Content-Length: 389764 | pFad | https://github.com/python/cpython/pull/100539

07 gh-100538: Create a workflow for verifying bundled libexpat files by illia-v · Pull Request #100539 · python/cpython · GitHub
Skip to content

gh-100538: Create a workflow for verifying bundled libexpat files#100539

Closed
illia-v wants to merge 4 commits intopython:mainfrom
illia-v:verify-expat
Closed

gh-100538: Create a workflow for verifying bundled libexpat files#100539
illia-v wants to merge 4 commits intopython:mainfrom
illia-v:verify-expat

Conversation

@illia-v
Copy link
Copy Markdown
Contributor

@illia-v illia-v commented Dec 26, 2022
edited by bedevere-bot
Loading

Tags of libexpat releases are signed and GitHub runs a verification process on them.

I added a check of the verification status retrieved via GitHub's API. If the check succeeds, the script downloads a release source code and compares content of bundled files to the source.

Since a few lines are added to Modules/expat/expat_external.h, I moved them to the top of the file and the script skips them.

@bedevere-bot bedevere-bot mentioned this pull request Dec 26, 2022
Closed
@sobolevn
Copy link
Copy Markdown
Member

sobolevn commented Dec 27, 2022

You don't need news for build tools :)

@illia-v
Copy link
Copy Markdown
Contributor Author

illia-v commented Feb 3, 2023

@sobolevn I removed the news entry

@hartwork hartwork mentioned this pull request Feb 14, 2024
Merged
picnixz
picnixz reviewed Oct 4, 2025
View reviewed changes
Modules/expat/expat_external.h
@@ -1,3 +1,7 @@
/* Namespace external symbols to allow multiple libexpat version to
Copy link
Copy Markdown
Member

@picnixz picnixz Oct 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one is should not be needed. It's already included below.

@picnixz
Copy link
Copy Markdown
Member

picnixz commented Oct 4, 2025

More generally, I'm not sure we actually need this step. Aren't we already doing this with SBOM checks?

@StanFromIreland
Copy link
Copy Markdown
Member

StanFromIreland commented Feb 28, 2026

Aren't we already doing this with SBOM checks?

We aren't verifying that the files in the repository are the same as the ones in the release.

@StanFromIreland StanFromIreland mentioned this pull request Feb 28, 2026
Merged
@StanFromIreland
Copy link
Copy Markdown
Member

StanFromIreland commented Feb 28, 2026

I propose a simpler alternative: #145359

@gpshead
Copy link
Copy Markdown
Member

gpshead commented Mar 1, 2026

closing as the alternative PR merged. thanks though, this is a useful thing for us to have!

@gpshead gpshead closed this Mar 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@picnixz picnixz picnixz left review comments

@ezio-melotti ezio-melotti Awaiting requested review from ezio-melotti ezio-melotti is a code owner

@hugovk hugovk Awaiting requested review from hugovk hugovk is a code owner

@AA-Turner AA-Turner Awaiting requested review from AA-Turner AA-Turner is a code owner

@sethmlarson sethmlarson Awaiting requested review from sethmlarson

Assignees

No one assigned

Labels

awaiting review skip news

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@illia-v @sobolevn @picnixz @StanFromIreland @gpshead @bedevere-bot @nazeerali4325-commits








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: https://github.com/python/cpython/pull/100539

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy