commit melange for openSUSE:Factory

Source-Sync Mon, 26 May 2025 09:50:56 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package melange for openSUSE:Factory checked 
in at 2025-05-26 18:38:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/melange (Old)
 and      /work/SRC/openSUSE:Factory/.melange.new.2732 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "melange"

Mon May 26 18:38:01 2025 rev:89 rq:1279955 version:0.26.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/melange/melange.changes  2025-05-22 
16:57:34.115698338 +0200
+++ /work/SRC/openSUSE:Factory/.melange.new.2732/melange.changes        
2025-05-26 18:39:25.689229704 +0200
@@ -1,0 +2,8 @@
+Mon May 26 04:45:35 UTC 2025 - Johannes Kastl 
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 0.26.1:
+  * e2e-tests/run-tests: Invoke melange using $MELANGE (#2004)
+  * linter:usrmerge: Improve error message to list files (#1863)
+  * fix: add ignore paths to license files (#2000)
+
+-------------------------------------------------------------------

Old:
----
  melange-0.26.0.obscpio

New:
----
  melange-0.26.1.obscpio

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ melange.spec ++++++
--- /var/tmp/diff_new_pack.KcOrb2/_old  2025-05-26 18:39:26.785275726 +0200
+++ /var/tmp/diff_new_pack.KcOrb2/_new  2025-05-26 18:39:26.785275726 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           melange
-Version:        0.26.0
+Version:        0.26.1
 Release:        0
 Summary:        Build APKs from source code
 License:        Apache-2.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.KcOrb2/_old  2025-05-26 18:39:26.821277238 +0200
+++ /var/tmp/diff_new_pack.KcOrb2/_new  2025-05-26 18:39:26.821277238 +0200
@@ -3,7 +3,7 @@
     <param name="url">https://github.com/chainguard-dev/melange</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v0.26.0</param>
+    <param name="revision">v0.26.1</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.KcOrb2/_old  2025-05-26 18:39:26.845278246 +0200
+++ /var/tmp/diff_new_pack.KcOrb2/_new  2025-05-26 18:39:26.845278246 +0200
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param 
name="url">https://github.com/chainguard-dev/melange</param>
-              <param 
name="changesrevision">73723fb269d1f13ef21d8beb42956bbc42c2239b</param></service></servicedata>
+              <param 
name="changesrevision">c547b5ea62d77568b73f82c4b90b1da3fd130661</param></service></servicedata>
 (No newline at EOF)
 

++++++ melange-0.26.0.obscpio -> melange-0.26.1.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/melange-0.26.0/e2e-tests/run-tests 
new/melange-0.26.1/e2e-tests/run-tests
--- old/melange-0.26.0/e2e-tests/run-tests      2025-05-20 23:45:26.000000000 
+0200
+++ new/melange-0.26.1/e2e-tests/run-tests      2025-05-22 21:20:06.000000000 
+0200
@@ -27,7 +27,7 @@
 if [ -f "$key" -a -f "$key.pub" ]; then
     echo "using existing $key"
 else
-    melange keygen "$key" ||
+    $MELANGE keygen "$key" ||
         { echo "failed to create local-melange signing key"; exit 1; }
 fi
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/melange-0.26.0/pkg/container/qemu_runner.go 
new/melange-0.26.1/pkg/container/qemu_runner.go
--- old/melange-0.26.0/pkg/container/qemu_runner.go     2025-05-20 
23:45:26.000000000 +0200
+++ new/melange-0.26.1/pkg/container/qemu_runner.go     2025-05-22 
21:20:06.000000000 +0200
@@ -439,7 +439,7 @@
        // we append also all the necessary files that we might need, for 
example Licenses
        // for license checks
        for _, v := range extraFiles {
-               retrieveCommand = retrieveCommand + " " + v
+               retrieveCommand = fmt.Sprintf("%s %q", retrieveCommand, v)
        }
 
        // default to root user, unless a different user is specified
@@ -855,7 +855,7 @@
                if strings.Contains(f, "melange-out") {
                        continue
                }
-               if is, _ := license.IsLicenseFile(filepath.Base(f)); is {
+               if is, _ := license.IsLicenseFile(f); is {
                        licenseFiles = append(licenseFiles, f)
                }
        }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/melange-0.26.0/pkg/license/license.go 
new/melange-0.26.1/pkg/license/license.go
--- old/melange-0.26.0/pkg/license/license.go   2025-05-20 23:45:26.000000000 
+0200
+++ new/melange-0.26.1/pkg/license/license.go   2025-05-22 21:20:06.000000000 
+0200
@@ -143,7 +143,7 @@
                        return nil
                }
 
