On February 28, 2019 11:34:08 AM EST, Jerome Leclanche <jerome@leclan.ch> wrote:
On Thu, Feb 28, 2019 at 5:22 PM Daniel M. Capella via aur-general <aur-general@archlinux.org> wrote:
On February 28, 2019 8:58:06 AM EST, Jerome Leclanche
<jerome@leclan.ch> wrote:
<snip>
OT: We should maybe have the AUR lint PKGBUILDs on git push (and reject really bad ones) if we want to improve that situation.
J. Leclanche
I've been thinking enforcing the use of makechrootpkg and namcap on
package submission should be introduced, and maybe even on major (and minor?) version bumps for packages following semver. Inb4 yes I'm aware of the number of false-positives in namcap.
-- Best, polyzen
Can we give namcap's outputs error codes and blacklist some of the false positives?
That seems in line with well-established linters. It would also be nice if a linting plugin for an editor (eg. ALE for Vim) could utilize namcap someday.
I was mostly thinking about things that can be done just by static analysis of the PKGBUILD, rather than anything requiring packages to be built, so that they can be rejected immediately during git push. Things such as running mksrcinfo, verifying local sources (and their hashes), etc.
The tool mentioned in alad's reply seems interesting. Will have to check it out.
J. Leclanche
-- Best, polyzen