commit: 9e0f0364ffb187ad784f3ba63a02b8e170d72de0
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 13 04:21:51 2016 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Mar 10 22:58:30 2017 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=9e0f0364
repoman: flag URIs using http:// when https:// is available
This is done via a static list atm of common/known sites.
repoman/pym/repoman/modules/scan/ebuild/checks.py | 26 +++++++++++++++++++++++
repoman/pym/repoman/modules/scan/ebuild/errors.py | 2 ++
repoman/pym/repoman/qa_data.py | 4 +++-
3 files changed, 31 insertions(+), 1 deletion(-)
diff --git a/repoman/pym/repoman/modules/scan/ebuild/checks.py
b/repoman/pym/repoman/modules/scan/ebuild/checks.py
index 7a29af145..db6b6c8b4 100644
--- a/repoman/pym/repoman/modules/scan/ebuild/checks.py
+++ b/repoman/pym/repoman/modules/scan/ebuild/checks.py
@@ -687,6 +687,32 @@ class EMakeParallelDisabledViaMAKEOPTS(LineCheck):
error = errors.EMAKE_PARALLEL_DISABLED_VIA_MAKEOPTS
+class UriUseHttps(LineCheck):
+ """Check that we use https:// for known good sites."""
+ repoman_check_name = 'uri.https'
+ _SITES = (
+ '([-._a-zA-Z0-9]*\.)?apache\.org',
+ '((alioth|packages(\.qa)?|people|www)\.)?debian\.org',
+ # Most FDO sites support https, but not all (like tango).
+ # List the most common ones here for now.
+
'((anongit|bugs|cgit|dri|patchwork|people|specifications|www|xcb|xorg)\.)?freedesktop\.org',
+ '((bugs|dev|wiki|www)\.)?gentoo\.org',
+ '((wiki)\.)?github\.(io|com)',
+ 'savannah\.(non)?gnu\.org',
+ '((gcc|www)\.)?gnu\.org',
+ 'curl\.haxx\.se',
+
'((bugzilla|git|mirrors|patchwork|planet|www(\.wiki)?)\.)?kernel\.org',
+ '((bugs|wiki|www)\.)?linuxfoundation\.org',
+ '((docs|pypi|www)\.)?python\.org',
+ '(sf|sourceforge)\.net',
+ '(www\.)?(enlightenment|sourceware|x)\.org',
+ )
+ # Try to anchor the end of the URL so we don't get false positives
+ # with http://github.com.foo.bar.com/. Unlikely, but possible.
+ re = re.compile(r'.*\bhttp://(%s)(\s|["\'/]|$)' % r'|'.join(_SITES))
+ error = errors.URI_HTTPS
+
+
class NoAsNeeded(LineCheck):
"""Check for calls to the no-as-needed function."""
repoman_check_name = 'upstream.workaround'
diff --git a/repoman/pym/repoman/modules/scan/ebuild/errors.py
b/repoman/pym/repoman/modules/scan/ebuild/errors.py
index 8387e35e6..22547f4d5 100644
--- a/repoman/pym/repoman/modules/scan/ebuild/errors.py
+++ b/repoman/pym/repoman/modules/scan/ebuild/errors.py
@@ -49,3 +49,5 @@ USEQ_ERROR = (
'Ebuild calls deprecated useq function on line: %d')
HASQ_ERROR = (
'Ebuild calls deprecated hasq function on line: %d')
+URI_HTTPS = (
+ 'Ebuild uses http:// but should use https:// on line: %d')
diff --git a/repoman/pym/repoman/qa_data.py b/repoman/pym/repoman/qa_data.py
index 0dc32789f..132a55be3 100644
--- a/repoman/pym/repoman/qa_data.py
+++ b/repoman/pym/repoman/qa_data.py
@@ -228,7 +228,8 @@ qahelp = {
"The ebuild makes use of an obsolete construct"),
"upstream.workaround": (
"The ebuild works around an upstream bug,"
- " an upstream bug should be filed and tracked in
bugs.gentoo.org")
+ " an upstream bug should be filed and tracked in
bugs.gentoo.org"),
+ "uri.https": "URI uses http:// but should use https://";,
}
qacats = list(qahelp)
@@ -276,6 +277,7 @@ qawarnings = set((
"usage.obsolete",
"upstream.workaround",
"IUSE.rubydeprecated",
+ "uri.https",
))
