https://bugzilla.redhat.com/show_bug.cgi?id=2437502
--- Comment #169 from Nicola Taibi <[email protected]> --- Hi, Subject: Technical Update: Repository Cleanup and Build Pipeline Hardening This update implements security and compliance best practices for the "Space GL" build and distribution pipeline. 1. Repository Cleanup & Asset Security * Excluded Sensitive Assets: Removed sensitive local assets, and internal development/test scripts, from Git tracking. * Git Hardening: Updated .gitignore to strictly exclude these assets, preventing them from being re-added to the version control system. 2. Build Pipeline Hardening (Distribution Security) To ensure that only authorized files are included in the generated Source RPMs (SRPM) and source tarballs, I have hardened the release/revision scripts: * Atomic Cleanup: Added a pre-build cleanup routine that physically removes restricted files and temporary test directories from the build root ($GIT_ROOT) before any packaging commands (rpmbuild) are executed. * Rsync Filtering: Updated rsync commands to use explicit --exclude flags for all non-distribution assets. This provides a "double-lock" mechanism, ensuring that even if files exist in the development workspace, they are never synchronized to the release build root. * Verification: Verified the integrity of the generated tar.gz and src.rpm files, confirming they are now devoid of excluded assets. 3. Changelog Maintenance * Updated the changelog to reflect the recent revision (2026.04.17.02), documenting the cleanup of distribution assets to ensure full traceability for the automated build system. Spec URL: https://download.copr.fedorainfracloud.org/results/ntaibi/space-gl/fedora-43-x86_64/10342172-spacegl/spacegl.spec SRPM URL: https://download.copr.fedorainfracloud.org/results/ntaibi/space-gl/fedora-43-x86_64/10342172-spacegl/spacegl-2026.04.17.03-1.fc43.src.rpm Best regards, Nick -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2437502 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202437502%23c169 -- _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
