Bug 1394671

Summary: RFE based on case 01728548 - RPMs for sudo in RHEL 6.8 and 7.2 are inconsistent
Product: Red Hat Enterprise Linux 7 Reporter: Vladimir Dulava <vdulava>
Component: sudoAssignee: Daniel Kopeček <dkopecek>
Status: CLOSED CURRENTRELEASE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: low    
Version: 7.2CC: cww, pkis, rsroka
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-31 15:48:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1420851    

Description Vladimir Dulava 2016-11-14 08:10:02 UTC
Description of problem:
RPMs for sudo in RHEL 6.8 and 7.2 are inconsistent

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
The src rpms

 	sudo-1.8.6p3-24.el6.src.rpm
 	sudo-1.8.6p7-17.el7.src.rpm

(and probably many other sudo RPMs in various Redhat Linux releases) apply a large number of patches to the original sudo source tree before compiling the code. However, these patches leave the source tree in an inconsistent state, so that some subsequent patches can no longer be applied.

The files def_data.h and def_data.c in the subdirectory plugins/sudoers of the source tree are generated from def_data.in in the same directory via the perl script mkdefaults. The patches, however, only apply changes to def_data.h and def_data.c. In particular, def_data.h and def_data.c can no longer be generated from def_data.in. Patches that correctly apply changes to def_data.in and use mkdefaults to create def_data.h and def_data.c overwrite the changes added by the previous patches to def_data.c and def_data.h. This usually means that the code no longer compiles, as the new definitions in def_data.h are missing.

Expected results:

HOW TO DO IT CORRECTLY

A correct patch to def_data.h and def_data.c should always include the changes to def_data.in. It is OK to include the changes to def_data.h and def_data.c, because by default, the sudo source code does not automatically recreate def_data.h and def_data.c. Only when using the --enable-devel configure option will mkdefaults be run (I consider this a weakness of the sudo build system, although an understandable one).
Using the --enable-devel option is discouraged though because it also leads to the building of the testsudoers.c program, which has additional build requirements not specified in the spec file, leading to build failure.

To fix this problem, a patch that changes def_data.h and def_data.c should always be created by first changing def_data.in, and then running

 	perl mkdefaults -o def_data def_data.in

manually in plugins/sudoers. This will recreate def_data.h and def_data.c consistent with def_data.in. From this a patch file for all three files def_data.in, def_data.h and def_data.c can then be generated. A patch file generated in this way will always leave the source tree in a consistent state.

Additional info:

Comment 3 Radovan Sroka 2017-08-31 15:48:47 UTC
This was fixed with rebase in RHEL7.4. We cannot use --enable-devel in our build system because of few more dependencies and stability. But patches are modifying *.in *.c *.h so we are able to compile sudo with or without DEVEL macro correctly and patched.