[arch-projects] [devtools] [GIT] The official devtools repository branch sogrep_redirect created. 20190912-11-g7f849ea
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The official devtools repository". The branch, sogrep_redirect has been created at 7f849ea58d6a46631017b928285ebf3ff4ce6c69 (commit) - Log - commit 7f849ea58d6a46631017b928285ebf3ff4ce6c69 Author: Jelle van der Waa Date: Tue Oct 15 21:43:20 2019 +0200 sogrep: redirect to destination mirror Some mirrors redirect consumers to a near by mirror which isn't handled by sogrep. --- hooks/post-receive -- The official devtools repository
[arch-projects] [namcap] [PATCH] Add RUNPATH rule
From: Jelle van der Waa Include a rule to check for vulnerable RUNPATH ELF binary entries, which allow arbitrary code execution by loading shared libraries from an attacker controller path. --- Namcap/rules/__init__.py | 1 + Namcap/rules/runpath.py | 71 namcap-tags | 1 + namcap.1 | 3 ++ 4 files changed, 76 insertions(+) create mode 100644 Namcap/rules/runpath.py diff --git a/Namcap/rules/__init__.py b/Namcap/rules/__init__.py index 525dbc6..ee400e2 100644 --- a/Namcap/rules/__init__.py +++ b/Namcap/rules/__init__.py @@ -44,6 +44,7 @@ from . import ( permissions, py_mtime, rpath, + runpath, scrollkeeper, shebangdepends, sodepends, diff --git a/Namcap/rules/runpath.py b/Namcap/rules/runpath.py new file mode 100644 index 000..053923e --- /dev/null +++ b/Namcap/rules/runpath.py @@ -0,0 +1,71 @@ +# namcap rules - runpath +# +# Copyright (C) 2019 Jelle van der Waa +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +from Namcap.util import is_elf +from Namcap.ruleclass import TarballRule + +from elftools.elf.elffile import ELFFile +from elftools.elf.dynamic import DynamicSection + +allowed = ('/usr/lib', '/usr/lib32', '/lib', '$ORIGIN', '${ORIGIN}') +allowed_toplevels = (s + '/' for s in allowed) +warn = ['/usr/local/lib'] + + +def get_runpaths(fileobj): +elffile = ELFFile(fileobj) +for section in elffile.iter_sections(): +if not isinstance(section, DynamicSection): +continue +for tag in section.iter_tags(): +if tag.entry.d_tag != 'DT_RUNPATH': +continue +for path in tag.runpath.split(':'): +yield path + + +class package(TarballRule): +name = "runpath" +description = "Verifies if RUNPATH is secure" + +def analyze(self, pkgingo, tar): +for entry in tar: +if not entry.isfile(): +continue + +fileobj = tar.extractfile(entry) +if not is_elf(fileobj): +continue + +for path in get_runpaths(fileobj): +path_ok = path in allowed +for allowed_toplevel in allowed_toplevels: +if path.startswith(allowed_toplevel): +path_ok = True + +if not path_ok: +self.errors.append(("insecure-runpath %s %s", + (path, entry.name))) +break + +if path in warn and entry.name not in insecure_rpaths: +self.warnings.append(("insecure-runpath %s %s", + (path, entry.name))) + + +# vim: set ts=4 sw=4 noet: diff --git a/namcap-tags b/namcap-tags index 84cc3f7..1f7bc69 100644 --- a/namcap-tags +++ b/namcap-tags @@ -44,6 +44,7 @@ incorrect-owner %s (%s:%s) :: File (%s) is owned by %s:%s invalid-filename :: File name %s contains non standard characters info-dir-file-present %s :: Info directory file (%s) should not be present insecure-rpath %s %s :: Insecure RPATH '%s' in file ('%s') +insecure-runpath %s %s :: Insecure RUNPATH '%s' in file ('%s') libtool-file-present %s :: File (%s) is a libtool file library-no-package-associated %s :: Referenced library '%s' is an uninstalled dependency link-level-dependence %s in %s :: Link-level dependence (%s) in file %s diff --git a/namcap.1 b/namcap.1 index fcea8ed..9243087 100644 --- a/namcap.1 +++ b/namcap.1 @@ -108,6 +108,9 @@ Checks basic file and and directory permissions. It returns warnings about worl .B rpath Gives an error if a binary has RPATH set to something other than /usr/lib .TP +.B runpath +Gives an error if a binary has RUNPATH set to something other than /usr/lib, /usr/lib32 +.TP .B scrollkeeper Verifies that there aren't any scrollkeeper directories .TP -- 2.23.0
Re: [arch-projects] [devtools] [PATCH] Remove finddeps tool
On 05/06/19 at 12:28pm, Eli Schwartz via arch-projects wrote: > On 5/6/19 12:10 PM, Emil Velikov via arch-projects wrote: > > On Mon, 6 May 2019 at 15:10, Jelle van der Waa wrote: > >> > >> From: Jelle van der Waa > >> > >> finddeps depends on a no longer existing ABS tree. This data can also be > >> queried via archweb. > >> --- > > Out of curiosity: > > AFAICT all the information is already in the local DB, so > > theoretically pacman can present this. > > Yet I cannot find anything in the manual. Is the feature missing, has > > it been proposed and rejected before? > > pacman -Sii pkgname => Required By > > Does not cover makedepends (these do exist in the syncdb but won't be > properly exposed to libalpm until the next pacman release). > > Does not cover packages that have not been built yet. Ah true, consider this patch dropped. signature.asc Description: PGP signature
[arch-projects] [devtools] [PATCH] Remove finddeps tool
From: Jelle van der Waa finddeps depends on a no longer existing ABS tree. This data can also be queried via archweb. --- .gitignore| 1 - Makefile | 1 - finddeps.in | 41 - zsh_completion.in | 6 +- 4 files changed, 1 insertion(+), 48 deletions(-) delete mode 100644 finddeps.in diff --git a/.gitignore b/.gitignore index b63587b..49afce6 100644 --- a/.gitignore +++ b/.gitignore @@ -6,7 +6,6 @@ archrelease bash_completion checkpkg commitpkg -finddeps lddd makechrootpkg mkarchroot diff --git a/Makefile b/Makefile index ba2d3e4..15c2786 100644 --- a/Makefile +++ b/Makefile @@ -10,7 +10,6 @@ IN_PROGS = \ archrelease \ archbuild \ lddd \ - finddeps \ rebuildpkgs \ find-libdeps \ crossrepomove\ diff --git a/finddeps.in b/finddeps.in deleted file mode 100644 index 2a085e5..000 --- a/finddeps.in +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -# -# finddeps - find packages that depend on a given depname -# -# License: Unspecified - -m4_include(lib/common.sh) - -match=$1 - -if [[ -z $match ]]; then - echo 'Usage: finddeps ' - echo '' - echo 'Find packages that depend on a given depname.' - echo 'Run this script from the top-level directory of your ABS tree.' - echo '' - exit 1 -fi - -find . -type d | while read -r d; do - if [[ -f "$d/PKGBUILD" ]]; then - pkgname=() depends=() makedepends=() optdepends=() - # shellcheck source=PKGBUILD.proto - . "$d/PKGBUILD" - for dep in "${depends[@]}"; do - # lose the version comparator, if any - depname=${dep%%[<>=]*} - [[ $depname = "$match" ]] && echo "$d (depends)" - done - for dep in "${makedepends[@]}"; do - # lose the version comparator, if any - depname=${dep%%[<>=]*} - [[ $depname = "$match" ]] && echo "$d (makedepends)" - done - for dep in "${optdepends[@]/:*}"; do - # lose the version comaparator, if any - depname=${dep%%[<>=]*} - [[ $depname = "$match" ]] && echo "$d (optdepends)" - done - fi -done diff --git a/zsh_completion.in b/zsh_completion.in index 45429bd..5f2111f 100644 --- a/zsh_completion.in +++ b/zsh_completion.in @@ -1,4 +1,4 @@ -#compdef archbuild archco arch-nspawn archrelease commitpkg finddeps makechrootpkg mkarchroot rebuildpkgs extrapkg=commitpkg corepkg=commitpkg testingpkg=commitpkg stagingpkg=commitpkg communitypkg=commitpkg community-testingpkg=commitpkg community-stagingpkg=commitpkg multilibpkg=commitpkg multilib-testingpkg=commitpkg extra-x86_64-build=archbuild testing-x86_64-build=archbuild staging-x86_64-build=archbuild multilib-build=archbuild multilib-testing-build=archbuild multilib-staging-build=archbuild kde-unstable-x86_64-build=archbuild gnome-unstable-x86_64-build=archbuild communityco=archco +#compdef archbuild archco arch-nspawn archrelease commitpkg makechrootpkg mkarchroot rebuildpkgs extrapkg=commitpkg corepkg=commitpkg testingpkg=commitpkg stagingpkg=commitpkg communitypkg=commitpkg community-testingpkg=commitpkg community-stagingpkg=commitpkg multilibpkg=commitpkg multilib-testingpkg=commitpkg extra-x86_64-build=archbuild testing-x86_64-build=archbuild staging-x86_64-build=archbuild multilib-build=archbuild multilib-testing-build=archbuild multilib-staging-build=archbuild kde-unstable-x86_64-build=archbuild gnome-unstable-x86_64-build=archbuild communityco=archco # License: Unspecified m4_include(lib/valid-tags.sh) @@ -29,10 +29,6 @@ _commitpkg_args=( '1:commit_msg' ) -_finddeps_args=( - '1:packages:_devtools_completions_all_packages' -) - _makechrootpkg_args=( '-I[Install a package into the working copy]:target:_files -g "*.pkg.tar.*(.)"' '-c[Clean the chroot before building]' -- 2.21.0
[arch-projects] [mkinitcpio] [PATCH] lsinitcpio: Add zstd decompression support
Add detection support for zstd compressed initramfs, the magic number of zstd is defined as 0xFD2FB528. https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md Signed-off-by: Jelle van der Waa --- lsinitcpio | 6 ++ 1 file changed, 6 insertions(+) diff --git a/lsinitcpio b/lsinitcpio index bcb4a19..d44a714 100755 --- a/lsinitcpio +++ b/lsinitcpio @@ -131,6 +131,12 @@ detect_filetype() { return fi +read -rd '' bytes < <(hexdump -n 4 -e '"%x"' "$1") +if [[ $bytes = 'fd2fb528' ]]; then +echo 'zstd' +return +fi + # still nothing? hrmm, maybe the user goofed and it's a kernel if kver "$1" >/dev/null; then die '%s is a kernel image, not an initramfs image!' "$1" -- 2.21.0
[arch-projects] [devtools] [GIT] The official devtools repository branch master updated. 20190329-2-g321e998
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The official devtools repository". The branch, master has been updated via 321e998020cfdb337c1ebc1ac41f5e729b9e276c (commit) via c86823a2d4a4152c71faa1c3bab227756232996f (commit) from a49f55cbed51c815a9392c9f7fff5f8cec385935 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 321e998020cfdb337c1ebc1ac41f5e729b9e276c Author: Erich Eckner Date: Tue Apr 2 09:32:43 2019 +0200 fix whitespace/indentation errors Some lines are indented by spaces, while adjacent lines are indentet by tabs. We should use tabs on both. Signed-off-by: Erich Eckner commit c86823a2d4a4152c71faa1c3bab227756232996f Author: Erich Eckner Date: Wed Apr 17 13:16:36 2019 +0200 is_same_fs() in lib/archroot.sh should use $1 and $2, not $1 and $1 The old behaviour would always evaluate to true - this is certainly not what that function should do. Signed-off-by: Erich Eckner --- Summary of changes: archbuild.in| 2 +- find-libdeps.in | 2 +- lib/archroot.sh | 2 +- mkarchroot.in | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- The official devtools repository
[arch-projects] [devtools] [PATCH] Create a general README
Introduce a README which describes where to send patches and how to release a new version of devtools. Signed-off-by: Jelle van der Waa --- README.md | 24 1 file changed, 24 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 000..7c6764e --- /dev/null +++ b/README.md @@ -0,0 +1,24 @@ +# Devtools - development tools for Arch Linux + +This repository contains tools for the Arch Linux distribution for building +and maintaining official repository packages. + +## Patches + +Patches can be send to arch-projects@archlinux.org or via a pull request on +Github. When sending patches to the mailing list make sure to set a valid +subjectprefix otherwise the email is denied by mailman. Git can be configured +as following. + +``` +git config format.subjectprefix 'devtools] [PATCH' +``` + +## Releasing + +1. bump the version in the Makefile +2. Commit everything as ```Version $(date + "%Y%m%d")``` +3. Create a new tag ```git tag -s $(date +"%Y%m%d")``` +4. Push changes +5. Upload the source tarball with ```make dist upload``` +6. Update the package -- 2.21.0
[arch-projects] [devtools] [GIT] The official devtools repository branch master updated. 20180531-18-g6645701
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The official devtools repository". The branch, master has been updated via 6645701cb13a4801c870c8231d3cdc9988ce593c (commit) from 657497c91a67a29e990bed9911c77550d562aac0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 6645701cb13a4801c870c8231d3cdc9988ce593c Author: Jelle van der Waa Date: Sun Mar 17 14:51:19 2019 +0100 sogrep: remove duplicate sogrep The rename of sogrep to sogrep.in failed to remove sogrep and adding it to .gitignore. Signed-off-by: Jelle van der Waa --- Summary of changes: .gitignore | 1 + sogrep | 98 -- 2 files changed, 1 insertion(+), 98 deletions(-) delete mode 100755 sogrep hooks/post-receive -- The official devtools repository
[arch-projects] [devtools] [GIT] The official devtools repository branch master updated. 20180531-17-g657497c
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The official devtools repository". The branch, master has been updated via 657497c91a67a29e990bed9911c77550d562aac0 (commit) from 90bb423304c96072cc3f7ea86ad9672414ed9183 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 657497c91a67a29e990bed9911c77550d562aac0 Author: Jelle van der Waa Date: Sat Mar 16 18:35:21 2019 +0100 doc: Add myself as maintainer Signed-off-by: Jelle van der Waa --- Summary of changes: doc/footer.asciidoc | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- The official devtools repository
[arch-projects] [devtools] [GIT] The official devtools repository branch master updated. 20180531-16-g90bb423
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The official devtools repository". The branch, master has been updated via 90bb423304c96072cc3f7ea86ad9672414ed9183 (commit) via 23f248ccfbdefcb26d3d0bfa9a93e21642ba3d28 (commit) via eeb1c0e59ee8a5f7be4a6742ba6689af54e9ac7d (commit) from 936ff8da2fb3597d03ef018ec2aba0391e18d569 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 90bb423304c96072cc3f7ea86ad9672414ed9183 Author: Jelle van der Waa Date: Sat Mar 16 18:29:56 2019 +0100 sogrep: rename to sogrep.in so make clean works make clean removes all .in converted files to a file without .in which in the make clean step is removed. So running make clean will remove sogrep since it's specified as BINPROGS. In the future this steps should be removed for sogrep since it is a standalone script. Signed-off-by: Jelle van der Waa commit 23f248ccfbdefcb26d3d0bfa9a93e21642ba3d28 Author: Jelle van der Waa Date: Sat Mar 16 18:27:13 2019 +0100 find-libdeps: fix indentation in case Signed-off-by: Jelle van der Waa commit eeb1c0e59ee8a5f7be4a6742ba6689af54e9ac7d Author: Jelle van der Waa Date: Sat Mar 16 18:25:55 2019 +0100 doc: add man pages for find-{libdeps,libprovides} Add a simple man page for find-libdeps and find-libprovides. Signed-off-by: Jelle van der Waa --- Summary of changes: Makefile | 4 +++- doc/{find-libprovides.1.asciidoc => find-libdeps.1.asciidoc} | 6 +++--- doc/find-libprovides.1.asciidoc | 12 ++-- find-libdeps.in | 2 +- sogrep | 0 sogrep => sogrep.in | 0 6 files changed, 13 insertions(+), 11 deletions(-) copy doc/{find-libprovides.1.asciidoc => find-libdeps.1.asciidoc} (84%) mode change 100644 => 100755 sogrep copy sogrep => sogrep.in (100%) hooks/post-receive -- The official devtools repository
[arch-projects] [devtools] [GIT] The official devtools repository branch master updated. 20180531-13-g936ff8d
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The official devtools repository". The branch, master has been updated via 936ff8da2fb3597d03ef018ec2aba0391e18d569 (commit) via d123fee8ec5c98cbb6bfa4cecf66cb7cdd9c1855 (commit) via 4a532e38e7ed63770b400e924715178ac4c7664c (commit) from f61421a3f5f29f4f8447846c1135961487fb5db6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 936ff8da2fb3597d03ef018ec2aba0391e18d569 Author: Jelle van der Waa Date: Tue Mar 12 22:18:07 2019 +0100 doc: add Environment variables section to sogrep Add a section about environment variables which influence sogrep's behaviour. Signed-off-by: Jelle van der Waa commit d123fee8ec5c98cbb6bfa4cecf66cb7cdd9c1855 Author: Jelle van der Waa Date: Mon Feb 18 13:53:41 2019 +0100 doc: add man page for mkarchroot commit 4a532e38e7ed63770b400e924715178ac4c7664c Author: Jelle van der Waa Date: Tue Feb 19 20:26:29 2019 +0100 crossrepomove: do not set svn propset svn propset's where determined to be non-reproducible and therefore where removed from svn. Don't introduce them when moving packages between repos. Signed-off-by: Jelle van der Waa --- Summary of changes: Makefile | 3 ++- crossrepomove.in | 1 - doc/mkarchroot.1.asciidoc | 46 ++ doc/sogrep.1.asciidoc | 11 +++ 4 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 doc/mkarchroot.1.asciidoc hooks/post-receive -- The official devtools repository
[arch-projects] [devtools] [PATCH] mkarchroot: use pacman-conf for obtaining CacheDir
Instead of using sed/grep and relying on the output of 'pacman -v' use pacman-conf for obtaining the configuration value of the CacheDir. Signed-off-by: Jelle van der Waa --- mkarchroot.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mkarchroot.in b/mkarchroot.in index 52e363f..bae6b5a 100644 --- a/mkarchroot.in +++ b/mkarchroot.in @@ -52,7 +52,7 @@ shift 1 [[ -z $working_dir ]] && die 'Please specify a working directory.' if [[ -z $cache_dir ]]; then - cache_dirs=($(pacman -v "$cache_conf" 2>&1 | grep '^Cache Dirs:' | sed 's/Cache Dirs:\s*//g')) + cache_dirs=($(pacman-conf CacheDir)) else cache_dirs=(${cache_dir}) fi -- 2.20.1
[arch-projects] [devtools] [PATCH] crossrepomove: do not set svn propset
svn propset's where determined to be non-reproducible and therefore where removed from svn. Don't introduce them when moving packages between repos. Signed-off-by: Jelle van der Waa --- crossrepomove.in | 1 - 1 file changed, 1 deletion(-) diff --git a/crossrepomove.in b/crossrepomove.in index b45b8ae..a88b722 100644 --- a/crossrepomove.in +++ b/crossrepomove.in @@ -64,7 +64,6 @@ done msg "Adding %s to %s" "${pkgbase}" "${target_repo}" svn -q add "target_checkout/${pkgbase}" -svn -q propset svn:keywords 'Id' "target_checkout/${pkgbase}/trunk/PKGBUILD" svn -q commit -m"${scriptname}: Moving ${pkgbase} from ${source_repo} to ${target_repo}" target_checkout pushd "target_checkout/${pkgbase}/trunk" >/dev/null archrelease "${arch[@]/#/$target_repo-}" || die -- 2.20.1
[arch-projects] [devtools] [PATCH] doc: add man page for mkarchroot
--- Makefile | 3 ++- doc/mkarchroot.1.asciidoc | 46 +++ 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 doc/mkarchroot.1.asciidoc diff --git a/Makefile b/Makefile index e812936..870b523 100644 --- a/Makefile +++ b/Makefile @@ -64,7 +64,8 @@ BASHCOMPLETION_LINKS = \ MANS = \ doc/lddd.1 \ - doc/checkpkg.1 + doc/checkpkg.1 \ + doc/mkarchroot.1 all: $(BINPROGS) bash_completion zsh_completion man diff --git a/doc/mkarchroot.1.asciidoc b/doc/mkarchroot.1.asciidoc new file mode 100644 index 000..6f35562 --- /dev/null +++ b/doc/mkarchroot.1.asciidoc @@ -0,0 +1,46 @@ +mkarchroot(1) +=== + +Name + +mkarchroot - Creates an arch chroot in a specified location with a specified set of packages + +Synopsis + +mkarchroot [options] [location] [packages] + +Description +--- + +'mkarchroot' is a script to create an Arch Linux chroot at a specified location +with specified packages. Typically used by 'makechrootpkg' to create build +chroots. Apart from installing specified packages the chroot is created with an +en_US.UTF-8 and de_DE.UTF-8 locale and a generated machine-id. + +Options +--- + +*-C* :: + Location of a pacman config file. + +*-M* :: + Location of a makepkg config file. + +*-c* :: + Set pacman cache. + +*-f* :: + Copy file from the host to the chroot. + +*-s*:: + Do not run setarch. + +*-h*:: + Output command line options. + +See Also + + +linkman:pacman[1] + +include::footer.asciidoc[] -- 2.20.1
Re: [arch-projects] [arch-devops] [dbscripts] [PATCH 2/4] Add reproducible archive of packages.
