Bug 773343

Summary: rpms build failure (openssh-5.8p1-fips.patch cannot be applied)
Product: [Fedora] Fedora Reporter: Mr-4 <mr.dash.four>
Component: opensshAssignee: Petr Lautrbach <plautrba>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: mattias.ellert, mgrepl, plautrba, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-13 21:14:46 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Mr-4 2012-01-11 10:14:55 EST
Description of problem:
When using the following setup in my openssh.spec file:

# Do we want SELinux & Audit
%if 0%{?!noselinux:1}
%define WITH_SELINUX 1
%define WITH_SELINUX 0

# OpenSSH privilege separation requires a user & group ID
%define sshd_uid    74
%define sshd_gid    74

# Do we want to disable building of gnome-askpass? (1=yes 0=no)
%define no_gnome_askpass 0

# Do we want to link against a static libcrypto? (1=yes 0=no)
%define static_libcrypto 0

# Do we want smartcard support (1=yes 0=no)
#Smartcard support is broken from 5.4p1
%define scard 0

# Use GTK2 instead of GNOME in gnome-ssh-askpass
%define gtk2 0

# Build position-independent executables (requires toolchain support)?
%define pie 1

# Do we want kerberos5 support (1=yes 0=no)
%define kerberos5 0

# Do we want libedit support
%define libedit 0

# Do we want LDAP support
%define ldap 0

# Do we want NSS tokens support
# NSS support is broken from 5.4p1
%define nss 0

# Whether or not /sbin/nologin exists.
%define nologin 1

# Whether to build pam_ssh_agent_auth
%if 0%{?!nopam:1}
%define pam_ssh_agent 1
%define pam_ssh_agent 0

I get the following error when executing "rpbmuild -bb openssh.spec":

+ /bin/cat /home/mr-4/rpmbuild/SOURCES/openssh-5.8p1-fips.patch
+ /usr/bin/patch -s -p1 -b --suffix .fips --fuzz=0
1 out of 2 hunks FAILED -- saving rejects to file Makefile.in.rej
error: Bad exit status from /var/tmp/rpm-tmp.Z2VATM (%prep)

In other words, the -fips patch cannot be applied for some reason.

Version-Release number of selected component (if applicable):
5.8p2 (the latest available on FC15)

How reproducible:

Steps to Reproduce:
1. rpm -ivh openssh-*.src.rpm && cd ~/rpmbuild/SPECS
2. gedit openssh.spec and alter the configuration as indicated above
3. rpmbuild -bb openssh.spec
Actual results:
The above error

Expected results:
The patch to be applied cleanly

Additional info:
Comment 1 Petr Lautrbach 2012-02-03 08:33:51 EST
This will need little rework of openssh-5.8p1-ldap.patch - change Makefile to not add ldap helper to TARGETS when INSTALL_SSH_LDAP_HELPER is not set, and change .spec file to always use ldap patch.
Comment 2 Fedora End Of Life 2013-02-13 21:15:32 EST
Fedora 16 changed to end-of-life (EOL) status on 2013-02-12. Fedora 16 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.