On 10/03/2018 04:07 PM, Mark Stodola wrote: > On 10/03/2018 03:34 PM, aleksander.baranowski wrote: >> Hi, >> >> I recently tried to rebuild: >> https://urldefense.proofpoint.com/v2/url?u=http-3A__ftp.scientificlinux.org_linux_scientific_7.5_SRPMS_vendor_scap-2Dsecurity-2Dguide-2D0.1.36-2D10.sl7-5F5.src.rpm&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=VEuwtpc-C8K822YaGWxqMbbqJQ2S4ol_0zyOs5dGj34&s=c4eo166aLjYeIW8G_REvPJtsA3ZZLpfkMSXXTZ-fkCY&e= >> >> >> or CentOS: >> https://urldefense.proofpoint.com/v2/url?u=http-3A__vault.centos.org_7.5.1804_updates_Source_SPackages_scap-2Dsecurity-2Dguide-2D0.1.36-2D10.el7.centos.src.rpm&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=VEuwtpc-C8K822YaGWxqMbbqJQ2S4ol_0zyOs5dGj34&s=CB2VMlH34YrlkISCXH_ozAxRuu77b1I9JKRsVgmHUjY&e= >> >> or >> https://urldefense.proofpoint.com/v2/url?u=http-3A__vault.centos.org_7.5.1804_updates_Source_SPackages_scap-2Dsecurity-2Dguide-2D0.1.36-2D9.el7.centos.src.rpm&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=VEuwtpc-C8K822YaGWxqMbbqJQ2S4ol_0zyOs5dGj34&s=wBthjF79L7TV8JmFEdL7hpTmRG3DWlEMntXaBMaaaaU&e= >> >> >> and failed miserably :(. >> >> Steps to reproduce: >> >> ```bash >> sudo yum install @development wget libxslt openscap-scanner python-lxml >> cmake -y >> wget >> https://urldefense.proofpoint.com/v2/url?u=http-3A__ftp.scientificlinux.org_linux_scientific_7.5_SRPMS_vendor_scap-2Dsecurity-2Dguide-2D0.1.36-2D10.sl7-5F5.src.rpm&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=VEuwtpc-C8K822YaGWxqMbbqJQ2S4ol_0zyOs5dGj34&s=c4eo166aLjYeIW8G_REvPJtsA3ZZLpfkMSXXTZ-fkCY&e= >> >> rpmbuild --rebuild scap-security-guide-0.1.36-10.sl7_5.src.rpm >> ``` >> >> Or with mock >> ``` >> mock scap-security-guide-0.1.36-10.sl7_5.src.rpm >> ``` >> >> The patch that breaks build is >> scap-security-guide-0.1.39-fix-failing-rules-for-PCI-DSS-DISA-UGSCB.patch. >> >> It has number 12 in the spec file. >> >> Is there anything that I'm missing? Unfortunately, I'm unable to find >> scap-security-guide on CentOS CBS, so I'm clueless. >> >> Bests, >> Alex >> > > I just tried with mock (no rpmbuild prior) and it also failed on the > same patch. It is unable to find > shared/bash_remediation_functions/include_mount_options_functions.sh. > This file is indeed missing from the .tar.bz2 included in the srpm > that it is supposedly try to apply the patch to. > > -Mark I'm able to rebuild the SL package in mock under SL 7 and CentOS 7. On the CentOS image I had to cleanup the BUILD area, run 'rpm -ivh scap-security-guide-0.1.36-10.sl7_5.src.rpm' twice, and 'rpmbuild -ba scap-security-guide.spec' three times before it would work..... that is super weird..... After I ran 'rpmbuild -bp' I've got: # cat /builddir/build/BUILD/scap-security-guide-0.1.36/shared/bash_remediation_functions/include_mount_options_functions.sh function include_mount_options_functions { : } # $1: mount point # $2: new mount point option function ensure_mount_option_in_fstab { local _mount_point="$1" _new_opt="$2" _mount_point_match_regexp="" _previous_mount_opts="" _mount_point_match_regexp="$(get_mount_point_regexp "$_mount_point")" if [ $(grep "$_mount_point_match_regexp" /etc/fstab | grep -c "$_new_opt" ) -eq 0 ]; then _previous_mount_opts=$(grep "$_mount_point_match_regexp" /etc/fstab | awk '{print $4}') sed -i "s|\(${_mount_point_match_regexp}.*${_previous_mount_opts}\)|\1,${_new_opt}|" /etc/fstab fi } # $1: mount point function get_mount_point_regexp { printf "[[:space:]]%s[[:space:]]" "$1" } # $1: mount point function assert_mount_point_in_fstab { local _mount_point_match_regexp _mount_point_match_regexp="$(get_mount_point_regexp "$1")" grep "$_mount_point_match_regexp" -q /etc/fstab \ || { echo "The mount point '$1' is not even in /etc/fstab, so we can't set up mount options" >&2; return 1; } } # $1: mount point function remove_defaults_from_fstab_if_overriden { local _mount_point_match_regexp _mount_point_match_regexp="$(get_mount_point_regexp "$1")" if [ $(grep "$_mount_point_match_regexp" /etc/fstab | grep -q "defaults,") -gt 0 ] then sed -i "s|\(${_mount_point_match_regexp}.*\)defaults,|\1|" /etc/fstab fi } # $1: mount point function ensure_partition_is_mounted { local _mount_point="$1" mkdir -p "$_mount_point" || return 1 if mountpoint -q "$_mount_point"; then mount -o remount --target "$_mount_point" else mount --target "$_mount_point" fi } -- Pat Riehecky Fermi National Accelerator Laboratory www.fnal.gov www.scientificlinux.org