ev/null)"; then > > + pkgfiles+=("${pkgfile}") > > + continue 2 > > + fi > > + done > > + error "could not find existing package for %s" "${pkg}" > > + return 1 > > + done > > + > > + if [[ ${2} = check ]]; then > > + return 0 > > + fi > > + > > + for pkg in "${pkgfiles[@]}"; do > > + if [[ ! -f ${FTP_BASE}/${PKGPOOL}-reproducible/${pkg##*/} ]]; > > then > > + ln -L "${pkg}" > > "${FTP_BASE}/${PKGPOOL}-reproducible/${pkg##*/}" > > + fi > > + echo "${1}" >> > > "${FTP_BASE}/${PKGPOOL}-reproducible/${pkg##*/}.buildlinks" > > + done > > +} > > + > > . "$(dirname "$(readlink -e "${BASH_SOURCE[0]}")")/db-functions-${VCS}" > > diff --git a/db-update b/db-update > > index 313fb999..11ec185f 100755 > > --- a/db-update > > +++ b/db-update > > @@ -61,6 +61,9 @@ for repo in "${repos[@]}"; do > > if ! check_builddir "${pkg}"; then > > die "Package %s was not built in a chroot" > > "$repo/${pkg##*/}" > > fi > > + if ! make_reproducible "${pkg}" "check"; then > > + die "Package %s is not reproducible" "${pkg}" > > + fi > > done > > if ! check_splitpkgs "${repo}" "${pkgs[@]}"; then > > die "Missing split packages for %s" "$repo" > > @@ -82,6 +85,7 @@ for repo in "${repos[@]}"; do > > # any packages might have been moved by the previous run > > if [[ -f ${pkg} ]]; then > > mv "${pkg}" "$FTP_BASE/${PKGPOOL}" > > + make_reproducible > > "${FTP_BASE}/${PKGPOOL}${pkg##*/}" > > fi > > ln -s "../../../${PKGPOOL}/${pkgfile}" > > "$FTP_BASE/$repo/os/${pkgarch}" > > # also move signatures > > > > > -- > Eli Schwartz > Bug Wrangler and Trusted User > -- Jelle van der Waa signature.asc Description: PGP signature
Re: [arch-projects] [archweb] [PATCH] Add “rel” attribute to pagination links
On 10/07/18 at 09:01pm, coderkun wrote: > Add the “rel” attribute for “prev” and “next” to the pagination links > of news and packages. Interesting patch, but does any browser even care about these rel tags these days? A quick search didn't seem to show it's very useful. > --- > templates/news/paginator.html| 4 ++-- > templates/packages/search_paginator.html | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/templates/news/paginator.html b/templates/news/paginator.html > index 57fbeb1..524c666 100644 > --- a/templates/news/paginator.html > +++ b/templates/news/paginator.html > @@ -4,7 +4,7 @@ > > {% if page_obj.has_previous %} > -title="Go to previous page"> Prev > +title="Go to previous page" rel="prev"> Prev > {% endif %} > {% for num in paginator.page_range %} > {% ifequal num page_obj.number %} > @@ -15,7 +15,7 @@ > {% endfor %} > {% if page_obj.has_next %} > -title="Go to next page">Next > +title="Go to next page" rel="next">Next > {% endif %} > > > diff --git a/templates/packages/search_paginator.html > b/templates/packages/search_paginator.html > index a748d26..a676626 100644 > --- a/templates/packages/search_paginator.html > +++ b/templates/packages/search_paginator.html > @@ -7,7 +7,7 @@ > > {% if page_obj.has_previous %} > -title="Go to previous page"> Prev > +title="Go to previous page" rel="prev"> Prev > {% else %} > Prev > {% endif %} > @@ -15,7 +15,7 @@ > > {% if page_obj.has_next %} > -title="Go to next page">Next > +title="Go to next page" rel="next">Next > {% else %} > Next > {% endif %} > -- > 2.19.1 -- Jelle van der Waa signature.asc Description: PGP signature
[arch-projects] [namcap] [PATCH] Ignore .so for no PIE check
--- Namcap/rules/elffiles.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.py index d707a58..41fd1cd 100644 --- a/Namcap/rules/elffiles.py +++ b/Namcap/rules/elffiles.py @@ -223,6 +223,8 @@ class NoPIERule(TarballRule): for entry in tar: if not entry.isfile(): continue + if '.so' in entry.name: + continue fp = tar.extractfile(entry) if not is_elf(fp): continue -- 2.18.0
[arch-projects] [devtools] [PATCH v2 1/3] doc: Add lddd man page
--- .gitignore | 1 + Makefile| 22 -- doc/asciidoc.conf | 37 + doc/footer.asciidoc | 28 doc/lddd.1.asciidoc | 25 + 5 files changed, 111 insertions(+), 2 deletions(-) create mode 100644 doc/asciidoc.conf create mode 100644 doc/footer.asciidoc create mode 100644 doc/lddd.1.asciidoc diff --git a/.gitignore b/.gitignore index 1e92b82..04eefe5 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ zsh_completion find-libdeps crossrepomove arch-nspawn +doc/*.1 diff --git a/Makefile b/Makefile index 2d29c83..80fe1d7 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,7 @@ V=20180531 PREFIX = /usr/local +MANDIR = $(PREFIX)/share/man BINPROGS = \ checkpkg \ @@ -60,7 +61,13 @@ BASHCOMPLETION_LINKS = \ archco \ communityco -all: $(BINPROGS) bash_completion zsh_completion + +MANS = \ + doc/lddd.1 + + +all: $(BINPROGS) bash_completion zsh_completion man +man: $(MANS) edit = sed -e "s|@pkgdatadir[@]|$(DESTDIR)$(PREFIX)/share/devtools|g" @@ -72,8 +79,13 @@ edit = sed -e "s|@pkgdatadir[@]|$(DESTDIR)$(PREFIX)/share/devtools|g" @chmod +x "$@" @bash -O extglob -n "$@" +$(MANS): doc/asciidoc.conf doc/footer.asciidoc + +doc/%: doc/%.asciidoc + a2x --no-xmllint --asciidoc-opts="-f doc/asciidoc.conf" -d manpage -f manpage -D doc $< + clean: - rm -f $(BINPROGS) bash_completion zsh_completion + rm -f $(BINPROGS) bash_completion zsh_completion $(MANS) install: install -dm0755 $(DESTDIR)$(PREFIX)/bin @@ -88,6 +100,9 @@ install: for l in ${BASHCOMPLETION_LINKS}; do ln -sf devtools $(DESTDIR)/usr/share/bash-completion/completions/$$l; done install -Dm0644 zsh_completion $(DESTDIR)$(PREFIX)/share/zsh/site-functions/_devtools ln -sf archco $(DESTDIR)$(PREFIX)/bin/communityco + for manfile in $(MANS); do \ + install -Dm644 $$manfile -t $(DESTDIR)$(MANDIR)/man$${manfile##*.}; \ + done; uninstall: for f in ${BINPROGS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$f; done @@ -99,6 +114,9 @@ uninstall: rm $(DESTDIR)$(PREFIX)/share/zsh/site-functions/_devtools rm -f $(DESTDIR)$(PREFIX)/bin/communityco rm -f $(DESTDIR)$(PREFIX)/bin/find-libprovides + for manfile in $(MANS); do \ + rm -f $(DESTDIR)$(MANDIR)/man$${manfile##*.}/$${manfile#doc/}; \ + done; dist: git archive --format=tar --prefix=devtools-$(V)/ $(V) | gzip -9 > devtools-$(V).tar.gz diff --git a/doc/asciidoc.conf b/doc/asciidoc.conf new file mode 100644 index 000..c675a20 --- /dev/null +++ b/doc/asciidoc.conf @@ -0,0 +1,37 @@ +## linkman: macro +# Inspired by/borrowed from the GIT source tree at Documentation/asciidoc.conf +# +# Usage: linkman:command[manpage-section] +# +# Note, {0} is the manpage section, while {target} is the command. +# +# Show man link as: (); if section is defined, else just show +# the command. + +[macros] +(?su)[\\]?(?Plinkman):(?P\S*?)\[(?P.*?)\]= + +[attributes] +asterisk= +plus= +caret= +startsb= +endsb= +backslash= +tilde= +apostrophe= +backtick= +litdd= + +ifdef::backend-docbook[] +[linkman-inlinemacro] +{0%{target}} +{0#} +{0#{target}{0}} +{0#} +endif::backend-docbook[] + +ifdef::backend-xhtml11[] +[linkman-inlinemacro] +{target}{0?({0})} +endif::backend-xhtml11[] diff --git a/doc/footer.asciidoc b/doc/footer.asciidoc new file mode 100644 index 000..a092447 --- /dev/null +++ b/doc/footer.asciidoc @@ -0,0 +1,28 @@ + +Bugs + +Bugs can be reported on the bug tracker 'https://bugs.archlinux.org' in the Arch +Linux category and title prefixed with [devtools] or via +mailto:arch-projects@archlinux.org[]. + + +Authors +--- + +Maintainers: + +* Aaron Griffin +* Allan McRae +* Bart??omiej Piotrowski +* Dan McGee +* Dave Reisner +* Evangelos Foutras +* Jan Alexander Steffens (heftig) +* Levente Polyak +* Pierre Schmitz +* S??bastien Luttringer +* Sven-Hendrik Haase +* Thomas B??chler + +For additional contributors, use `git shortlog -s` on the devtools.git +repository. diff --git a/doc/lddd.1.asciidoc b/doc/lddd.1.asciidoc new file mode 100644 index 000..3a015d2 --- /dev/null +++ b/doc/lddd.1.asciidoc @@ -0,0 +1,25 @@ +lddd(1) +=== + +Name + +lddd - Find broken library links on your system + +Synopsis + +lddd + +Description +--- + +Scans '$PATH', '/lib', '/usr/lib', '/usr/local/lib' and +'/etc/ld.so.conf.d/*.conf' directories for ELF files with references to missing +shared libraries, and suggests which packages might need to be rebuilt. The +collected data is written to a temporary directory created by mktemp. + +See Also + + +linkman:ldd[1] + +include::footer.asciidoc[] -- 2.18.0
[arch-projects] [devtools] [PATCH v2 2/3] doc: Add checkpkg man page
--- Makefile| 3 ++- doc/checkpkg.1.asciidoc | 27 +++ 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 doc/checkpkg.1.asciidoc diff --git a/Makefile b/Makefile index 80fe1d7..e812936 100644 --- a/Makefile +++ b/Makefile @@ -63,7 +63,8 @@ BASHCOMPLETION_LINKS = \ MANS = \ - doc/lddd.1 + doc/lddd.1 \ + doc/checkpkg.1 all: $(BINPROGS) bash_completion zsh_completion man diff --git a/doc/checkpkg.1.asciidoc b/doc/checkpkg.1.asciidoc new file mode 100644 index 000..96ec645 --- /dev/null +++ b/doc/checkpkg.1.asciidoc @@ -0,0 +1,27 @@ +checkpkg(1) +=== + +Name + +checkpkg - Compare the current build package with the repository version + +Synopsis + +checkpkg + +Description +--- + +Searches for a locally built package corresponding to the PKGBUILD, and +downloads the last version of that package from the Pacman repositories. It +then compares the list of .so files provided by each version of the package and +outputs if there are soname differences for the new package. A directory is +also created using mktemp with files containing a file list for both packages +and a library list for both packages. + +See Also + + +linkman:find-libprovides[1] + +include::footer.asciidoc[] -- 2.18.0
[arch-projects] [devtools] [PATCH v2 3/3] doc: add find-libprovides man page
--- doc/find-libprovides.1.asciidoc | 24 1 file changed, 24 insertions(+) create mode 100644 doc/find-libprovides.1.asciidoc diff --git a/doc/find-libprovides.1.asciidoc b/doc/find-libprovides.1.asciidoc new file mode 100644 index 000..c6d527d --- /dev/null +++ b/doc/find-libprovides.1.asciidoc @@ -0,0 +1,24 @@ +find-libdeps(1) +=== + +Name + +find-libdeps - Find soname dependencies for a package + +Synopsis + +find-libdeps [options] [package] + +Description +--- + +Finds soname dependencies of a package and prints out a list in the following +format '=-'. + +Options +--- + +*--ignore-internal*:: + Ignore internal libraries + +include::footer.asciidoc[] -- 2.18.0
[arch-projects] [devtools] [PATCH v2 0/3] Add man pages
This is v2 of my man page addition effort, I've switched from mandoc to the much easier asciidoc. Another reason to use asciidoc is that pacman/pacman-contrib also use it. So possible contributors might be more familiar with it. Thanks to Luke Shumaker for some more inspiration for the content! Jelle van der Waa (3): doc: Add lddd man page doc: Add checkpkg man page doc: add find-libprovides man page .gitignore | 1 + Makefile| 23 ++-- doc/asciidoc.conf | 37 + doc/checkpkg.1.asciidoc | 27 doc/find-libprovides.1.asciidoc | 24 + doc/footer.asciidoc | 28 + doc/lddd.1.asciidoc | 25 ++ 7 files changed, 163 insertions(+), 2 deletions(-) create mode 100644 doc/asciidoc.conf create mode 100644 doc/checkpkg.1.asciidoc create mode 100644 doc/find-libprovides.1.asciidoc create mode 100644 doc/footer.asciidoc create mode 100644 doc/lddd.1.asciidoc -- 2.18.0
[arch-projects] [dbscripts] [PATCH] cron-jobs: remove unused cron jobs
Updating the archweb database is now handled by archweb itself and deployed on the server using a systemd unit/service. These scripts are no longer used. Signed-off-by: Jelle van der Waa --- README.md | 6 +-- cron-jobs/update-web-db | 78 --- cron-jobs/update-web-files-db | 1 - 3 files changed, 1 insertion(+), 84 deletions(-) delete mode 100755 cron-jobs/update-web-db delete mode 12 cron-jobs/update-web-files-db diff --git a/README.md b/README.md index c672998..925cca7 100644 --- a/README.md +++ b/README.md @@ -11,9 +11,7 @@ The executables that you (might) care about are: │ ├── devlist-mailer │ ├── ftpdir-cleanup │ ├── integrity-check -│ ├── sourceballs -│ ├── update-web-db -│ └── update-web-files-db +│ └── sourceballs ├── db-move ├── db-remove ├── db-repo-add @@ -56,8 +54,6 @@ Things that haven't been mentioned yet: - `cron-jobs/devlist-mailer` - `cron-jobs/sourceballs` - - `cron-jobs/update-web-db` - - `cron-jobs/update-web-files-db` ## Testing * Install the `make` and `docker` packages. Start the docker daemon by issuing `systemctl start docker`. * The test suite can now be run with `make test`. diff --git a/cron-jobs/update-web-db b/cron-jobs/update-web-db deleted file mode 100755 index 39ed765..000 --- a/cron-jobs/update-web-db +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash - -. "$(dirname "$(readlink -e "$0")")/../config" -. "$(dirname "$(readlink -e "$0")")/../db-functions" - -# setup paths -SPATH="/srv/http/archweb" -ENVPATH="/srv/http/archweb-env/bin/activate" - -# having "more important repos" last should make [core] trickle to the top of -# the updates list each hour rather than being overwhelmed by big [extra] and -# [community] updates -REPOS=('community-testing' 'multilib-testing' 'multilib' 'community' 'extra' 'testing' 'core') -LOGOUT="/tmp/archweb_update.log" - -# figure out what operation to perform -cmd="${0##*/}" -if [[ $cmd != "update-web-db" && $cmd != "update-web-files-db" ]]; then - die "Invalid command name '%s' specified!" "$cmd" -fi - -script_lock - -# run at nice 5. it can churn quite a bit of cpu after all. -renice +5 -p $$ > /dev/null - -echo "%s: Updating DB at %s" "$cmd" "$(date)" >> "${LOGOUT}" - -# source our virtualenv if it exists -if [[ -f "$ENVPATH" ]]; then - . "$ENVPATH" -fi - -case "$cmd" in - update-web-db) - dbfileext="${DBEXT}" - flags="" - ;; - update-web-files-db) - dbfileext="${FILESEXT}" - flags="--filesonly" - ;; -esac - -# Lock the repos and get a copy of the db files to work on -for repo in "${REPOS[@]}"; do - for arch in "${ARCHES[@]}"; do - repo_lock "${repo}" "${arch}" || exit 1 - dbfile="/srv/ftp/${repo}/os/${arch}/${repo}${dbfileext}" - if [[ -f ${dbfile} ]]; then - mkdir -p "${WORKDIR}/${repo}/${arch}" - cp "${dbfile}" "${WORKDIR}/${repo}/${arch}/${repo}${dbfileext}" - fi - repo_unlock "${repo}" "${arch}" - done -done - -# Run reporead on our db copy -pushd "$SPATH" >/dev/null -for repo in "${REPOS[@]}"; do - for arch in "${ARCHES[@]}"; do - dbcopy="${WORKDIR}/${repo}/${arch}/${repo}${dbfileext}" - if [[ -f ${dbcopy} ]]; then - echo "Updating ${repo}-${arch}" >> "${LOGOUT}" - ./manage.py reporead "${flags}" "${arch}" "${dbcopy}" >> "${LOGOUT}" 2>&1 - echo "" >> "${LOGOUT}" - fi - done -done -popd >/dev/null -echo "" >> "${LOGOUT}" - -# rotate the file if it is getting big (> 10M), overwriting any old backup -if [[ $(stat -c%s "${LOGOUT}") -gt 10485760 ]]; then - mv "${LOGOUT}" "${LOGOUT}.old" -fi - -script_unlock diff --git a/cron-jobs/update-web-files-db b/cron-jobs/update-web-files-db deleted file mode 12 index 0c2c4fa..000 --- a/cron-jobs/update-web-files-db +++ /dev/null @@ -1 +0,0 @@ -update-web-db \ No newline at end of file -- 2.18.0
[arch-projects] [devtools] [PATCH 1/2] Add lddd manual
--- doc/lddd.1 | 27 +++ 1 file changed, 27 insertions(+) create mode 100644 doc/lddd.1 diff --git a/doc/lddd.1 b/doc/lddd.1 new file mode 100644 index 000..74f9c5e --- /dev/null +++ b/doc/lddd.1 @@ -0,0 +1,27 @@ +.Dd August 13, 2018 +.\" Patch this in our groff's mdoc.local +.ds volume-operating-system Arch Linux +.ds default-operating-system Arch Linux +.Os Arch Linux +.Dt lddd 1 +.Sh NAME +.Nm lddd +.Nd find broken library links on your machine +.Sh SYNOPSIS +.Nm lddd +.Sh DESCRIPTION +lddd scans all elf binaries in $PATH, /lib, /usr/local/lib or specified in +/etc/ld.so.conf.d/*.conf, looks for missing symbols and suggests which packages +might need to be rebuild. The collected data is written to a temporary +directory created by mktemp. +.Sh SEE ALSO +.Xr ldd 1 +.Sh BUGS +Bugs? You must be kidding; there are no bugs in this software. But if we happen +to be wrong, send us an email with as much detail as possible to +arch-projects@archlinux.org +.Sh AUTHORS +.An Aaron Griffin +.An Pierre Schmitz +.An Lukas Fleischer +.An Luke Shumaker -- 2.18.0
[arch-projects] [devtools] [PATCH 0/2] [RFC] Add an pages
This patch series intends to be an RFC for adding man pages for every tool provided by devtools. The first man page for lddd is written in mdoc and is lacking a way to reduce duplication of common headers such as BUGS/AUTHORS. Note that the pacman bug motto was re-used, it's up for debate and the same for the bug location. Do we prefer the bugtracker of mailing lists for bug reports? Jelle van der Waa (2): Add lddd manual install man pages Makefile | 5 + doc/lddd.1 | 27 +++ 2 files changed, 32 insertions(+) create mode 100644 doc/lddd.1 -- 2.18.0
[arch-projects] [namcap][PATCH 1/3] tree-wide: remove unused imports
Remove unused imports tree-wide, which also resolves the deprecationwarning for the imp module import which is now printed to stdout. Signed-off-by: Jelle van der Waa --- Namcap/rules/anyelf.py | 4 ++-- Namcap/rules/elffiles.py| 4 +--- Namcap/rules/extravars.py | 1 - Namcap/rules/fhs.py | 1 - Namcap/rules/javafiles.py | 1 - Namcap/rules/mimefiles.py | 1 - Namcap/rules/shebangdepends.py | 1 - Namcap/rules/sodepends.py | 1 - Namcap/rules/unusedsodepends.py | 2 +- Namcap/tests/pkgbuild/test_carch.py | 1 - Namcap/util.py | 1 - namcap.py | 5 - 12 files changed, 4 insertions(+), 19 deletions(-) diff --git a/Namcap/rules/anyelf.py b/Namcap/rules/anyelf.py index 1e497e4..27f394c 100644 --- a/Namcap/rules/anyelf.py +++ b/Namcap/rules/anyelf.py @@ -21,8 +21,8 @@ Check for ELF files to see if a package should be 'any' architecture """ -import os, re -from Namcap.util import is_elf, is_static, clean_filename +import re +from Namcap.util import is_elf, is_static from Namcap.ruleclass import * class package(TarballRule): diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.py index 431a04d..d707a58 100644 --- a/Namcap/rules/elffiles.py +++ b/Namcap/rules/elffiles.py @@ -18,13 +18,11 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -import os - from elftools.elf.elffile import ELFFile from elftools.elf.dynamic import DynamicSection from elftools.elf.sections import SymbolTableSection -from Namcap.util import is_elf, clean_filename +from Namcap.util import is_elf from Namcap.ruleclass import * # Valid directories for ELF files diff --git a/Namcap/rules/extravars.py b/Namcap/rules/extravars.py index df0c0bf..89a438f 100644 --- a/Namcap/rules/extravars.py +++ b/Namcap/rules/extravars.py @@ -17,7 +17,6 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -import re from itertools import product from Namcap.ruleclass import * diff --git a/Namcap/rules/fhs.py b/Namcap/rules/fhs.py index 6a40ca4..9213da0 100644 --- a/Namcap/rules/fhs.py +++ b/Namcap/rules/fhs.py @@ -18,7 +18,6 @@ # import os, re -import tarfile from Namcap.ruleclass import * class FHSRule(TarballRule): diff --git a/Namcap/rules/javafiles.py b/Namcap/rules/javafiles.py index 40ff856..50413e4 100644 --- a/Namcap/rules/javafiles.py +++ b/Namcap/rules/javafiles.py @@ -18,7 +18,6 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -import os from Namcap.ruleclass import * from Namcap.util import is_java diff --git a/Namcap/rules/mimefiles.py b/Namcap/rules/mimefiles.py index 4825867..f9d56f4 100644 --- a/Namcap/rules/mimefiles.py +++ b/Namcap/rules/mimefiles.py @@ -18,7 +18,6 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -import os from Namcap.ruleclass import * class MimeDesktopRule(TarballRule): diff --git a/Namcap/rules/shebangdepends.py b/Namcap/rules/shebangdepends.py index 7d83ff4..07896df 100644 --- a/Namcap/rules/shebangdepends.py +++ b/Namcap/rules/shebangdepends.py @@ -21,7 +21,6 @@ """Checks dependencies on programs specified in shebangs.""" -import os import shutil import Namcap.package from Namcap.util import is_script, script_type diff --git a/Namcap/rules/sodepends.py b/Namcap/rules/sodepends.py index bce3a40..2f061bb 100644 --- a/Namcap/rules/sodepends.py +++ b/Namcap/rules/sodepends.py @@ -30,7 +30,6 @@ from Namcap.ruleclass import * from Namcap.util import is_elf from Namcap.rules.rpath import get_rpaths -from elftools.elf.enums import ENUM_D_TAG from elftools.elf.elffile import ELFFile from elftools.elf.dynamic import DynamicSection diff --git a/Namcap/rules/unusedsodepends.py b/Namcap/rules/unusedsodepends.py index abfb3ba..4b148d9 100644 --- a/Namcap/rules/unusedsodepends.py +++ b/Namcap/rules/unusedsodepends.py @@ -20,7 +20,7 @@ import os, subprocess, re import tempfile -from Namcap.util import is_elf, clean_filename +from Namcap.util import is_elf from Namcap.ruleclass import * libre = re.compile('^\t(/.*)') diff --git a/Namcap/tests/pkgbuild/test_carch.py b/Namcap/tests/pkgbuild/test_carch.py index 2d95b81..728cbd2 100644 --- a/Namcap/tests/pkgbuild/test_carch.py +++ b/Namcap/tests/pkgbuild/test_carch.py @@ -19,7 +19,6 @@ # USA # -import unittest from Namcap.tests.pkgbuild_test import PkgbuildTest import Namcap.rules.carch as module diff --git a/Namcap/util.py b/Namcap/util.py index f8d38dd..68e3878 100644 --- a/Namcap/util.py +++ b/Namcap/util.py @@ -17,7 +17,6 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -import os import re def _file_has_magic(fileobj, magic_bytes): diff --git a/namcap.py b/namcap.py index b62a2fa..21f83f2 100755 --- a/namcap.py +++ b/namcap.py @@ -20
[arch-projects] [namcap][PATCH 2/3] util: remove unused clean_filename
By removing the unused imports for clean_filename this function is now unused. --- Namcap/util.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/Namcap/util.py b/Namcap/util.py index 68e3878..ecf8b44 100644 --- a/Namcap/util.py +++ b/Namcap/util.py @@ -60,6 +60,4 @@ def script_type(fileobj): name = cmd[1] return name -clean_filename = lambda s: re.search(r"/tmp/namcap\.[0-9]*/(.*)", s).group(1) - # vim: set ts=4 sw=4 noet: -- 2.18.0
[arch-projects] [namcap][PATCH 3/3] tests: Update to latest libaplm version
--- Namcap/tests/package/test_sodepends.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Namcap/tests/package/test_sodepends.py b/Namcap/tests/package/test_sodepends.py index 3a3d7b6..4188c35 100644 --- a/Namcap/tests/package/test_sodepends.py +++ b/Namcap/tests/package/test_sodepends.py @@ -56,13 +56,13 @@ package() { ) self.assertEqual(pkg.detected_deps['pacman'], [ ('libraries-needed %s %s', -(str(['usr/lib/libalpm.so.10']), str(["usr/bin/main"])) +(str(['usr/lib/libalpm.so.11']), str(["usr/bin/main"])) )] ) e, w, i = Namcap.depends.analyze_depends(pkg) self.assertEqual(e, [ ('dependency-detected-not-included %s (%s)', - ('pacman', "libraries ['usr/lib/libalpm.so.10'] needed in files ['usr/bin/main']")) + ('pacman', "libraries ['usr/lib/libalpm.so.11'] needed in files ['usr/bin/main']")) ]) self.assertEqual(w, []) -- 2.18.0
[arch-projects] [namcap] [patch] Python 3.7 cleanups
This patch series cleans up unused imports and resolves the deprecation warning showns with Python 3.7
Re: [arch-projects] [archweb] [PATCH 1/1] Highlighting row on hover in the search results. FS#53612
On 06/10/18 at 05:32pm, nodivbyzero via arch-projects wrote: > --- > sitestatic/archweb.css | 10 +- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/sitestatic/archweb.css b/sitestatic/archweb.css > index 209561f..ef178e8 100644 > --- a/sitestatic/archweb.css > +++ b/sitestatic/archweb.css > @@ -698,11 +698,19 @@ table.results { > } > > .results tr.odd { > +background: #f5f5f5; > +} > + > +.results tr.odd:hover { > background: #fff; > } > > .results tr.even { > -background: #e4eeff; > +background: #ccdfff; > +} > + > +.results tr.even:hover { > +background: #b3cfff; > } > > .results .flagged { > -- > 2.17.0 Thanks, But search row highlighting was already implemented and merged yesterday in 577198a079489ba3e5522293deaa82adcddcded4. -- Jelle van der Waa signature.asc Description: PGP signature
Re: [arch-projects] [projects][pacman] [PATCH] libalpm: ignore .hook suffix when sorting hooks
On 06/09/18 at 12:31pm, Jouke Witteveen via arch-projects wrote: > It is desirable to have 'a-post.hook' ordered after 'a.hook'. For this, > it is needed to ignore the suffix when sorting. > --- pacman patches should go to https://lists.archlinux.org/listinfo/pacman-dev > > Two years ago, I suggested this patch in > https://bugs.archlinux.org/task/49653. > Today, I do so again :-). > > Regards, > - Jouke > > lib/libalpm/hook.c | 16 > lib/libalpm/hook.h | 2 ++ > 2 files changed, 14 insertions(+), 4 deletions(-) > > diff --git a/lib/libalpm/hook.c b/lib/libalpm/hook.c > index 0805e661..d90ed2da 100644 > --- a/lib/libalpm/hook.c > +++ b/lib/libalpm/hook.c > @@ -551,7 +551,16 @@ static int _alpm_hook_triggered(alpm_handle_t *handle, > struct _alpm_hook_t *hook > > static int _alpm_hook_cmp(struct _alpm_hook_t *h1, struct _alpm_hook_t *h2) > { > - return strcmp(h1->name, h2->name); > + size_t suflen = strlen(ALPM_HOOK_SUFFIX), l1, l2; > + int ret; > + l1 = strlen(h1->name) - suflen; > + l2 = strlen(h2->name) - suflen; > + /* exclude the suffixes from comparison */ > + ret = strncmp(h1->name, h2->name, l1 <= l2 ? l1 : l2); > + if(ret == 0 && l1 != l2) { > + return l1 < l2 ? -1 : 1; > + } > + return ret; > } > > static alpm_list_t *find_hook(alpm_list_t *haystack, const void *needle) > @@ -634,8 +643,7 @@ int _alpm_hook_run(alpm_handle_t *handle, > alpm_hook_when_t when) > alpm_event_hook_t event = { .when = when }; > alpm_event_hook_run_t hook_event; > alpm_list_t *i, *hooks = NULL, *hooks_triggered = NULL; > - const char *suffix = ".hook"; > - size_t suflen = strlen(suffix), triggered = 0; > + size_t suflen = strlen(ALPM_HOOK_SUFFIX), triggered = 0; > int ret = 0; > > for(i = alpm_list_last(handle->hookdirs); i; i = alpm_list_previous(i)) > { > @@ -681,7 +689,7 @@ int _alpm_hook_run(alpm_handle_t *handle, > alpm_hook_when_t when) > memcpy(path + dirlen, entry->d_name, name_len + 1); > > if(name_len < suflen > - || strcmp(entry->d_name + name_len - > suflen, suffix) != 0) { > + || strcmp(entry->d_name + name_len - > suflen, ALPM_HOOK_SUFFIX) != 0) { > _alpm_log(handle, ALPM_LOG_DEBUG, "skipping > non-hook file %s\n", path); > continue; > } > diff --git a/lib/libalpm/hook.h b/lib/libalpm/hook.h > index 364d22d7..30d565df 100644 > --- a/lib/libalpm/hook.h > +++ b/lib/libalpm/hook.h > @@ -22,6 +22,8 @@ > > #include "alpm.h" > > +#define ALPM_HOOK_SUFFIX ".hook" > + > int _alpm_hook_run(alpm_handle_t *handle, alpm_hook_when_t when); > > #endif /* ALPM_HOOK_H */ > -- > 2.17.1 -- Jelle van der Waa signature.asc Description: PGP signature
Re: [arch-projects] [pyalpm] Workaround https://bugs.python.org/issue33012
On 05/28/18 at 03:25pm, Chih-Hsuan Yen via arch-projects wrote: > This fixes building with GCC 8 > --- > setup.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/setup.py b/setup.py > index 887b7a1..ba3ae2a 100644 > --- a/setup.py > +++ b/setup.py > @@ -9,7 +9,7 @@ os.putenv('LC_CTYPE', 'en_US.UTF-8') > pyalpm_version = '0.8' > > cflags = ['-Wall', '-Wextra', '-Werror', > -'-Wno-unused-parameter', > +'-Wno-unused-parameter', '-Wno-cast-function-type', > '-std=c99', '-D_FILE_OFFSET_BITS=64'] > > alpm = Extension('pyalpm', > -- > 2.17.0 Sorry, I've already fixed this in master before I was aware of this patch. -- Jelle van der Waa signature.asc Description: PGP signature
Re: [arch-projects] [archweb] Licensing issues with JS code
