[arch-projects] [namcap] [PATCH 3/4] nonuniquesources: Also warn on common filenames not overriding name to be unique
Filenames in source() are required to be unique. A common violation of this is from commonly named files (i.e. LICENSE) that aren't part of an upstream tarball. Warn if a source file doesn't have an overriding name, and has a commonly used name, ignoring extension and case. Signed-off-by: James P. Harvey <jamespharvey20 at gmail dot com> Namcap/rules/nonuniquesources.py | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-)
On 5/26/19 10:35 PM, James Harvey via arch-projects wrote:
Filenames in source() are required to be unique. A common violation of this is from commonly named files (i.e. LICENSE) that aren't part of an upstream tarball.
Warn if a source file doesn't have an overriding name, and has a commonly used name, ignoring extension and case.
Signed-off-by: James P. Harvey <jamespharvey20 at gmail dot com>
Namcap/rules/nonuniquesources.py | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-)
I expect the common case of files named "LICENSE", to be distributed with the PKGBUILD rather than downloaded, in which case it will *always* be unique (for the same reason "PKGBUILD" is unique). The check would need to first make sure that there is a positively existing download protocol.a -- Eli Schwartz Bug Wrangler and Trusted User
Downloaded files in source() are required to be unique. A common violation of this is from community named files (i.e. LICENSE) that aren't part of an upstream tarball. Warn if a source file is downloaded, doesn't have an overriding name, and has a commonly used name, ignoring extension and case. Signed-off-by: James P. Harvey <jamespharvey20@gmail.com> --- Namcap/rules/nonuniquesources.py | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/Namcap/rules/nonuniquesources.py b/Namcap/rules/nonuniquesources.py index a16f56e..216ae82 100644 --- a/Namcap/rules/nonuniquesources.py +++ b/Namcap/rules/nonuniquesources.py @@ -26,9 +26,27 @@ from Namcap.ruleclass import PkgbuildRule class nonuniquesources(PkgbuildRule): name = "nonuniquesources" description = "Verifies the downloaded sources have a unique filename" + def analyze(self, pkginfo, tar): + filename_begins_upper_case = [ + "AUTHORS", + "CHANGELOG", + "CONTRIBUTING", + "COPYING", + "COPYRIGHT", + "HACKING", + "HISTORY", + "LICENSE", + "NEWS", + "README", + "TODO" + ] + for source_file in pkginfo["source"]: - if '::' not in source_file and re.match(r'^[vV]?(([0-9]){8}|([0-9]+\.?)+)\.', os.path.basename(source_file)): - self.warnings.append(("non-unique-source-name %s", os.path.basename(source_file))) + if '::' not in source_file: + basename = os.path.basename(source_file) + if re.match(r'^[vV]?(([0-9]){8}|([0-9]+\.?)+)\.', basename) \ + or ('://' in source_file and basename.upper().split('.')[0] in filename_begins_upper_case): + self.warnings.append(("non-unique-source-name %s", basename)) # vim: set ts=4 sw=4 noet: -- 2.21.0
Signed-off-by: James P. Harvey <jamespharvey20@gmail.com> --- .../tests/pkgbuild/test_nonuniquesources.py | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/Namcap/tests/pkgbuild/test_nonuniquesources.py b/Namcap/tests/pkgbuild/test_nonuniquesources.py index 1c6d75c..b647051 100644 --- a/Namcap/tests/pkgbuild/test_nonuniquesources.py +++ b/Namcap/tests/pkgbuild/test_nonuniquesources.py @@ -55,4 +55,40 @@ package() { self.assertEqual(r.warnings, [("non-unique-source-name %s", "v1.2.3.tar.gz")]) self.assertEqual(r.infos, []) + def test_common_repo_non_unique(self): + r = self.run_on_pkg(self.pkgbuild_no_source + "source=('pkgname.tar.xz' 'LICENSE')") + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, []) + self.assertEqual(r.infos, []) + + def test_common_external_overridden(self): + r = self.run_on_pkg(self.pkgbuild_no_source + "source=('pkgname.tar.xz' '${pkgname}-LICENSE::vcs+protocol://www.example.com/LICENSE')") + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, []) + self.assertEqual(r.infos, []) + + def test_common_external_unique_part(self): + r = self.run_on_pkg(self.pkgbuild_no_source + "source=('pkgname.tar.xz' 'git+https://www.example.com/LICENSE-pkgname')") + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, []) + self.assertEqual(r.infos, []) + + def test_common_external_non_unique(self): + r = self.run_on_pkg(self.pkgbuild_no_source + "source=('pkgname.tar.xz' 'bzr+https://www.example.com/LICENSE')") + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, [("non-unique-source-name %s", "LICENSE")]) + self.assertEqual(r.infos, []) + + def test_common_external_non_unique_ignoring_extension(self): + r = self.run_on_pkg(self.pkgbuild_no_source + "source=('pkgname.tar.xz' 'hg+http://www.example.com/LICENSE.txt')") + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, [("non-unique-source-name %s", "LICENSE.txt")]) + self.assertEqual(r.infos, []) + + def test_common_external_non_unique_case_insensitive(self): + r = self.run_on_pkg(self.pkgbuild_no_source + "source=('pkgname.tar.xz' 'svn+http://www.example.com/LiCeNsE.tXt')") + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, [("non-unique-source-name %s", "LiCeNsE.tXt")]) + self.assertEqual(r.infos, []) + # vim: set ts=4 sw=4 noet: -- 2.21.0
participants (3)
-
Eli Schwartz
-
James Harvey
-
James P. Harvey