Overview

Request 813053 accepted

No description set
Dominique Leuenberger's avatar
Dominique Leuenberger (dimstar) -
reviewer 
[  432s] opa-fastfabric.x86_64: E: cronjob-changed-file (Badness: 10000) /etc/cron.daily/opa-cablehealth
[  432s] A cron job or cron job related file installed by this package changed
[  432s] in content. Please open a bug report to request follow-up review of the
[  432s] introduced changes by the security team. Please refer to
[  432s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for
[  432s] more             information.
Nicolas Morey-Chaisemartin's avatar
Nicolas Morey-Chaisemartin (NMoreyChaisemartin) -
author

Pretty sure there is no diff and we hit the same bug we hit a while back where the checks have difficulties handling a symlink @mgerstner did you get a chance to look into the issue ?

Matthias Gerstner's avatar
Matthias Gerstner (mgerstner) -

Last time it was a bug in the rpmlint check. This time the content actually changed. There is a version string encoded in the script:

--- ./factory/usr/lib/opa/tools/opacablehealthcron  2019-10-18 14:40:44.000000000 +0200
+++ ./devel/usr/lib/opa/tools/opacablehealthcron    2020-06-09 23:09:15.000000000 +0200
@@ -28,7 +28,7 @@
 #
 # END_ICS_COPYRIGHT8   ****************************************

-# [ICS VERSION STRING: @(#) ./fastfabric/opacablehealthcron 10_9_3_1_1 [09/06/19 12:00]
+# [ICS VERSION STRING: @(#) ./fastfabric/opacablehealthcron 10_10_1_0_35 [06/09/20 00:00]

 # Usage: opacablehealthcron
 # At regular intervals executes cablehealth and saves the data in a file

That's a bit unfortunate, because we are whitelisting the content, too. I will add the new sha256 digest to the whitelist. If this happens too often then I'll switch to a wildcard whitelisting for opa-ff.

Nicolas Morey-Chaisemartin's avatar
Nicolas Morey-Chaisemartin (NMoreyChaisemartin) -
author

My bad. I diffed the sources and didn't see one. opa-ff is not getting that many updates so we should be good for a while.

Sorry for the bother

Matthias Gerstner's avatar
Matthias Gerstner (mgerstner) -

No problem, we're also still gathering experiences with this new style of whitelisting packaging items.

So we submitted sr#813147 for rpmlint-mini. With this change your submission should work out.

Request History
Nicolas Morey-Chaisemartin's avatar

NMoreyChaisemartin created request

Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources

Factory Auto's avatar

factory-auto accepted review

Check script succeeded

Saul Goodman's avatar

licensedigger accepted review

ok

Dominique Leuenberger's avatar

dimstar_suse added as a reviewer

Being evaluated by staging project "openSUSE:Factory:Staging:adi:181"

Dominique Leuenberger's avatar

dimstar_suse accepted review

Picked "openSUSE:Factory:Staging:adi:181"

Dominique Leuenberger's avatar

dimstar accepted review

Dominique Leuenberger's avatar

dimstar_suse accepted review

Staging Project openSUSE:Factory:Staging:adi:181 got accepted.

Dominique Leuenberger's avatar

dimstar_suse approved review

Staging Project openSUSE:Factory:Staging:adi:181 got accepted.

Dominique Leuenberger's avatar

dimstar_suse accepted request

Staging Project openSUSE:Factory:Staging:adi:181 got accepted.

openSUSE Build Service is sponsored by
Places