Hi, Pat solution is indeed working. I have never seen something like it before. I made a report with typescript. https://bugzilla.redhat.com/show_bug.cgi?id=1636367 This is what at least I can do. Bests, Alex On 10/03/2018 11:42 PM, Pat Riehecky wrote: > On 10/03/2018 04:07 PM, Mark Stodola wrote: >> On 10/03/2018 03:34 PM, aleksander.baranowski wrote: >>> Hi, >>> >>> I recently tried to rebuild: >>> https://urldefense.proofpoint.com/v2/url?u=http-3A__ftp.scientificlinux.org_linux_scientific_7.5_SRPMS_vendor_scap-2Dsecurity-2Dguide-2D0.1.36-2D10.sl7-5F5.src.rpm&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=VEuwtpc-C8K822YaGWxqMbbqJQ2S4ol_0zyOs5dGj34&s=c4eo166aLjYeIW8G_REvPJtsA3ZZLpfkMSXXTZ-fkCY&e= >>> >>> >>> or CentOS: >>> https://urldefense.proofpoint.com/v2/url?u=http-3A__vault.centos.org_7.5.1804_updates_Source_SPackages_scap-2Dsecurity-2Dguide-2D0.1.36-2D10.el7.centos.src.rpm&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=VEuwtpc-C8K822YaGWxqMbbqJQ2S4ol_0zyOs5dGj34&s=CB2VMlH34YrlkISCXH_ozAxRuu77b1I9JKRsVgmHUjY&e= >>> >>> or >>> https://urldefense.proofpoint.com/v2/url?u=http-3A__vault.centos.org_7.5.1804_updates_Source_SPackages_scap-2Dsecurity-2Dguide-2D0.1.36-2D9.el7.centos.src.rpm&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=VEuwtpc-C8K822YaGWxqMbbqJQ2S4ol_0zyOs5dGj34&s=wBthjF79L7TV8JmFEdL7hpTmRG3DWlEMntXaBMaaaaU&e= >>> >>> >>> and failed miserably :(. >>> >>> Steps to reproduce: >>> >>> ```bash >>> sudo yum install @development wget libxslt openscap-scanner python-lxml >>> cmake -y >>> wget >>> https://urldefense.proofpoint.com/v2/url?u=http-3A__ftp.scientificlinux.org_linux_scientific_7.5_SRPMS_vendor_scap-2Dsecurity-2Dguide-2D0.1.36-2D10.sl7-5F5.src.rpm&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=VEuwtpc-C8K822YaGWxqMbbqJQ2S4ol_0zyOs5dGj34&s=c4eo166aLjYeIW8G_REvPJtsA3ZZLpfkMSXXTZ-fkCY&e= >>> >>> rpmbuild --rebuild scap-security-guide-0.1.36-10.sl7_5.src.rpm >>> ``` >>> >>> Or with mock >>> ``` >>> mock scap-security-guide-0.1.36-10.sl7_5.src.rpm >>> ``` >>> >>> The patch that breaks build is >>> scap-security-guide-0.1.39-fix-failing-rules-for-PCI-DSS-DISA-UGSCB.patch. >>> >>> It has number 12 in the spec file. >>> >>> Is there anything that I'm missing? Unfortunately, I'm unable to find >>> scap-security-guide on CentOS CBS, so I'm clueless. >>> >>> Bests, >>> Alex >>> >> >> I just tried with mock (no rpmbuild prior) and it also failed on the >> same patch. It is unable to find >> shared/bash_remediation_functions/include_mount_options_functions.sh. >> This file is indeed missing from the .tar.bz2 included in the srpm >> that it is supposedly try to apply the patch to. >> >> -Mark > > I'm able to rebuild the SL package in mock under SL 7 and CentOS 7. > > On the CentOS image I had to cleanup the BUILD area, run 'rpm -ivh > scap-security-guide-0.1.36-10.sl7_5.src.rpm' twice, and 'rpmbuild -ba > scap-security-guide.spec' three times before it would work..... that is > super weird..... > > After I ran 'rpmbuild -bp' I've got: > > # cat > /builddir/build/BUILD/scap-security-guide-0.1.36/shared/bash_remediation_functions/include_mount_options_functions.sh > > function include_mount_options_functions { > : > } > > # $1: mount point > # $2: new mount point option > function ensure_mount_option_in_fstab { > local _mount_point="$1" _new_opt="$2" _mount_point_match_regexp="" > _previous_mount_opts="" > _mount_point_match_regexp="$(get_mount_point_regexp "$_mount_point")" > > if [ $(grep "$_mount_point_match_regexp" /etc/fstab | grep -c > "$_new_opt" ) -eq 0 ]; then > _previous_mount_opts=$(grep "$_mount_point_match_regexp" > /etc/fstab | awk '{print $4}') > sed -i > "s|\(${_mount_point_match_regexp}.*${_previous_mount_opts}\)|\1,${_new_opt}|" > /etc/fstab > fi > } > > # $1: mount point > function get_mount_point_regexp { > printf "[[:space:]]%s[[:space:]]" "$1" > } > > # $1: mount point > function assert_mount_point_in_fstab { > local _mount_point_match_regexp > _mount_point_match_regexp="$(get_mount_point_regexp "$1")" > grep "$_mount_point_match_regexp" -q /etc/fstab \ > || { echo "The mount point '$1' is not even in /etc/fstab, so we > can't set up mount options" >&2; return 1; } > } > > # $1: mount point > function remove_defaults_from_fstab_if_overriden { > local _mount_point_match_regexp > _mount_point_match_regexp="$(get_mount_point_regexp "$1")" > if [ $(grep "$_mount_point_match_regexp" /etc/fstab | grep -q > "defaults,") -gt 0 ] > then > sed -i "s|\(${_mount_point_match_regexp}.*\)defaults,|\1|" > /etc/fstab > fi > } > > # $1: mount point > function ensure_partition_is_mounted { > local _mount_point="$1" > mkdir -p "$_mount_point" || return 1 > if mountpoint -q "$_mount_point"; then > mount -o remount --target "$_mount_point" > else > mount --target "$_mount_point" > fi > } > >