On 01/14/18 at 08:34pm, Luke Shumaker wrote: > On Sun, 16 Jul 2017 23:46:01 -0400, > Andrew Gregory via arch-projects wrote: > > > > On 07/09/17 at 11:21am, Jelle van der Waa wrote: > > > Looking at the issue on the bugtracker, I'm not sure what you want to > > > achieve? personally I don't see any point in upgrading to GPLv3. > > > > Presumably, the main thing they want to achieve license compliance. > > GPLv2 is not compatible with GPLv3 or Apache 2.0. If archweb includes > > components under those licenses, it may be in violation. > > Indeed. We believe that archweb is in violation. > > In the linked bug, I commented off-the-cuff that I didn't believe that > the 1st-party GPLv2 code interacted with the 3rd-party GPLv3 or Apache > 2.0 code in a way that required license compatibility. > > Upon further review of release_2017-01-02 (the last release that > Parabola has merged, and thus the last that I am familiar enough with > to speak confidently about), I no longer believe that to be true. > > > > A listing of all 3rd-party JS, and its license: > > - Bootstrap 2.1.1 (+change from Dan McGee) : Apache 2.0 > - jQuery 1.8.3 : MIT > - tablesorter[1] 2.7: MIT / GPL > dual-license > - D3 3.0.6 : 3-clause BSD > - konami.js[2] c0f686e (+change from unknown author[3]) : GPLv3 > > [1]: https://github.com/Mottie/tablesorter > [2]: https://github.com/snaptortoise/konami-js > [3]: > https://git.parabola.nu/server/parabolaweb.git/plain/Makefile.d/konami.js.patch?h=archweb-generic > > Note that without even being concerned with license compatibility, > archweb is currently in violation of konami.js, as it does not > include, link to, or in any way provide instructions on how to obtain > non-minified source code. This is especially grievous, as it includes > (minor) changes that are not present in any non-minified version that > I have found. (We already patch to fix this in Parabola's fork; after > identifying the minifier used (UglifyJS 2.2), I backed-out to > reproduce the source changes (which I linked above).) > > Now, as Andrew Gregory agreed, the GPLv3 and Apache 2.0 licenses of > konami.js and Bootstrap are incompatible with archweb's GPLv2 license. > The 3rd-party files of concern are: > > retro/static/2013/bootstrap-typeahead.min.1aacd3d7f4db.js > retro/static/2013/konami.min.e165c814457d.js > sitestatic/bootstrap-typeahead.js > sitestatic/konami.min.js > > Additionally, the following file includes both 1st-party GPLv2 code, > and minified versions of bootstrap-typeahead.js and konami.js: > > sitestatic/homepage.js I'm happy to drop the whole konami.js code, it's a gimmick and doesn't really serve a purpose. The bootstrap stuff is harder, only required for typeahead and I remember messing with an alternative which was MIT but that might require a jQuery update. That should fix all the issues I think. > > This 3rd-party code is called by GPLv2-licensed archweb code in the > files: > > retro/templates/retro/index-2013-03-07.html > templates/public/index.html > sitestatic/homepage.js > > > > As Eli Schwartz noted elsewhere in the thread, after it was copied in > to archweb, konami.js has since re-licensed to the MIT license. > However, that does not cover the changes of unknown authorship that > were present when konami.js was first add to archweb. There's a good > chance that the author there is Dan McGee (who added the file to > archweb), but I'm not certain of that. > > | Proposed path forward: Confirm with Dan that he is the author of > | the changes, and that he agrees to license them under the MIT > | license. From there, simply backport the license change from > | upstream commit ece43a5. > > Bootstrap has also since re-licensed so that 3.1 and later are MIT > licensed; however, bootstrap-typeahead.js was only ever present in > Bootstrap 2.x; and was therefore not covered in the re-license. > > | Possible path forward (proposed by Jelle van der Waa): Modify > | homepage.js and index-2013-03-07.html to use the MIT-licensed > | horsey[4] instead of bootstrap-typeahead.js. > | > | [4]: https://github.com/bevacqua/horsey > > | Possible path forward: Contact the 7 authors of > | bootstrap-typeahead.js and confirm that they agree to license it > | under the MIT license. I believe all 7 of them agreed to this for > | other Bootstrap code that they were authors of; so presumably this > | is something they are agreeable to. > > -- > Happy hacking, > ~ Luke Shumaker -- Jelle van der Waa signature.asc Description: PGP signature
Re: [arch-projects] [archweb] Licensing issues with JS code
On 01/15/18 at 12:56am, Eli Schwartz via arch-projects wrote: > On 01/15/2018 12:07 AM, Luke Shumaker wrote: > > From what I see, that's a minority position, but of course I run in > > FSF circles, so my perception is a bit skewed. :P > > > > If that's the official position that the archweb team wants to take, I > > won't argue. > > I dunno what jelle/angvp/the gang would say, I do know that my personal > opinion is markedly skewed. :p I don't think we care largely care/cared. But this is probably something we should resolve. > >> I'll be watching this list and the Pull Requests page on archweb's > >> github with anticipation. ;) > > > > Wait, archweb is on GitHub? :P > > > > Is a GitHub PR the preferred method, or is the usual git-send-email to > > this ML preferred? > > > > (Though I have to be honest: this is on my TODO list, but fairly low > > priority on it) > > Arch Linux has a Github organization: https://github.com/archlinux > > A few things are mirrored there, and a couple new projects have their > primary home there. > Archweb specifically is primarily developed there via pull requests. > Unlike other Arch projects, it is the preferred workflow of archweb > developers/contributors. > Though I am sure git-send-email to this ML will still get through. :) Yeah PR's are preferred, they get tested automatically too. I'll respond on the other mail about the violating files :) -- Jelle van der Waa signature.asc Description: PGP signature
[arch-projects] [namcap] elffiles: Check for FULL RELRO
Instead of checking for RELRO, check for FULL RELRO which is the default now. --- Namcap/rules/elffiles.py | 15 --- namcap-tags | 2 +- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.py index e2dd7f5..a336d18 100644 --- a/Namcap/rules/elffiles.py +++ b/Namcap/rules/elffiles.py @@ -137,10 +137,17 @@ class ELFGnuRelroRule(TarballRule): Introduced by FS#26435. Uses pyelftools to check for GNU_RELRO. """ - # not smart enough for full/partial RELRO (DT_BIND_NOW?) name = "elfgnurelro" - description = "Check for RELRO in ELF files." + description = "Check for FULL RELRO in ELF files." + + def has_bind_now(self, elffile): + for section in elffile.iter_sections(): + if not isinstance(section, DynamicSection): + continue + if any(tag.entry.d_tag == 'DT_BIND_NOW' for tag in section.iter_tags()): + return True + return False def analyze(self, pkginfo, tar): missing_relro = [] @@ -153,7 +160,9 @@ class ELFGnuRelroRule(TarballRule): continue elffile = ELFFile(fp) if any(seg['p_type'] == 'PT_GNU_RELRO' for seg in elffile.iter_segments()): - continue + if self.has_bind_now(elffile): + continue + missing_relro.append(entry.name) if missing_relro: diff --git a/namcap-tags b/namcap-tags index f967724..f464b9c 100644 --- a/namcap-tags +++ b/namcap-tags @@ -19,7 +19,7 @@ elffile-not-in-allowed-dirs %s :: ELF file ('%s') outside of a valid path. elffile-in-questionable-dirs %s :: ELF files outside of a valid path ('%s'). elffile-with-textrel %s :: ELF file ('%s') has text relocations. elffile-with-execstack %s :: ELF file ('%s') has executable stack. -elffile-without-relro %s :: ELF file ('%s') lacks RELRO, check LDFLAGS. +elffile-without-relro %s :: ELF file ('%s') lacks FULL RELRO, check LDFLAGS. elffile-unstripped %s :: ELF file ('%s') is unstripped. empty-directory %s :: Directory (%s) is empty error-running-rule %s :: Error running rule '%s' -- 2.15.1
[arch-projects] [namcap] elffiles: Add rule for no PIE binaries
Verify if packages where build with PIE enabled by checking if it's an EY_DYN file with a DT_DEBUG entry. --- Namcap/rules/elffiles.py | 33 ++ Namcap/tests/package/test_elffiles.py | 38 ++- namcap-tags | 1 + 3 files changed, 71 insertions(+), 1 deletion(-) diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.py index e2dd7f5..a87c0db 100644 --- a/Namcap/rules/elffiles.py +++ b/Namcap/rules/elffiles.py @@ -194,4 +194,37 @@ class ELFUnstrippedRule(TarballRule): self.warnings = [("elffile-unstripped %s", i) for i in unstripped_binaries] +class NoPIERule(TarballRule): + """ + Checks for no PIE ELF files. + """ + + name = "elfnopie" + description = "Check for no PIE ELF files." + + def has_dt_debug(self, elffile): + for section in elffile.iter_sections(): + if not isinstance(section, DynamicSection): + continue + if any(tag.entry.d_tag == 'DT_DEBUG' for tag in section.iter_tags()): + return True + return False + + def analyze(self, pkginfo, tar): + nopie_binaries = [] + + for entry in tar: + if not entry.isfile(): + continue + fp = tar.extractfile(entry) + if not is_elf(fp): + continue + elffile = ELFFile(fp) + if elffile.header['e_type'] != 'ET_DYN' or not self.has_dt_debug(elffile): + nopie_binaries.append(entry.name) + + if nopie_binaries: + self.warnings = [("elffile-nopie %s", i) for i in nopie_binaries] + + # vim: set ts=4 sw=4 noet: diff --git a/Namcap/tests/package/test_elffiles.py b/Namcap/tests/package/test_elffiles.py index 6362a58..b11fa13 100644 --- a/Namcap/tests/package/test_elffiles.py +++ b/Namcap/tests/package/test_elffiles.py @@ -95,5 +95,41 @@ package() { ]) self.assertEqual(r.infos, []) -# vim: set ts=4 sw=4 noet: +class TestNoPieStack(MakepkgTest): + pkgbuild = """ +pkgname=__namcap_test_nopie +pkgver=1.0 +pkgrel=1 +pkgdesc="A package" +arch=('i686' 'x86_64') +url="http://www.example.com/; +license=('GPL') +depends=('glibc') +source=() +options=(!purge !zipman) +build() { + cd "${srcdir}" + echo "int main() { return 0; }" > main.c + /usr/bin/gcc -o main main.c -no-pie +} +package() { + install -D -m 644 "${srcdir}/main" "${pkgdir}/usr/bin/nopie" +} +""" + def test_nopie(self): + pkgfile = "__namcap_test_nopie-1.0-1-%(arch)s.pkg.tar" % { "arch": self.arch } + with open(os.path.join(self.tmpdir, "PKGBUILD"), "w") as f: + f.write(self.pkgbuild) + self.run_makepkg() + pkg, r = self.run_rule_on_tarball( + os.path.join(self.tmpdir, pkgfile), + Namcap.rules.elffiles.NoPIERule + ) + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, [ + ("elffile-nopie %s", + "usr/bin/nopie") + ]) + self.assertEqual(r.infos, []) +# vim: set ts=4 sw=4 noet: diff --git a/namcap-tags b/namcap-tags index f967724..420ad5c 100644 --- a/namcap-tags +++ b/namcap-tags @@ -17,6 +17,7 @@ directory-not-world-executable %s :: Directory (%s) does not have the world exec elffile-in-any-package %s :: ELF file ('%s') found in an 'any' package. elffile-not-in-allowed-dirs %s :: ELF file ('%s') outside of a valid path. elffile-in-questionable-dirs %s :: ELF files outside of a valid path ('%s'). +elffile-nopie %s :: ELF file ('%s') lacks PIE. elffile-with-textrel %s :: ELF file ('%s') has text relocations. elffile-with-execstack %s :: ELF file ('%s') has executable stack. elffile-without-relro %s :: ELF file ('%s') lacks RELRO, check LDFLAGS. -- 2.15.1
