click-reviewers-tools (0.35) xenial; urgency=medium
[ Jamie Strandboge ]
* clickreviews/cr_systemd.py:
- add checks for listen-stream, socket, socket-user and socket-group
- remove vendor checks with bus-name (LP: #1510522)
* clickreviews/cr_security.py:
- make sure that the generated profile name is under the current 253
character maximum. This might have to be adjusted after the AppArmor
stacking work is completed (LP: #1499544)
- adjust for xenial snappy defaulting to using 'network-client' instead
of 'networking'
- use 'NEEDS REVIEW' instead of 'MANUAL REVIEW'
* clickreviews/cr_lint.py:
- check if package ships .click directory
- add a few more vcs files
- remove vendor-specific checks. 'vendor' is still allowed for
compatibility with older snappy versions, but no formatting checks are
performed (LP: #1510522)
- 'Maintainer' checks in the click manifest should only be done with click
packages (LP: #1510522)
- don't prompt manual review when find .excludes file
- add kernel and os as valid snap types
- remove package filename checks. They were meaningless and hard to
maintain
- sort unknown snappy yaml keys
- use 'NEEDS REVIEW' instead of 'MANUAL REVIEW'
* clickreviews/cr_common.py:
- add valid yaml keys for kernel snaps
- add a couple more mime types for detecting binaries (useful for arm
kernels)
* update data/apparmor-easyprof-ubuntu.json for 16.04 policy
* Makefile: add json syntax check
* several changes for squashfs snaps that won't have a click manifest, etc.
Importantly, this means that only package.yaml is looked at and a lot of
click specific tests can be skipped
- cr_common.py:
+ rename a few variable to not be click specific
+ add self.pkgfmt
+ adjust __init__() to conditionally use package.yaml on squashfs,
otherwise click manifest
+ make click data structure initialization conditional on if click
or not (eg, don't run hooks code on squashfs images)
- adjust clickreviews/cr_* to conditionally run certain click-only tests
on click packages
- adjust architecture checks to use self.pkg_arch and rename
control_architecture_specified_needed as architecture_specified_needed
- cr_security.py:
+ revamp to use package.yaml on non-click instead of now nonexistent
security manifest
+ update push-helper template test to not make hooks specific
+ network-client should not be allowed with push helpers either
+ conditionally look for INSTALL_DIR on 16.04 systems in security-policy
+ adjust security-override checks on 16.04 to follow 16.04 yaml
+ make click manifest checks conditional on if click
- cr_tests.py: mock _pkgfmt_type(), _pkgfmt_version() and _is_squashfs()
[ Michael Nelson ]
* add support for non-mocked tests
[ Michael Vogt ]
* add support for squashfs snaps (currently will trigger manual review)
[ Daniel Holbach ]
* Pass absolute path of click or snap file - that way it's safe even if we
chdir (LP: #1514346).
* Allow translated scope .ini fields to have 3 letters as their lang_code
identifier, ie. 'ast'. (LP: #1517017)
* Ensure "urls" is not empty (LP: #1522777)
[ James Tait ]
* Add a handful of links to askubuntu questions to explain some of the
rejection messages.
[ Alberto Mardegan ]
* Allow "accounts" hook since the 15.04.1 framework
* Online Accounts: update to latest plugin hook format (LP: #1520605)
[ Marcus Tomlinson ]
* Forbid the internal "DebugMode" scope.ini key from making its way into the
store (LP: #1511063)
Date: Mon, 14 Dec 2015 16:09:52 -0600
Changed-By: Jamie Strandboge <ja...@ubuntu.com>
Maintainer: Ubuntu Appstore Developers
<ubuntu-appstore-develop...@lists.launchpad.net>
https://launchpad.net/ubuntu/+source/click-reviewers-tools/0.35
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 14 Dec 2015 16:09:52 -0600
Source: click-reviewers-tools
Binary: click-reviewers-tools
Architecture: source
Version: 0.35
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Appstore Developers
<ubuntu-appstore-develop...@lists.launchpad.net>
Changed-By: Jamie Strandboge <ja...@ubuntu.com>
Description:
click-reviewers-tools - tools to review click packages
Launchpad-Bugs-Fixed: 1499544 1510522 1511063 1514346 1517017 1520605 1522777
Changes:
click-reviewers-tools (0.35) xenial; urgency=medium
.
[ Jamie Strandboge ]
* clickreviews/cr_systemd.py:
- add checks for listen-stream, socket, socket-user and socket-group
- remove vendor checks with bus-name (LP: #1510522)
* clickreviews/cr_security.py:
- make sure that the generated profile name is under the current 253
character maximum. This might have to be adjusted after the AppArmor
stacking work is completed (LP: #1499544)
- adjust for xenial snappy defaulting to using 'network-client' instead
of 'networking'
- use 'NEEDS REVIEW' instead of 'MANUAL REVIEW'
* clickreviews/cr_lint.py:
- check if package ships .click directory
- add a few more vcs files
- remove vendor-specific checks. 'vendor' is still allowed for
compatibility with older snappy versions, but no formatting checks are
performed (LP: #1510522)
- 'Maintainer' checks in the click manifest should only be done with click
packages (LP: #1510522)
- don't prompt manual review when find .excludes file
- add kernel and os as valid snap types
- remove package filename checks. They were meaningless and hard to
maintain
- sort unknown snappy yaml keys
- use 'NEEDS REVIEW' instead of 'MANUAL REVIEW'
* clickreviews/cr_common.py:
- add valid yaml keys for kernel snaps
- add a couple more mime types for detecting binaries (useful for arm
kernels)
* update data/apparmor-easyprof-ubuntu.json for 16.04 policy
* Makefile: add json syntax check
* several changes for squashfs snaps that won't have a click manifest, etc.
