Is it safe to verify the RPM that has just been installed from a %posttrans?

Question

I know this is non-standard, but it's intended to overcome a short term problem with a proprietary distribution. Because there are dependencies that are unique to our deployment systems, we have to compile some libraries from the %post. Because failing here could result in corruption to the RPM database, we fail silently or to put it more accurately, we fail successfully :-/

Using a %verifyscript, we are able to verify if compilation is incomplete and then exit appropriately. The idea is that we can do something like this:

rpm -Uvvvh proprietary-dist-1.0-2.i686.rpm
rpm --verify proprietary-dist || rpm -Uvvvh proprietary-dist-1.0-1.1686.rpm

Or like this:

rpm -Uvvvh proprietary-dist-1.0-2.i686.rpm
rpm --verify proprietary-dist || rpm --rollback proprietary-dist

However, making use of the %posttrans, I figured we could simplify this down to:

rpm -Uvvvh proprietary-dist-1.0-2.i686.rpm || rpm --rollback proprietary-dist

It seems to be unclear from the documentation as to whether exiting non-zero from a %posttrans is safe and won't cause RPMDB corruption - well, at least the documentation that says you shouldn't exit non-zero pre-dates when %pretrans and %posttrans were introduced.

I am assuming that %posttrans is run after the RPMDB has been updated and committed, so in effect, the RPM is considered installed. But is that a bad assumption?

Answer 1

Yes you are correct that %posttrans is run after the rpmdb is updated (there is no commit in the rpm you are likely using). Meanwhile the rpmdb is still open, and fsync(2) is usually disabled (for performance).

Non-zero from %posttrans is at best ignored, otherwise will leave an "unsuccessful" partial install that will need to be "fixed" manually.

YMMV. If rpm breaks using %posttrans, you get to keep all the pieces.