-               is, weight := IsLicenseFile(info.Name())
+               is, weight := IsLicenseFile(filePath)
                if is {
                        // Licenses in the top level directory have a higher 
weight so that they
                        // always appear first
@@ -176,6 +176,22 @@
 // Returns true/fals if the file is a license file, and the weight value
 // associated with the match, as some matches are potentially more relevant.
 func IsLicenseFile(filename string) (bool, float64) {
+       // Ignore files in these paths
+       ignoredPaths := []string{
+               ".virtualenv",
+               "env",
+               "node_modules",
+               "venv",
+       }
+       for _, i := range ignoredPaths {
+               if slices.Contains(strings.Split(filename, 
string(filepath.Separator)), i) {
+                       return false, 0.0
+               }
+       }
+
+       // normalize to file name only
+       filename = filepath.Base(filename)
+
        filenameExt := filepath.Ext(filename)
        // Check if the file matches any of the license-related regex patterns
        for regex, weight := range filenameRegexes {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/melange-0.26.0/pkg/license/license_test.go 
new/melange-0.26.1/pkg/license/license_test.go
--- old/melange-0.26.0/pkg/license/license_test.go      2025-05-20 
23:45:26.000000000 +0200
+++ new/melange-0.26.1/pkg/license/license_test.go      2025-05-22 
21:20:06.000000000 +0200
@@ -101,6 +101,49 @@
                        t.Errorf("Expected license file %s not found", expected)
                }
        }
+
+       testInoreFiles := []string{
+               "node_modules/LICENSE",
+               "node_modules/LICENSE.md",
+               "venv/COPYING",
+               "venv/COPYING.txt",
+               "venv/random.txt",
+               "env/LICENSE-MIT.md",
+               "env/README.md",
+               "env/LICENSE-APACHE",
+               ".virtualenv/LICENSE.gemspec",
+               ".virtualenv/COPYRIGHT",
+               ".virtualenv/MIT-COPYING",
+               "node_modules/copyme",
+               "node_modules/COPY",
+               "node_modules/LICENSE.txt",
+       }
+
+       tmpDir = t.TempDir()
+       for _, name := range testInoreFiles {
+               filePath := filepath.Join(tmpDir, name)
+               err := os.MkdirAll(filepath.Join(tmpDir, filepath.Dir(name)), 
os.ModePerm)
+               if err != nil {
+                       t.Fatalf("Failed to create test file %s: %v", name, err)
+               }
+               fp, err := os.OpenFile(filePath, os.O_RDONLY|os.O_CREATE, 0666)
+               if err != nil {
+                       t.Fatalf("Failed to create test file %s: %v", name, err)
+               }
+               fp.Close()
+       }
+
+       tmpFS = apkofs.DirFS(tmpDir)
+
+       // Call function under test
+       licenseFiles, err = FindLicenseFiles(tmpFS)
+       if len(licenseFiles) > 0 {
+               t.Fatalf("Failed to test ignored files")
+       }
+       if err != nil {
+               t.Fatalf("FindLicenseFiles returned an error: %v", err)
+       }
+
 }
 
 func TestIdentify(t *testing.T) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/melange-0.26.0/pkg/linter/linter.go 
new/melange-0.26.1/pkg/linter/linter.go
--- old/melange-0.26.0/pkg/linter/linter.go     2025-05-20 23:45:26.000000000 
+0200
+++ new/melange-0.26.1/pkg/linter/linter.go     2025-05-22 21:20:06.000000000 
+0200
@@ -779,39 +779,54 @@
 }
 
 func usrmergeLinter(ctx context.Context, _ *config.Configuration, _ string, 
fsys fs.FS) error {
-       return fs.WalkDir(fsys, ".", func(path string, d fs.DirEntry, err 
error) error {
+       paths := []string{}
+
+       err := fs.WalkDir(fsys, ".", func(path string, d fs.DirEntry, err 
error) error {
                if err := ctx.Err(); err != nil {
                        return err
                }
                if err != nil {
                        return err
                }
+
                if isIgnoredPath(path) {
-                       return nil
+                       return filepath.SkipDir
+               }
+
+               // If it's not a directory of interest just skipp the whole tree
+               if path != "." && !strings.HasPrefix(path, "sbin") && 
!strings.HasPrefix(path, "bin") && !strings.HasPrefix(path, "usr/sbin") {
+                       if d.IsDir() && path != "usr" {
+                               return filepath.SkipDir
+                       }
                }
 
