Skip to content

feat: scan source distributions for compiled code#947

Merged
LalatenduMohanty merged 1 commit intopython-wheel-build:mainfrom
tiran:scan-compiled
Mar 25, 2026
Merged

feat: scan source distributions for compiled code#947
LalatenduMohanty merged 1 commit intopython-wheel-build:mainfrom
tiran:scan-compiled

Conversation

@tiran
Copy link
Collaborator

@tiran tiran commented Mar 3, 2026

The new helper function scan_compiled_extensions scans source distributions for compiled code. It detects common extensions like .so and .dylib as well as files with certain headers.

The function is designed to detect packaging issues like sdists with pre-compiled code. It is incapable of detecting supply chain attacks and malicious code.

@mergify mergify bot added the ci label Mar 3, 2026
@LalatenduMohanty LalatenduMohanty mentioned this pull request Mar 18, 2026
Closed
@LalatenduMohanty
Copy link
Member

LalatenduMohanty commented Mar 18, 2026

@tiran #963 has merged, we should rebase this PR.

@tiran tiran marked this pull request as ready for review March 19, 2026 05:39
@tiran tiran requested a review from a team as a code owner March 19, 2026 05:39
LalatenduMohanty
LalatenduMohanty requested changes Mar 19, 2026
View reviewed changes
LalatenduMohanty
LalatenduMohanty requested changes Mar 19, 2026
View reviewed changes
LalatenduMohanty
LalatenduMohanty requested changes Mar 19, 2026
View reviewed changes
@tiran tiran force-pushed the scan-compiled branch 2 times, most recently from 23b0cb1 to f43f9ff Compare March 21, 2026 18:55
@LalatenduMohanty
Copy link
Member

LalatenduMohanty commented Mar 24, 2026

@mergify rebase

@mergify
Copy link
Contributor

mergify bot commented Mar 24, 2026

rebase

❌ Unable to rebase: Mergify can't impersonate LalatenduMohanty

Details

User LalatenduMohanty used as bot_account is unknown. Please make sure {login} exists and has logged into the Mergify dashboard.

@tiran
feat: scan source distributions for compiled code
4535ff9 
The new helper function `scan_compiled_extensions` scans source
distributions for compiled code. It detects common extensions like `.so`
and `.dylib` as well as files with certain headers.

The function is designed to detect packaging issues like sdists with
pre-compiled code. It is incapable of detecting supply chain attacks and
malicious code.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
@tiran tiran requested a review from LalatenduMohanty March 25, 2026 05:11
@tiran
Copy link
Collaborator Author

tiran commented Mar 25, 2026

I have rebased the PR manually

@LalatenduMohanty LalatenduMohanty merged commit 0a941fd into python-wheel-build:main Mar 25, 2026
39 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LalatenduMohanty LalatenduMohanty LalatenduMohanty approved these changes

Assignees

No one assigned

Labels

ci

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tiran @LalatenduMohanty