SCIENTIFIC-LINUX-DEVEL Archives

October 2018

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: scap-security-guide rebuild problem
From:
"aleksander.baranowski" <[log in to unmask]>
Reply To:
aleksander.baranowski
Date:
Fri, 5 Oct 2018 11:19:54 +0200
Content-Type:
multipart/signed
Parts/Attachments:
text/plain (5 kB) , signature.asc (5 kB) 
Hi,

Pat solution is indeed working. I have never seen something like it before.

I made a report with typescript.
https://bugzilla.redhat.com/show_bug.cgi?id=1636367

This is what at least I can do.
Bests,
Alex

On 10/03/2018 11:42 PM, Pat Riehecky wrote:
> On 10/03/2018 04:07 PM, Mark Stodola wrote:
>> On 10/03/2018 03:34 PM, aleksander.baranowski wrote:
>>> Hi,
>>>
>>> I recently tried to rebuild:
>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__ftp.scientificlinux.org_linux_scientific_7.5_SRPMS_vendor_scap-2Dsecurity-2Dguide-2D0.1.36-2D10.sl7-5F5.src.rpm&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=VEuwtpc-C8K822YaGWxqMbbqJQ2S4ol_0zyOs5dGj34&s=c4eo166aLjYeIW8G_REvPJtsA3ZZLpfkMSXXTZ-fkCY&e=
>>>
>>>
>>> or CentOS:
>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__vault.centos.org_7.5.1804_updates_Source_SPackages_scap-2Dsecurity-2Dguide-2D0.1.36-2D10.el7.centos.src.rpm&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=VEuwtpc-C8K822YaGWxqMbbqJQ2S4ol_0zyOs5dGj34&s=CB2VMlH34YrlkISCXH_ozAxRuu77b1I9JKRsVgmHUjY&e=
>>>
>>> or
>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__vault.centos.org_7.5.1804_updates_Source_SPackages_scap-2Dsecurity-2Dguide-2D0.1.36-2D9.el7.centos.src.rpm&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=VEuwtpc-C8K822YaGWxqMbbqJQ2S4ol_0zyOs5dGj34&s=wBthjF79L7TV8JmFEdL7hpTmRG3DWlEMntXaBMaaaaU&e=
>>>
>>>
>>> and failed miserably :(.
>>>
>>> Steps to reproduce:
>>>
>>> ```bash
>>> sudo yum install @development wget libxslt openscap-scanner python-lxml
>>> cmake -y
>>> wget
>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__ftp.scientificlinux.org_linux_scientific_7.5_SRPMS_vendor_scap-2Dsecurity-2Dguide-2D0.1.36-2D10.sl7-5F5.src.rpm&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=VEuwtpc-C8K822YaGWxqMbbqJQ2S4ol_0zyOs5dGj34&s=c4eo166aLjYeIW8G_REvPJtsA3ZZLpfkMSXXTZ-fkCY&e=
>>>
>>> rpmbuild --rebuild scap-security-guide-0.1.36-10.sl7_5.src.rpm
>>> ```
>>>
>>> Or with mock
>>> ```
>>> mock scap-security-guide-0.1.36-10.sl7_5.src.rpm
>>> ```
>>>
>>> The patch that breaks build is
>>> scap-security-guide-0.1.39-fix-failing-rules-for-PCI-DSS-DISA-UGSCB.patch.
>>>
>>> It has number 12 in the spec file.
>>>
>>> Is there anything that I'm missing? Unfortunately, I'm unable to find
>>> scap-security-guide on CentOS CBS, so I'm clueless.
>>>
>>> Bests,
>>> Alex
>>>
>>
>> I just tried with mock (no rpmbuild prior) and it also failed on the
>> same patch.  It is unable to find
>> shared/bash_remediation_functions/include_mount_options_functions.sh.
>> This file is indeed missing from the .tar.bz2 included in the srpm
>> that it is supposedly try to apply the patch to.
>>
>> -Mark
> 
> I'm able to rebuild the SL package in mock under SL 7 and CentOS 7.
> 
> On the CentOS image I had to cleanup the BUILD area, run 'rpm -ivh
> scap-security-guide-0.1.36-10.sl7_5.src.rpm' twice, and 'rpmbuild -ba
> scap-security-guide.spec' three times before it would work..... that is
> super weird.....
> 
> After I ran 'rpmbuild -bp' I've got:
> 
> # cat
> /builddir/build/BUILD/scap-security-guide-0.1.36/shared/bash_remediation_functions/include_mount_options_functions.sh
> 
> function include_mount_options_functions {
>     :
> }
> 
> # $1: mount point
> # $2: new mount point option
> function ensure_mount_option_in_fstab {
>     local _mount_point="$1" _new_opt="$2" _mount_point_match_regexp=""
> _previous_mount_opts=""
>     _mount_point_match_regexp="$(get_mount_point_regexp "$_mount_point")"
> 
>     if [ $(grep "$_mount_point_match_regexp" /etc/fstab | grep -c
> "$_new_opt" ) -eq 0 ]; then
>         _previous_mount_opts=$(grep "$_mount_point_match_regexp"
> /etc/fstab | awk '{print $4}')
>         sed -i
> "s|\(${_mount_point_match_regexp}.*${_previous_mount_opts}\)|\1,${_new_opt}|"
> /etc/fstab
>     fi
> }
> 
> # $1: mount point
> function get_mount_point_regexp {
>         printf "[[:space:]]%s[[:space:]]" "$1"
> }
> 
> # $1: mount point
> function assert_mount_point_in_fstab {
>     local _mount_point_match_regexp
>     _mount_point_match_regexp="$(get_mount_point_regexp "$1")"
>     grep "$_mount_point_match_regexp" -q /etc/fstab \
>         || { echo "The mount point '$1' is not even in /etc/fstab, so we
> can't set up mount options" >&2; return 1; }
> }
> 
> # $1: mount point
> function remove_defaults_from_fstab_if_overriden {
>     local _mount_point_match_regexp
>     _mount_point_match_regexp="$(get_mount_point_regexp "$1")"
>     if [ $(grep "$_mount_point_match_regexp" /etc/fstab | grep -q
> "defaults,") -gt 0 ]
>     then
>         sed -i "s|\(${_mount_point_match_regexp}.*\)defaults,|\1|"
> /etc/fstab
>     fi
> }
> 
> # $1: mount point
> function ensure_partition_is_mounted {
>     local _mount_point="$1"
>     mkdir -p "$_mount_point" || return 1
>     if mountpoint -q "$_mount_point"; then
>         mount -o remount --target "$_mount_point"
>     else
>         mount --target "$_mount_point"
>     fi
> }
> 
>

ATOM RSS1 RSS2