[rpms/haveged] epel8: Fix rpminspect.yaml: annocheck cannot be disabled as it is a security inspection

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/haveged] epel8: Fix rpminspect.yaml: annocheck cannot be disabled as it is a security inspection
@ 2026-06-19  3:08 Jirka Hladky
  0 siblings, 0 replies; only message in thread
From: Jirka Hladky @ 2026-06-19  3:08 UTC (permalink / raw)
  To: git-commits

            A new commit has been pushed.

            Repo   : rpms/haveged
            Branch : epel8
            Commit : 002b70c89a281ccc652af32907a7d409aeb3de6e
            Author : Jirka Hladky <jhladky@redhat.com>
            Date   : 2026-06-19T05:08:41+02:00
            Stats  : +13/-5 in 2 file(s)
            URL    : https://src.fedoraproject.org/rpms/haveged/c/002b70c89a281ccc652af32907a7d409aeb3de6e?branch=epel8

            Log:
            Fix rpminspect.yaml: annocheck cannot be disabled as it is a security inspection

Use annocheck failure_severity: INFO instead of inspections: annocheck: off.
rpminspect silently ignores the inspections toggle for security inspections.

---
diff --git a/haveged.spec b/haveged.spec
index 8e8df0f..c0d7dd3 100644
--- a/haveged.spec
+++ b/haveged.spec
@@ -2,7 +2,7 @@
 Summary:        A Linux entropy source using the HAVEGE algorithm
 Name:           haveged
 Version:        1.9.23
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPLv3+
 URL:            https://github.com/jirka-h/haveged
 Source0:        https://github.com/jirka-h/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
@@ -120,6 +120,10 @@ fi
 
 
 %changelog
+* Fri Jun 19 2026 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.23-3
+- Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle
+  (annocheck is a security inspection and cannot be disabled via inspections section)
+
 * Fri Jun 19 2026 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.23-2
 - Add SELinux policy module to allow semaphore creation in /dev/shm
 - Add rpminspect.yaml to waive pre-existing annocheck false positive

diff --git a/rpminspect.yaml b/rpminspect.yaml
index 5a2de30..bfaf54c 100644
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@@ -1,7 +1,11 @@
 ---
 # The cpuid inline assembly in libhavege.so triggers an annocheck
 # "optimization level too low" false positive that has been present
-# since the library was first packaged.  Waive the entire annocheck
-# inspection until upstream removes the bundled cpuid header.
-inspections:
-    annocheck: off
+# since the library was first packaged.
+#
+# annocheck is a security inspection and cannot be disabled via
+# "inspections: annocheck: off" — rpminspect silently ignores that.
+# Instead, lower the failure severity so findings are reported but
+# do not cause a non-zero exit.
+annocheck:
+    failure_severity: INFO

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-19  3:08 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-19  3:08 [rpms/haveged] epel8: Fix rpminspect.yaml: annocheck cannot be disabled as it is a security inspection Jirka Hladky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox