[rpms/haveged] rawhide: Fix rpminspect.yaml: annocheck cannot be disabled as it is a security inspection

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/haveged] rawhide: Fix rpminspect.yaml: annocheck cannot be disabled as it is a security inspection
@ 2026-06-19  3:04 Jirka Hladky
  0 siblings, 0 replies; only message in thread
From: Jirka Hladky @ 2026-06-19  3:04 UTC (permalink / raw)
  To: git-commits

            A new commit has been pushed.

            Repo   : rpms/haveged
            Branch : rawhide
            Commit : 29fe0d89fc74989e24a2e156c9eec6910b086e24
            Author : Jirka Hladky <jhladky@redhat.com>
            Date   : 2026-06-19T05:04:39+02:00
            Stats  : +13/-5 in 2 file(s)
            URL    : https://src.fedoraproject.org/rpms/haveged/c/29fe0d89fc74989e24a2e156c9eec6910b086e24?branch=rawhide

            Log:
            Fix rpminspect.yaml: annocheck cannot be disabled as it is a security inspection

Use annocheck failure_severity: INFO instead of inspections: annocheck: off.
rpminspect silently ignores the inspections toggle for security inspections.

---
diff --git a/haveged.spec b/haveged.spec
index 0d2f946..ee0dcf0 100644
--- a/haveged.spec
+++ b/haveged.spec
@@ -2,7 +2,7 @@
 Summary:        A Linux entropy source using the HAVEGE algorithm
 Name:           haveged
 Version:        1.9.23
-Release:        2%{?dist}
+Release:        3%{?dist}
 # Automatically converted from old format: GPLv3+ - review is highly recommended.
 License:        GPL-3.0-or-later
 URL:            https://github.com/jirka-h/haveged
@@ -119,6 +119,10 @@ fi
 
 
 %changelog
+* Thu Jun 19 2026 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.23-3
+- Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle
+  (annocheck is a security inspection and cannot be disabled via inspections section)
+
 * Thu Jun 18 2026 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.23-2
 - Add SELinux policy module to allow semaphore creation in /dev/shm
 - Add rpminspect.yaml to waive pre-existing annocheck false positive

diff --git a/rpminspect.yaml b/rpminspect.yaml
index 5a2de30..bfaf54c 100644
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@@ -1,7 +1,11 @@
 ---
 # The cpuid inline assembly in libhavege.so triggers an annocheck
 # "optimization level too low" false positive that has been present
-# since the library was first packaged.  Waive the entire annocheck
-# inspection until upstream removes the bundled cpuid header.
-inspections:
-    annocheck: off
+# since the library was first packaged.
+#
+# annocheck is a security inspection and cannot be disabled via
+# "inspections: annocheck: off" — rpminspect silently ignores that.
+# Instead, lower the failure severity so findings are reported but
+# do not cause a non-zero exit.
+annocheck:
+    failure_severity: INFO

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-19  3:04 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-19  3:04 [rpms/haveged] rawhide: Fix rpminspect.yaml: annocheck cannot be disabled as it is a security inspection Jirka Hladky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox