Hi all,

This thread was a bit difficult to categorise, but I decided that this was the best place for it. Basically, my objective is to take the Fedora 8 SRPM for dnsmasq and enable the HAVE_ISC_READER setting in the src/config.h file, and recompile the RPM. I am kind of new to recompiling packages from source, and, inevitably - ran into a bit of trouble. I have detailed my process below.


#as root
rpm -Uvh dnsmasq-2.40-1.fc8.src.rpm
cd /usr/src/redhat/SOURCES
cp xzf dnsmasq-2.40.tar.gz /tmp/
cd /tmp
tar xzf dnsmasq-2.40.tar.gz
vi dnsmasq-2.40/src/config.h
#uncommented #define HAVE_ISC_READER in file, saved and quit
tar czf dnsmasq-2.40.tar.gz ./dnsmasq-2.40
mv dnsmasq-2.40.tar.gz /usr/src/redhat/SOURCES/
rpmbuild -bb dnsmasq.spec


At this point I received the following output:


Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.13270
+ umask 022
+ cd /usr/src/redhat/BUILD
+ LANG=C
+ export LANG
+ unset DISPLAY
+ cd /usr/src/redhat/BUILD
+ rm -rf dnsmasq-2.40
+ /bin/gzip -dc /usr/src/redhat/SOURCES/dnsmasq-2.40.tar.gz
+ tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd dnsmasq-2.40
++ /usr/bin/id -u
+ '[' 0 = 0 ']'
+ /bin/chown -Rhf root .
++ /usr/bin/id -u
+ '[' 0 = 0 ']'
+ /bin/chgrp -Rhf root .
+ /bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ echo 'Patch #0 (dnsmasq-2.33-initscript.patch):'
Patch #0 (dnsmasq-2.33-initscript.patch):
+ patch -p1 -s
+ echo 'Patch #1 (dnsmasq-2.33-enable-dbus.patch):'
Patch #1 (dnsmasq-2.33-enable-dbus.patch):
+ patch -p1 -s
1 out of 1 hunk FAILED -- saving rejects to file src/config.h.rej
error: Bad exit status from /var/tmp/rpm-tmp.13270 (%prep)


RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.13270 (%prep)


I have no idea what this means. And though I didn't spend an exorbitant period searching for solutions, the solutions I did find regarding similar errors were mostly program specific.

If anyone would like a bit of background into my reasons for wanting to recompile dnsmasq, here it is:

I have been trying to configure a new Fedora internet gateway (including DHCP and Caching DNS Nameserver) on and off for the couple of weeks (currently using Freesco Linux, but it has limited functionality), tried and failed to configure BIND (I don't think I'm ready for that yet) and decided to examine my Freesco configuration closer. I determined that Freesco uses dnsmasq with ISC dhcpd, and I am really happy with how that configuration works out - I considered using dnsmasq as the dhcp server, but am more comfortable with ISC. I adapted the configuration from Freesco to Fedora 8, and encountered an error basically saying that I can't read a ISC DHCP leases file from dnsmasq unless I enable HAVE_ISC_READER in the src/config.h file for dnsmasq - And so then I ended up here :) .


Any assistance would be greatly appreciated.

Regards,
Mattcen

This 1 out of 1 hunk FAILED -- saving rejects to file src/config.h.rej
means that patch failed when trying to insert some redhat patch to src/config.h

This is probably because you changed some lines adjacent to the patch or in the patch.

My suggestion is that you just go to the build directory/dnsmasq-nn.nn/. and follow the README.
99% of the time it's "./configure; make; make install"


I built a custom dnsmasq from the sources at the developers (thekelleys.uk.co I think) a month ago and it built w/ zero problems. Very nice tool btw.

Yo might also do an "rpmbuild -bc" then edit the src/config and do a "make" from the top level.
You'll need to copy the binary dnsmasq to a directory on your path.
--
Yeah this works:
rpmdev-setuptree
rpm -Uhv http://download.fedora.redhat.com/pub/fedora/linux/releases/8/Fedora/source/SRPMS/dnsmasq-2.40-1.fc8.src.rpm
ARCH="i386"
rpmbuild -bc SPECS/dnsmasq.spec
vi BUILD/dnsmasq-2.40/src/config.h
touch rpmbuild/BUILD/dnsmasq-2.40/src/*.c
make -C rpmbuild/BUILD/dnsmasq-2.40
--
make install -C rpmbuild/BUILD/dnsmasq-2.40
will install the new binary in /usr/local/bin
the original is in /usr/sbin

Not sure but it looks to me like the ISC... is already enabled. I'll leave that to you.

Thanks for your reply, I'll see how I go :).

OK. Having (apparently) successfully recompiled dnsmasq with the method outlined above (Thanks a lot for that btw) I was wondering: Can I do a standard RPM installation of dnsmasq, and simply replace the binary with the recompiled one, and expect it to work? I ask this because using the source, it doesn't install dnsmasq as a service, and I don't know how to do it otherwise.

Thanks again,
Mattcen

Nevermind, it appears that it worked! This is fantastic! I am so, so close!

[EDIT]
Problem Solved, but new problem has arisen - see below

Success!
dnsmasq starts fine on the virtual machine I was testing it on, and all the dhcp assignments and dns lookups (the internal LAN ones anyway - haven't tested internet connectivity yet) work fine.

I have encountered a new problem (which is no longer a programming issue) when trying to duplicate the settings on my actual server (moving from the VM to a physical machine). I successfully copied all the config files and the recompiled binary over to the server, and tried to start up dhcpd and dnsmasq and received dnsdomainname: Host name lookup failure when trying to run "service dnsmasq start".

On viewing /var/log/messages I found:

Dec 13 20:55:40 server setroubleshoot: #012 SELinux is preventing dnsmasq (dnsmasq_t) "search" to <Unknown> (dhcpd_state_t).#012 For complete SELinux messages. run sealert -l d7038458-5275-4724-9f9b-3769cea66cc7


so I ran sealert -l d7038458-5275-4724-9f9b-3769cea66cc7 and got

Summary
SELinux is preventing dnsmasq (dnsmasq_t) "search" to <Unknown>
(dhcpd_state_t).

Detailed Description
SELinux denied access requested by dnsmasq. It is not expected that this
access is required by dnsmasq and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of
the application is causing it to require additional access.

Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for <Unknown>, restorecon -v
<Unknown> If this does not work, there is currently no automatic way to
allow this access. Instead, you can generate a local policy module to allow
this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
Or you can disable SELinux protection altogether. Disabling SELinux
protection is not recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Additional Information

Source Context system_u:system_r:dnsmasq_t:s0
Target Context system_u:object_r:dhcpd_state_t:s0
Target Objects None [ dir ]
Affected RPM Packages
Policy RPM selinux-policy-3.0.8-62.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name server
Platform Linux server 2.6.23.8-63.fc8 #1 SMP Wed Nov 21
18:51:08 EST 2007 i686 i686
Alert Count 53
First Seen Thu Dec 13 19:46:43 2007
Last Seen Thu Dec 13 20:55:38 2007
Local ID d7038458-5275-4724-9f9b-3769cea66cc7
Line Numbers

Raw Audit Messages

avc: denied { search } for comm=dnsmasq dev=dm-0 name=dhcpd pid=7347
scontext=system_u:system_r:dnsmasq_t:s0 tclass=dir
tcontext=system_u:object_r:dhcpd_state_t:s0


From this I deduct that SELinux is denying dnsmasq access to /var/lib/dhcpd/dhcpd.leases where it needs to look for the hosts configured by dhcp (did I mention I HATE SELinux?).
I am at loss at how to enable this access.

Any ideas?

Regards,
Mattcen

Anybody got any ideas about this? Or should I perhaps post this new problem in the security forum?