Bug 1531290
| Summary: | Evil sed command in iptables.spec file | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Rolf Fokkens <rolf> |
| Component: | iptables | Assignee: | Phil Sutter <psutter> |
| Status: | CLOSED ERRATA | QA Contact: | Tomas Dolezal <todoleza> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.4 | CC: | atragler, iptables-maint-list, todoleza |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | iptables-1.4.21-27.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-10-30 09:38:43 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Well, it happened again (still?) : same issue in iptables-1.4.21-18.3.el7_4.src.rpm I'm not sure, but I think we should consider this bad practice: * Unwanted side effects * Unneeded Hi Rolf, (In reply to Rolf Fokkens from comment #2) > Well, it happened again (still?) : same issue in > iptables-1.4.21-18.3.el7_4.src.rpm > > I'm not sure, but I think we should consider this bad practice: > * Unwanted side effects > * Unneeded Thanks for your detailed report. Sadly this ticket didn't make it into RHEL7.5 due to missing capacity on QE side. We will reconsider for RHEL7.6. Thanks, Phil Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3093 |
Description of problem: The iptables.spec file contains the following line: sed -i -e 's;^\(After=.*\)$;Before=ip6tables.service\n\1;' %{SOURCE3} This has the evil side effect of changing a sources file of the RPM. When building with mock this may not be an issue, but it is an issue in the following situation: rpmbuild -bb iptables.spec (this has a side effect) rpmbuild -bs iptables.spec (now the side effect is in the resulting src.rpm) A better way might be this: # install systemd service files install -d -m 755 %{buildroot}/%{_unitdir} sed -e 's;iptables;ip6tables;g' \ -e 's;IPv4;IPv6;g' \ -e 's;/usr/libexec/ip6tables;/usr/libexec/iptables;g' \ -e 's;^\(After=.*\)$;\1,iptables.service;' \ < %{SOURCE3} > ip6tables.service sed -e 's;^\(After=.*\)$;Before=ip6tables.service\n\1;' %{SOURCE3} > iptables.service install -c -m 644 iptables.service %{buildroot}/%{_unitdir} install -c -m 644 ip6tables.service %{buildroot}/%{_unitdir} So instead of changing the source file, just create an in between file and move on from there Version-Release number of selected component (if applicable): iptables-1.4.21-18.2.el7_4 How reproducible: 100% Steps to Reproduce: 1. rpm -i iptables-1.4.21-18.2.el7_4.src.rpm 2. rpmbuild -bb iptables.spec 3. rpmbuild -bs iptables.spec 4. Enjoy corrupted src.rpm Actual results: Accident waiting to happen Expected results: Happy RPM building Additional info: I would assume there are quality guidelines against this, but I'm not sure