From f5a767eaf07ae83fe4983d34b06a8caa24979024 Mon Sep 17 00:00:00 2001
From: Jan Lindemann <jan@janware.com>
Date: Mon, 8 Jun 2026 15:55:24 +0200
Subject: [PATCH 1/2] project.conf: pkg.requires.suse.release -=
 python3-pyright

Running pyright in a minimal docker container gives this error:

  $ pyright
  /usr/bin/npm-default: No such file or directory
  Traceback (most recent call last):
    File "/usr/bin/pyright-3.13", line 6, in <module>
      sys.exit(entrypoint())
               ~~~~~~~~~~^^
    File "/usr/lib/python3.13/site-packages/pyright/cli.py", line 31, in entrypoint
      sys.exit(main(sys.argv[1:]))
               ~~~~^^^^^^^^^^^^^^
    File "/usr/lib/python3.13/site-packages/pyright/cli.py", line 18, in main
      return run(*args, **kwargs).returncode
             ~~~^^^^^^^^^^^^^^^^^
    File "/usr/lib/python3.13/site-packages/pyright/cli.py", line 22, in run
      pkg_dir = install_pyright(args, quiet=None)
    File "/usr/lib/python3.13/site-packages/pyright/_utils.py", line 69, in install_pyright
      node.run(
      ~~~~~~~~^
          'npm',
          ^^^^^^
      ...<5 lines>...
          stderr=subprocess.PIPE if silent else sys.stderr,
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      )
      ^
    File "/usr/lib/python3.13/site-packages/pyright/node.py", line 144, in run
      subprocess.run(node_args, **kwargs),
      ~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^
    File "/usr/lib64/python3.13/subprocess.py", line 577, in run
      raise CalledProcessError(retcode, process.args,
                               output=stdout, stderr=stderr)
  subprocess.CalledProcessError: Command '['/usr/bin/npm', 'install', \
  'pyright@1.1.409']' returned non-zero exit status 255.

This means that on openSUSE, python3-pyright tries to pull in
packages from the NPM registry. This increases the CI supply chain
attack surface inacceptably, so remove pyright from the release
prerequisites. That should be enough to remove it from the
prerequisites of target check as well and allow it to succeed.

The pyright check machinery itself remains useful, so keep it in
place for developers who install python3-pyright manually.

Signed-off-by: Jan Lindemann <jan@janware.com>
---
 make/project.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/make/project.conf b/make/project.conf
index b9231d0c..9641d6d5 100644
--- a/make/project.conf
+++ b/make/project.conf
@@ -36,7 +36,7 @@ build = realpath
 
 [pkg.requires.suse]
 run = python3
-release = rpmbuild, python3-base, python3-pyright
+release = rpmbuild, python3-base
 
 [pkg.requires.debian]
 run = python3

From 8d174f03bd222a61cf93c2e7c22cffb463406dc0 Mon Sep 17 00:00:00 2001
From: Jan Lindemann <jan@janware.com>
Date: Mon, 8 Jun 2026 15:55:24 +0200
Subject: [PATCH 2/2] project.conf: pkg.requires.suse.release -=
 python3-pyright

Running pyright in a minimal docker container gives this error:

  $ pyright
  /usr/bin/npm-default: No such file or directory
  Traceback (most recent call last):
    File "/usr/bin/pyright-3.13", line 6, in <module>
      sys.exit(entrypoint())
               ~~~~~~~~~~^^
    File "/usr/lib/python3.13/site-packages/pyright/cli.py", line 31, in entrypoint
      sys.exit(main(sys.argv[1:]))
               ~~~~^^^^^^^^^^^^^^
    File "/usr/lib/python3.13/site-packages/pyright/cli.py", line 18, in main
      return run(*args, **kwargs).returncode
             ~~~^^^^^^^^^^^^^^^^^
    File "/usr/lib/python3.13/site-packages/pyright/cli.py", line 22, in run
      pkg_dir = install_pyright(args, quiet=None)
    File "/usr/lib/python3.13/site-packages/pyright/_utils.py", line 69, in install_pyright
      node.run(
      ~~~~~~~~^
          'npm',
          ^^^^^^
      ...<5 lines>...
          stderr=subprocess.PIPE if silent else sys.stderr,
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      )
      ^
    File "/usr/lib/python3.13/site-packages/pyright/node.py", line 144, in run
      subprocess.run(node_args, **kwargs),
      ~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^
    File "/usr/lib64/python3.13/subprocess.py", line 577, in run
      raise CalledProcessError(retcode, process.args,
                               output=stdout, stderr=stderr)
  subprocess.CalledProcessError: Command '['/usr/bin/npm', 'install', \
  'pyright@1.1.409']' returned non-zero exit status 255.

This means that on openSUSE, python3-pyright tries to pull in
packages from the NPM registry. This increases the CI supply chain
attack surface inacceptably, so remove pyright from the release
prerequisites. That should be enough to remove it from the
prerequisites of target check as well and allow it to succeed.

The pyright check machinery itself remains useful, so keep it in
place for developers who install python3-pyright manually.

Signed-off-by: Jan Lindemann <jan@janware.com>
---
 make/project.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/make/project.conf b/make/project.conf
index b9231d0c..9641d6d5 100644
--- a/make/project.conf
+++ b/make/project.conf
@@ -36,7 +36,7 @@ build = realpath
 
 [pkg.requires.suse]
 run = python3
-release = rpmbuild, python3-base, python3-pyright
+release = rpmbuild, python3-base
 
 [pkg.requires.debian]
 run = python3