Subject: | |
From: | |
Reply To: | |
Date: | Wed, 5 Aug 2015 13:49:19 +0000 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hello,
I can answer part of your questions. The rpm packages were added to the security push to resolve an order of operations issue addressed by the OrderWithRequires tag.
I'm afraid I don't have a working maven installation, what error messages are being provided?
--
Pat Riehecky
Scientific Linux developer
Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org
________________________________________
From: Mailing list for Scientific Linux developers worldwide [[log in to unmask]] on behalf of Paul Millar [[log in to unmask]]
Sent: Wednesday, August 05, 2015 6:12 AM
To: scientific-linux-devel
Subject: [SCIENTIFIC-LINUX-DEVEL] Broken security upgrade
Hi,
I don't know if this is the correct place to report this, but a recent
security upgrade broke Scientific Linux 6.6 for building RPM packages.
The update was to 4.8.0-47:
[root@vm-dcache-wn-sl6 ~]# grep Aug\ 04\ 04.*rpm /var/log/yum.log
Aug 04 04:34:44 Installed: redhat-rpm-config-9.0.3-44.sl6.noarch
Aug 04 04:34:46 Updated: rpm-4.8.0-47.el6.x86_64
Aug 04 04:34:46 Updated: rpm-libs-4.8.0-47.el6.x86_64
Aug 04 04:34:47 Updated: rpm-build-4.8.0-47.el6.x86_64
Aug 04 04:34:47 Updated: rpm-python-4.8.0-47.el6.x86_64
[root@vm-dcache-wn-sl6 ~]#
This happened automatically, via yum-autoupdate.
After this upgrade, the rpmbuild command started to fail. The command
that failed was:
rpmbuild -bb --define _topdir <> --buildroot <>
<>/SPECS/dcache-srmclient.spec
where I've used a "<>" to represent the absolute paths in the command.
The problem may be reproduced by cloning dCache from github and running
the command:
mvn -am -pl modules/srm-client clean package -DskipTests -Prpm
Down-grading to v4.8.0-37 (and uninstalling the 'redhat-rpm-config'
package) is sufficient to fix the problem.
To confirm the cause, I re-ran yum manually, which upgraded the RPM
packages to v4.8.0-47. This reintroduced the problem; so I am pretty
convinced the problem is with this security upgrade.
What I find odd is that there is no mention of a security issue with
RPM, so it isn't clear why the RPM packages have been updated.
Cheers,
Paul.
|
|
|