On Wed, Apr 08, 2026 at 08:52:43AM +0000, Johannes Thyssen Tishman wrote:
> 2026-04-07T19:25:13+0200 Theo Buehler <tb@theobuehler.org>:
> > > I had also recently packaged this tool and commited it in OpenBSD ports WIP
> > > => https://github.com/jasperla/openbsd-wip/tree/master/devel/zizmor
> > 
> > New tarball with a few fixes and tweaks stolen from Laurent's WIP.
> > Happy to add Laurent as a maintainer.
> 
> Hi tb. The tagname is missing a 'v' and the generation of shell
> completions fails without an absolute path to zizmor's binary. With
> those changes (diff below, new tarball attached), the port is ok jtt@.

Thanks. It's always the last-minute tweaks...

> However, when running zizmor with remote Github repositories
> (GH_TOKEN=<my_token> zizmor account/project) it segfaults. Perhaps I'm
> doing something wrong? It works with local repositories though.

As a general rule, a segfault is never the user doing anything wrong :)
Next time running 'egdb zizmor zizmor.core' and showing the first few
lines of the output of the bt command would be helpful.

#0  0x00000bda39bdd593 in aws_lc_0_36_0_curve25519_x25519base ()
#1  0x00000bda39a7879a in aws_lc_0_36_0_X25519_keypair ()
#2  0x00000bda39a5a23d in pkey_x25519_keygen ()
...

This is aws-lc-sys not being xonly clean on amd64:

https://github.com/aws/aws-lc/blob/863ed59b19feac3f0da174b9ef69301962080bb3/third_party/s2n-bignum/s2n-bignum-imported/x86_att/curve25519/curve25519_x25519base.S#L2277-L2281

I suspect we we have a few ports that will need USE_NOEXECONLY = Yes
because of this...