Alas, some of our customized packages occasionally end up in vendor.... An rpmbuild --rebuild of http://ftp. scientificlinux.org/linux/scientific/7x/SRPMS/vendor/scap-security-guide-0.1.36-9.sl7_5.src.rpm builds up just fine on my workstation (7.5) and in a few quick mockroots I kicked up (7.5, 7.4, 7.3)..... that is a bit strange. Pat On 08/07/2018 05:59 PM, Kraus, Dave (GE Healthcare) wrote: > Whilst trying to patch scap-security-guide for our own purposes, I've found that the 0.1.36-7.sl7 version builds correctly, but -9.sl7_5 fails during %prep while applying patch 12. > > This happens with an rpmbuild --rebuild of the .src package, as well as splitting it open and doing an rpmbuild -ba or -bp. > > At this point I'm baffled. Even more baffling is that I believe I've seen it pass on occasion with a -bp and then subsequently fail with a -ba. Doesn't seem to matter whether I remove the BUILD and BUILDROOT directories it uses or not. It would not be out of the question that I've imagined that, tho. > > Building on an SL 7.5 development workstation load, I believe. Or if not, at least yum-builddep reports that I have all build dependencies fulfilled. > > Further curiosity, I found the -9.sl7_5.src.rpm under the ftp.scientificlinux.org/...7.5/SRPMS/vendor/ tree rather than under the expected 7.5/SRPMS/SL tree, where I found the -7.sl7 version. > > It's been a long week... > > Looking for clues about what I'm doing wrong here (other than trying to rebuild it for myself, but I know why that's wrong). > > Here's where the rpmbuild --rebuild stops for me: > > ... > Patch #12 (scap-security-guide-0.1.39-fix-failing-rules-for-PCI-DSS-DISA-UGSCB.patch): > + /usr/bin/cat /home/kraus/rpmbuild/SOURCES/scap-security-guide-0.1.39-fix-failing-rules-for-PCI-DSS-DISA-UGSCB.patch > + /usr/bin/patch -p1 -b --suffix .fix_failing_rules --fuzz=0 > patching file shared/fixes/bash/audit_rules_kernel_module_loading_delete.sh > patching file shared/fixes/bash/audit_rules_kernel_module_loading_init.sh > ... > patching file shared/templates/template_common.py > can't find file to patch at input line 4685 > Perhaps you used the wrong -p or --strip option? > The text leading up to this was: > -------------------------- > | > |From 7ab3a8686f491543377be879552f4209a092b979 Mon Sep 17 00:00:00 2001 > |From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <[log in to unmask]> > |Date: Wed, 11 Apr 2018 10:27:29 +0200 > |Subject: [PATCH 08/17] Improved remediations, added tests for /var/tmp noexec. > | > |--- > | .../include_mount_options_functions.sh | 11 +++++++ > | shared/templates/template_BASH_mount_option | 4 +-- > | shared/templates/template_BASH_mount_option_var | 4 +-- > | .../rule_mount_option_var_tmp_bind/partition.sh | 8 ----- > | .../rule_mount_option_var_tmp_bind/runtime.pass.sh | 5 ---- > | .../separate.fail.sh | 6 ---- > | .../rule_mount_option_var_tmp_noexec/partition.sh | 34 ++++++++++++++++++++++ > | .../runtime.pass.sh | 10 +++++++ > | .../separate.fail.sh | 10 +++++++ > | 9 files changed, 69 insertions(+), 23 deletions(-) > | delete mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_bind/partition.sh > | delete mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_bind/runtime.pass.sh > | delete mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_bind/separate.fail.sh > | create mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_noexec/partition.sh > | create mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_noexec/runtime.pass.sh > | create mode 100644 tests/data/group_system/group_permissions/group_partitions/rule_mount_option_var_tmp_noexec/separate.fail.sh > | > |diff --git a/shared/bash_remediation_functions/include_mount_options_functions.sh b/shared/bash_remediation_functions/include_mount_options_functions.sh > |index 521f34c4b0..133b06e44c 100644 > |--- a/shared/bash_remediation_functions/include_mount_options_functions.sh > |+++ b/shared/bash_remediation_functions/include_mount_options_functions.sh > -------------------------- > File to patch: > -- Pat Riehecky Fermi National Accelerator Laboratory www.fnal.gov www.scientificlinux.org