-               // We don't really care if a package is re-adding a symlink and 
this catches wolfi-baselayout
-               // without special casing it with the package name.
                if path == "sbin" || path == "bin" || path == "usr/sbin" {
                        if d.IsDir() || d.Type().IsRegular() {
-                               return fmt.Errorf("package contains non-symlink 
file at /sbin, /bin or /usr/sbin in violation of usrmerge")
-                       } else {
+                               paths = append(paths, path)
                                return nil
                        }
                }
 
-               if strings.HasPrefix(path, "sbin") {
-                       return fmt.Errorf("package writes to /sbin in violation 
of usrmerge: %s", path)
+               if strings.HasPrefix(path, "sbin/") || strings.HasPrefix(path, 
"bin/") || strings.HasPrefix(path, "usr/sbin") {
+                       paths = append(paths, path)
                }
 
-               if strings.HasPrefix(path, "bin") {
-                       return fmt.Errorf("package writes to /bin in violation 
of usrmerge: %s", path)
+               return nil
+       })
+       if err != nil {
+               fmt.Print("Returned error?")
+               return err
+       }
+
+       if len(paths) > 0 {
+               err_string := "Package contains paths in violation of usrmerge:"
+               for _, path := range paths {
+                       err_string = strings.Join([]string{err_string, path}, 
"\n")
                }
+               err_string += "\n"
+               return errors.New(err_string)
 
-               if strings.HasPrefix(path, "usr/sbin") {
-                       return fmt.Errorf("package writes to /usr/sbin in 
violation of usrmerge: %s", path)
-               }
+       }
 
-               return nil
-       })
+       return nil
 }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/melange-0.26.0/pkg/linter/linter_test.go 
new/melange-0.26.1/pkg/linter/linter_test.go
--- old/melange-0.26.0/pkg/linter/linter_test.go        2025-05-20 
23:45:26.000000000 +0200
+++ new/melange-0.26.1/pkg/linter/linter_test.go        2025-05-22 
21:20:06.000000000 +0200
@@ -238,6 +238,32 @@
                },
                linter: "usrmerge",
                pass:   true,
+       }, {
+               dirFunc: func() string {
+                       d := t.TempDir()
+                       assert.NoError(t, os.MkdirAll(filepath.Join(d, "bin"), 
0700))
+                       assert.NoError(t, os.MkdirAll(filepath.Join(d, "sbin"), 
0700))
+                       assert.NoError(t, os.MkdirAll(filepath.Join(d, 
"usr/sbin"), 0700))
+                       fmt.Printf("Creating dirs and such\n")
+                       f, err := os.Create(filepath.Join(d, "bin/test"))
+                       assert.NoError(t, err)
+                       fmt.Fprintln(f, "blah")
+                       defer f.Close()
+
+                       g, err := os.Create(filepath.Join(d, "sbin/test"))
+                       assert.NoError(t, err)
+                       fmt.Fprintln(g, "blah")
+                       defer g.Close()
+
+                       h, err := os.Create(filepath.Join(d, "usr/sbin/test"))
+                       assert.NoError(t, err)
+                       fmt.Fprintln(h, "blah")
+                       defer h.Close()
+
+                       return d
+               },
+               linter: "usrmerge",
+               pass:   false,
        }} {
                ctx := slogtest.Context(t)
                t.Run(c.linter, func(t *testing.T) {

++++++ melange.obsinfo ++++++
--- /var/tmp/diff_new_pack.KcOrb2/_old  2025-05-26 18:39:27.093288659 +0200
+++ /var/tmp/diff_new_pack.KcOrb2/_new  2025-05-26 18:39:27.093288659 +0200
@@ -1,5 +1,5 @@
 name: melange
-version: 0.26.0
-mtime: 1747777526
-commit: 73723fb269d1f13ef21d8beb42956bbc42c2239b
+version: 0.26.1
+mtime: 1747941606
+commit: c547b5ea62d77568b73f82c4b90b1da3fd130661
 

++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/melange/vendor.tar.gz 
/work/SRC/openSUSE:Factory/.melange.new.2732/vendor.tar.gz differ: char 134, 
line 3

commit melange for openSUSE:Factory

Reply via email to