Importantly, this means that only package.yaml is looked at and a lot of
click specific tests can be skipped
- cr_common.py:
+ rename a few variable to not be click specific
+ add self.pkgfmt
+ adjust __init__() to conditionally use package.yaml on squashfs,
otherwise click manifest
+ make click data structure initialization conditional on if click
or not (eg, don't run hooks code on squashfs images)
- adjust clickreviews/cr_* to conditionally run certain click-only tests
on click packages
- adjust architecture checks to use self.pkg_arch and rename
control_architecture_specified_needed as architecture_specified_needed
- cr_security.py:
+ revamp to use package.yaml on non-click instead of now nonexistent
security manifest
+ update push-helper template test to not make hooks specific
+ network-client should not be allowed with push helpers either
+ conditionally look for INSTALL_DIR on 16.04 systems in security-policy
+ adjust security-override checks on 16.04 to follow 16.04 yaml
+ make click manifest checks conditional on if click
- cr_tests.py: mock _pkgfmt_type(), _pkgfmt_version() and _is_squashfs()
.
[ Michael Nelson ]
* add support for non-mocked tests
.
[ Michael Vogt ]
* add support for squashfs snaps (currently will trigger manual review)
.
[ Daniel Holbach ]
* Pass absolute path of click or snap file - that way it's safe even if we
chdir (LP: #1514346).
* Allow translated scope .ini fields to have 3 letters as their lang_code
identifier, ie. 'ast'. (LP: #1517017)
* Ensure "urls" is not empty (LP: #1522777)
.
[ James Tait ]
* Add a handful of links to askubuntu questions to explain some of the
rejection messages.
.
[ Alberto Mardegan ]
* Allow "accounts" hook since the 15.04.1 framework
* Online Accounts: update to latest plugin hook format (LP: #1520605)
.
[ Marcus Tomlinson ]
* Forbid the internal "DebugMode" scope.ini key from making its way into the
store (LP: #1511063)
Checksums-Sha1:
3ea4572ed204f32fd42166c36fb5c28bd426fd4c 1834 click-reviewers-tools_0.35.dsc
32edc5fb9a68b8e6b4c2698b4f49e262252796a9 119427
click-reviewers-tools_0.35.tar.gz
Checksums-Sha256:
5c67dce8a4de9e0c9880d07e62343548fc0ad5a12f1c79a5e1a56ae456342484 1834
click-reviewers-tools_0.35.dsc
f98b8b156a00b7970f7d6642d95a206fa8f95fdd627aae143c9feb4f5334f57c 119427
click-reviewers-tools_0.35.tar.gz
Files:
674c90d850784e2f8da98b6bca04754e 1834 devel optional
click-reviewers-tools_0.35.dsc
522553eaad19739624bca55eea7adc97 119427 devel optional
click-reviewers-tools_0.35.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWb0H1AAoJEFHb3FjMVZVzpl8QALVWdR1xT9yxDgYmNk6AgY6P
WdxHee0FODckO/BptP0zkmu9DApwKsnpD19bVqF7TXlV1wfMZA4O/qUCG3TZdBFd
kZNQx7VPwcoQiMNQvtJIkDmsW19Xd+lZd1/fW2+BwVResVJhrWe4o6fpWe6ZquhY
5zqXPYUi2xNy9tiX463MKlQdjccnD4AMBKFoBSZKj6GiUUMpwVv5Hq3yJCWLGOjs
EocO7mtZpNNaaYwLs2TXJ2vS0CVCBmy5eQIwGpaHpwaxUA6nXufWFCyQ8PAXT6la
+ow/dqtagx+WvEF4ZWuvudsH8xh2b0mr9LaxAmGV5obH80a5jK5Qlp7WfVFkDcMe
IstZgAD0YqUGJlznfin3EWEtR9uGNjUSoAWqsH1fcM8eaOMdZGu9NINqa183Ptxd
DqQwzxvma4kH8ETPCH5EaR1UxVIc3rnyhXvnaDAW3bJpAmS+HxScj8rUBUbjwJdt
qALXHlps+Y7wE9Zka5sr/KBDtBRP4Faa6ipZ4DvIBM3ffcgRbfpFKaNqwCSX/9h0
XquyE55QchYTjj55ThNtOGDlQN6I5x6EKXdC/KIxRQ+lBum3iXPvM46zduc/5PPv
lDHXgyKl/k2HF2QBWi9wgq59Hcya5v4LI2cc7ceretSVinupvzIa/H1wAVbr4ypB
M1AxZukY5AkkcnT58s/T
=9Bw/
-----END PGP SIGNATURE-----
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
