Skip to content

[autobackport: sssd-2-9-4] Use macro rather than shell expansion for string processing in spec file#8522

Merged
ikerexxe merged 2 commits intoSSSD:sssd-2-9-4from
sssd-bot:SSSD-sssd-backport-pr8511-to-sssd-2-9-4
Mar 20, 2026
Merged

[autobackport: sssd-2-9-4] Use macro rather than shell expansion for string processing in spec file#8522
ikerexxe merged 2 commits intoSSSD:sssd-2-9-4from
sssd-bot:SSSD-sssd-backport-pr8511-to-sssd-2-9-4

Conversation

@sssd-bot
Copy link
Contributor

@sssd-bot sssd-bot commented Mar 16, 2026

This is an automatic backport of PR#8511 Use macro rather than shell expansion for string processing in spec file to branch sssd-2-9-4, created by @nforro.

Caution

@nforro The patches did not apply cleanly. It is necessary to resolve conflicts before merging this pull request. Commits that introduced conflict are marked with CONFLICT!.

You can push changes to this pull request

git remote add sssd-bot git@github.com:sssd-bot/sssd.git
git fetch sssd-bot refs/heads/SSSD-sssd-backport-pr8511-to-sssd-2-9-4
git checkout SSSD-sssd-backport-pr8511-to-sssd-2-9-4
git push sssd-bot SSSD-sssd-backport-pr8511-to-sssd-2-9-4 --force

Original commits
f9697d4 - Use macro rather than shell expansion for string processing in spec file
caa0ec2 - Add a default for %samba_package_version

Backported commits

  • 5249a0c - CONFLICT! Use macro rather than shell expansion for string processing in spec file
  • 51dcdec - Add a default for %samba_package_version

Conflicting Files Information (check for deleted and re-added files)

  • CONFLICT! Use macro rather than shell expansion for string processing in spec file
On branch SSSD-sssd-backport-pr8511-to-sssd-2-9-4
You are currently cherry-picking commit f9697d4ff.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   contrib/sssd.spec.in

no changes added to commit (use "git add" and/or "git commit -a")

Original Pull Request Body

We've hardened security in Packit Service and shell expansions in spec files are now rejected as they can be used to execute arbitrary code. There is no need to use shell expansion for string processing, there is an existing macro for this very purpose.

@sssd-bot sssd-bot requested a review from thalman March 16, 2026 10:21
gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 16, 2026
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

The pull request aims to replace shell expansions with macros for string processing and adds a default for samba_package_version. The addition of the conditional block for samba_package_version is a good step towards robustness. However, the pull request contains an unresolved merge conflict in contrib/sssd.spec.in which needs to be addressed before merging.

@alexey-tikhonov alexey-tikhonov mentioned this pull request Mar 20, 2026
Merged
@thalman thalman force-pushed the SSSD-sssd-backport-pr8511-to-sssd-2-9-4 branch from 51dcdec to ab9f556 Compare March 20, 2026 09:35
@thalman thalman requested a review from ikerexxe March 20, 2026 09:37
@thalman thalman marked this pull request as ready for review March 20, 2026 09:37
@alexey-tikhonov alexey-tikhonov added the no-backport This should go to target branch only. label Mar 20, 2026
ikerexxe
ikerexxe approved these changes Mar 20, 2026
View reviewed changes
Copy link
Contributor

@ikerexxe ikerexxe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

nforro added 2 commits March 20, 2026 14:54
@nforro @sssd-bot
Use macro rather than shell expansion for string processing in spec file
99fff63 
Based on commit f9697d4. But %gsub macro
is not present in older (el9) version therefore we use %{lua:} to do
the same thing.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
@nforro @sssd-bot
Add a default for %samba_package_version
3fd9380 
Signed-off-by: Nikola Forró <nforro@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit caa0ec2)
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
@sssd-bot
Copy link
Contributor Author

sssd-bot commented Mar 20, 2026

The pull request was accepted by @ikerexxe with the following PR CI status:

🟢 CodeQL (success)
🟢 Build / make-distcheck (success)
🟢 ci / prepare (success)
🟢 ci / system (centos-8) (success)
🟢 Static code analysis / codeql (success)
🟢 Static code analysis / pre-commit (success)
🟢 Static code analysis / python-system-tests (success)

There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging.

@sssd-bot sssd-bot force-pushed the SSSD-sssd-backport-pr8511-to-sssd-2-9-4 branch from ab9f556 to 3fd9380 Compare March 20, 2026 14:54
@ikerexxe ikerexxe merged commit 38142a7 into SSSD:sssd-2-9-4 Mar 20, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ikerexxe ikerexxe ikerexxe approved these changes

@thalman thalman Awaiting requested review from thalman

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@thalman thalman

Labels

Accepted no-backport This should go to target branch only.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@sssd-bot @ikerexxe @thalman @alexey-tikhonov @nforro