Re: [arch-projects] [archweb] Licensing issues with JS code
On 07/17/17 at 09:00am, Adonay Felipe Nogueira via arch-projects wrote: > Indeed. things under GPL 2 (notice the lack of "+"/"or later") can't > adapt/depend on things under GPL 3. > > Things under both GPL 2 and its "+"/"or later" version can't > adapt/depend on things under Apache 2.0. However, things under GPL 3 and > its "+"/"or later" version can. I'm not fond of moving to GPLv3, first off, we'd have to ask all contributors to agree to it right? But something I can see do-able, is moving away from bootstrap-typeahead.js to horsey which is MIT licensed. [1] > - "visualize/static/visualize.js" is licensed under GNU GPL 2 (assumed to be > "only" because the license notice in the file doesn't tell if there is an > upgrade possibility). This is part of archweb, so GPLv2 > - "mirrors/static/mirror_status.js" is licensed under GNU GPL 2 (assumed to > be "only" because the license notice in the file doesn't tell if there is an > upgrade possibility). This is part of archweb, so GPLv2 [1] https://github.com/bevacqua/horsey -- Jelle van der Waa signature.asc Description: PGP signature
Re: [arch-projects] [archweb] Licensing issues with JS code
Hi, I do some more work on Archweb these days, so I might be able to help. On 07/08/17 at 06:38pm, Adonay Felipe Nogueira via arch-projects wrote: > For a short description of the issue, see: > [[https://labs.parabola.nu/issues/1405]]. > > However, we must also note that Archweb is now newer than the Archweb > release used by Parabola. > > Nonethless, as far as I know, each of the files still exist, although > some of them don't even have license indication for the site's visitor > (this is true for "visualize/static/visualize.js" and > "mirrors/static/mirror_status.js"). homepage.js does not have a license header either, and personally I don't see the need to add it. Looking at the issue on the bugtracker, I'm not sure what you want to achieve? personally I don't see any point in upgrading to GPLv3. -- Jelle van der Waa signature.asc Description: PGP signature
Re: [arch-projects] [archweb][PATCH] Added security tracker into navbar
On 01/19/17 at 11:28pm, Morten Linderud wrote: > Signed-off-by: Morten Linderud <mor...@linderud.pw> > --- > web/template/cgit/header.html | 1 + > web/template/header.php | 1 + This patch should go to aur-...@archlinux.org, since it's touching the AUR and not archweb. Archweb is the django website which is written in Python :) [1] [1] https://git.archlinux.org/archweb.git/ -- Jelle van der Waa signature.asc Description: PGP signature
[arch-projects] [devtools][PATCH 2/2] lib: remove unused version, pkgparts
--- lib/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/common.sh b/lib/common.sh index 780962c..387fb8c 100644 --- a/lib/common.sh +++ b/lib/common.sh @@ -180,7 +180,7 @@ pkgver_equal() { find_cached_package() { local searchdirs=("$PWD" "$PKGDEST") results=() local targetname=$1 targetver=$2 targetarch=$3 - local dir pkg pkgbasename pkgparts name ver rel arch size r results + local dir pkg pkgbasename name ver rel arch r results for dir in "${searchdirs[@]}"; do [[ -d $dir ]] || continue -- 2.11.0
[arch-projects] [devtools][PATCH 1/2] lib: remove unused left, right
--- lib/common.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/common.sh b/lib/common.sh index f6aea93..780962c 100644 --- a/lib/common.sh +++ b/lib/common.sh @@ -162,8 +162,6 @@ slock() { # usage: pkgver_equal( $pkgver1, $pkgver2 ) ## pkgver_equal() { - local left right - if [[ $1 = *-* && $2 = *-* ]]; then # if both versions have a pkgrel, then they must be an exact match [[ $1 = "$2" ]] -- 2.11.0
[arch-projects] [namcap][PATCH] tests: fix invalid provides >=
provides>= is not valid according to man PKGBUILD and makepkg --printsrcinfo change it to provides= Signed-off-by: Jelle van der Waa <je...@vdwaa.nl> --- Namcap/tests/test_pacman.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Namcap/tests/test_pacman.py b/Namcap/tests/test_pacman.py index d406a27..0fe74ba 100644 --- a/Namcap/tests/test_pacman.py +++ b/Namcap/tests/test_pacman.py @@ -18,7 +18,7 @@ url="http://www.example.com/; license=('GPL') depends=('glibc' 'foobar') optdepends=('libabc: provides the abc feature') -provides=('yourpackage>=0.9') +provides=('yourpackage=0.9') options=('!libtool') source=(ftp://ftp.example.com/pub/mypackage-0.1.tar.gz) md5sums=('abcdefabcdef12345678901234567890') @@ -68,6 +68,6 @@ class PkgbuildLoaderTests(unittest.TestCase): def test_provides(self): self.assertEqual(self.pkginfo['provides'], ["yourpackage"]) self.assertEqual(self.pkginfo['orig_provides'], - ["yourpackage>=0.9"]) + ["yourpackage=0.9"]) # vim: set ts=4 sw=4 noet: -- 2.11.0
[arch-projects] [archweb][PATCH] README: document importing package contents
Document how to import the 'package contents' of a package. Signed-off-by: Jelle van der Waa <je...@vdwaa.nl> --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 7f94626..bc08210 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,9 @@ packages, you will probably want the following: ./manage.py reporead i686 core.db.tar.gz ./manage.py syncisos +wget http://mirrors.kernel.org/archlinux/core/os/i686/core.files.tar.gz +./manage.py reporead i686 core.files.tar.gz + Alter architecture and repo to get x86\_64 and packages from other repos if needed. -- 2.10.2
[arch-projects] [pyalpm][PATCH] remove unrequired includes
These unrequired includes where found by llvm's include-what-you-use Signed-off-by: Jelle van der Waa <je...@vdwaa.nl> --- src/pyalpm.c | 1 - src/pyalpm.h | 6 -- 2 files changed, 7 deletions(-) diff --git a/src/pyalpm.c b/src/pyalpm.c index 507f564..12e57c8 100644 --- a/src/pyalpm.c +++ b/src/pyalpm.c @@ -20,7 +20,6 @@ #include "pyalpm.h" #include "util.h" -#include "handle.h" #include "package.h" #include "db.h" diff --git a/src/pyalpm.h b/src/pyalpm.h index d9784e4..6f80570 100644 --- a/src/pyalpm.h +++ b/src/pyalpm.h @@ -20,12 +20,6 @@ This file is part of pyalpm. */ #include -#include -#include - -#include -#include - #ifndef PYALPM_H #define PYALPM_H -- 2.10.2
[arch-projects] [pyalpm][PATCH add tests] 3/4] tests: Add tests for pyalpm.handle
Add a few simple tests for functions which do not touch the local db. Signed-off-by: Jelle van der Waa <je...@vdwaa.nl> --- tests/test_handle.py | 45 + 1 file changed, 45 insertions(+) create mode 100644 tests/test_handle.py diff --git a/tests/test_handle.py b/tests/test_handle.py new file mode 100644 index 000..03cd704 --- /dev/null +++ b/tests/test_handle.py @@ -0,0 +1,45 @@ +import unittest +import pyalpm + + +class handle(unittest.TestCase): + +def setUp(self): +self.handle = pyalpm.Handle('/', '/var/lib/pacman') + +def test_cachedirs(self): +self.handle.add_cachedir('/tmp/') +self.assertIn('/tmp/', self.handle.cachedirs) + +self.handle.remove_cachedir('/tmp/') +self.assertNotIn('/tmp/', self.handle.cachedirs) + +def test_ignoregrps(self): +self.handle.add_ignoregrp('base') +self.assertIn('base', self.handle.ignoregrps) + +self.handle.remove_ignoregrp('base') +self.assertNotIn('base', self.handle.ignoregrps) + +def test_ignorepkg(self): +self.handle.add_ignorepkg('pacman') +self.assertIn('pacman', self.handle.ignorepkgs) + +self.handle.remove_ignorepkg('pacman') +self.assertNotIn('pacman', self.handle.ignorepkgs) + +def test_noextracts(self): +self.handle.add_noextract('index.php') +self.assertIn('index.php', self.handle.noextracts) + +self.handle.remove_noextract('index.php') +self.assertNotIn('index.php', self.handle.noextracts) + +def test_noupgrade(self): +self.handle.add_noupgrade('linux') +self.assertIn('linux', self.handle.noupgrades) + +self.handle.remove_noupgrade('linux') +self.assertNotIn('linux', self.handle.noupgrades) + +# vim: set ts=4 sw=4 et: -- 2.10.1
[arch-projects] [pyalpm][PATCH add tests] 2/4] tests: Add pyalpm.vercmp tests
