Skip to content

audit/4.1.0 package update #58888

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
aborrero merged 4 commits into from
Jul 21, 2025
Merged

audit/4.1.0 package update #58888

aborrero merged 4 commits into from
Jul 21, 2025

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Jul 10, 2025

@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr audit labels Jul 10, 2025
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Jul 10, 2025

🩹 Build Failed: Patch Application Failed

Hunk #1 FAILED at 188.
Hunk #2 FAILED at 209.
Hunk #3 FAILED at 389.
Hunk #4 FAILED at 410.
Hunk #5 FAILED at 587.
Hunk #6 FAILED at 608.
Hunk #7 FAILED at 874.
Hunk #8 FAILED at 895.
8 out of 8 hunks FAILED -- saving rejects to file auparse/test/auparse_test.ref.rej

Build Details

Category Details
Build System patch application during build process
Failure Point patch -p1 --fuzz=2 --verbose <test-uid-42.patch

Root Cause Analysis 🔍

The patch 'test-uid-42.patch' could not be applied to the file 'auparse/test/auparse_test.ref'. All 8 hunks of the patch failed to apply, indicating that the target file has likely changed significantly from what the patch was designed for. This is likely due to version mismatches between the patch and the source code being patched.

🔍 Build failure fix suggestions

Found similar build failures that have been fixed in the past and analyzed them to suggest a fix:

Suggested Changes

File: pipeline section in the melange.yaml

  • remove at line 28-29 (pipeline section)
    Original:
  - uses: patch
    with:
      patches: test-uid-42.patch

File: test-uid-42.patch

  • review at line entire file (patch file)
    Original:
entire patch file

Content:

The patch should be reviewed to determine if any of its functionality is still needed. Based on the upstream changelog, it's likely that this patch is no longer necessary as the test suite is now machine-independent.
Click to expand fix analysis

Analysis

The current build failure involves a patch file (test-uid-42.patch) that fails to apply to the auparse_test.ref file. Based on the upstream changelog, it's clear that the test suite has been modified to be "machine independent" and "does not require certain user IDs and group IDs to be present." This strongly suggests that the test-uid-42.patch was created to make the tests less dependent on specific UIDs/GIDs, but the patch no longer applies cleanly because the upstream code has already implemented similar changes in version 4.1.0. The rejection of all 8 hunks indicates that the upstream file has changed significantly from what the patch was designed for.

Click to expand fix explanation

Explanation

The build failure occurs because the patch 'test-uid-42.patch' cannot be applied to the file 'auparse/test/auparse_test.ref'. According to the upstream changelog for version 4.1.0, the test suite has been made "machine independent" and "does not require certain user IDs and group IDs to be present."

This suggests that the purpose of the test-uid-42.patch (likely to make tests not dependent on specific user IDs - hence the name) has already been addressed in the upstream codebase. The fact that all 8 hunks of the patch failed indicates that the target file has changed significantly in the new version.

The most appropriate solution is to remove this patch from the build process since its functionality appears to have been incorporated into the upstream code. This aligns with Wolfi's principle of keeping packages up to date with upstream releases and using the latest version of packages where possible.

If after review it's determined that the patch does contain some functionality that hasn't been incorporated upstream, a new patch would need to be created against the current codebase. However, based on the changelog entry specifically mentioning machine independence for the test suite, it's highly likely that the patch is simply no longer needed.

Click to expand alternative approaches

Alternative Approaches

  • If the patch contains critical functionality not in upstream, create a new patch against the current codebase that implements only the still-needed changes
  • If the patch failure is preventing a critical build and immediate resolution is needed, you could try increasing the fuzz factor for the patch application (though this is not recommended as a permanent solution)
  • Contact the upstream maintainers to verify if any functionality from the patch is still needed or if it has been fully incorporated

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Jul 10, 2025
@vishal-chdhry vishal-chdhry self-assigned this Jul 11, 2025
@octo-sts octo-sts bot added bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed labels Jul 11, 2025
@vishal-chdhry vishal-chdhry removed their assignment Jul 13, 2025
@developer-guy developer-guy force-pushed the wolfictl-7c84b65d-6664-486b-b74c-22ff00e881fa branch 2 times, most recently from a204db4 to eb5c251 Compare July 13, 2025 15:49
@aborrero aborrero self-assigned this Jul 16, 2025
@aborrero aborrero force-pushed the wolfictl-7c84b65d-6664-486b-b74c-22ff00e881fa branch from eb5c251 to 1f3c2d8 Compare July 16, 2025 13:16
@aborrero aborrero requested a review from a team July 16, 2025 14:22
AmberArcadia
AmberArcadia previously requested changes Jul 16, 2025
View reviewed changes
Copy link
Member

@AmberArcadia AmberArcadia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably worth deleting the test-uid-42.patch file too

wolfi-bot and others added 4 commits July 21, 2025 10:17
@wolfi-bot @aborrero
audit/4.1.0 package update
c1be421 
Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
@vishal-chdhry @aborrero
fix: remove failing patch
bfefc0d 
upstream made a change in the file: linux-audit/audit-userspace@50ef75c

Signed-off-by: Vishal Choudhary <vishal.choudhary@chainguard.dev>
@aborrero
audit: drop bogus tests
928b917 
The audisp-remote binary is a plugin consumed by the main daemon, not something
one calls directly on the shell.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero@chainguard.dev>
@aborrero
audit: remove test-uid-42.patch
b483eaf 
Not in use.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero@chainguard.dev>
@aborrero aborrero force-pushed the wolfictl-7c84b65d-6664-486b-b74c-22ff00e881fa branch from 1f3c2d8 to b483eaf Compare July 21, 2025 08:18
@aborrero aborrero requested review from a team and AmberArcadia July 21, 2025 08:19
@aborrero aborrero merged commit 1fb3c6f into main Jul 21, 2025
25 checks passed
@aborrero aborrero deleted the wolfictl-7c84b65d-6664-486b-b74c-22ff00e881fa branch July 21, 2025 08:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efbar efbar efbar approved these changes

@AmberArcadia AmberArcadia Awaiting requested review from AmberArcadia

Assignees

@aborrero aborrero

Labels

ai/skip-comment Stop AI from commenting on PR audit automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed request-version-update request for a newer version of a package

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@efbar @AmberArcadia @aborrero @vishal-chdhry @wolfi-bot