Red Hat Bugzilla – Bug 773343
rpms build failure (openssh-5.8p1-fips.patch cannot be applied)
Last modified: 2013-02-13 21:15:32 EST
Description of problem:
When using the following setup in my openssh.spec file:
# Do we want SELinux & Audit
%define WITH_SELINUX 1
%define WITH_SELINUX 0
# OpenSSH privilege separation requires a user & group ID
%define sshd_uid 74
%define sshd_gid 74
# Do we want to disable building of gnome-askpass? (1=yes 0=no)
%define no_gnome_askpass 0
# Do we want to link against a static libcrypto? (1=yes 0=no)
%define static_libcrypto 0
# Do we want smartcard support (1=yes 0=no)
#Smartcard support is broken from 5.4p1
%define scard 0
# Use GTK2 instead of GNOME in gnome-ssh-askpass
%define gtk2 0
# Build position-independent executables (requires toolchain support)?
%define pie 1
# Do we want kerberos5 support (1=yes 0=no)
%define kerberos5 0
# Do we want libedit support
%define libedit 0
# Do we want LDAP support
%define ldap 0
# Do we want NSS tokens support
# NSS support is broken from 5.4p1
%define nss 0
# Whether or not /sbin/nologin exists.
%define nologin 1
# Whether to build pam_ssh_agent_auth
%define pam_ssh_agent 1
%define pam_ssh_agent 0
I get the following error when executing "rpbmuild -bb openssh.spec":
+ /bin/cat /home/mr-4/rpmbuild/SOURCES/openssh-5.8p1-fips.patch
+ /usr/bin/patch -s -p1 -b --suffix .fips --fuzz=0
1 out of 2 hunks FAILED -- saving rejects to file Makefile.in.rej
error: Bad exit status from /var/tmp/rpm-tmp.Z2VATM (%prep)
In other words, the -fips patch cannot be applied for some reason.
Version-Release number of selected component (if applicable):
5.8p2 (the latest available on FC15)
Steps to Reproduce:
1. rpm -ivh openssh-*.src.rpm && cd ~/rpmbuild/SPECS
2. gedit openssh.spec and alter the configuration as indicated above
3. rpmbuild -bb openssh.spec
The above error
The patch to be applied cleanly
This will need little rework of openssh-5.8p1-ldap.patch - change Makefile to not add ldap helper to TARGETS when INSTALL_SSH_LDAP_HELPER is not set, and change .spec file to always use ldap patch.
Fedora 16 changed to end-of-life (EOL) status on 2013-02-12. Fedora 16 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.
If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version.
Thank you for reporting this bug and we are sorry it could not be fixed.