[Swan] rpmbuild failure

John Crisp jcrisp at safeandsoundit.co.uk
Sat Jun 6 03:17:54 EEST 2015


I just tried to mock build 3.14 from github source and have got a couple
of build errors. I tested on 3.12 again to make sure it did build with
the spec file - that has one error as follows but seems to build correctly :

Macro %kversion has empty body

The second part is as follows - I can supply the build logs if required.
It could well be the spec file is wrong or somesuch - I used the same
one I used to build 3.12 so that could be an issue. Appreciate any advice :

mock -r /etc/mock/epel-6-x86_64.cfg rebuild
/home/john/rpmbuild/SRPMS/libreswan-3.14-1.el6.src.rpm

....

make[4]: Leaving directory
`/builddir/build/BUILD/libreswan-3.14/OBJ.linux.x86_64/lib/libcrypto/libaes_xcbc'
make[3]: Leaving directory
`/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libaes_xcbc'
make[3]: Entering directory
`/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish'
mkdir -p ../../../OBJ.linux.x86_64/lib/libcrypto/libtwofish
set -e ; \
	for f in twofish.o twofish_cbc.o ; do \
		case $f in \
			*.c ) echo "-include $(basename $f .c).d # $f" ;; \
			*.o ) echo "-include $(basename $f .o).d # $f" ;; \
			* ) echo "# $f ignored by Makefile.dep" ;; \
		esac ; \
	done >
../../../OBJ.linux.x86_64/lib/libcrypto/libtwofish/Makefile.depend.mk.tmp
mv
../../../OBJ.linux.x86_64/lib/libcrypto/libtwofish/Makefile.depend.mk.tmp ../../../OBJ.linux.x86_64/lib/libcrypto/libtwofish/Makefile.depend.mk
make[3]: Leaving directory
`/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish'
make[3]: Entering directory
`/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish'
/usr/bin/make -C ../../../OBJ.linux.x86_64/lib/libcrypto/libtwofish buildall
make[4]: Entering directory
`/builddir/build/BUILD/libreswan-3.14/OBJ.linux.x86_64/lib/libcrypto/libtwofish'
cc  -I/builddir/build/BUILD/libreswan-3.14/ports/linux/include
-I/builddir/build/BUILD/libreswan-3.14/ports/linux/include
-I/builddir/build/BUILD/libreswan-3.14/ports/linux/include
-I/builddir/build/BUILD/libreswan-3.14/ports/linux/include
-I/builddir/build/BUILD/libreswan-3.14/ports/linux/include
-I/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/../include
-I. -I/builddir/build/BUILD/libreswan-3.14/linux/net/ipsec
-I/builddir/build/BUILD/libreswan-3.14/linux/include
-I/builddir/build/BUILD/libreswan-3.14
-I/builddir/build/BUILD/libreswan-3.14/include  -I/usr/include/nss3
-I/usr/include/nspr4    -pthread  -m64 -g -O2 -U_FORTIFY_SOURCE
-D_FORTIFY_SOURCE=2 -g -DGCC_LINT -O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic  -fPIE -pie
-fno-strict-aliasing -DDNSSEC -DFIPS_CHECK
-DFIPSPRODUCTCHECK=\"/etc/system-fips\" -DKLIPS -DHAVE_LABELED_IPSEC
-DLIBCURL -DLDAP_VER=3 -DUSE_MD5 -DHAVE_NM -DUSE_SHA2 -DUSE_SHA1
-DFIPSPRODUCTCHECK=\"/etc/system-fips\" -DIPSEC_CONF=\"/etc/ipsec.conf\"
-DIPSEC_CONFDDIR=\"/etc/ipsec.d\" -DIPSEC_NSSDIR=\"/etc/ipsec.d\"
-DIPSEC_CONFDIR=\"/etc\" -DIPSEC_EXECDIR=\"/usr/libexec/ipsec\"
-DIPSEC_SBINDIR=\"/usr/sbin\" -DIPSEC_VARDIR=\"/var\"
-DPOLICYGROUPSDIR=\"/etc/ipsec.d/policies\"
-DSHARED_SECRETS_FILE=\"/etc/ipsec.secrets\" -DGCC_LINT
-DALLOW_MICROSOFT_BAD_PROPOSAL -Werror -Wall -Wextra -Wformat
-Wformat-nonliteral -Wformat-security -Wundef -Wmissing-declarations
-Wredundant-decls -Wnested-externs \
		-MMD -MF ./twofish.d \
		-o ./twofish.o \
		-c /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c
cc1: warnings being treated as errors
/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:
In function 'twofish_set_key':
/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:812:
error: array subscript is above array bounds
/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:812:
error: array subscript is above array bounds
/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:812:
error: array subscript is above array bounds
/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:839:
error: array subscript is above array bounds
/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:839:
error: array subscript is above array bounds
/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:839:
error: array subscript is above array bounds
/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:866:
error: array subscript is above array bounds
/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:866:
error: array subscript is above array bounds
/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:866:
error: array subscript is above array bounds
/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:812:
error: array subscript is above array bounds
/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:812:
error: array subscript is above array bounds
/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:839:
error: array subscript is above array bounds
/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:839:
error: array subscript is above array bounds
/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:866:
error: array subscript is above array bounds
/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:866:
error: array subscript is above array bounds
make[4]: Leaving directory
`/builddir/build/BUILD/libreswan-3.14/OBJ.linux.x86_64/lib/libcrypto/libtwofish'
make[3]: Leaving directory
`/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish'
make[2]: Leaving directory
`/builddir/build/BUILD/libreswan-3.14/lib/libcrypto'
make[1]: Leaving directory `/builddir/build/BUILD/libreswan-3.14/lib'


RPM build errors:
make[4]: *** [twofish.o] Error 1
make[3]: *** [local-base] Error 2
make[2]: *** [all] Error 2
make[1]: *** [all] Error 2
make: *** [all] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.bYDewu (%build)
    Macro %kversion has empty body
    Bad exit status from /var/tmp/rpm-tmp.bYDewu (%build)
ERROR: Exception(/home/john/rpmbuild/SRPMS/libreswan-3.14-1.el6.src.rpm)
Config(epel-6-x86_64) 0 minutes 42 seconds
INFO: Results and/or logs in: /var/lib/mock/epel-6-x86_64/result
ERROR: Command failed. See logs for output.
 # bash --login -c /usr/bin/rpmbuild -bb --target x86_64 --nodeps
/builddir/build/SPECS/libreswan.spec


libreswan.spec :

%define USE_FIPSCHECK true
%define USE_LABELED_IPSEC true
%define USE_CRL_FETCHING true
%define USE_DNSSEC true
%define USE_NM true
%define USE_LINUX_AUDIT 0
# Eanble for OCF, requires <crypto/cryptodev.h> See
ocf-linux.sourceforge.net
%define USE_OCF 0
# Not available for RHEL5
%define USE_LIBCAP_NG 0

%define fipscheck_version 1.2.0-1
%define buildefence 0
%define development 0

Name: libreswan
Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols
# version is generated in the release script
Version: 3.14

# The default kernel version to build for is the latest of
# the installed binary kernel
# This can be overridden by "--define 'kversion x.x.x-y.y.y'"
%define defkv %(rpm -q kernel kernel-lt kernel-debug| grep -v "not
installed" | sed -e "s/kernel-debug-//" -e  "s/kernel-//" -e
"s/\.[^.]*$//"  | sort | tail -1 )
%{!?kversion: %{expand: %%define kversion %defkv}}
%define krelver %(echo %{kversion} | tr -s '-' '_')
# Libreswan -pre/-rc nomenclature has to co-exist with hyphen paranoia
%define srcpkgver %(echo %{version} | tr -s '_' '-')

Release: 1%{?dist}
License: GPLv2
Url: https://www.libreswan.org/
Source: %{name}-%{srcpkgver}.tar.gz
Group: System Environment/Daemons
BuildRequires: gmp-devel bison flex redhat-rpm-config pkgconfig
Requires(post): coreutils bash
Requires(preun): initscripts chkconfig
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

BuildRequires: pkgconfig net-tools
BuildRequires: nss-devel >= 3.12.6-2, nspr-devel
BuildRequires: pam-devel
%if %{USE_DNSSEC}
BuildRequires: unbound-devel
%endif
%if %{USE_FIPSCHECK}
BuildRequires: fipscheck-devel >= %{fipscheck_version}
# we need fipshmac
Requires: fipscheck >= %{fipscheck_version}
%endif
%if %{USE_LINUX_AUDIT}
Buildrequires: audit-libs-devel
%endif
%if %{USE_LIBCAP_NG}
BuildRequires: libcap-ng-devel
%endif
%if %{USE_CRL_FETCHING}
BuildRequires: openldap-devel curl-devel
%endif
%if %{buildefence}
BuildRequires: ElectricFence
%endif
# Only needed if xml man pages are modified and need regeneration
# BuildRequires: xmlto

Requires: nss-tools
Requires: iproute >= 2.6.8

%description
Libreswan is a free implementation of IPsec & IKE for Linux.  IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services.  These services allow you
to build secure tunnels through untrusted networks.  Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel.  The resulting
tunnel is a virtual private network or VPN.

This package contains the daemons and userland tools for setting up
Libreswan. To build KLIPS, see the kmod-libreswan.spec file.

Libreswan also supports IKEv2 (RFC4309) and Secure Labeling

Libreswan is based on Openswan-2.6.38 which in turn is based on
FreeS/WAN-2.04

%prep
%setup -q -n libreswan-%{srcpkgver}

%build
%if %{buildefence}
 %define efence "-lefence"
%endif

#796683: -fno-strict-aliasing
%{__make} \
%if %{development}
   USERCOMPILE="-g -DGCC_LINT %(echo %{optflags} | sed -e s/-O[0-9]*/ /)
%{?efence} -fPIE -pie -fno-strict-aliasing" \
%else
  USERCOMPILE="-g -DGCC_LINT %{optflags} %{?efence} -fPIE -pie
-fno-strict-aliasing" \
%endif
  INITSYSTEM=sysvinit \
  USERLINK="-g -pie %{?efence}" \
  USE_NM=%{USE_NM} \
  USE_XAUTHPAM=true \
  USE_FIPSCHECK=%{USE_FIPSCHECK} \
  USE_LIBCAP_NG=%{USE_LIBCAP_NG} \
%if %{USE_OCF}
  USE_OCF=true \
%endif
  USE_LABELED_IPSEC=%{USE_LABELED_IPSEC} \
  USE_LDAP=%{USE_CRL_FETCHING} \
  USE_LIBCURL=%{USE_CRL_FETCHING} \
  USE_DNSSEC=%{USE_DNSSEC} \
  INC_USRLOCAL=%{_prefix} \
  FINALLIBEXECDIR=%{_libexecdir}/ipsec \
  MANTREE=%{_mandir} \
  INC_RCDEFAULT=%{_initrddir} \
  programs
FS=$(pwd)

%if %{USE_FIPSCHECK}
# Add generation of HMAC checksums of the final stripped binaries
%define __spec_install_post \
  %{?__debug_package:%{__debug_install_post}} \
  %{__arch_install_post} \
  %{__os_install_post} \
  fipshmac %{buildroot}%{_sbindir}/ipsec \
  fipshmac %{buildroot}%{_libexecdir}/ipsec/* \
%{nil}
%endif

%install
rm -rf %{buildroot}
%{__make} \
  DESTDIR=%{buildroot} \
  INITSYSTEM=sysvinit \
  INC_USRLOCAL=%{_prefix} \
  FINALLIBEXECDIR=%{_libexecdir}/ipsec \
  MANTREE=%{buildroot}%{_mandir} \
  INC_RCDEFAULT=%{_initrddir} \
  INSTMANFLAGS="-m 644" \
  install
FS=$(pwd)
rm -rf %{buildroot}/usr/share/doc/libreswan

install -d -m 0755 %{buildroot}%{_localstatedir}/run/pluto
# used when setting --perpeerlog without --perpeerlogbase
install -d -m 0700 %{buildroot}%{_localstatedir}/log/pluto/peer
install -d %{buildroot}%{_sbindir}

echo "include /etc/ipsec.d/*.secrets" >
%{buildroot}%{_sysconfdir}/ipsec.secrets
rm -fr %{buildroot}/etc/rc.d/rc*

%files
%doc CHANGES COPYING CREDITS README* LICENSE
%doc docs/*.* docs/examples
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.secrets
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/pluto
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/cacerts
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/crls
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/policies
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/*
%attr(0700,root,root) %dir %{_localstatedir}/log/pluto/peer
%attr(0755,root,root) %dir %{_localstatedir}/run/pluto
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/pluto
%{_initrddir}/ipsec
%{_libexecdir}/ipsec
%{_sbindir}/ipsec
%attr(0644,root,root) %{_mandir}/*/*.gz

%if %{USE_FIPSCHECK}
%{_sbindir}/.ipsec.hmac
%endif

%preun
if [ $1 -eq 0 ]; then
        /sbin/service ipsec stop > /dev/null 2>&1 || :
        /sbin/chkconfig --del ipsec
fi

%postun
if [ $1 -ge 1 ] ; then
 /sbin/service ipsec condrestart 2>&1 >/dev/null || :
fi

%post
/sbin/chkconfig --add ipsec || :
if [ ! -f %{_sysconfdir}/ipsec.d/cert8.db ] ; then
    TEMPFILE=$(/bin/mktemp %{_sysconfdir}/ipsec.d/nsspw.XXXXXXX)
    [ $? -gt 0 ] && TEMPFILE=%{_sysconfdir}/ipsec.d/nsspw.$$
    echo > ${TEMPFILE}
    certutil -N -f ${TEMPFILE} -d %{_sysconfdir}/ipsec.d
    restorecon %{_sysconfdir}/ipsec.d/*db 2>/dev/null || :
    rm -f ${TEMPFILE}
fi

%changelog
* Tue Jan 01 2013 Team Libreswan <team at libreswan.org> - 3.1-1
- Automated build from release tar ball

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150606/b616890d/attachment.sig>


More information about the Swan mailing list