From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 07AD0C433F5 for ; Mon, 28 Feb 2022 15:38:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646062702; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=9wqWU2h4925lmUsNcN/yzNe2af/MZ5urKWQEMH2SyI8=; b=ZkJoyHBhBrYkDTxNw1pDG/YjPdnGbGS8My+H/0L5KmGtj+Bu5/phL7iPw99COnbFI1gSJY nI7VJ3/hUvYRkq95S65TBKACeaN/vIObZJU+RHF2uuNZ9aztbHxmoJJg1VwjWq/lLP0JkF sdxQjLgN0U2hLP2R2kXwGugq+R+aUQs= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-297-_3_q7t87P76moGmlp53-_w-1; Mon, 28 Feb 2022 10:38:13 -0500 X-MC-Unique: _3_q7t87P76moGmlp53-_w-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E670851DC; Mon, 28 Feb 2022 15:37:55 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DA15C866D4; Mon, 28 Feb 2022 15:37:53 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6E9491809C98; Mon, 28 Feb 2022 15:37:51 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 21SFblNA017820 for ; Mon, 28 Feb 2022 10:37:47 -0500 Received: by smtp.corp.redhat.com (Postfix) id B88FE7D3E6; Mon, 28 Feb 2022 15:37:47 +0000 (UTC) Received: from x2.localnet (unknown [10.22.10.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 752F37D3E4; Mon, 28 Feb 2022 15:37:44 +0000 (UTC) From: Steve Grubb To: linux-audit@redhat.com Subject: Re: audit user space build problems Date: Mon, 28 Feb 2022 10:37:43 -0500 Message-ID: <4724899.31r3eYUQgx@x2> Organization: Red Hat In-Reply-To: <2126549.NgBsaNRSFp@x2> References: <2126549.NgBsaNRSFp@x2> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: linux-audit@redhat.com X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hello, On Monday, February 21, 2022 4:50:22 PM EST Steve Grubb wrote: > Recently, distributions moved to building against gcc-12 for their latest > OS composes. It's been found in at least 2 distributions that the user > space package is failing to build. It's natural to think this is related > to gcc-12 since it's the obvious change. > > However, the problem is a combination of 2 things: > > 1) SWIG is making buggy code > 2) The kernel changed to using flexible array members > > The issue specifically is with struct audit_rules_data. At the bottom, it > was using buf[0]; But on 5.17, it uses buf[]; It turns out that gcc-12 > is just a coincidence and anything using gcc-12 also has the newest > kernel. > > The options are: > 1) Report this as a SWIG bug and wait > 2) Rewrite the libaudit python bindings to not use SWIG > 3) Ask for buf[0]; to be reinstated in the kernel. > > Of these, I think option 2 is the only viable long term option. It will > take some time to write new python bindings that preserve the SWIG api. > > A short term fix might be for distros to copy the kernel header into the > lib directory and patch it to restore buf[0];, then change libaudit.c to > include "audit.h" instead of . There may be other > approaches. An update on this topic...I have worked around this on rawhide. The temporary fix is kind of ugly and I also have no idea how long this temporary fix will be needed. Rewriting the python bindings will be a big task. Anyways...the first patch can be found here: https://src.fedoraproject.org/rpms/audit/blob/rawhide/f/audit-3.0.8-flex-array-workaround.patch Prior to applying the patch, I do this is the %prep part of the spec file: cp /usr/include/linux/audit.h lib/ then the patch applies cleanly. The only problem is that if you leave it this way, then you wind up with other packages not building because they can't find audit.h. (See bz 2057735 for example) The fix for this is after the audit scripts do the install to the buildroot, you need to undo the change in libaudit.h. That patch can be found here: https://src.fedoraproject.org/rpms/audit/blob/rawhide/f/audit-3.0.8-undo-flex-array.patch After that, rpm grabs all the files and everything works as intended. As I said before, this is an ugly fix...but it works for now. Hope this helps with packaging... -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit