[DSE-Dev] Bug#1088171: "Regex version mismatch" errors after pcre2 upgrade

[Matthew Vernon]

Hi,

On 16/12/2024 15:29, Antonio Russo wrote:
> On 12/16/24 08:19, Matthew Vernon wrote:
>> PCRE2 does not, no. But if you want to do something any time the package
>> is upgraded, you might declare yourself an interest-noawait trigger upon
>> /usr/include/pcre2.h (which is necessarily updated whenever the version
>> changes, which looks to be what selinux cares about).
> 
> That file is not present on my computer, only

Oh, sorry, yes, that's in the -dev pacakge

> /usr/lib/x86_64-linux-gnu/libpcre2-{8,16}.so.0 (and their symlink targets)
> 
> Perhaps activating on that name would work (I am assuming that, because
> the symlink is listed in `dpkg -L`, this will work).  Additionally, the
> page you mentioned indicates that use of this mechanism requires
> coordination:

You'd need the relevant arch substituted appropriately, but that could 
presumably be done at package build time.

>    File triggers should not generally be used without mutual consent.
> 
> So, it sounds like some selinux package should activate on both of
> 
>    /usr/lib/x86_64-linux-gnu/libpcre2-{8,16}.so.0
> 
> and perform the rebuild?  I don't know which selinux package should be
> responsible for that (I'm relatively new to using selinux).

I think it should be the libpcre2-8 file and presumably selinux-utils 
(since that Depends: upon libpcre2-8-0); one could be slightly gross but 
simpler and depend upon the changelog.Debian.gz for that package (I 
don't know how much hassle putting the right arch string into the 
triggers file at build time would be).

In any case, as pcre2 maintainer, I'm happy to consent in principle to a 
suitable selinux package triggering on a suitable pcre2 file to resolve 
this issue :)

Regards,

Matthew