Add support for `rpm --verify`

[cjeanner]

Hello,

This is a clone of a bugzilla and subsequent (public) jira.

It may happen the package doesn't properly install due to some post-install script failures. rpm doesn't report it and exits with a "success", while it's actually a failure. In order to detect that, we have to manually check for a set of boolean and other things in a subsequent step.

We faced the same issue in openstack-selinux, and I added there proper support for rpm --verify that will loop on the installed modules/policies and ensure things are in place[1] (note there are some follow-ups - mostly non-root and permissive support).

We of course may be able to loop on the selected booleans and other content, but IMHO this should be an internal of the package, since the maintainers know best what to check for.

Note that the "--verify" is to be called after the package is installed, meaning it will not be affected by the fact most of the install is done in a "post-install" script.

Thank you for your support!

Cheers,

C.

[1] https://github.com/redhat-openstack/openstack-selinux/pull/93

[rhatdan]

Interested in opening a PR for this?

[cjeanner]

Once I'm out of my current hell of CI, maybe. I can try to find a moment for that - shouldn't be too hard hopefully (though I don't really know the code in here - if you have any pointers so that I can move faster... :) )

[lsm5]

@cjeanner ping, are you still keen on adding this here?