Add tests for pyalpm.vercmp function. The tests are mostly taken from `man vercmp`. Signed-off-by: Jelle van der Waa <je...@vdwaa.nl> --- tests/test_vercmp.py | 21 + 1 file changed, 21 insertions(+) create mode 100644 tests/test_vercmp.py diff --git a/tests/test_vercmp.py b/tests/test_vercmp.py new file mode 100644 index 000..8c42466 --- /dev/null +++ b/tests/test_vercmp.py @@ -0,0 +1,21 @@ +import unittest +import pyalpm + + +class vercmp(unittest.TestCase): + +def test_smaller(self): +self.assertEqual(pyalpm.vercmp('1', '2'), -1) + +def test_greater(self): +self.assertEqual(pyalpm.vercmp('2', '1'), 1) +self.assertEqual(pyalpm.vercmp('2.0-1', '1.7-6'), 1) + +def test_equal(self): +self.assertEqual(pyalpm.vercmp('1', '1'), 0) +self.assertEqual(pyalpm.vercmp('1.0', '1.0-10'), 0) + +def test_epoch(self): +self.assertEqual(pyalpm.vercmp('4.34', '1:001'), -1) + +# vim: set ts=4 sw=4 et: -- 2.10.1
[arch-projects] [pyalpm][PATCH add tests] 4/4] Add `python setup.py test`
Add the ability to run the unittests from setup.py. Signed-off-by: Jelle van der Waa <je...@vdwaa.nl> --- setup.py | 22 +- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 44507a9..21196f9 100644 --- a/setup.py +++ b/setup.py @@ -1,5 +1,7 @@ # -*- coding: utf-8 -*- import os +import subprocess +from distutils.cmd import Command from distutils.core import Extension, setup os.putenv('LC_CTYPE', 'en_US.UTF-8') @@ -36,6 +38,21 @@ alpm = Extension('pyalpm', 'src/util.h', ]) +class TestCommand(Command): +user_options = [] + +def initialize_options(self): +pass + +def finalize_options(self): +pass + +def run(self): +raise SystemExit( +subprocess.call(['nosetests', + 'tests'])) + + setup(name = 'pyalpm', version = pyalpm_version, description = 'libalpm bindings for Python 3', @@ -45,6 +62,9 @@ setup(name = 'pyalpm', packages = ["pycman"], scripts = ["scripts/lsoptdepends"] + ["scripts/pycman-" + i for i in ['database', 'deptest', 'query', 'remove', 'sync', 'upgrade', 'version']], - ext_modules = [alpm]) + ext_modules = [alpm], + cmdclass = { + 'test': TestCommand +}) # vim: set ts=4 sw=4 et tw=0: -- 2.10.1
[arch-projects] [pyalpm][PATCH add tests] 1/4] Remove old tests
These options are no longer part of pyalpm. Signed-off-by: Jelle van der Waa <je...@vdwaa.nl> --- tests/options.py | 124 --- 1 file changed, 124 deletions(-) delete mode 100644 tests/options.py diff --git a/tests/options.py b/tests/options.py deleted file mode 100644 index e2610c5..000 --- a/tests/options.py +++ /dev/null @@ -1,124 +0,0 @@ -import unittest -import pyalpm - -class TestOptions(unittest.TestCase): -def setUp(self): -pyalpm.initialize() - -def tearDown(self): -pyalpm.release() - -def test_paths(self): -"Test getter/setters for file path options" -opts = pyalpm.options -opts.root = "/root" -self.assertEqual(opts.root, "/root/") - -opts.dbpath = "/var/lib/pacman" -self.assertEqual(opts.dbpath, "/var/lib/pacman/") -self.assertEqual(opts.lockfile, "/var/lib/pacman/db.lck") - -opts.logfile = "/var/log/pacman.log" -self.assertEqual(opts.logfile, "/var/log/pacman.log") - -def test_paths_wrong_type(self): -opts = pyalpm.options -with self.assertRaises(TypeError): -opts.root = 3 -with self.assertRaises(TypeError): -opts.dbpath = 3 -with self.assertRaises(TypeError): -opts.logfile = 3 - -def test_string(self): -"Test getter/setters for string options" -pyalpm.options.arch = 'i686' -self.assertEqual(pyalpm.options.arch, 'i686') -with self.assertRaises(TypeError): -pyalpm.options.arch = ["i686"] - -def test_booleans(self): -"Test get/set for boolean options" -opts = pyalpm.options -opts.usesyslog = 1 -self.assertEqual(opts.usesyslog, 1) -opts.usesyslog = 0 -self.assertEqual(opts.usesyslog, 0) -opts.usedelta = 1 -self.assertEqual(opts.usedelta, 1) -opts.checkspace = 1 -self.assertEqual(opts.checkspace, 1) - -def test_lists(self): -"Test get/set for list options" -opts = pyalpm.options - -opts.noupgrades = ["glibc", "pacman"] -self.assertEqual(set(opts.noupgrades), set(["glibc", "pacman"])) -opts.add_noupgrade("kernel26") -self.assertEqual(set(opts.noupgrades), set(["glibc", "pacman", "kernel26"])) -opts.remove_noupgrade("glibc") -self.assertEqual(set(opts.noupgrades), set(["pacman", "kernel26"])) - -opts.ignorepkgs = ["glibc", "pacman"] -self.assertEqual(set(opts.ignorepkgs), set(["glibc", "pacman"])) - -class TestOptionsNotInit(unittest.TestCase): -def test_root(self): -opts = pyalpm.options -with self.assertRaises(pyalpm.error): -opts.root = "/root" -with self.assertRaises(pyalpm.error): -s = opts.root - -def test_dbpath(self): -opts = pyalpm.options -with self.assertRaises(pyalpm.error): -opts.dbpath = "/var/lib/pacman" -with self.assertRaises(pyalpm.error): -s = opts.dbpath - -def test_logfile(self): -opts = pyalpm.options -with self.assertRaises(pyalpm.error): -opts.logfile = "/var/log/pacman.log" -with self.assertRaises(pyalpm.error): -s = opts.logfile - -def test_lockfile(self): -opts = pyalpm.options -with self.assertRaises(pyalpm.error): -s = opts.lockfile - -def test_arch(self): -with self.assertRaises(pyalpm.error): -pyalpm.options.arch = "i686" -with self.assertRaises(pyalpm.error): -s = pyalpm.options.arch - -def test_usesyslog(self): -"Test get/set for boolean options" -opts = pyalpm.options -with self.assertRaises(pyalpm.error): -opts.usesyslog = 1 -with self.assertRaises(pyalpm.error): -x = opts.usesyslog - -def test_usedelta(self): -opts = pyalpm.options -with self.assertRaises(pyalpm.error): -opts.usedelta = 1 -with self.assertRaises(pyalpm.error): -x = opts.usedelta - -def test_checkspace(self): -opts = pyalpm.options -with self.assertRaises(pyalpm.error): -opts.checkspace = 1 -with self.assertRaises(pyalpm.error): -x = opts.checkspace - -if __name__ == "__main__": -unittest.main(verbosity = 2) - -# vim: set ts=4 sw=4 tw=0 et: -- 2.10.1
[arch-projects] [pyalpm][PATCH] Update authors
Signed-off-by: Jelle van der Waa <je...@vdwaa.nl> --- AUTHORS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/AUTHORS b/AUTHORS index bad9911..3c0d5ba 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,4 +1,7 @@ +Dan McGee <d...@archlinux.org> Imanol Celaya <ilcra1...@gmail.com> +Jelle van der Waa <je...@vdwaa.nl> Øyvind Heggstad <mrelen...@har-ikkje.net> Rémy Oudompheng <r...@archlinux.org> +Tasos Latsas <tlatsas2...@gmail.com> Xyne <x...@archlinux.ca> -- 2.10.1
[arch-projects] [pyalpm][PATCH v2] free log when it's no longer required
Valgrind indicated that 253,052 bytes where definitely lost when running lsoptdepends. Valgrind reports before and after: - definitely lost: 253,052 bytes in 4,979 blocks - definitely lost: 48 bytes in 2 blocks Signed-off-by: Jelle van der Waa <je...@vdwaa.nl> --- Changes since v2: * Check if vasprintf allocated memory. src/options.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/options.c b/src/options.c index 0dad965..2637c9d 100644 --- a/src/options.c +++ b/src/options.c @@ -340,6 +340,7 @@ void pyalpm_logcb(alpm_loglevel_t level, const char *fmt, va_list va_args) { if(ret == -1) log = "pyalpm_logcb: could not allocate memory"; result = PyObject_CallFunction(global_py_callbacks[CB_LOG], "is", level, log); + if (ret != -1) free(log); if (!result) PyErr_Print(); Py_CLEAR(result); } -- 2.10.0
[arch-projects] [pyalpm][PATCH] free log when it's no longer required
Valgrind indicated that 253,052 bytes where definitely lost when running lsoptdepends. Valgrind reports before and after: - definitely lost: 253,052 bytes in 4,979 blocks - definitely lost: 48 bytes in 2 blocks Signed-off-by: Jelle van der Waa <je...@vdwaa.nl> --- src/options.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/options.c b/src/options.c index 0dad965..cdbe4e0 100644 --- a/src/options.c +++ b/src/options.c @@ -340,6 +340,7 @@ void pyalpm_logcb(alpm_loglevel_t level, const char *fmt, va_list va_args) { if(ret == -1) log = "pyalpm_logcb: could not allocate memory"; result = PyObject_CallFunction(global_py_callbacks[CB_LOG], "is", level, log); + free(log); if (!result) PyErr_Print(); Py_CLEAR(result); } -- 2.10.0
[arch-projects] [archweb][PATCH] Fix typo in known_bad help text
Signed-off-by: Jelle van der Waa <je...@vdwaa.nl> --- packages/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/models.py b/packages/models.py index 03f0342..83cc7cb 100644 --- a/packages/models.py +++ b/packages/models.py @@ -86,7 +86,7 @@ class SignoffSpecification(models.Model): enabled = models.BooleanField(default=True, help_text="Is this package eligible for signoffs?") known_bad = models.BooleanField(default=False, -help_text="Is package is known to be broken in some way?") +help_text="Is this package known to be broken in some way?") comments = models.TextField(null=True, blank=True) objects = SignoffSpecificationManager() -- 2.9.0
[arch-projects] [namcap][PATCH] Update mailing list to arch-projects
--- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index 89f6fb5..c90315e 100644 --- a/README +++ b/README @@ -21,7 +21,7 @@ Minimal examples (very simple packages forged to exhibit unexpected behaviour from namcap) are also welcome to extend namcap's test suite. If you've a patch (fixing a bug or a new namcap module), then you can send it -to the arch-general mailing list. Namcap development is managed with git, so +to the arch-projects mailing list. Namcap development is managed with git, so git-formatted patches are preferred. Namcap's source is available on: -- 2.4.1
[arch-projects] [namcap][PATCH] Add validpgpkeys as valid var
--- