[Swan] rpmbuild failure
Paul Wouters
paul at nohats.ca
Sat Jun 6 19:12:28 EEST 2015
The two fish warning is due to the newer compiler throwing a warning.
And the updated make files treat warnings as errors. You can set WERROR_CFLAGS="" to avoid this for now
Sent from my iPhone
> On Jun 5, 2015, at 20:17, John Crisp <jcrisp at safeandsoundit.co.uk> wrote:
>
> I just tried to mock build 3.14 from github source and have got a couple
> of build errors. I tested on 3.12 again to make sure it did build with
> the spec file - that has one error as follows but seems to build correctly :
>
> Macro %kversion has empty body
>
> The second part is as follows - I can supply the build logs if required.
> It could well be the spec file is wrong or somesuch - I used the same
> one I used to build 3.12 so that could be an issue. Appreciate any advice :
>
> mock -r /etc/mock/epel-6-x86_64.cfg rebuild
> /home/john/rpmbuild/SRPMS/libreswan-3.14-1.el6.src.rpm
>
> ....
>
> make[4]: Leaving directory
> `/builddir/build/BUILD/libreswan-3.14/OBJ.linux.x86_64/lib/libcrypto/libaes_xcbc'
> make[3]: Leaving directory
> `/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libaes_xcbc'
> make[3]: Entering directory
> `/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish'
> mkdir -p ../../../OBJ.linux.x86_64/lib/libcrypto/libtwofish
> set -e ; \
> for f in twofish.o twofish_cbc.o ; do \
> case $f in \
> *.c ) echo "-include $(basename $f .c).d # $f" ;; \
> *.o ) echo "-include $(basename $f .o).d # $f" ;; \
> * ) echo "# $f ignored by Makefile.dep" ;; \
> esac ; \
> done >
> ../../../OBJ.linux.x86_64/lib/libcrypto/libtwofish/Makefile.depend.mk.tmp
> mv
> ../../../OBJ.linux.x86_64/lib/libcrypto/libtwofish/Makefile.depend.mk.tmp ../../../OBJ.linux.x86_64/lib/libcrypto/libtwofish/Makefile.depend.mk
> make[3]: Leaving directory
> `/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish'
> make[3]: Entering directory
> `/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish'
> /usr/bin/make -C ../../../OBJ.linux.x86_64/lib/libcrypto/libtwofish buildall
> make[4]: Entering directory
> `/builddir/build/BUILD/libreswan-3.14/OBJ.linux.x86_64/lib/libcrypto/libtwofish'
> cc -I/builddir/build/BUILD/libreswan-3.14/ports/linux/include
> -I/builddir/build/BUILD/libreswan-3.14/ports/linux/include
> -I/builddir/build/BUILD/libreswan-3.14/ports/linux/include
> -I/builddir/build/BUILD/libreswan-3.14/ports/linux/include
> -I/builddir/build/BUILD/libreswan-3.14/ports/linux/include
> -I/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/../include
> -I. -I/builddir/build/BUILD/libreswan-3.14/linux/net/ipsec
> -I/builddir/build/BUILD/libreswan-3.14/linux/include
> -I/builddir/build/BUILD/libreswan-3.14
> -I/builddir/build/BUILD/libreswan-3.14/include -I/usr/include/nss3
> -I/usr/include/nspr4 -pthread -m64 -g -O2 -U_FORTIFY_SOURCE
> -D_FORTIFY_SOURCE=2 -g -DGCC_LINT -O2 -g -pipe -Wall
> -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
> --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIE -pie
> -fno-strict-aliasing -DDNSSEC -DFIPS_CHECK
> -DFIPSPRODUCTCHECK=\"/etc/system-fips\" -DKLIPS -DHAVE_LABELED_IPSEC
> -DLIBCURL -DLDAP_VER=3 -DUSE_MD5 -DHAVE_NM -DUSE_SHA2 -DUSE_SHA1
> -DFIPSPRODUCTCHECK=\"/etc/system-fips\" -DIPSEC_CONF=\"/etc/ipsec.conf\"
> -DIPSEC_CONFDDIR=\"/etc/ipsec.d\" -DIPSEC_NSSDIR=\"/etc/ipsec.d\"
> -DIPSEC_CONFDIR=\"/etc\" -DIPSEC_EXECDIR=\"/usr/libexec/ipsec\"
> -DIPSEC_SBINDIR=\"/usr/sbin\" -DIPSEC_VARDIR=\"/var\"
> -DPOLICYGROUPSDIR=\"/etc/ipsec.d/policies\"
> -DSHARED_SECRETS_FILE=\"/etc/ipsec.secrets\" -DGCC_LINT
> -DALLOW_MICROSOFT_BAD_PROPOSAL -Werror -Wall -Wextra -Wformat
> -Wformat-nonliteral -Wformat-security -Wundef -Wmissing-declarations
> -Wredundant-decls -Wnested-externs \
> -MMD -MF ./twofish.d \
> -o ./twofish.o \
> -c /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c
> cc1: warnings being treated as errors
> /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:
> In function 'twofish_set_key':
> /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:812:
> error: array subscript is above array bounds
> /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:812:
> error: array subscript is above array bounds
> /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:812:
> error: array subscript is above array bounds
> /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:839:
> error: array subscript is above array bounds
> /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:839:
> error: array subscript is above array bounds
> /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:839:
> error: array subscript is above array bounds
> /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:866:
> error: array subscript is above array bounds
> /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:866:
> error: array subscript is above array bounds
> /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:866:
> error: array subscript is above array bounds
> /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:812:
> error: array subscript is above array bounds
> /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:812:
> error: array subscript is above array bounds
> /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:839:
> error: array subscript is above array bounds
> /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:839:
> error: array subscript is above array bounds
> /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:866:
> error: array subscript is above array bounds
> /builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish/twofish.c:866:
> error: array subscript is above array bounds
> make[4]: Leaving directory
> `/builddir/build/BUILD/libreswan-3.14/OBJ.linux.x86_64/lib/libcrypto/libtwofish'
> make[3]: Leaving directory
> `/builddir/build/BUILD/libreswan-3.14/lib/libcrypto/libtwofish'
> make[2]: Leaving directory
> `/builddir/build/BUILD/libreswan-3.14/lib/libcrypto'
> make[1]: Leaving directory `/builddir/build/BUILD/libreswan-3.14/lib'
>
>
> RPM build errors:
> make[4]: *** [twofish.o] Error 1
> make[3]: *** [local-base] Error 2
> make[2]: *** [all] Error 2
> make[1]: *** [all] Error 2
> make: *** [all] Error 2
> error: Bad exit status from /var/tmp/rpm-tmp.bYDewu (%build)
> Macro %kversion has empty body
> Bad exit status from /var/tmp/rpm-tmp.bYDewu (%build)
> ERROR: Exception(/home/john/rpmbuild/SRPMS/libreswan-3.14-1.el6.src.rpm)
> Config(epel-6-x86_64) 0 minutes 42 seconds
> INFO: Results and/or logs in: /var/lib/mock/epel-6-x86_64/result
> ERROR: Command failed. See logs for output.
