LISTSERV - SCIENTIFIC-LINUX-DEVEL Archives

On 10/03/2018 04:07 PM, Mark Stodola wrote:
> On 10/03/2018 03:34 PM, aleksander.baranowski wrote:
>> Hi,
>>
>> I recently tried to rebuild:
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__ftp.scientificlinux.org_linux_scientific_7.5_SRPMS_vendor_scap-2Dsecurity-2Dguide-2D0.1.36-2D10.sl7-5F5.src.rpm&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=VEuwtpc-C8K822YaGWxqMbbqJQ2S4ol_0zyOs5dGj34&s=c4eo166aLjYeIW8G_REvPJtsA3ZZLpfkMSXXTZ-fkCY&e= 
>>
>>
>> or CentOS:
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__vault.centos.org_7.5.1804_updates_Source_SPackages_scap-2Dsecurity-2Dguide-2D0.1.36-2D10.el7.centos.src.rpm&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=VEuwtpc-C8K822YaGWxqMbbqJQ2S4ol_0zyOs5dGj34&s=CB2VMlH34YrlkISCXH_ozAxRuu77b1I9JKRsVgmHUjY&e= 
>>
>> or
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__vault.centos.org_7.5.1804_updates_Source_SPackages_scap-2Dsecurity-2Dguide-2D0.1.36-2D9.el7.centos.src.rpm&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=VEuwtpc-C8K822YaGWxqMbbqJQ2S4ol_0zyOs5dGj34&s=wBthjF79L7TV8JmFEdL7hpTmRG3DWlEMntXaBMaaaaU&e= 
>>
>>
>> and failed miserably :(.
>>
>> Steps to reproduce:
>>
>> ```bash
>> sudo yum install @development wget libxslt openscap-scanner python-lxml
>> cmake -y
>> wget
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__ftp.scientificlinux.org_linux_scientific_7.5_SRPMS_vendor_scap-2Dsecurity-2Dguide-2D0.1.36-2D10.sl7-5F5.src.rpm&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=VEuwtpc-C8K822YaGWxqMbbqJQ2S4ol_0zyOs5dGj34&s=c4eo166aLjYeIW8G_REvPJtsA3ZZLpfkMSXXTZ-fkCY&e= 
>>
>> rpmbuild --rebuild scap-security-guide-0.1.36-10.sl7_5.src.rpm
>> ```
>>
>> Or with mock
>> ```
>> mock scap-security-guide-0.1.36-10.sl7_5.src.rpm
>> ```
>>
>> The patch that breaks build is
>> scap-security-guide-0.1.39-fix-failing-rules-for-PCI-DSS-DISA-UGSCB.patch. 
>>
>> It has number 12 in the spec file.
>>
>> Is there anything that I'm missing? Unfortunately, I'm unable to find
>> scap-security-guide on CentOS CBS, so I'm clueless.
>>
>> Bests,
>> Alex
>>
>
> I just tried with mock (no rpmbuild prior) and it also failed on the 
> same patch.  It is unable to find 
> shared/bash_remediation_functions/include_mount_options_functions.sh. 
> This file is indeed missing from the .tar.bz2 included in the srpm 
> that it is supposedly try to apply the patch to.
>
> -Mark

I'm able to rebuild the SL package in mock under SL 7 and CentOS 7.

On the CentOS image I had to cleanup the BUILD area, run 'rpm -ivh 
scap-security-guide-0.1.36-10.sl7_5.src.rpm' twice, and 'rpmbuild -ba 
scap-security-guide.spec' three times before it would work..... that is 
super weird.....

After I ran 'rpmbuild -bp' I've got:

# cat 
/builddir/build/BUILD/scap-security-guide-0.1.36/shared/bash_remediation_functions/include_mount_options_functions.sh
function include_mount_options_functions {
     :
}

# $1: mount point
# $2: new mount point option
function ensure_mount_option_in_fstab {
     local _mount_point="$1" _new_opt="$2" _mount_point_match_regexp="" 
_previous_mount_opts=""
     _mount_point_match_regexp="$(get_mount_point_regexp "$_mount_point")"

     if [ $(grep "$_mount_point_match_regexp" /etc/fstab | grep -c 
"$_new_opt" ) -eq 0 ]; then
         _previous_mount_opts=$(grep "$_mount_point_match_regexp" 
/etc/fstab | awk '{print $4}')
         sed -i 
"s|\(${_mount_point_match_regexp}.*${_previous_mount_opts}\)|\1,${_new_opt}|" 
/etc/fstab
     fi
}

# $1: mount point
function get_mount_point_regexp {
         printf "[[:space:]]%s[[:space:]]" "$1"
}

# $1: mount point
function assert_mount_point_in_fstab {
     local _mount_point_match_regexp
     _mount_point_match_regexp="$(get_mount_point_regexp "$1")"
     grep "$_mount_point_match_regexp" -q /etc/fstab \
         || { echo "The mount point '$1' is not even in /etc/fstab, so 
we can't set up mount options" >&2; return 1; }
}

# $1: mount point
function remove_defaults_from_fstab_if_overriden {
     local _mount_point_match_regexp
     _mount_point_match_regexp="$(get_mount_point_regexp "$1")"
     if [ $(grep "$_mount_point_match_regexp" /etc/fstab | grep -q 
"defaults,") -gt 0 ]
     then
         sed -i "s|\(${_mount_point_match_regexp}.*\)defaults,|\1|" 
/etc/fstab
     fi
}

# $1: mount point
function ensure_partition_is_mounted {
     local _mount_point="$1"
     mkdir -p "$_mount_point" || return 1
     if mountpoint -q "$_mount_point"; then
         mount -o remount --target "$_mount_point"
     else
         mount --target "$_mount_point"
     fi
}


-- 
Pat Riehecky

Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org