Bug 236887

Summary: openssh from fc6 updates does not build on older distros without spec changes
Product: [Fedora] Fedora Reporter: Tarhon-Onu Victor <lsmituc>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED WONTFIX QA Contact: Brian Brock <bbrock>
Severity: low Docs Contact:
Priority: medium    
Version: 6Keywords: Reopened
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-07-25 12:22:25 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:

Description Tarhon-Onu Victor 2007-04-18 05:30:41 EDT
Description of problem:

When rebuilding the openssh source RPMs on older redhat distributions (like fc1,
rh9, rh73) there are some changes that have to be done in the RPM spec along
with the rpmbuild flag settings in order for the build to complete successfully.
I'll talk here about two examples: redhat 9 and redhat 7.3. Probably the
adnotations for rh9 may appply to FC1 as well.

1. first of all there is no build flag to set the availability of the selinux
(and audit) libraries. So the spec file has to be modified to change the first
line from:
%define WITH_SELINUX 1
to:
%define WITH_SELINUX 0

Ideally we should be able to do that using a flag like:
--define 'with_selinux 1' (or 0), which if not defined then the
default/hardcoded value to be used.

2. same for kerberos5

3. when WITH_SELINUX is set to 0 the selinux patch is not applied, but the mls
and selinux-rolechg patches are not conditioned by this setting. So the patch
commands which apply these two additional selinux patches should be included in
an "if" command.

4. BuildRequires audit-libs-devel should be included in an "if" command as well.

5. for older distributions (older than FC4 I think, that's when the loginuid pam
module has been included if I remember well) the pam-stack patch should be skipped.

6. the distributions older than FC1 (and FC1 I think) should require
XFree86-xauth instead of xorg-x11-xauth. RedHat 7.3 has the xauth tool included
in the XFree86 package.

7. I can't give you an idea about how to approach this, but the following block
fails to evaluate the values for some reason in older RPM versions:
%if ! %{no_gnome_askpass}
%if %{gtk2}
BuildRequires: gtk2-devel
BuildRequires: libX11-devel
%else
BuildRequires: gnome-libs-devel
%endif
%endif
...when both no_gnome_askpass and gtk2 are set to 0.


After the appropriate changes were done I could successfully build the openssh
package shipped in the FC6 updates on rh7.3 and rh9 like this:

bash# rpmbuild -bs --define 'dist .rh9' /usr/src/redhat/SPECS/openssh.spec 
--define 'skip_gnome_askpass 1' --define 'no_gtk2 1'
bash# rpmbuild --rebuild --target i686 --define 'dist .rh9' --define
'skip_gnome_askpass 1' --define 'no_gtk2 1'
/usr/src/redhat/SRPMS/openssh-4.3p2-19.rh9.src.rpm

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. just try to rebuild an openssh package on an older distro, even setting the
appropriate build flags.
2.
3.
  
Actual results:


Expected results:

I should have been able to rebuild the package on an older distro just using the
appropriate build flag settings. Since the flags are there we should be able to
still use them...


Additional info:
Comment 1 Tarhon-Onu Victor 2007-04-18 05:32:50 EDT
This is more like a request for enchancement.
Comment 2 Tomas Mraz 2007-07-25 12:22:25 EDT
I'm sorry but such backwards compatibility is not our goal. It really
complicates the spec file. In fact I'd like to clean out some of the %ifs.