fix: Fix 5 components with non-first-parent upstream commits#17260
Merged
Conversation
Tonisal-byte
force-pushed
the
asalinas/fix-non-first-parent-commits
branch
from
7f8d1b5 to
374d9d8
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates Azure Linux component pins/locks and rendered specs to move five Fedora 43–sourced components onto newer upstream commits (avoiding previously-selected non-first-parent commits), and carries through the corresponding rendered spec/source changes.
Changes:
- Pin/update upstream commits via
*.comp.toml(where applicable) and refreshlocks/*.lockfor affected components. - Update rendered specs and source manifests for
systemtap,linux-sgx,pcp,openscap, andyarnpkgto match the new upstream commits. - Adjust/remove/add patch payloads where upstream moved forward (notably
linux-sgxandpcp).
Reviewed changes
Copilot reviewed 83 out of 88 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| specs/y/yarnpkg/yarnpkg.spec | Bump release and adjust Fedora-side BuildRequires/changelog entries. |
| specs/s/systemtap/systemtap.spec | Update to 5.5, adjust sysusers handling/scriptlets, dependency metadata, and remove obsolete gcc16 patch usage. |
| specs/s/systemtap/systemtap-gcc16.patch | Remove obsolete GCC16 workaround patch (upstream no longer needs it). |
| specs/s/systemtap/sources | Update systemtap tarball checksum for 5.5. |
| specs/p/pcp/pcp.spec | Bump release and add SELinux-related patches. |
| specs/p/pcp/pcp-avc-rocestat.patch | Add SELinux policy fix patch for rocestat PMDA AVC denials. |
| specs/p/pcp/pcp-avc-nvidia.patch | Add SELinux policy fix patch for nvidia PMDA AVC denials. |
| specs/o/openscap/sources | Update openscap tarball checksum for 1.4.4. |
| specs/o/openscap/openscap.spec | Bump openscap version to 1.4.4 and add upstream changelog entry. |
| specs/l/linux-sgx/sources | Refresh linux-sgx bundled source list/checksums for 2.28 / DCAP 1.25 stack updates. |
| specs/l/linux-sgx/repack.sh | Adjust repack contents to reflect new prebuilt enclave artifacts. |
| specs/l/linux-sgx/pccs.sysusers.conf | Remove PCCS sysusers config file from rendered sources. |
| specs/l/linux-sgx/pccs.service | Remove PCCS systemd service unit from rendered sources. |
| specs/l/linux-sgx/pccs-nodejs-bundler | Remove PCCS nodejs bundling helper script from rendered sources. |
| specs/l/linux-sgx/0403-pccsadmin-ignore-errors-trying-to-clear-the-keyring.patch | Drop now-obsolete PCCS admin keyring error-handling patch. |
| specs/l/linux-sgx/0402-pccsadmin-make-keyring-module-optional.patch | Drop now-obsolete PCCS admin keyring-optional patch. |
| specs/l/linux-sgx/0401-pccsadmin-remove-leftover-debugging-print-args-state.patch | Drop now-obsolete PCCS admin debug-print removal patch. |
| specs/l/linux-sgx/0400-service-sanitize-paths-to-all-resources.patch | Drop now-obsolete PCCS service path sanitization patch. |
| specs/l/linux-sgx/0203-Disable-sm2-and-sm4-crypto-algorithms.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0202-Disable-various-EC-crypto-features.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0201-Workaround-missing-output-directory.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0200-Enable-pointing-sgxssl-build-to-alternative-glibc-he.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0131-pcsclient-fix-name-of-input-file-in-cache-command-he.patch | Drop patch that’s no longer applicable after upstream changes. |
| specs/l/linux-sgx/0127-qgs-squash-global-placeholders-warning-from-boost-1..patch | Add/refresh patch to address Boost 1.90 placeholder deprecation warnings under -Werror. |
| specs/l/linux-sgx/0126-ensure-build-terminates-if-prepare_sgxssl.sh-fails.patch | Add/refresh patch to fail fast when prepare script commands fail. |
| specs/l/linux-sgx/0125-PCS-Client-Tool-Migrate-from-deprecated-pkg_resource.patch | Drop obsolete PCS client migration patch. |
| specs/l/linux-sgx/0125-disable-building-of-WASM-SIMDE-code.patch | Refresh patch metadata/offsets and adjust debug sanitizer flag placement. |
| specs/l/linux-sgx/0124-Disable-PcsClientTool-package-build.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0123-use-system-gtest-gmock-libraries.patch | Refresh patch metadata/offsets and update Makefile paths/flags for gtest/gmock usage. |
| specs/l/linux-sgx/0123-pcsclient-add-fallback-for-when-pyopenssl-is-not-ava.patch | Drop obsolete PCS client pyopenssl fallback patch. |
| specs/l/linux-sgx/0122-qgs-add-compat-for-boost-1.89-which-deprecated-deadl.patch | Refresh boost compatibility patch metadata/offsets and content. |
| specs/l/linux-sgx/0122-pcsclient-prefer-pycryptography-over-pyopenssl.patch | Drop obsolete PCS client pycryptography preference patch. |
| specs/l/linux-sgx/0121-qgs-add-compat-for-boost-1.87-which-drops-asio-io_se.patch | Refresh boost compatibility patch metadata/offsets. |
| specs/l/linux-sgx/0121-pcsclient-use-more-of-pycryptography-instead-of-pyop.patch | Drop obsolete PCS client migration patch. |
| specs/l/linux-sgx/0120-pcsclient-ignore-errors-trying-to-clear-the-keyring.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0120-pcsclient-fully-switch-to-pycryptography-for-CRL-ver.patch | Drop obsolete CRL verification migration patch. |
