Hello, I can answer part of your questions. The rpm packages were added to the security push to resolve an order of operations issue addressed by the OrderWithRequires tag. I'm afraid I don't have a working maven installation, what error messages are being provided? -- Pat Riehecky Scientific Linux developer Fermi National Accelerator Laboratory www.fnal.gov www.scientificlinux.org ________________________________________ From: Mailing list for Scientific Linux developers worldwide [[log in to unmask]] on behalf of Paul Millar [[log in to unmask]] Sent: Wednesday, August 05, 2015 6:12 AM To: scientific-linux-devel Subject: [SCIENTIFIC-LINUX-DEVEL] Broken security upgrade Hi, I don't know if this is the correct place to report this, but a recent security upgrade broke Scientific Linux 6.6 for building RPM packages. The update was to 4.8.0-47: [root@vm-dcache-wn-sl6 ~]# grep Aug\ 04\ 04.*rpm /var/log/yum.log Aug 04 04:34:44 Installed: redhat-rpm-config-9.0.3-44.sl6.noarch Aug 04 04:34:46 Updated: rpm-4.8.0-47.el6.x86_64 Aug 04 04:34:46 Updated: rpm-libs-4.8.0-47.el6.x86_64 Aug 04 04:34:47 Updated: rpm-build-4.8.0-47.el6.x86_64 Aug 04 04:34:47 Updated: rpm-python-4.8.0-47.el6.x86_64 [root@vm-dcache-wn-sl6 ~]# This happened automatically, via yum-autoupdate. After this upgrade, the rpmbuild command started to fail. The command that failed was: rpmbuild -bb --define _topdir <> --buildroot <> <>/SPECS/dcache-srmclient.spec where I've used a "<>" to represent the absolute paths in the command. The problem may be reproduced by cloning dCache from github and running the command: mvn -am -pl modules/srm-client clean package -DskipTests -Prpm Down-grading to v4.8.0-37 (and uninstalling the 'redhat-rpm-config' package) is sufficient to fix the problem. To confirm the cause, I re-ran yum manually, which upgraded the RPM packages to v4.8.0-47. This reintroduced the problem; so I am pretty convinced the problem is with this security upgrade. What I find odd is that there is no mention of a security issue with RPM, so it isn't clear why the RPM packages have been updated. Cheers, Paul.