On 03/02/2015 11:00 AM, Johnny Hughes wrote:> On 03/02/2015 10:38 AM, ANDY KENNEDY wrote: >>>> I'm tasked with reconstructing the CentOS version of the GlibC library for testing with >>>> gethostbyname(). My mission is to show that we are not affected by the latest exploit for >>>> the product we are shipping targeted for RHEL and CentOS. To do so, I want to equip >>>> gethostbyname() with additional code. >>> >>> Do you plan on shipping this updated glibc as part of the product, or is >>> this simply for testing? If you plan to distribute/ship an updated >>> glibc, that's probably going to raise a few eyebrows and anger a few >>> sysadmins. >> >> No release. Only testing. >> > > Also, please be advised that rebuilding a package and then trying to > compare it to something else built earlier is likely not going to work > unless you can duplicate the exact set of packages that are installed in > the build root at the time of the build. Even then, with documentation > generation, you STILL might not get an exact, bit for bit, match when > building later. > > It is almost impossible to duplicate a closed and staged build system > for a give date unless you are trying very hard to do so. > >>> >>>> My objective is to rebuild from source the EXACT version of GlibC for CentOS 6.6. >>>> Afterwards, I will make my changes in the code, rebuild and complete my testing. >>>> > > ^^ That would likely be impossible to accomplish. See my comments above. > > <snip>The list of packages that were in the "mock build root" for our build of the glibc-2.12-1.149.el6_6.5.x86_64.src.rpm is here: http://ur1.ca/ju24m To get close to an exact match, you need to use mock and use the packages listed above (and only those versions) if you are trying to get a build that matches what we built. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20150302/4ef64264/attachment-0001.sig>
<snip>> > > The list of packages that were in the "mock build root" for our build of > the glibc-2.12-1.149.el6_6.5.x86_64.src.rpm is here: > > http://ur1.ca/ju24m > > To get close to an exact match, you need to use mock and use the > packages listed above (and only those versions) if you are trying to get > a build that matches what we built.Okay, thanks. I really don't need _EXACT_ match, but close. Again, my aim is to equip GlibC with some logging facilities IF anyone is using the gethostbyname(). Given the help from this list, I was able to rebuild GlibC for CentOS and am testing my stuff now. I appreciate your help on this matter. Not knowing where the knobs are was the hardest part. I have just about completed my testing. Again, thanks for the help! Andy
> Okay, thanks. I really don't need _EXACT_ match, but close. Again, my > aim is to equip GlibC with some logging facilities IF anyone is using the > gethostbyname(). Given the help from this list, I was able to rebuild > GlibC for CentOS and am testing my stuff now. > > I appreciate your help on this matter. Not knowing where the knobs are was > the hardest part. I have just about completed my testing. > > Again, thanks for the help! > > AndyUghh!! I just realized that the app that I'm testing has parts that are linked against 32-Bit libraries. I have to test that as well. Ouch! This leads to the question: How do I tell rpmbuild to build the i686 version of the library in place of the x86_64? I've done some looking around on the web and I have found something about: setarch i686 mock -r <something> ... rebuild <my.rpm> Not being able to find the "mock" package for CentOS, I thought maybe: setarch i686 rpmbuild -ba glibc.spec would work. This ended with an error: enable-bind-now --with-tls --with-__thread --build i686-redhat-linux --host i686-redhat-linux --enable-multi-arch --enable-systemtap --disable-profile --enable-experimental-malloc --enable-nss-crypt checking build system type... i686-redhat-linux-gnu checking host system type... i686-redhat-linux-gnu checking for i686-redhat-linux-gcc... gcc checking for suffix of object files... configure: error: in `/home/akennedy/rpmbuild/BUILD/glibc-2.12-2-gc4ccff1/build-i686-linuxnptl': configure: error: cannot compute suffix of object files: cannot compile See `config.log' for more details. error: Bad exit status from /var/tmp/rpm-tmp.2d2i9G (%build) I have also looked through the glibc.spec file for something that would make me think that I could change the target variant. "rpmbuild --target=i686 -ba glibc.spec" gives the same output as the setarch i686 above. Again, any help on this would be greatly appreciated. Thanks, Andy