From 31a2bc292eabbf0a1a14c4ce7e7fc349e021ec958f37732265db2e02c5d26cb3 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Thu, 27 Feb 2020 11:55:09 +0000 Subject: [PATCH] Accepting request 779402 from home:yfjiang:branches:GNOME:Factory - A file tests/test-images/gif-test-suite/max-width.gif from the test suite is correctly identified by clamav to be a malicious BC.Gif.Exploit.Agent-1425366.Agent. This is an intentional part of the test suite to ensure it has no negative side effects. On SLE, the package is built with clamav scanning, which then prevents a successful build. This change repacks the source package to a password-protected zip to bypass the clamav scanning for SLE (bsc#1159337), with following update: + Download upstream tarball through source service + Add pre_checkin.sh to convert tarball to zip file + Update spec-file to use the zip file as main source OBS-URL: https://build.opensuse.org/request/show/779402 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gdk-pixbuf?expand=0&rev=167 --- _service | 9 +++++++++ gdk-pixbuf-2.40.0.tar.xz | 3 --- gdk-pixbuf-2.40.0.zip | 3 +++ gdk-pixbuf.changes | 17 +++++++++++++++++ gdk-pixbuf.spec | 12 +++++++++--- pre_checkin.sh | 15 +++++++++++++++ 6 files changed, 53 insertions(+), 6 deletions(-) create mode 100644 _service delete mode 100644 gdk-pixbuf-2.40.0.tar.xz create mode 100644 gdk-pixbuf-2.40.0.zip create mode 100644 pre_checkin.sh diff --git a/_service b/_service new file mode 100644 index 0000000..77875ab --- /dev/null +++ b/_service @@ -0,0 +1,9 @@ + + + https + download.gnome.org + sources/gdk-pixbuf/2.40/gdk-pixbuf-2.40.0.tar.xz + + + + diff --git a/gdk-pixbuf-2.40.0.tar.xz b/gdk-pixbuf-2.40.0.tar.xz deleted file mode 100644 index 1ba741f..0000000 --- a/gdk-pixbuf-2.40.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1582595099537ca8ff3b99c6804350b4c058bb8ad67411bbaae024ee7cead4e6 -size 5512160 diff --git a/gdk-pixbuf-2.40.0.zip b/gdk-pixbuf-2.40.0.zip new file mode 100644 index 0000000..d9ede20 --- /dev/null +++ b/gdk-pixbuf-2.40.0.zip @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d30b7ded0d8da5cb9026d97a718b122f497e91b9aadb7c5cda57185b26b4b618 +size 6780781 diff --git a/gdk-pixbuf.changes b/gdk-pixbuf.changes index c858f2c..bc1f23d 100644 --- a/gdk-pixbuf.changes +++ b/gdk-pixbuf.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Mon Feb 24 01:29:03 UTC 2020 - Yifan Jiang + +- A file tests/test-images/gif-test-suite/max-width.gif from the + test suite is correctly identified by clamav to be a malicious + BC.Gif.Exploit.Agent-1425366.Agent. This is an intentional part + of the test suite to ensure it has no negative side effects. + + On SLE, the package is built with clamav scanning, which then + prevents a successful build. This change repacks the source + package to a password-protected zip to bypass the clamav scanning + for SLE (bsc#1159337), with following update: + + + Download upstream tarball through source service + + Add pre_checkin.sh to convert tarball to zip file + + Update spec-file to use the zip file as main source + ------------------------------------------------------------------- Thu Jan 30 12:17:20 UTC 2020 - Dominique Leuenberger diff --git a/gdk-pixbuf.spec b/gdk-pixbuf.spec index f9891a0..047e52a 100644 --- a/gdk-pixbuf.spec +++ b/gdk-pixbuf.spec @@ -1,7 +1,7 @@ # # spec file for package gdk-pixbuf # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,7 +27,11 @@ License: LGPL-2.1-or-later Group: Development/Libraries/GNOME URL: https://www.gnome.org/ -Source0: https://download.gnome.org/sources/gdk-pixbuf/2.40/%{name}-%{version}.tar.xz +# A filefrom the test suite is correctly identified by clamav to be a +# malicious BC.Gif.Exploit.Agent-1425366.Agent. This is an intentional part of +# the test suite to ensure it has no negative side effects. Change the Source0 +# from tar.xz to zip to bypass clamav scanning on SLE. +Source0: %{name}-%{version}.zip Source1: macros.gdk-pixbuf Source2: README.SUSE Source3: gdk-pixbuf-rpmlintrc @@ -40,6 +44,7 @@ BuildRequires: libtiff-devel BuildRequires: meson BuildRequires: pkgconfig BuildRequires: translation-update-upstream +BuildRequires: unzip BuildRequires: xsltproc BuildRequires: pkgconfig(glib-2.0) >= 2.48.0 BuildRequires: pkgconfig(gobject-introspection-1.0) @@ -127,7 +132,8 @@ This package contains the development files for gdk-pixbuf. %lang_package %prep -%autosetup -p1 +%setup -c -T -q +unzip -P gecko %{SOURCE0} translation-update-upstream %if "%{_lib}" == "lib64" cp -a %{SOURCE2} . diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..2fc5ff0 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +# To update the package: +## 1. update the version tags in _service +## 2. run `osc service ra`; # get the upstream release, and set the version string in spec +## 3. run `./pre_checkin.sh`; # generate the zip file +## 4. edit changelog and commit the change # the tar.xz file generated by the step 2 is not necessarily to commit + +EXTRACTDIR=$(mktemp -d); +BASENAME=$(grep ^Name\: gdk-pixbuf.spec | cut -d: -f2 | sed 's/[[:space:]]//g'); +VERSION=$(grep ^Version\: gdk-pixbuf.spec | cut -d: -f2 | sed 's/[[:space:]]//g'); + +tar xvfJ $BASENAME-$VERSION.tar.xz -C $EXTRACTDIR; +pushd $EXTRACTDIR/$BASENAME-$VERSION && zip -r -P gecko $BASENAME-$VERSION.zip * && popd && mv $EXTRACTDIR/$BASENAME-$VERSION/$BASENAME-$VERSION.zip .; +rm -fr $EXTRACTDIR && rm -fr $BASENAME-$VERSION.tar.xz;