| specs/l/linux-sgx/0119-pcsclient-convert-from-asn1-to-pyasn1-python-module.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0118-pcsclient-make-keyring-module-optional.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0117-qgs-add-m-MODE-parameter-for-UNIX-socket-mode.patch | Refresh patch metadata/offsets; keep chmod cast fix. |
| specs/l/linux-sgx/0116-Don-t-stomp-on-VERBOSE-variable.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0114-Delete-broken-checks-for-GCC-version-that-break-fsta.patch | Refresh patch metadata/offsets and file path updates. |
| specs/l/linux-sgx/0113-Don-t-disable-cf-protection-for-qgs.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0112-Workaround-broken-GCC-15.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0111-Fix-soname-version-for-libsgx_qe3_logic.so-library.patch | Refresh patch metadata/offsets and version constants. |
| specs/l/linux-sgx/0110-pcsclient-remove-leftover-debugging-print-args-state.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0109-qgs-add-debug-parameter-to-control-logging.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0108-qgs-protect-against-format-strings-in-QL-log-message.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0107-qgs-add-space-between-program-name-first-arg-in-usag.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0106-Honour-CFLAGS-CXXFLAGS-LDFLAGS-for-various-tools-and.patch | Refresh patch metadata/offsets; keep build flags honoring changes. |
| specs/l/linux-sgx/0105-Look-for-PCKRetrievalTool-config-file-in-etc.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0104-pcsclient-only-import-pypac-module-on-Windows.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0103-Look-for-versioned-sgx_urts-library-in-PCKRetrievalT.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0102-Support-build-time-setting-of-enclave-load-directory.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0100-Drop-use-of-bundled-pre-built-openssl.patch | Refresh patch metadata/offsets and paths after upstream layout changes. |
| specs/l/linux-sgx/0050-Disable-inclusion-of-AESM-in-installer.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0016-fix-missing-def-of-uncaught_exception.patch | Add patch to fix missing uncaught_exception declaration for newer toolchains. |
| specs/l/linux-sgx/0016-Add-impl-of-__cxa_call_terminate.patch | Remove obsolete __cxa_call_terminate implementation patch. |
| specs/l/linux-sgx/0015-fix-BOM-for-mpa_manage-mpa_registration-files.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0014-sdk-avoid-failure-due-to-attribute-regparam-with-GCC.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0014-fix-BOM-for-pccs-with-DCAP.patch | Drop obsolete PCCS BOM fix patch. |
| specs/l/linux-sgx/0012-Add-wrapper-for-nasm-to-fix-cmake-compat.patch | Refresh patch metadata/offsets and switch wrapper to python3. |
| specs/l/linux-sgx/0011-Fix-modern-C-function-prototype-compliance.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0010-psw-make-aesm_service-build-verbose.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0009-sdk-honour-CFLAGS-LDFLAGS-set-from-environment.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0008-pcl-remove-redundant-use-of-bool-type.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0007-psw-fix-soname-for-libuae_service.so-library.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0006-psw-prefer-dev-sgx_provision-dev-sgx_enclave.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0005-disable-openmp-protobuf-sample_crypto-builds.patch | Refresh patch metadata/offsets; keep disabling unneeded bundled builds. |
| specs/l/linux-sgx/0004-Support-disabling-use-of-git-for-ippcp-code.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0003-Improve-make-debuggability.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0002-Add-support-for-building-against-host-CppMicroServic.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0001-Add-support-for-building-against-host-tinyxml2-lib.patch | Refresh patch metadata/offsets to match updated upstream content. |
| specs/l/linux-sgx/0000-Add-support-for-building-against-host-openssl-crypto.patch | Refresh patch metadata/offsets to match updated upstream content. |
| locks/yarnpkg.lock | Update yarnpkg upstream commit pin and fingerprints. |
| locks/systemtap.lock | Update systemtap upstream commit pin and fingerprints. |
| locks/pcp.lock | Update pcp upstream commit pin and fingerprints. |
| locks/openscap.lock | Update openscap upstream commit pin and fingerprints. |
| locks/linux-sgx.lock | Update linux-sgx upstream commit pin and fingerprints. |
| base/comps/systemtap/systemtap.comp.toml | Pin systemtap to a specific upstream commit beyond the default snapshot. |
| base/comps/pcp/pcp.comp.toml | Add pcp component file to pin upstream commit. |
| base/comps/openscap/openscap.comp.toml | Pin openscap to a specific upstream commit beyond the default snapshot. |
| base/comps/linux-sgx/linux-sgx.comp.toml | Add linux-sgx component file to pin upstream commit. |
| base/comps/components.toml | Remove inline entries for components moved to dedicated *.comp.toml files. |
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 83 out of 88 changed files in this pull request and generated no new comments.