> # bash --login -c /usr/bin/rpmbuild -bb --target x86_64 --nodeps
> /builddir/build/SPECS/libreswan.spec
>
>
> libreswan.spec :
>
> %define USE_FIPSCHECK true
> %define USE_LABELED_IPSEC true
> %define USE_CRL_FETCHING true
> %define USE_DNSSEC true
> %define USE_NM true
> %define USE_LINUX_AUDIT 0
> # Eanble for OCF, requires <crypto/cryptodev.h> See
> ocf-linux.sourceforge.net
> %define USE_OCF 0
> # Not available for RHEL5
> %define USE_LIBCAP_NG 0
>
> %define fipscheck_version 1.2.0-1
> %define buildefence 0
> %define development 0
>
> Name: libreswan
> Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols
> # version is generated in the release script
> Version: 3.14
>
> # The default kernel version to build for is the latest of
> # the installed binary kernel
> # This can be overridden by "--define 'kversion x.x.x-y.y.y'"
> %define defkv %(rpm -q kernel kernel-lt kernel-debug| grep -v "not
> installed" | sed -e "s/kernel-debug-//" -e "s/kernel-//" -e
> "s/\.[^.]*$//" | sort | tail -1 )
> %{!?kversion: %{expand: %%define kversion %defkv}}
> %define krelver %(echo %{kversion} | tr -s '-' '_')
> # Libreswan -pre/-rc nomenclature has to co-exist with hyphen paranoia
> %define srcpkgver %(echo %{version} | tr -s '_' '-')
>
> Release: 1%{?dist}
> License: GPLv2
> Url: https://www.libreswan.org/
> Source: %{name}-%{srcpkgver}.tar.gz
> Group: System Environment/Daemons
> BuildRequires: gmp-devel bison flex redhat-rpm-config pkgconfig
> Requires(post): coreutils bash
> Requires(preun): initscripts chkconfig
> Requires(post): /sbin/chkconfig
> Requires(preun): /sbin/chkconfig
> Requires(preun): /sbin/service
> BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
>
> BuildRequires: pkgconfig net-tools
> BuildRequires: nss-devel >= 3.12.6-2, nspr-devel
> BuildRequires: pam-devel
> %if %{USE_DNSSEC}
> BuildRequires: unbound-devel
> %endif
> %if %{USE_FIPSCHECK}
> BuildRequires: fipscheck-devel >= %{fipscheck_version}
> # we need fipshmac
> Requires: fipscheck >= %{fipscheck_version}
> %endif
> %if %{USE_LINUX_AUDIT}
> Buildrequires: audit-libs-devel
> %endif
> %if %{USE_LIBCAP_NG}
> BuildRequires: libcap-ng-devel
> %endif
> %if %{USE_CRL_FETCHING}
> BuildRequires: openldap-devel curl-devel
> %endif
> %if %{buildefence}
> BuildRequires: ElectricFence
> %endif
> # Only needed if xml man pages are modified and need regeneration
> # BuildRequires: xmlto
>
> Requires: nss-tools
> Requires: iproute >= 2.6.8
>
> %description
> Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is
> the Internet Protocol Security and uses strong cryptography to provide
> both authentication and encryption services. These services allow you
> to build secure tunnels through untrusted networks. Everything passing
> through the untrusted net is encrypted by the ipsec gateway machine and
> decrypted by the gateway at the other end of the tunnel. The resulting
> tunnel is a virtual private network or VPN.
>
> This package contains the daemons and userland tools for setting up
> Libreswan. To build KLIPS, see the kmod-libreswan.spec file.
