This is an automated email from the git hooks/post-receive script. lamby pushed a commit to branch master in repository lintian.
commit f0e60714b87403db6478fae7f8e3671430fa393f Author: Chris Lamb <la...@debian.org> Date: Sun Mar 18 17:59:39 2018 -0400 Only emit source-contains-prebuilt-java-object reported for .jar files that contain classes. (Closes: #789802) --- checks/cruft.desc | 8 ---- checks/java.desc | 10 ++++- checks/java.pm | 15 +++++-- collection/java-info.desc | 2 +- data/cruft/warn-file-type | 1 - debian/changelog | 4 ++ lib/Lintian/Collect/Source.pm | 88 ++++++++++++++++++++++++++++++++++++- t/tests/cruft-general-upstream/desc | 3 +- t/tests/cruft-general-upstream/tags | 1 - t/tests/java-jars/desc | 2 + 10 files changed, 117 insertions(+), 17 deletions(-) diff --git a/checks/cruft.desc b/checks/cruft.desc index 0574fd0..c469fdd 100644 --- a/checks/cruft.desc +++ b/checks/cruft.desc @@ -446,14 +446,6 @@ Info: The source tarball contains a prebuilt file in the Shockwave Flash sure the package includes the source for the file and that the packaging rebuilds it. -Tag: source-contains-prebuilt-java-object -Severity: pedantic -Certainty: possible -Info: The source tarball contains a prebuilt Java class file. These are often - included by mistake when developers generate a tarball without cleaning - the source directory first. If there is no sign this was intended, - consider reporting it as an upstream bug. - Tag: source-contains-prebuilt-javascript-object Severity: pedantic Certainty: possible diff --git a/checks/java.desc b/checks/java.desc index 7a8af22..27739e1 100644 --- a/checks/java.desc +++ b/checks/java.desc @@ -1,7 +1,7 @@ Check-Script: java Author: Vincent Fourmond <fourm...@debian.org> Abbrev: java -Type: binary +Type: binary, source Needs-Info: java-info, unpacked Info: This script checks if the packages comply with various aspects of the Debian Java policy. @@ -119,3 +119,11 @@ Info: The package ships the specified Jar file containing a Please ensure that the specified <tt>.java</tt> files are not shipped in the Jar file. Ref: java-policy 2.4 + +Tag: source-contains-prebuilt-java-object +Severity: pedantic +Certainty: possible +Info: The source tarball contains a prebuilt Java class file. These are often + included by mistake when developers generate a tarball without cleaning + the source directory first. If there is no sign this was intended, + consider reporting it as an upstream bug. diff --git a/checks/java.pm b/checks/java.pm index 59c7d35..dafe531 100644 --- a/checks/java.pm +++ b/checks/java.pm @@ -30,16 +30,26 @@ use Lintian::Data (); use Lintian::Tags qw(tag); use Lintian::Util qw(normalize_pkg_path $PKGNAME_REGEX); +our $CLASS_REGEX = qr/\.(?:class|cljc?)/o; our $MAX_BYTECODE = Lintian::Data->new('java/constants', qr/\s*=\s*/o); sub run { - my ($pkg, undef, $info) = @_; + my ($pkg, $type, $info) = @_; my $java_info = $info->java_info; my $missing_jarwrapper = 0; my $has_public_jars = 0; my $has_jars = 0; my $jmajlow = '-'; + if ($type eq 'source') { + for my $jar_file (sort keys %{$java_info}) { + my $files = $java_info->{$jar_file}{files}; + tag 'source-contains-prebuilt-java-object', $jar_file + if any { m/$CLASS_REGEX$/i } keys %{$files}; + } + return; + } + my $depends = $info->relation('strong')->unparse; # Remove all libX-java-doc packages to avoid thinking they are java libs # - note the result may not be a valid dependency listing @@ -76,8 +86,7 @@ sub run { unless basename($jar_file) =~ /^$PKGNAME_REGEX\.jar$/; } # check for common code files like .class or .clj (Clojure files) - foreach - my $class (grep { m/\.(?:class|cljc?)$/oi } sort keys %{$files}){ + foreach my $class (grep { m/$CLASS_REGEX$/i } sort keys %{$files}){ my $mver = $files->{$class}; (my $src = $class) =~ s/\.[^.]+$/\.java/; tag 'jar-contains-source', $jar_file, $src if %{$files}{$src}; diff --git a/collection/java-info.desc b/collection/java-info.desc index a4e44e0..98aade4 100644 --- a/collection/java-info.desc +++ b/collection/java-info.desc @@ -1,7 +1,7 @@ Collector-Script: java-info Author: Vincent Fourmond <fourm...@debian.org> Info: This script extracts information from manifests of JAR files -Type: binary +Type: binary, source Version: 3 Needs-Info: file-info, unpacked Interface: perl-coll diff --git a/data/cruft/warn-file-type b/data/cruft/warn-file-type index dd60910..f93ff6a 100644 --- a/data/cruft/warn-file-type +++ b/data/cruft/warn-file-type @@ -9,7 +9,6 @@ source-contains-prebuilt-binary ~~ \bELF\b ~~ ~~ map { 's/(?i)(?:[\.-](?:bin|elf|e|hs|linux\d+|oo?|or|out|so(?:\.\d+)*)|static)?$/'.$_.'/'} qw(.asm .c .cc .cpp .cxx .f .F .i .ml .rc .S) source-contains-prebuilt-flash-object ~~ ^Macromedia \s Flash ~~ ~~ s/(?i)\.swf$/.as/ source-contains-prebuilt-flash-project ~~ ^Composite \s Document \s File ~~ (?i)\.fla$ ~~ s/(?i)\.fla$/.as/ -source-contains-prebuilt-java-object ~~ (?: Java [ ] (?:Jar [ ] file|archive [ ] data) | Zip [ ] archive | JAR) ~~ (?i)\.jar$ # do not forget to change also $JS_EXT in file.pm source-contains-prebuilt-javascript-object ~~ .* ~~ (?i)[-._](?:compiled|compressed|lite|min|pack(?:ed)?|yc)\.js$ ~~ map{'s/(?i)(?:[-._](?:compiled|compressed|lite|min|pack(?:ed)?|prod|yc))?\.js$/'.$_.'/'} qw(.js _orig.js .js.orig .src.js -src.js .debug.js -debug.js -nc.js) source-contains-prebuilt-python-object ~~ ^python \s \d(\.\d+)? \s byte-compiled ~~ .* ~~ s/(?i)(?:\.cpython-\d{2}|\.pypy)?\.py[co]$/.py/ diff --git a/debian/changelog b/debian/changelog index 1d2beb9..e83588e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -13,6 +13,10 @@ lintian (2.5.80) UNRELEASED; urgency=medium + [CL] Look under all of /usr/share/doc (not just /usr/share/doc/$pkg) when looking for installed examples and update tag description to match. Thanks to Ferenc Wágner for the report. (Closes: #892905) + * checks/java.{desc,pm}: + + [CL] Only emit source-contains-prebuilt-java-object reported for .jar + files that contain classes. Thanks to Emmanuel Bourg for the report. + (Closes: #789802) * checks/fields.pm: + [CL] Only check dependency fields in binary packages for mail-transport-agent-dependency-does-not-specify-default-mta etc. diff --git a/lib/Lintian/Collect/Source.pm b/lib/Lintian/Collect/Source.pm index a085a6f..e0a1c6f 100644 --- a/lib/Lintian/Collect/Source.pm +++ b/lib/Lintian/Collect/Source.pm @@ -30,7 +30,7 @@ use Lintian::Relation; use Parse::DebianChangelog; use Lintian::Util - qw(get_file_checksum read_dpkg_control $PKGNAME_REGEX $PKGREPACK_REGEX); + qw(get_file_checksum read_dpkg_control open_gz $PKGNAME_REGEX $PKGREPACK_REGEX); =head1 NAME @@ -445,6 +445,92 @@ sub _load_dctrl { return 1; } +=item java_info + +Returns a hashref containing information about JAR files found in +source packages, in the form I<file name> -> I<info>, where I<info> is +a hash containing the following keys: + +=over 4 + +=item manifest + +A hash containing the contents of the JAR file manifest. For instance, +to find the classpath of I<$file>, you could use: + + if (exists $info->java_info->{$file}{'manifest'}) { + my $cp = $info->java_info->{$file}{'manifest'}{'Class-Path'}; + # ... + } + +NB: Not all jar files have a manifest. For those without, this will +value will not be available. Use exists (rather than defined) to +check for it. + +=item files + +A table of the files in the JAR. Each key is a file name and its value +is its "Major class version" for Java or "-" if it is not a class file. + +=item error + +If it exists, this is an error that occurred during reading of the zip +file. If it exists, it is unlikely that the other fields will be +present. + +=back + +Needs-Info requirements for using I<java_info>: java-info + +=cut + +sub java_info { + my ($self) = @_; + return $self->{java_info} if exists $self->{java_info}; + my $javaf = $self->lab_data_path('java-info.gz'); + my %java_info; + if (!-f $javaf) { + # no java-info.gz => no jar files to collect data. Just + # return an empty hash ref. + $self->{java_info} = \%java_info; + return $self->{java_info}; + } + my $idx = open_gz($javaf); + my $file; + my $file_list; + my $manifest = 0; + local $_; + while (<$idx>) { + chomp; + next if m/^\s*$/o; + + if (m#^-- ERROR:\s*(\S.++)$#o) { + $java_info{$file}{error} = $1; + } elsif (m#^-- MANIFEST: (?:\./)?(?:.+)$#o) { + # TODO: check $file == $1 ? + $java_info{$file}{manifest} = {}; + $manifest = $java_info{$file}{manifest}; + $file_list = 0; + } elsif (m#^-- (?:\./)?(.+)$#o) { + $file = $1; + $java_info{$file}{files} = {}; + $file_list = $java_info{$file}{files}; + $manifest = 0; + } else { + if ($manifest && m#^ (\S+):\s(.*)$#o) { + $manifest->{$1} = $2; + } elsif ($file_list) { + my ($fname, $clmajor) = (m#^([^-].*):\s*([-\d]+)$#); + $file_list->{$fname} = $clmajor; + } + + } + } + $self->{java_info} = \%java_info; + close($idx); + return $self->{java_info}; +} + =item binary_relation (PACKAGE, FIELD) Returns a L<Lintian::Relation> object for the specified FIELD in the diff --git a/t/tests/cruft-general-upstream/desc b/t/tests/cruft-general-upstream/desc index e5805d3..b0dadfa 100644 --- a/t/tests/cruft-general-upstream/desc +++ b/t/tests/cruft-general-upstream/desc @@ -4,6 +4,8 @@ Type: non-native Skeleton: pedantic Options: --pedantic -I -E Description: Check for cruft in the upstream source +Test-Against: + source-contains-prebuilt-java-object Test-For: configure-generated-file-in-source source-contains-arch-control-dir @@ -16,7 +18,6 @@ Test-For: source-contains-hg-control-dir source-contains-hg-tags-file source-contains-prebuilt-flash-object - source-contains-prebuilt-java-object source-contains-prebuilt-javascript-object source-contains-prebuilt-flash-project source-contains-prebuilt-ms-help-file diff --git a/t/tests/cruft-general-upstream/tags b/t/tests/cruft-general-upstream/tags index 4adbf18..96e24e8 100644 --- a/t/tests/cruft-general-upstream/tags +++ b/t/tests/cruft-general-upstream/tags @@ -16,7 +16,6 @@ P: cruft-general-upstream source: source-contains-hg-tags-file .hgtags P: cruft-general-upstream source: source-contains-prebuilt-flash-object fakeflash.swf P: cruft-general-upstream source: source-contains-prebuilt-flash-project fakefla.fla P: cruft-general-upstream source: source-contains-prebuilt-flash-project fakeflasourced.fla -P: cruft-general-upstream source: source-contains-prebuilt-java-object fake.jar P: cruft-general-upstream source: source-contains-prebuilt-javascript-object fake.min.js P: cruft-general-upstream source: source-contains-prebuilt-python-object fake.pyc P: cruft-general-upstream source: source-contains-prebuilt-python-object fake.pyo diff --git a/t/tests/java-jars/desc b/t/tests/java-jars/desc index 3f95962..696007b 100644 --- a/t/tests/java-jars/desc +++ b/t/tests/java-jars/desc @@ -5,6 +5,8 @@ Description: Various checks about JAR files Author: Vincent Fourmond <fourm...@debian.org> Section: java Test-Depends: javahelper +Test-Against: + source-contains-prebuilt-java-object Test-For: bad-jar-name codeless-jar -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git