Skip to content

fix python fips detection and blocking of blake2#51921

Merged
xnox merged 1 commit intowolfi-dev:mainfrom
techalchemy:disable-blake-fips-python
Apr 30, 2025
Merged

fix python fips detection and blocking of blake2#51921
xnox merged 1 commit intowolfi-dev:mainfrom
techalchemy:disable-blake-fips-python

Conversation

@techalchemy
Copy link
Copy Markdown
Member

@techalchemy techalchemy commented Apr 28, 2025
edited
Loading

@techalchemy techalchemy requested a review from xnox April 28, 2025 16:28
@octo-sts octo-sts Bot added bincapz/blocking Bincapz (aka malcontent) scan results detected CRITICALs on the packages. bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. and removed bincapz/blocking Bincapz (aka malcontent) scan results detected CRITICALs on the packages. labels Apr 28, 2025
@techalchemy techalchemy force-pushed the disable-blake-fips-python branch 2 times, most recently from c575006 to 6e48613 Compare April 28, 2025 22:22
xnox
xnox reviewed Apr 29, 2025
View reviewed changes
Comment thread python-3.11.yaml
xnox
xnox previously approved these changes Apr 29, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@xnox xnox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3.10 & 3.12 work correctly as described now.
3.11 needs an epoch bump.

@techalchemy
fix python fips detection and blocking of blake2
59a0f9f 
- fixes chainguard-dev/internal-dev#11886
- backports from wolfi-dev#36503 (see python/cpython#127301)

Signed-off-by: Dan Ryan <daniel.ryan@chainguard.dev>
@techalchemy techalchemy force-pushed the disable-blake-fips-python branch from 6e48613 to 59a0f9f Compare April 29, 2025 12:33
@techalchemy
Copy link
Copy Markdown
Member Author

techalchemy commented Apr 29, 2025

should be good to go @xnox

@xnox xnox merged commit 3ed6261 into wolfi-dev:main Apr 30, 2025
15 checks passed
octo-sts-2 Bot added a commit that referenced this pull request Apr 3, 2026
@octo-sts-2
fix(skillup): apply skill-based fixes to os/php-8.5-grpc.yaml (#51921)
25ebb8d 
* fix(php-8.5-grpc): add pipefail and use grep -F in tests

Add `set -euo pipefail` to test runs blocks that contain unix
pipes, so failures in earlier pipeline stages are not silently
masked. Also change `grep -q` to `grep -qF` for literal string
matching as required by test pattern conventions.

* fix(php-8.5-grpc): bump epoch to trigger rebuild

Increment epoch from 0 to 1 in os/php-8.5-grpc.yaml to satisfy
the epoch-bot requirement that changed files include an epoch bump.

* fix(php-8.5-grpc): make test robust on x86_64 qemu runner

The test was failing on x86_64 with "gRPC extension not loaded"
because the ini file may not be in place in the qemu test
environment. Add a fallback to create the ini file if missing,
following the pattern used in php-8.5-redis.yaml.

Also remove the redundant php-8.5-grpc entry from the test
environment packages since it is the package under test and is
automatically included by melange.

---------

Co-authored-by: skillup <skillup@chainguard.dev>

Export:  feb3afc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xnox xnox xnox approved these changes

Assignees

No one assigned

Labels

bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@techalchemy @xnox @cmwilson21