fix(libabigail): strip scanner-flagged PR30329 sqlite debuginfo fixtures from upstream tarball#17394
Merged
Merged
Conversation
anphel31
requested review from
christopherco,
ddstreetmicrosoft and
reubeno
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request updates the libabigail component to avoid SRPM anti-malware scan failures by replacing upstream Source0 with a deterministically repacked tarball that removes the scanner-flagged PR30329 sqlite debuginfo fixtures and adjusts the corresponding test driver so %check continues to pass.
Changes:
- Introduces a dedicated
libabigailcomponent definition that replaces upstreamSource0with a modified tarball hosted in lookaside storage (replace-upstream = true). - Adds a deterministic
modify_source.shscript to striptests/data/test-abidiff-exit/PR30329/and patchtests/test-abidiff-exit.ccaccordingly. - Updates rendered artifacts and metadata (Fedora
sourcesSHA512, rendered specRelease, and component lock fingerprint) to match the modified source.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| specs/l/libabigail/sources | Updates the SHA512 for libabigail-2.9.tar.xz to the repacked tarball. |
| specs/l/libabigail/libabigail.spec | Bumps Release to reflect the source change/rebuild. |
| locks/libabigail.lock | Updates input-fingerprint for the component config change. |
| base/comps/libabigail/modify_source.sh | Adds deterministic strip-and-repack script that removes the PR30329 fixture and patches the test driver. |
| base/comps/libabigail/libabigail.comp.toml | Adds per-component config to replace upstream Source0 with the repacked tarball + rationale. |
| base/comps/components.toml | Removes libabigail from the “unmodified Fedora imports” inline list (now customized via dedicated comp file). |
christopherco
previously requested changes
May 22, 2026
anphel31
force-pushed
the
anphel/signing-fix-libabigail
branch
from
a16ddb3 to
fd96e6e
Compare
reubeno
reviewed
May 22, 2026
anphel31
force-pushed
the
anphel/signing-fix-libabigail
branch
from
fd96e6e to
4f139a6
Compare
reubeno
reviewed
May 26, 2026
…res from upstream tarball Remove tests/data/test-abidiff-exit/PR30329/ (a libabigail abidiff regression-test fixture set built around a pair of stripped sqlite3 shared libraries plus their separated debuginfo and dwz-multifile components) from the upstream libabigail-2.9.tar.xz (Source0). Our scan tooling flags both libsqlite3.so.0.8.6.debug files inside the fixture as packer_high_entropy:eod and rejects the SRPM. The fixture is exercised by two hard-coded InOutSpec entries in tests/test-abidiff-exit.cc that run as part of %check (make check check-self-compare). Those two entries are removed via a companion overlay patch (tests-drop-PR30329-fixture-entries.patch, applied as Patch0) -- modify_source.sh itself only does file removal on the tarball, no in-tarball source patching. The rest of the testsuite is untouched and continues to pass in-chroot.
anphel31
force-pushed
the
anphel/signing-fix-libabigail
branch
from
4f139a6 to
972aa2a
Compare
reubeno
approved these changes
May 26, 2026
christopherco
approved these changes
May 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Remove tests/data/test-abidiff-exit/PR30329/ (a libabigail abidiff regression-test fixture set built around a pair of stripped sqlite3 shared libraries plus their separated debuginfo and dwz-multifile components) from the upstream libabigail-2.9.tar.xz (Source0). Our scan tooling flags both libsqlite3.so.0.8.6.debug files inside the fixture as packer_high_entropy:eod and rejects the SRPM.
The fixture is exercised by two hard-coded InOutSpec entries in tests/test-abidiff-exit.cc that run as part of %check (make check check-self-compare). Those two entries are removed via a companion overlay patch (tests-drop-PR30329-fixture-entries.patch, applied as Patch0) -- modify_source.sh itself only does file removal on the tarball, no in-tarball source patching. The rest of the testsuite is untouched and continues to pass in-chroot.
AB#20313
Validation