On Wed, Dec 19, 2018 at 11:13:56PM +0530, Arun Isaac wrote: > > >>> Now that we are avoiding GitHub autogenerated source tarballs since > >>they > >>> are unstable and cause hash mismatch errors, can we have `guix lint' > >>> emit a warning if these autogenerated source tarballs are used? > >> > > I think I just posted a paste on IRC but haven't sent a patch > > yet. I'll grab it and submit it, it's almost done, just needs some > > cleaning up and tightening the test cases. > > Great, thank you! >
Here's what I currently have. I don't think I've tried running the tests I've written yet, and Ludo said there was a better way to check if the download was a git-fetch or a url-fetch. As the logic is currently written it'll flag any package hosted on github owned by 'archive' or any package named 'archive' in addition to the ones we want. -- Efraim Flashner <efr...@flashner.co.il> אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted
From 8a07c8aea1f23db48a9e69956ad15f79f0f70e35 Mon Sep 17 00:00:00 2001 From: Efraim Flashner <efr...@flashner.co.il> Date: Tue, 23 Oct 2018 12:01:53 +0300 Subject: [PATCH] lint: Add checker for unstable tarballs. * guix/scripts/lint.scm (check-source-unstable-tarball): New procedure. (%checkers): Add it. * tests/lint.scm ("source-unstable-tarball", source-unstable-tarball: source #f", "source-unstable-tarball: valid", source-unstable-tarball: not-github", source-unstable-tarball: git-fetch"): New tests. --- guix/scripts/lint.scm | 23 ++++++++++++++- tests/lint.scm | 68 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+), 1 deletion(-) diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm index e477bf0dd..cce7af66c 100644 --- a/guix/scripts/lint.scm +++ b/guix/scripts/lint.scm @@ -7,7 +7,7 @@ ;;; Copyright © 2016 Hartmut Goebel <h.goe...@crazy-compilers.com> ;;; Copyright © 2017 Alex Kost <alez...@gmail.com> ;;; Copyright © 2017 Tobias Geerinckx-Rice <m...@tobias.gr> -;;; Copyright © 2017 Efraim Flashner <efr...@flashner.co.il> +;;; Copyright © 2017, 2018 Efraim Flashner <efr...@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -747,6 +747,23 @@ descriptions maintained upstream." (G_ "the source file name should contain the package name") 'source)))) +(define (check-source-unstable-tarball package) + "Emit a warning if PACKAGE's source is an autogenerated tarball." + (define (github-tarball? origin) + (string-contains origin "github.com")) + (define (autogenerated-tarball? origin) + (string-contains origin "/archive/")) + (let ((origin (package-source package))) + (unless (not origin) ; check for '(source #f)' + (let ((uri (origin-uri origin)) + (dl-method (origin-method origin))) + (unless (not (pk dl-method "url-fetch")) + (when (and (github-tarball? uri) + (autogenerated-tarball? uri)) + (emit-warning package + (G_ "the source URI should not be an autogenerated tarball") + 'source))))))) + (define (check-mirror-url package) "Check whether PACKAGE uses source URLs that should be 'mirror://'." (define (check-mirror-uri uri) ;XXX: could be optimized @@ -1051,6 +1068,10 @@ or a list thereof") (name 'source-file-name) (description "Validate file names of sources") (check check-source-file-name)) + (lint-checker + (name 'source-unstable-tarball) + (description "Check for autogenerated tarballs") + (check check-source-unstable-tarball)) (lint-checker (name 'derivation) (description "Report failure to compile a package to a derivation") diff --git a/tests/lint.scm b/tests/lint.scm index ab0e8b9a8..723a35107 100644 --- a/tests/lint.scm +++ b/tests/lint.scm @@ -571,6 +571,74 @@ (check-source-file-name pkg))) "file name should contain the package name")))) +(test-assert "source-unstable-tarball" + (not + (->bool + (string-contains + (with-warnings + (let ((pkg (dummy-package "x" + (source + (origin + (method url-fetch) + (uri "https://github.com/example/example/archive/v0.0.tar.gz") + (sha256 %null-sha256)))))) + (check-source-unstable-tarball pkg))) + "source URI should not be an autogenerated tarball")))) + +(test-assert "source-unstable-tarball: source #f" + (not + (->bool + (string-contains + (with-warnings + (let ((pkg (dummy-package "x" + (source #f)))) + (check-source-unstable-tarball pkg))) + "source URI should not be an autogenerated tarball")))) + +(test-assert "source-unstable-tarball: valid" + (not + (->bool + (string-contains + (with-warnings + (let ((pkg (dummy-package "x" + (source + (origin + (method url-fetch) + (uri "https://github.com/example/example/releases/download/x-0.0/x-0.0.tar.gz") + (sha256 %null-sha256)))))) + (check-source-unstable-tarball pkg))) + "source URI should not be an autogenerated tarball")))) + +(test-assert "source-unstable-tarball: not-github" + (not + (->bool + (string-contains + (with-warnings + (let ((pkg (dummy-package "x" + (source + (origin + (method url-fetch) + (uri "https://bitbucket.org/archive/example/download/x-0.0.tar.gz") + (sha256 %null-sha256)))))) + (check-source-unstable-tarball pkg))) + "source URI should not be an autogenerated tarball")))) + +(test-assert "source-unstable-tarball: git-fetch" + (not + (->bool + (string-contains + (with-warnings + (let ((pkg (dummy-package "x" + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/archive/example.git") + (commit "0"))) + (sha256 %null-sha256)))))) + (check-source-unstable-tarball pkg))) + "source URI should not be an autogenerated tarball")))) + (test-skip (if (http-server-can-listen?) 0 1)) (test-equal "source: 200" "" -- 2.19.1
signature.asc
Description: PGP signature