[arch-projects] [namcap] [PATCH 0/4] Add a rule against common filenames in source() without overridden name

newer
[arch-projects] [namcap] [PATCH]...

older
[arch-projects] [namcap] [PATCH]...

James P. Harvey

27 May 2019 27 May '19

3:49 a.m.

There's no good way for namcap to ensure source() filenames are unique across all packages, required for users with SRCDEST. But, I think by far the most common offending filename would be LICENSE, as non-standard ones are required to be included, but sometimes there's no upstream tarball or there is but it's not in there. Mostly an issue for AUR packages, but maybe there are official ones violating this too. We can at least check that if common names are in source(), they're given an overridden name. (Personally, I'm going with "${pkgname}-LICENSE::", but this patch doesn't force this form.) While adding this, split off the recently added non-unique versioned source filenames (non-overridden versioned tarballs) from pkginfo rules. This was originally there using PkgInfoRule, but when it was switched to PkgbuildRule, it was left in pkginfo.py. Also add tests for the recently added non-unique versioned source filenames rule. James P. Harvey (4): Split warning for non-unique source filenames from pkginfo rules Add test for non-unique source filenames nonuniquesources: Also warn on common filenames not overriding name to be unique nonuniquesources: Add test for common filenames Namcap/rules/__init__.py | 1 + Namcap/rules/nonuniquesources.py | 52 ++++++++++ Namcap/rules/pkginfo.py | 11 +-- .../tests/pkgbuild/test_nonuniquesources.py | 94 +++++++++++++++++++ 4 files changed, 148 insertions(+), 10 deletions(-) create mode 100644 Namcap/rules/nonuniquesources.py create mode 100644 Namcap/tests/pkgbuild/test_nonuniquesources.py -- 2.21.0

Show replies by date

James P. Harvey

27 May 27 May

3:49 a.m.

New subject: [arch-projects] [namcap] [PATCH 1/4] Split warning for non-unique source filenames from pkginfo rules

This was originally here, because it used PkgInfoRule, but was changed to use PkgbuildRule and was left here. Signed-off-by: James P. Harvey <jamespharvey20@gmail.com> --- Namcap/rules/__init__.py | 1 + Namcap/rules/nonuniquesources.py | 34 ++++++++++++++++++++++++++++++++ Namcap/rules/pkginfo.py | 11 +---------- 3 files changed, 36 insertions(+), 10 deletions(-) create mode 100644 Namcap/rules/nonuniquesources.py diff --git a/Namcap/rules/__init__.py b/Namcap/rules/__init__.py index dcc950f..111f08b 100644 --- a/Namcap/rules/__init__.py +++ b/Namcap/rules/__init__.py @@ -62,6 +62,7 @@ from . import ( makedepends, makepkgfunctions, missingvars, + nonuniquesources, pkginfo, pkgnameindesc, sfurl, diff --git a/Namcap/rules/nonuniquesources.py b/Namcap/rules/nonuniquesources.py new file mode 100644 index 0000000..a16f56e --- /dev/null +++ b/Namcap/rules/nonuniquesources.py @@ -0,0 +1,34 @@ +# +# namcap rules - package variables +# Copyright (C) 2018 Simon Doppler <dopsi at dopsi dot ch> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +"These rules checks basic sanity of source files" + +import re +import os +from Namcap.ruleclass import PkgbuildRule + +class nonuniquesources(PkgbuildRule): + name = "nonuniquesources" + description = "Verifies the downloaded sources have a unique filename" + def analyze(self, pkginfo, tar): + for source_file in pkginfo["source"]: + if '::' not in source_file and re.match(r'^[vV]?(([0-9]){8}|([0-9]+\.?)+)\.', os.path.basename(source_file)): + self.warnings.append(("non-unique-source-name %s", os.path.basename(source_file))) + +# vim: set ts=4 sw=4 noet: diff --git a/Namcap/rules/pkginfo.py b/Namcap/rules/pkginfo.py index 5a42810..216e417 100644 --- a/Namcap/rules/pkginfo.py +++ b/Namcap/rules/pkginfo.py @@ -20,8 +20,7 @@ "These rules checks basic sanity of package metadata" import re -import os -from Namcap.ruleclass import PkgInfoRule,PkgbuildRule +from Namcap.ruleclass import PkgInfoRule class CapsPkgnameRule(PkgInfoRule): name = "capsnamespkg" @@ -44,12 +43,4 @@ class LicenseRule(PkgInfoRule): if "license" not in pkginfo or len(pkginfo["license"]) == 0: self.errors.append(("missing-license", ())) -class NonUniqueSourcesRule(PkgbuildRule): - name = "non-unique-source" - description = "Verifies the downloaded sources have a unique filename" - def analyze(self, pkginfo, tar): - for source_file in pkginfo["source"]: - if '::' not in source_file and re.match(r'^[vV]?(([0-9]){8}|([0-9]+\.?)+)\.', os.path.basename(source_file)): - self.warnings.append(("non-unique-source-name %s", os.path.basename(source_file))) - # vim: set ts=4 sw=4 noet: -- 2.21.0

James P. Harvey

3:49 a.m.

New subject: [arch-projects] [namcap] [PATCH 2/4] Add test for non-unique source filenames

Signed-off-by: James P. Harvey <jamespharvey20@gmail.com> --- .../tests/pkgbuild/test_nonuniquesources.py | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 Namcap/tests/pkgbuild/test_nonuniquesources.py diff --git a/Namcap/tests/pkgbuild/test_nonuniquesources.py b/Namcap/tests/pkgbuild/test_nonuniquesources.py new file mode 100644 index 0000000..1c6d75c --- /dev/null +++ b/Namcap/tests/pkgbuild/test_nonuniquesources.py @@ -0,0 +1,58 @@ +# +# namcap rules - non-unique sources +# Copyright (C) 2019 James P. Harvey <jamespharvey20@gmail.org> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +from Namcap.tests.pkgbuild_test import PkgbuildTest +import Namcap.rules.nonuniquesources as module + +class NamcapNonUniqueSourcesTest(PkgbuildTest): + pkgbuild_no_source = """ +pkgname=__namcap_test_uniquesources +pkgver=1.0 +pkgrel=1 +pkgdesc="A package" +arch=('i686' 'x86_64') +url="http://www.example.com/" +license=('GPL') +depends=('glibc') +build() { + true +} +package() { + true +} +""" + + test_valid = PkgbuildTest.valid_tests + + def preSetUp(self): + self.rule = module.nonuniquesources + + def test_unique(self): + r = self.run_on_pkg(self.pkgbuild_no_source + "source=('a' 'b')") + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, []) + self.assertEqual(r.infos, []) + + def test_versioned_non_unique(self): + r = self.run_on_pkg(self.pkgbuild_no_source + "source=('v1.2.3.tar.gz')") + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, [("non-unique-source-name %s", "v1.2.3.tar.gz")]) + self.assertEqual(r.infos, []) + +# vim: set ts=4 sw=4 noet: -- 2.21.0

James P. Harvey

3:49 a.m.

New subject: [arch-projects] [namcap] [PATCH 3/4] nonuniquesources: Also warn on common filenames not overriding name to be unique

Filenames in source() are required to be unique. A common violation of this is from commonly named files (i.e. LICENSE) that aren't part of an upstream tarball. Warn if a source file doesn't have an overriding name, and has a commonly used name, ignoring extension and case. Signed-off-by: James P. Harvey <jamespharvey20@gmail.com> --- Namcap/rules/nonuniquesources.py | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/Namcap/rules/nonuniquesources.py b/Namcap/rules/nonuniquesources.py index a16f56e..8d8afcd 100644 --- a/Namcap/rules/nonuniquesources.py +++ b/Namcap/rules/nonuniquesources.py @@ -26,9 +26,27 @@ from Namcap.ruleclass import PkgbuildRule class nonuniquesources(PkgbuildRule): name = "nonuniquesources" description = "Verifies the downloaded sources have a unique filename" + def analyze(self, pkginfo, tar): + filename_begins_upper_case = [ + "AUTHORS", + "CHANGELOG", + "CONTRIBUTING", + "COPYING", + "COPYRIGHT", + "HACKING", + "HISTORY", + "LICENSE", + "NEWS", + "README", + "TODO" + ] + for source_file in pkginfo["source"]: - if '::' not in source_file and re.match(r'^[vV]?(([0-9]){8}|([0-9]+\.?)+)\.', os.path.basename(source_file)): - self.warnings.append(("non-unique-source-name %s", os.path.basename(source_file))) + if '::' not in source_file: + basename = os.path.basename(source_file) + if re.match(r'^[vV]?(([0-9]){8}|([0-9]+\.?)+)\.', basename) \ + or basename.upper().split('.')[0] in filename_begins_upper_case: + self.warnings.append(("non-unique-source-name %s", basename)) # vim: set ts=4 sw=4 noet: -- 2.21.0

James P. Harvey

3:49 a.m.

New subject: [arch-projects] [namcap] [PATCH 4/4] nonuniquesources: Add test for common filenames

Signed-off-by: James P. Harvey <jamespharvey20@gmail.com> --- .../tests/pkgbuild/test_nonuniquesources.py | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/Namcap/tests/pkgbuild/test_nonuniquesources.py b/Namcap/tests/pkgbuild/test_nonuniquesources.py index 1c6d75c..b8f3542 100644 --- a/Namcap/tests/pkgbuild/test_nonuniquesources.py +++ b/Namcap/tests/pkgbuild/test_nonuniquesources.py @@ -55,4 +55,40 @@ package() { self.assertEqual(r.warnings, [("non-unique-source-name %s", "v1.2.3.tar.gz")]) self.assertEqual(r.infos, []) + def test_common_unique(self): + r = self.run_on_pkg(self.pkgbuild_no_source + "source=('pkgname.tar.xz' '${pkgname}-LICENSE::LICENSE.txt')") + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, []) + self.assertEqual(r.infos, []) + + def test_common_repo_non_unique(self): + r = self.run_on_pkg(self.pkgbuild_no_source + "source=('pkgname.tar.xz' 'LICENSE')") + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, [("non-unique-source-name %s", "LICENSE")]) + self.assertEqual(r.infos, []) + + def test_common_repo_part_unique(self): + r = self.run_on_pkg(self.pkgbuild_no_source + "source=('pkgname.tar.xz' 'LICENSE-pkgname.txt')") + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, []) + self.assertEqual(r.infos, []) + + def test_common_repo_part_non_unique(self): + r = self.run_on_pkg(self.pkgbuild_no_source + "source=('pkgname.tar.xz' 'LICENSE.txt')") + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, [("non-unique-source-name %s", "LICENSE.txt")]) + self.assertEqual(r.infos, []) + + def test_common_external_non_unique(self): + r = self.run_on_pkg(self.pkgbuild_no_source + "source=('pkgname.tar.xz' 'ftp://example.com/LICENSE.txt')") + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, [("non-unique-source-name %s", "LICENSE.txt")]) + self.assertEqual(r.infos, []) + + def test_common_case_insensitive(self): + r = self.run_on_pkg(self.pkgbuild_no_source + "source=('pkgname.tar.xz' 'ftp://example.com/license.txt')") + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, [("non-unique-source-name %s", "license.txt")]) + self.assertEqual(r.infos, []) + # vim: set ts=4 sw=4 noet: -- 2.21.0

2001

Age (days ago)

2001

Last active (days ago)

List overview

Download

4 comments

1 participants

participants (1)

James P. Harvey