On Wed, Oct 29, 2025 at 11:26 AM Daniel P. Berrangé via OpenScanHub <[email protected]> wrote: > > On Wed, Oct 29, 2025 at 10:59:20AM +0100, Siteshwar Vashisht wrote: > > TLDR: This report[1] contains a total of 47352 findings and 843 new > > findings identified since Fedora 43. Please review the report and > > provide feedback. False positives can now be recorded in the > > known-false-positives[5] repository. > > snip > > > [1] > > https://svashisht.fedorapeople.org/openscanhub/mass-scans/f44-28-Oct-2025/ > > This report only lists 300 packages, which seems shorter than I'd expect. > It doesn't mention libvirt or qemu at all which I believe are critical > path packages. > > > [3] https://openscanhub.fedoraproject.org/task/ > > Finding libvirt/QEMU here: > > libvirt: https://openscanhub.fedoraproject.org/task/78570/ > qemu: https://openscanhub.fedoraproject.org/task/78767/ > > The scan is reported as failed, and in the stdout.log I find > > + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/qemu-10.1.0.tar.xz > /usr/bin/xz: Failed to enable the sandbox > /usr/bin/tar: This does not look like a tar archive > /usr/bin/tar: Exiting with failure status due to previous errors > error: Bad exit status from /var/tmp/rpm-tmp.444pqA (%prep) > Bad exit status from /var/tmp/rpm-tmp.444pqA (%prep) > > > It looks like there's an infrastructure problem with the openscanhub > environment that is breaking the xz command sandbox in some manner.
Yes, I saw it but need to debug further. Thanks for pointing it out! > > Presumably this will mean all RPMs that have .xz sources are going > to be missing from the report linked above. > > With regards, > Daniel > -- > |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| > |: https://libvirt.org -o- https://fstop138.berrange.com :| > |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| > > -- > _______________________________________________ > OpenScanHub mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
