.so'
$ ls -l /usr/lib/python2.6/site-packages/xpra/x264/codec.so -rwxr-xr-x 1 root root 12469260 Jul 29 12:07 /usr/lib/python2.6/site-packages/xpra/x264/codec.so
$ ls -Z /usr/lib/python2.6/site-packages/xpra/x264/codec.so -rwxr-xr-x root root ? /usr/lib/python2.6/site-packages/xpra/x264/codec.so
$ file /usr/lib/python2.6/site-packages/xpra/x264/codec.so /usr/lib/python2.6/site-packages/xpra/x264/codec.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, not stripped
$ sudo chcon -v -t system_u:object_r:texrel_shlib_t /usr/lib/python2.6/site-packages/xpra/x264/codec.so changing security context of `/usr/lib/python2.6/site-packages/xpra/x264/codec.so' chcon: can't apply partial context to unlabeled file `/usr/lib/python2.6/site-packages/xpra/x264/codec.so'
Are you even running with SELinux
enabled and with a labelled filesystem?
From what I am reading, you are probably not and that is why the label cannot be set.
You're right, SELinux has not been enabled. Sorry, that would have been a key piece of information.
Tho I've not seen this error from any other RPM, or other .so files. Presumable if xpra is special it needs to handle this in some way. (eg. set the attribute on the RPM file rather than script the action afterwards? Just a guess, I am not familiar with SELinux.
This has already been reported on the mailing list, with a bit more info (no replies)
http://lists.devloop.org.uk/pipermail/shifter-users/2013-April/000482.html
Actually I found the same answer in that thread:
Can you update the script to take into account the case where SELinux is diasabled and files don't have any security context assigned to them?
I'm not sure how, or if it is even worth doing.
Thank you, I'm relieved. If this is the only task that the script handles, then it wouldn't be worth the effort to go check for SELinux.
I guess we could add 2>/dev/null
to ignore errors, but I'm not keen on it at all: those that have SELinux enabled should see the errors, if any, and those that have disabled SELinux... should remember they have.
I'm not keen on 2>/dev/null either, that's a hack, agreed.
I guess I'm just confused for never seeing this error before on any other package.
So I suppose it should just do what the other packages do. If they error in the same way then it's fine. I'm afraid I'm out of time to look for this myself.
I assume xpra is explicitly doing something specialist with SELinux.
I assume xpra is explicitly doing something specialist with SELinux.
We are: the x264 and vpx libraries in versions of CentOS
(and clones) older than 6.4 are either not available or just too old to work, so we ship a statically linked codec - which requires special labelling to work with SELinux
.
Easiest fix is to upgrade to 6.4 - another reason why we are unlikely to change anything.
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/399