>
> Libreswan also supports IKEv2 (RFC4309) and Secure Labeling
>
> Libreswan is based on Openswan-2.6.38 which in turn is based on
> FreeS/WAN-2.04
>
> %prep
> %setup -q -n libreswan-%{srcpkgver}
>
> %build
> %if %{buildefence}
> %define efence "-lefence"
> %endif
>
> #796683: -fno-strict-aliasing
> %{__make} \
> %if %{development}
> USERCOMPILE="-g -DGCC_LINT %(echo %{optflags} | sed -e s/-O[0-9]*/ /)
> %{?efence} -fPIE -pie -fno-strict-aliasing" \
> %else
> USERCOMPILE="-g -DGCC_LINT %{optflags} %{?efence} -fPIE -pie
> -fno-strict-aliasing" \
> %endif
> INITSYSTEM=sysvinit \
> USERLINK="-g -pie %{?efence}" \
> USE_NM=%{USE_NM} \
> USE_XAUTHPAM=true \
> USE_FIPSCHECK=%{USE_FIPSCHECK} \
> USE_LIBCAP_NG=%{USE_LIBCAP_NG} \
> %if %{USE_OCF}
> USE_OCF=true \
> %endif
> USE_LABELED_IPSEC=%{USE_LABELED_IPSEC} \
> USE_LDAP=%{USE_CRL_FETCHING} \
> USE_LIBCURL=%{USE_CRL_FETCHING} \
> USE_DNSSEC=%{USE_DNSSEC} \
> INC_USRLOCAL=%{_prefix} \
> FINALLIBEXECDIR=%{_libexecdir}/ipsec \
> MANTREE=%{_mandir} \
> INC_RCDEFAULT=%{_initrddir} \
> programs
> FS=$(pwd)
>
> %if %{USE_FIPSCHECK}
> # Add generation of HMAC checksums of the final stripped binaries
> %define __spec_install_post \
> %{?__debug_package:%{__debug_install_post}} \
> %{__arch_install_post} \
> %{__os_install_post} \
> fipshmac %{buildroot}%{_sbindir}/ipsec \
> fipshmac %{buildroot}%{_libexecdir}/ipsec/* \
> %{nil}
> %endif
>
> %install
> rm -rf %{buildroot}
> %{__make} \
> DESTDIR=%{buildroot} \
> INITSYSTEM=sysvinit \
> INC_USRLOCAL=%{_prefix} \
> FINALLIBEXECDIR=%{_libexecdir}/ipsec \
> MANTREE=%{buildroot}%{_mandir} \
> INC_RCDEFAULT=%{_initrddir} \
> INSTMANFLAGS="-m 644" \
> install
> FS=$(pwd)
> rm -rf %{buildroot}/usr/share/doc/libreswan
>
> install -d -m 0755 %{buildroot}%{_localstatedir}/run/pluto
> # used when setting --perpeerlog without --perpeerlogbase
> install -d -m 0700 %{buildroot}%{_localstatedir}/log/pluto/peer
> install -d %{buildroot}%{_sbindir}
>
> echo "include /etc/ipsec.d/*.secrets" >
> %{buildroot}%{_sysconfdir}/ipsec.secrets
> rm -fr %{buildroot}/etc/rc.d/rc*
>
> %files
> %doc CHANGES COPYING CREDITS README* LICENSE
> %doc docs/*.* docs/examples
> %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf
> %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.secrets
> %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/pluto
> %attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d
> %attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/cacerts
> %attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/crls
> %attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/policies
> %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/*
> %attr(0700,root,root) %dir %{_localstatedir}/log/pluto/peer
> %attr(0755,root,root) %dir %{_localstatedir}/run/pluto
> %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/pluto
> %{_initrddir}/ipsec
> %{_libexecdir}/ipsec
> %{_sbindir}/ipsec
> %attr(0644,root,root) %{_mandir}/*/*.gz
>
> %if %{USE_FIPSCHECK}
> %{_sbindir}/.ipsec.hmac
> %endif
>
> %preun
> if [ $1 -eq 0 ]; then
> /sbin/service ipsec stop > /dev/null 2>&1 || :
> /sbin/chkconfig --del ipsec
> fi
>
> %postun
> if [ $1 -ge 1 ] ; then
> /sbin/service ipsec condrestart 2>&1 >/dev/null || :
> fi
>
> %post
> /sbin/chkconfig --add ipsec || :
> if [ ! -f %{_sysconfdir}/ipsec.d/cert8.db ] ; then
> TEMPFILE=$(/bin/mktemp %{_sysconfdir}/ipsec.d/nsspw.XXXXXXX)
> [ $? -gt 0 ] && TEMPFILE=%{_sysconfdir}/ipsec.d/nsspw.$$
> echo > ${TEMPFILE}
> certutil -N -f ${TEMPFILE} -d %{_sysconfdir}/ipsec.d
> restorecon %{_sysconfdir}/ipsec.d/*db 2>/dev/null || :
> rm -f ${TEMPFILE}
> fi
>
> %changelog
> * Tue Jan 01 2013 Team Libreswan <team at libreswan.org> - 3.1-1
> - Automated build from release tar ball
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list