fix(libabigail): strip scanner-flagged PR30329 sqlite debuginfo fixtures from upstream tarball#17394
Open
anphel31 wants to merge 1 commit into
Open
fix(libabigail): strip scanner-flagged PR30329 sqlite debuginfo fixtures from upstream tarball#17394anphel31 wants to merge 1 commit into
anphel31 wants to merge 1 commit into
Conversation
anphel31
requested review from
christopherco,
ddstreetmicrosoft and
reubeno
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request updates the libabigail component to avoid SRPM anti-malware scan failures by replacing upstream Source0 with a deterministically repacked tarball that removes the scanner-flagged PR30329 sqlite debuginfo fixtures and adjusts the corresponding test driver so %check continues to pass.
Changes:
- Introduces a dedicated
libabigailcomponent definition that replaces upstreamSource0with a modified tarball hosted in lookaside storage (replace-upstream = true). - Adds a deterministic
modify_source.shscript to striptests/data/test-abidiff-exit/PR30329/and patchtests/test-abidiff-exit.ccaccordingly. - Updates rendered artifacts and metadata (Fedora
sourcesSHA512, rendered specRelease, and component lock fingerprint) to match the modified source.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| specs/l/libabigail/sources | Updates the SHA512 for libabigail-2.9.tar.xz to the repacked tarball. |
| specs/l/libabigail/libabigail.spec | Bumps Release to reflect the source change/rebuild. |
| locks/libabigail.lock | Updates input-fingerprint for the component config change. |
| base/comps/libabigail/modify_source.sh | Adds deterministic strip-and-repack script that removes the PR30329 fixture and patches the test driver. |
| base/comps/libabigail/libabigail.comp.toml | Adds per-component config to replace upstream Source0 with the repacked tarball + rationale. |
| base/comps/components.toml | Removes libabigail from the “unmodified Fedora imports” inline list (now customized via dedicated comp file). |
christopherco
requested changes
May 22, 2026
…res from upstream tarball Remove tests/data/test-abidiff-exit/PR30329/ (a libabigail abidiff regression-test fixture set built around a pair of stripped sqlite3 shared libraries plus their separated debuginfo and dwz-multifile components) from the upstream libabigail-2.9.tar.xz (Source0). Our scan tooling flags both libsqlite3.so.0.8.6.debug files inside the fixture as packer_high_entropy:eod and rejects the SRPM. The fixture is exercised by two hard-coded InOutSpec entries in tests/test-abidiff-exit.cc that run as part of %check (make check check-self-compare), so the repacked tarball produced by modify_source.sh also patches those two entries out of the in_out_specs[] array. The rest of the testsuite is untouched and continues to pass in-chroot.
anphel31
force-pushed
the
anphel/signing-fix-libabigail
branch
from
a16ddb3 to
fd96e6e
Compare
reubeno
reviewed
May 22, 2026
| # no internal `{` / `}` (verified by inspection of upstream 2.9). Outside | ||
| # the array we touch nothing, which avoids accidentally eating function | ||
| # bodies, struct initializers in other code, etc. | ||
| ARRAY_DECL = b"InOutSpec in_out_specs[] =" |
Member
There was a problem hiding this comment.
I had a similar chat about this with @PawelWMS; we should figure out how to shift this toward legit .patch files that we carry next to the spec rather than making these changes when we transform the tarballs.
The only transformation that we should be making to tarballs via these scripts right now is file removal.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Remove
tests/data/test-abidiff-exit/PR30329/(a libabigail abidiff regression-test fixture set built around a pair of stripped sqlite3 shared libraries plus their separated debuginfo and dwz-multifile components) from the upstreamlibabigail-2.9.tar.xz(Source0). Our scan tooling flags bothlibsqlite3.so.0.8.6.debugfiles inside the fixture aspacker_high_entropy:eodand rejects the SRPM.The fixture is exercised by two hard-coded InOutSpec entries in tests/test-abidiff-exit.cc that run as part of %check (make check check-self-compare), so the repacked tarball produced by modify_source.sh also patches those two entries out of the in_out_specs[] array. The rest of the testsuite is untouched and continues to pass in-chroot.
Validation