[arch-dev-public] Useful scripts
jason at archlinux.org
Tue Jul 31 10:16:18 EDT 2007
> Note of warning!! Do not use these scripts on any PKGBUILDs you don't
> trust! They source every PKGBUILD to obtain the information - if a
> single PKGBUILD has rm -rf ~ you'd lose your home directory. You've
> been warned. ;) (of course you could run it in a sandbox as well, but
The new way I parse PKGBUILDs in namcap really rocks for not trusting
PKGBUILDs. Apparently bash has a --restricted mode. You have to override
the PATH variable to make sure they can't execute any commands, but that's
This script basically outputs a PKGBUILD in db format.
> This one also finds all PKGBUILD files located in any subdirs of
> $(pwd), and analyses all entries in the license array. If the license
> isn't one located in /usr/share/licenses/common, and it doesn't start
> with 'custom', then the package and its invalid license are output to
> stdout. Also, if no license is defined, it outputs this info to stdout
> as well.
> At the moment, it doesn't check the validity of custom licenses, but it
> does its job well; I've also attached the list it generates when run
> against extra/community/unstable. It's a long list - almost 2k
> invalid/non-existent licenses.
This rule could be added to namcap. We could check for the validity of the
licenses in a package (at that point we can see if there are custom
licenses stored in the package).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the arch-dev-public