Comments suppressed due to low confidence (9)
specs/o/openscap/openscap.spec:1
- The spec's
Releaseis4, but the new changelog entry records-1. Please align these so the NVR matches (either resetReleaseto1%{?dist}for the 1.4.4 update, or update the changelog entry to1:1.4.4-4).
specs/o/openscap/openscap.spec:1 - The spec's
Releaseis4, but the new changelog entry records-1. Please align these so the NVR matches (either resetReleaseto1%{?dist}for the 1.4.4 update, or update the changelog entry to1:1.4.4-4).
specs/p/pcp/pcp.spec:1 - The spec
Releaseis now8, but the latest%changelogentry is still7.1.0-6. Update the changelog to reflect the new release (and add any missing intermediate entries if required by your process) so the recorded NVR matches the build.
specs/p/pcp/pcp.spec:1 - The spec
Releaseis now8, but the latest%changelogentry is still7.1.0-6. Update the changelog to reflect the new release (and add any missing intermediate entries if required by your process) so the recorded NVR matches the build.
specs/s/systemtap/systemtap.spec:1 - The comment says the testsuite needs
nc/ncat, but the dependency was changed fromRequirestoRecommends, which can leave the testsuite non-functional on minimal installs. If the testsuite truly requires one of these to run, consider using an RPM rich dependency to ensure at least one is installed (e.g., require/usr/bin/ncOR/usr/bin/ncat) while still being resilient to provider changes.
specs/s/systemtap/systemtap.spec:1 - The sysusers definitions removed explicit shells (previously
/sbin/nologin). To avoid any behavior depending on sysusers/systemd defaults (and to keep the security posture explicit), it’s safer to specify the nologin shell for these system accounts in the sysusers entries.
specs/s/systemtap/systemtap.spec:1 - The sysusers definitions removed explicit shells (previously
/sbin/nologin). To avoid any behavior depending on sysusers/systemd defaults (and to keep the security posture explicit), it’s safer to specify the nologin shell for these system accounts in the sysusers entries.
specs/s/systemtap/systemtap.spec:1 - The sysusers definitions removed explicit shells (previously
/sbin/nologin). To avoid any behavior depending on sysusers/systemd defaults (and to keep the security posture explicit), it’s safer to specify the nologin shell for these system accounts in the sysusers entries.
specs/y/yarnpkg/yarnpkg.spec:1 - The
Releasewas bumped to18, but in the provided%changelogexcerpt there is no corresponding new1.22.22-18changelog entry. Please add a new top entry documenting the reason for the release bump (e.g., the corrected upstream pin / rebuild rationale) to keep the spec metadata consistent.
christopherco
requested changes
May 16, 2026
Collaborator
christopherco
left a comment
christopherco
left a comment
There was a problem hiding this comment.
Please split these into individual commits in the PR, so we can rebase-merge them while preserving the individual commits (also changelog messages inherit the commit title that modifies the lock file).
Also I'm just curious on the background behind why we're moving these 5 commits forward.
Author
The reason we are moving these 5 commits forward has to do with a bug in Continuing to carry these commits will result in errors when we update the component, as already observed in this commit to |
added 5 commits
May 17, 2026 22:01
Tonisal-byte
force-pushed
the
asalinas/fix-non-first-parent-commits
branch
from
374d9d8 to
bd714d7
Compare
christopherco
requested changes
May 18, 2026
Collaborator
christopherco
left a comment
christopherco
left a comment
There was a problem hiding this comment.
Thanks for making the updates. Looks like these aren't building in CT due to sources. I'll see if I can handle that.
christopherco
approved these changes
May 18, 2026
Collaborator
|
I've fixed the sources and everything looks good |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pin systemtap, linux-sgx, pcp, openscap, yarnpkg
to newer f43 HEAD commits to supersed previously
published versions that were built from non-first-parent commits.