 
| Subject: | |
| From: | |
| Reply To: | Kraus, Dave (GE Healthcare) |
| Date: | Tue, 7 Aug 2018 22:59:59 +0000 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Whilst trying to patch scap-security-guide for our own purposes, I've found that the 0.1.36-7.sl7 version builds correctly, but -9.sl7_5 fails during %prep while applying patch 12.
This happens with an rpmbuild --rebuild of the .src package, as well as splitting it open and doing an rpmbuild -ba or -bp.
At this point I'm baffled. Even more baffling is that I believe I've seen it pass on occasion with a -bp and then subsequently fail with a -ba. Doesn't seem to matter whether I remove the BUILD and BUILDROOT directories it uses or not. It would not be out of the question that I've imagined that, tho.
Building on an SL 7.5 development workstation load, I believe. Or if not, at least yum-builddep reports that I have all build dependencies fulfilled.
Further curiosity, I found the -9.sl7_5.src.rpm under the ftp.scientificlinux.org/...7.5/SRPMS/vendor/ tree rather than under the expected 7.5/SRPMS/SL tree, where I found the -7.sl7 version.
It's been a long week...
Looking for clues about what I'm doing wrong here (other than trying to rebuild it for myself, but I know why that's wrong).
Here's where the rpmbuild --rebuild stops for me:
...
Patch #12 (scap-security-guide-0.1.39-fix-failing-rules-for-PCI-DSS-DISA-UGSCB.patch):
+ /usr/bin/cat /home/kraus/rpmbuild/SOURCES/scap-security-guide-0.1.39-fix-failing-rules-for-PCI-DSS-DISA-UGSCB.patch
+ /usr/bin/patch -p1 -b --suffix .fix_failing_rules --fuzz=0
patching file shared/fixes/bash/audit_rules_kernel_module_loading_delete.sh
patching file shared/fixes/bash/audit_rules_kernel_module_loading_init.sh
...
patching file shared/templates/template_common.py
can't find file to patch at input line 4685
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|
|From 7ab3a8686f491543377be879552f4209a092b979 Mon Sep 17 00:00:00 2001
|From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <[log in to unmask]>
|Date: Wed, 11 Apr 2018 10:27:29 +0200
|Subject: [PATCH 08/17] Improved remediations, added tests for /var/tmp noexec.
|
|---
| .../include_mount_options_functions.sh | 11 +++++++
| shared/templates/template_BASH_mount_option | 4 +--
| shared/templates/template_BASH_mount_option_var | 4 +--
| .../rule_mount_option_var_tmp_bind/partition.sh | 8 -----
| .../rule_mount_option_var_tmp_bind/runtime.pass.sh | 5 ----
| .../separate.fail.sh | 6 ----
| .../rule_mount_option_var_tmp_noexec/partition.sh | 34 ++++++++++++++++++++++
| .../runtime.pass.sh | 10 +++++++
| .../separate.fail.sh | 10 +++++++
| 9 files changed, 69 insertions(+), 23 deletions(-)
| delete mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_bind/partition.sh
| delete mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_bind/runtime.pass.sh
| delete mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_bind/separate.fail.sh
| create mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_noexec/partition.sh
| create mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_noexec/runtime.pass.sh
| create mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_noexec/separate.fail.sh
|
|diff --git a/shared/bash_remediation_functions/include_mount_options_functions.sh b/shared/bash_remediation_functions/include_mount_options_functions.sh
|index 521f34c4b0..133b06e44c 100644
|--- a/shared/bash_remediation_functions/include_mount_options_functions.sh
|+++ b/shared/bash_remediation_functions/include_mount_options_functions.sh
--------------------------
File to patch:
|
|
|
