public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Jirka Hladky <jhladky@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/haveged] epel10: Fix rpminspect.yaml: annocheck cannot be disabled as it is a security inspection
Date: Fri, 19 Jun 2026 03:08:32 GMT [thread overview]
Message-ID: <178183851269.1.6761111149414562409.rpms-haveged-07759fe2a099@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/haveged
Branch : epel10
Commit : 07759fe2a099778a39caf43e560f680b77fbe2d3
Author : Jirka Hladky <jhladky@redhat.com>
Date : 2026-06-19T05:08:25+02:00
Stats : +13/-5 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/haveged/c/07759fe2a099778a39caf43e560f680b77fbe2d3?branch=epel10
Log:
Fix rpminspect.yaml: annocheck cannot be disabled as it is a security inspection
Use annocheck failure_severity: INFO instead of inspections: annocheck: off.
rpminspect silently ignores the inspections toggle for security inspections.
---
diff --git a/haveged.spec b/haveged.spec
index ccfb361..f4e3219 100644
--- a/haveged.spec
+++ b/haveged.spec
@@ -2,7 +2,7 @@
Summary: A Linux entropy source using the HAVEGE algorithm
Name: haveged
Version: 1.9.23
-Release: 2%{?dist}
+Release: 3%{?dist}
# Automatically converted from old format: GPLv3+ - review is highly recommended.
License: GPL-3.0-or-later
URL: https://github.com/jirka-h/haveged
@@ -119,6 +119,10 @@ fi
%changelog
+* Fri Jun 19 2026 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.23-3
+- Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle
+ (annocheck is a security inspection and cannot be disabled via inspections section)
+
* Thu Jun 18 2026 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.23-2
- Add SELinux policy module to allow semaphore creation in /dev/shm
- Add rpminspect.yaml to waive pre-existing annocheck false positive
diff --git a/rpminspect.yaml b/rpminspect.yaml
index 5a2de30..bfaf54c 100644
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@@ -1,7 +1,11 @@
---
# The cpuid inline assembly in libhavege.so triggers an annocheck
# "optimization level too low" false positive that has been present
-# since the library was first packaged. Waive the entire annocheck
-# inspection until upstream removes the bundled cpuid header.
-inspections:
- annocheck: off
+# since the library was first packaged.
+#
+# annocheck is a security inspection and cannot be disabled via
+# "inspections: annocheck: off" — rpminspect silently ignores that.
+# Instead, lower the failure severity so findings are reported but
+# do not cause a non-zero exit.
+annocheck:
+ failure_severity: INFO
reply other threads:[~2026-06-19 3:08 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178183851269.1.6761111149414562409.rpms-haveged-07759fe2a099@fedoraproject.org \
--to=jhladky@redhat.com \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox