[arch-projects] [namcap] [PATCH] remove pointless mkdir -p in parsepkgbuild
As far as I can tell, this was never used. In commit 9b56647abc8dc33bf138d4b260b103c8d9265b7d the parsepkgbuild script was switched from defining a PATH as a directory in /tmp, to actually passing in a PATH=/dummy to `env -i`... which makes sense as the defined PATH did not used to be used. However, even before that, it's not safe to use mkdir -p in order to define a restricted shell without access to the PATH, as it's not guaranteed to be owned by the creator. In any event, the time for mkdir -p is long past. Signed-off-by: Eli Schwartz --- parsepkgbuild | 2 -- 1 file changed, 2 deletions(-) diff --git a/parsepkgbuild b/parsepkgbuild index 009e89e..bedb0de 100755 --- a/parsepkgbuild +++ b/parsepkgbuild @@ -1,7 +1,5 @@ #!/bin/bash -mkdir -p /tmp/parsepkgbuild - source /etc/makepkg.conf PARSE_PKGBUILD_PATH=${PARSE_PKGBUILD_PATH:-/usr/share/namcap} -- 2.21.0
[arch-projects] [namcap] [PATCH 2/2] add support for new checksum algorithm in pacman-git
It is now possible to use b2sums to verify file integrity. See https://git.archlinux.org/pacman.git/commit/?id=e03752e6adc86cbb4cb4f52a38f6e3e98cbe9dd5 Signed-off-by: Eli Schwartz --- Namcap/rules/arrays.py | 9 + Namcap/rules/extravars.py | 9 + Namcap/rules/missingvars.py | 6 +++--- parsepkgbuild.sh| 2 +- 4 files changed, 14 insertions(+), 12 deletions(-) diff --git a/Namcap/rules/arrays.py b/Namcap/rules/arrays.py index 5ca33cc..f841ca1 100644 --- a/Namcap/rules/arrays.py +++ b/Namcap/rules/arrays.py @@ -1,7 +1,7 @@ -# +# # namcap rules - array # Copyright (C) 2003-2009 Jesse Young -# +# # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or @@ -15,7 +15,7 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# +# """Verifies that array variables are actually arrays""" @@ -29,7 +29,8 @@ class package(PkgbuildRule): arrayvars = ['arch', 'license', 'groups', 'depends', 'makedepends', 'optdepends', 'checkdepends', 'provides', 'conflicts', 'replaces', 'backup', 'options', 'source', 'noextract', 'md5sums', 'sha1sums', -'sha224sums', 'sha256sums', 'sha384sums', 'sha512sums', 'validpgpkeys'] +'sha224sums', 'sha256sums', 'sha384sums', 'sha512sums', 'b2sums', +'validpgpkeys'] for i in pkginfo.pkgbuild: m = re.match('\s*(.*)\s*=\s*(.*)$', i) for j in arrayvars: diff --git a/Namcap/rules/extravars.py b/Namcap/rules/extravars.py index 81084f8..bea575a 100644 --- a/Namcap/rules/extravars.py +++ b/Namcap/rules/extravars.py @@ -1,7 +1,7 @@ -# +# # namcap rules - extravars # Copyright (C) 2003-2009 Jesse Young -# +# # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or @@ -15,7 +15,7 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# +# from itertools import product from Namcap.ruleclass import * @@ -26,7 +26,8 @@ class package(PkgbuildRule): def analyze(self, pkginfo, tar): carch_vars = ['checkdepends', 'conflicts', 'depends', 'makedepends', 'optdepends', 'provides', 'replaces', 'source', 'md5sums', -'sha224sums', 'sha1sums', 'sha256sums', 'sha384sums', 'sha512sums'] +'sha224sums', 'sha1sums', 'sha256sums', 'sha384sums', +'sha512sums', 'b2sums'] stdvars = ['arch', 'license', 'backup', 'noextract', 'pkgname', 'pkgbase', 'pkgver', 'pkgrel', 'epoch', 'pkgdesc', 'groups', 'url', 'install', 'changelog', diff --git a/Namcap/rules/missingvars.py b/Namcap/rules/missingvars.py index 25445e2..5814037 100644 --- a/Namcap/rules/missingvars.py +++ b/Namcap/rules/missingvars.py @@ -3,7 +3,7 @@ # namcap rules - missingvars # Copyright (C) 2003-2009 Jason Chu # Copyright (C) 2011 Rémy Oudompheng -# +# # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or @@ -17,7 +17,7 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# +# """Checks for missing variables in PKGBUILD""" @@ -30,7 +30,7 @@ class ChecksumsRule(PkgbuildRule): name = "checksums" description = "Verifies checksums are included in a PKGBUILD" def analyze(self, pkginfo, tar): - checksums=[('md5', 32), ('sha1', 40), ('sha224', 56), ('sha256', 64), ('sha384', 96), ('sha512', 128)] + checksums=[('md5', 32), ('sha1', 40), ('sha224', 56), ('sha256', 64), ('sha384', 96), ('sha512', 128), ('b2', 128)] if "source" in pkginfo: haschecksums = False diff --git a/parsepkgbuild.sh b/parsepkgbuild.sh index 66cea40..4ac996a 100644 --- a/parsepkgbuild.sh +++ b/parsepkgbuild.sh @@ -21,7 +21,7 @@ fi meta_keys=(groups url license arch builddate packager replaces force depends makedepends
[arch-projects] [namcap] [PATCH 1/2] parsepkgbuild: reduce a lot of boilerplate by being more templated
When listing out the contents of a variable, use loops and references to the variables in order to reduce code and make it easier to extend. In the future, a new metadata type can be added simply by appending to meta_keys=() Signed-off-by: Eli Schwartz --- parsepkgbuild.sh | 127 +-- 1 file changed, 12 insertions(+), 115 deletions(-) diff --git a/parsepkgbuild.sh b/parsepkgbuild.sh index d85574d..66cea40 100644 --- a/parsepkgbuild.sh +++ b/parsepkgbuild.sh @@ -18,123 +18,20 @@ fi if [ -n "$pkgdesc" ]; then echo -e "%DESC%\n$pkgdesc\n" fi -if [ -n "$groups" ]; then - echo "%GROUPS%" - for i in ${groups[@]}; do echo $i; done - echo "" -fi - -if [ -n "$url" ]; then - echo -e "%URL%\n$url\n" -fi -if [ -n "$license" ]; then - echo "%LICENSE%" - for i in ${license[@]}; do echo $i; done - echo "" -fi -if [ -n "$arch" ]; then - echo "%ARCH%" - for i in ${arch[@]}; do echo $i; done - echo "" -fi -if [ -n "$builddate" ]; then - echo -e "%BUILDDATE%\n$builddate\n" -fi -if [ -n "$packager" ]; then - echo -e "%PACKAGER%\n$packager\n" -fi - -if [ -n "$replaces" ]; then - echo "%REPLACES%" - for i in "${replaces[@]}"; do echo $i; done - echo "" -fi -if [ -n "$force" ]; then - echo -e "%FORCE%\n" -fi -# create depends entry -if [ -n "$depends" ]; then - echo "%DEPENDS%" - for i in "${depends[@]}"; do echo $i; done - echo "" -fi -if [ -n "$makedepends" ]; then - echo "%MAKEDEPENDS%" - for i in "${makedepends[@]}"; do echo $i; done - echo "" -fi -if [ -n "$optdepends" ]; then - echo "%OPTDEPENDS%" - for i in "${optdepends[@]}"; do echo $i; done - echo "" -fi -if [ -n "$conflicts" ]; then - echo "%CONFLICTS%" - for i in "${conflicts[@]}"; do echo $i; done - echo "" -fi -if [ -n "$provides" ]; then - echo "%PROVIDES%" - for i in "${provides[@]}"; do echo $i; done - echo "" -fi -if [ -n "$backup" ]; then - echo "%BACKUP%" - for i in "${backup[@]}"; do echo $i; done - echo "" -fi -if [ -n "$options" ]; then - echo "%OPTIONS%" - for i in "${options[@]}"; do echo $i; done - echo "" -fi -if [ -n "$source" ]; then - echo "%SOURCE%" - for i in "${source[@]}"; do echo $i; done - echo "" -fi -if [ -n "$validpgpkeys" ]; then - echo "%VALIDGPGKEYS%" - for i in "${validpgpkeys[@]}"; do echo $i; done - echo "" -fi -if [ -n "$md5sums" ]; then - echo "%MD5SUMS%" - for i in "${md5sums[@]}"; do echo $i; done - echo "" -fi -if [ -n "$sha1sums" ]; then - echo "%SHA1SUMS%" - for i in "${sha1sums[@]}"; do echo $i; done - echo "" -fi -if [ -n "$sha224sums" ]; then - echo "%SHA224SUMS%" - for i in "${sha224sums[@]}"; do echo $i; done - echo "" -fi -if [ -n "$sha256sums" ]; then - echo "%SHA256SUMS%" - for i in "${sha256sums[@]}"; do echo $i; done - echo "" -fi -if [ -n "$sha384sums" ]; then - echo "%SHA384SUMS%" - for i in "${sha384sums[@]}"; do echo $i; done - echo "" -fi -if [ -n "$sha512sums" ]; then - echo "%SHA512SUMS%" - for i in "${sha512sums[@]}"; do echo $i; done - echo "" -fi - -if [ -n "$install" ]; then - echo -e "%INSTALL%\n$install\n" -fi +meta_keys=(groups url license arch builddate packager replaces force depends + makedepends optdepends conflicts provides backup options source + validpgpkeys {md5,sha{1,224,256,384,512}}sums install) +for key in "${meta_keys[@]}"; do + arr="$key[@]" + if [[ -n ${!key} ]]; then + echo "%${key^^}%" + for i in "${!arr}"; do echo "$i"; done + echo "" + fi +done -unset i +unset arr key meta_keys i echo "%SETVARS%" compgen -A variable } -- 2.21.0
[arch-projects] [namcap] [PATCH] Add rule to report on unneeded dependencies from hooks
Just as it is unnecessary to run certain commands in a post_upgrade script, if a hook already runs it, so too is it usually unnecessary to depend on the package that installs the hook. Sometimes these dependencies are left in even when the install script is removed, because people lack understanding in the true subtleties of hooks and the commands they run -- but the commands do not depend on the list of files which trigger them in order to function, and are fully operative when installed later. In fact, they will already be required by the software that uses the results. e.g. desktop-file-utils and shared-mime-info provide hooks to compile the mime and desktop file databases, but upon first installing the hook, a full database will already be compiled. The hook does not need to be triggered by the filepath, and thus does not need to be a dependency of every package that provides a desktop or mime file. Instead, desktop environments which need a mime/desktop file database will depend on the package and thereby ensure the database exists when needed. Signed-off-by: Eli Schwartz --- With this plus my previous patch, namcap will stop warning when these dependencies are missing, and instead, warn when they are used. I've yet to hear a convincing reason why these dependencies would be wanted -- I suspect they exist mostly because of inertia, or because they were copied from another (historic?) PKGBUILD that was used as a role model. Namcap/rules/__init__.py| 1 + Namcap/rules/hookdepends.py | 48 + namcap-tags | 8 --- 3 files changed, 54 insertions(+), 3 deletions(-) create mode 100644 Namcap/rules/hookdepends.py diff --git a/Namcap/rules/__init__.py b/Namcap/rules/__init__.py index 1e05326..525dbc6 100644 --- a/Namcap/rules/__init__.py +++ b/Namcap/rules/__init__.py @@ -31,6 +31,7 @@ from . import ( fileownership, gnomemime, hardlinks, + hookdepends, infodirectory, javafiles, kdeprograms, diff --git a/Namcap/rules/hookdepends.py b/Namcap/rules/hookdepends.py new file mode 100644 index 000..dcf03a1 --- /dev/null +++ b/Namcap/rules/hookdepends.py @@ -0,0 +1,48 @@ +# +# namcap rules - hookdepends +# Copyright (C) 2019 Eli Schwartz +# Copyright (C) 2016 Kyle Keen +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import re +from Namcap.ruleclass import * + +class HookDependsRule(TarballRule): + name = "hookdepends" + description = "Check for redundant hook dependencies" + subrules = [ + { + 'path': '^usr/share/applications/.*\.desktop$', + 'dep': 'desktop-file-utils', + }, + { + 'path': '^usr/share/mime$', + 'dep': 'shared-mime-info', + } + ] + def analyze(self, pkginfo, tar): + names = [entry.name for entry in tar] + for subrule in self.subrules: + pattern = re.compile(subrule['path']) + if any(pattern.search(n) for n in names): + dep = subrule['dep'] + if dep in pkginfo['depends']: + self.warnings = [('external-hooks-unneeded-warning', ())] + self.infos.append(('external-hooks-unneeded-name %s', dep)) + + +# vim: set ts=4 sw=4 noet: diff --git a/namcap-tags b/namcap-tags index 17b9506..84cc3f7 100644 --- a/namcap-tags +++ b/namcap-tags @@ -1,11 +1,11 @@ # namcap tags file -# The tags file consists of lines specifying the human readable form of the -# hyphenated tags used in the namcap code. A line beginning with a '#' is +# The tags file consists of lines specifying the human readable form of the +# hyphenated tags used in the namcap code. A line beginning with a '#' is # treated as a comment. Otherwise the format of the file is: # # machine-parseable-tag %s :: This is machine parseable tag %s # -# Note that a double colon (::) is used to separate the hyphenated tag from the +# Note that a double colon (::) is used to separate the hyphenated tag from the # human readable description. # rules tags @@ -26,6 +26,8 @@ empty-directory %s ::
Re: [arch-projects] [namcap] [PATCH] Remove no longer useful warnings that have missing keys
On 4/10/19 9:15 PM, Eli Schwartz wrote: > Arch Linux now has pacman hooks that provide automatic handling for > update-{desktop,mime}-database without each package requiring a hard > dependency and a post_upgrade hook. This means it is no longer correct > to depend on the packages or provide an install script. Instead, remove > this entirely. Uh, this should really mention: Fixes FS#56898 > > Signed-off-by: Eli Schwartz > --- > Namcap/rules/__init__.py | 7 ++- > Namcap/rules/mimefiles.py| 40 --- > Namcap/rules/pathdepends.py | 9 ++-- > Namcap/tests/package/test_mimefiles.py | 62 > Namcap/tests/package/test_pathdepends.py | 10 +--- > 5 files changed, 8 insertions(+), 120 deletions(-) > delete mode 100644 Namcap/rules/mimefiles.py > delete mode 100644 Namcap/tests/package/test_mimefiles.py > > diff --git a/Namcap/rules/__init__.py b/Namcap/rules/__init__.py > index dcc950f..1e05326 100644 > --- a/Namcap/rules/__init__.py > +++ b/Namcap/rules/__init__.py > @@ -1,7 +1,7 @@ > -# > +# > # namcap rules - __init__ > # Copyright (C) 2003-2009 Jason Chu > -# > +# > # This program is free software; you can redistribute it and/or modify > # it under the terms of the GNU General Public License as published by > # the Free Software Foundation; either version 2 of the License, or > @@ -15,7 +15,7 @@ > # You should have received a copy of the GNU General Public License > # along with this program; if not, write to the Free Software > # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA > -# > +# > > from types import ModuleType > import Namcap.ruleclass > @@ -37,7 +37,6 @@ from . import ( >libtool, >licensepkg, >lotsofdocs, > - mimefiles, >missingbackups, >pathdepends, >perllocal, > diff --git a/Namcap/rules/mimefiles.py b/Namcap/rules/mimefiles.py > deleted file mode 100644 > index f9d56f4..000 > --- a/Namcap/rules/mimefiles.py > +++ /dev/null > @@ -1,40 +0,0 @@ > -# > -# namcap rules - mimefiles > -# Copyright (C) 2009 Hugo Doria > -# Copyright (C) 2011 Rémy Oudompheng > -# > -# This program is free software; you can redistribute it and/or modify > -# it under the terms of the GNU General Public License as published by > -# the Free Software Foundation; either version 2 of the License, or > -# (at your option) any later version. > -# > -# This program is distributed in the hope that it will be useful, > -# but WITHOUT ANY WARRANTY; without even the implied warranty of > -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > -# GNU General Public License for more details. > -# > -# You should have received a copy of the GNU General Public License > -# along with this program; if not, write to the Free Software > -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA > -# > - > -from Namcap.ruleclass import * > - > -class MimeDesktopRule(TarballRule): > - name = "mimedesktop" > - description = "Check for MIME desktop file depends" > - def analyze(self, pkginfo, tar): > - for entry in tar: > - if entry.issym(): > - continue > - if not entry.name.startswith("usr/share/applications"): > - continue > - if not entry.name.endswith(".desktop"): > - continue > - with tar.extractfile(entry) as f: > - if not any(l.startswith(b"MimeType=") for l in > f): > - continue > - > pkginfo.detected_deps["desktop-file-utils"].append( > ('desktop-file-utils-needed', ()) ) > - break > - > -# vim: set ts=4 sw=4 noet: > diff --git a/Namcap/rules/pathdepends.py b/Namcap/rules/pathdepends.py > index 5bc4313..87f9758 100644 > --- a/Namcap/rules/pathdepends.py > +++ b/Namcap/rules/pathdepends.py > @@ -1,7 +1,7 @@ > -# > +# > # namcap rules - pathdepends > # Copyright (C) 2016 Kyle Keen > -# > +# > # This program is free software; you can redistribute it and/or modify > # it under the terms of the GNU General Public License as published by > # the Free Software Foundation; either version 2 of the License, or > @@ -15,7 +15,7 @@ > # You should have received a copy of the GNU General Public License > # along with this program; if not, write to the Free Software > # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA > -# > +# > > """ > This contains a collection of essentially one-line rules: > @@ -41,9 +41,6 @@ class PathDependsRule(TarballRule): > {'path': '^usr/share/icons/hicolor$', > 'dep':'hicolor-icon-theme', > 'reason':'hicolor-icon-theme-needed-for-hicolor-dir'}, > - {'path': '^usr/share/mime$', > -
[arch-projects] [namcap] [PATCH] Remove no longer useful warnings that have missing keys
Arch Linux now has pacman hooks that provide automatic handling for update-{desktop,mime}-database without each package requiring a hard dependency and a post_upgrade hook. This means it is no longer correct to depend on the packages or provide an install script. Instead, remove this entirely. Signed-off-by: Eli Schwartz --- Namcap/rules/__init__.py | 7 ++- Namcap/rules/mimefiles.py| 40 --- Namcap/rules/pathdepends.py | 9 ++-- Namcap/tests/package/test_mimefiles.py | 62 Namcap/tests/package/test_pathdepends.py | 10 +--- 5 files changed, 8 insertions(+), 120 deletions(-) delete mode 100644 Namcap/rules/mimefiles.py delete mode 100644 Namcap/tests/package/test_mimefiles.py diff --git a/Namcap/rules/__init__.py b/Namcap/rules/__init__.py index dcc950f..1e05326 100644 --- a/Namcap/rules/__init__.py +++ b/Namcap/rules/__init__.py @@ -1,7 +1,7 @@ -# +# # namcap rules - __init__ # Copyright (C) 2003-2009 Jason Chu -# +# # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or @@ -15,7 +15,7 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# +# from types import ModuleType import Namcap.ruleclass @@ -37,7 +37,6 @@ from . import ( libtool, licensepkg, lotsofdocs, - mimefiles, missingbackups, pathdepends, perllocal, diff --git a/Namcap/rules/mimefiles.py b/Namcap/rules/mimefiles.py deleted file mode 100644 index f9d56f4..000 --- a/Namcap/rules/mimefiles.py +++ /dev/null @@ -1,40 +0,0 @@ -# -# namcap rules - mimefiles -# Copyright (C) 2009 Hugo Doria -# Copyright (C) 2011 Rémy Oudompheng -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -from Namcap.ruleclass import * - -class MimeDesktopRule(TarballRule): - name = "mimedesktop" - description = "Check for MIME desktop file depends" - def analyze(self, pkginfo, tar): - for entry in tar: - if entry.issym(): - continue - if not entry.name.startswith("usr/share/applications"): - continue - if not entry.name.endswith(".desktop"): - continue - with tar.extractfile(entry) as f: - if not any(l.startswith(b"MimeType=") for l in f): - continue - pkginfo.detected_deps["desktop-file-utils"].append( ('desktop-file-utils-needed', ()) ) - break - -# vim: set ts=4 sw=4 noet: diff --git a/Namcap/rules/pathdepends.py b/Namcap/rules/pathdepends.py index 5bc4313..87f9758 100644 --- a/Namcap/rules/pathdepends.py +++ b/Namcap/rules/pathdepends.py @@ -1,7 +1,7 @@ -# +# # namcap rules - pathdepends # Copyright (C) 2016 Kyle Keen -# +# # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or @@ -15,7 +15,7 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# +# """ This contains a collection of essentially one-line rules: @@ -41,9 +41,6 @@ class PathDependsRule(TarballRule): {'path': '^usr/share/icons/hicolor$', 'dep':'hicolor-icon-theme', 'reason':'hicolor-icon-theme-needed-for-hicolor-dir'}, - {'path': '^usr/share/mime$', - 'dep':'shared-mime-info', - 'reason':'shared-mime-info-needed'}, ] def analyze(self, pkginfo, tar): names = [entry.name for entry in tar] diff --git a/Namcap/tests/package/test_mimefiles.py b/Namcap/tests/package/test_mimefiles.py deleted file mode 100644 index