LISTSERV - SCIENTIFIC-LINUX-DEVEL Archives

SCIENTIFIC-LINUX-DEVEL Archives

August 2018

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-DEVEL Home
	SCIENTIFIC-LINUX-DEVEL August 2018

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: scap-security-guide-0.1.36-9.sl7_5
From:	Pat Riehecky <[log in to unmask]>
Reply To:	Pat Riehecky <[log in to unmask]>
Date:	Wed, 8 Aug 2018 09:32:53 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (78 lines)

Alas, some of our customized packages occasionally end up in vendor....

An rpmbuild --rebuild of http://ftp. 
scientificlinux.org/linux/scientific/7x/SRPMS/vendor/scap-security-guide-0.1.36-9.sl7_5.src.rpm

builds up just fine on my workstation (7.5) and in a few quick mockroots 
I kicked up (7.5, 7.4, 7.3)..... that is a bit strange.

Pat

On 08/07/2018 05:59 PM, Kraus, Dave (GE Healthcare) wrote:
> Whilst trying to patch scap-security-guide for our own purposes, I've found that the 0.1.36-7.sl7 version builds correctly, but -9.sl7_5 fails during %prep while applying patch 12.
>
> This happens with an rpmbuild --rebuild of the .src package, as well as splitting it open and doing an rpmbuild -ba or -bp.
>
> At this point I'm baffled. Even more baffling is that I believe I've seen it pass on occasion with a -bp and then subsequently fail with a -ba. Doesn't seem to matter whether I remove the BUILD and BUILDROOT directories it uses or not. It would not be out of the question that I've imagined that, tho.
>
> Building on an SL 7.5 development workstation load, I believe. Or if not, at least yum-builddep reports that I have all build dependencies fulfilled.
>
> Further curiosity, I found the -9.sl7_5.src.rpm under the ftp.scientificlinux.org/...7.5/SRPMS/vendor/ tree rather than under the expected 7.5/SRPMS/SL tree, where I found the -7.sl7 version.
>
> It's been a long week...
>
> Looking for clues about what I'm doing wrong here (other than trying to rebuild it for myself, but I know why that's wrong).
>
> Here's where the rpmbuild --rebuild stops for me:
>
> ...
> Patch #12 (scap-security-guide-0.1.39-fix-failing-rules-for-PCI-DSS-DISA-UGSCB.patch):
> + /usr/bin/cat /home/kraus/rpmbuild/SOURCES/scap-security-guide-0.1.39-fix-failing-rules-for-PCI-DSS-DISA-UGSCB.patch
> + /usr/bin/patch -p1 -b --suffix .fix_failing_rules --fuzz=0
> patching file shared/fixes/bash/audit_rules_kernel_module_loading_delete.sh
> patching file shared/fixes/bash/audit_rules_kernel_module_loading_init.sh
> ...
> patching file shared/templates/template_common.py
> can't find file to patch at input line 4685
> Perhaps you used the wrong -p or --strip option?
> The text leading up to this was:
> --------------------------
> |
> |From 7ab3a8686f491543377be879552f4209a092b979 Mon Sep 17 00:00:00 2001
> |From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <[log in to unmask]>
> |Date: Wed, 11 Apr 2018 10:27:29 +0200
> |Subject: [PATCH 08/17] Improved remediations, added tests for /var/tmp noexec.
> |
> |---
> | .../include_mount_options_functions.sh             | 11 +++++++
> | shared/templates/template_BASH_mount_option        |  4 +--
> | shared/templates/template_BASH_mount_option_var    |  4 +--
> | .../rule_mount_option_var_tmp_bind/partition.sh    |  8 -----
> | .../rule_mount_option_var_tmp_bind/runtime.pass.sh |  5 ----
> | .../separate.fail.sh                               |  6 ----
> | .../rule_mount_option_var_tmp_noexec/partition.sh  | 34 ++++++++++++++++++++++
> | .../runtime.pass.sh                                | 10 +++++++
> | .../separate.fail.sh                               | 10 +++++++
> | 9 files changed, 69 insertions(+), 23 deletions(-)
> | delete mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_bind/partition.sh
> | delete mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_bind/runtime.pass.sh
> | delete mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_bind/separate.fail.sh
> | create mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_noexec/partition.sh
> | create mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_noexec/runtime.pass.sh
> | create mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_noexec/separate.fail.sh
> |
> |diff --git a/shared/bash_remediation_functions/include_mount_options_functions.sh b/shared/bash_remediation_functions/include_mount_options_functions.sh
> |index 521f34c4b0..133b06e44c 100644
> |--- a/shared/bash_remediation_functions/include_mount_options_functions.sh
> |+++ b/shared/bash_remediation_functions/include_mount_options_functions.sh
> --------------------------
> File to patch:
>

-- 
Pat Riehecky

Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV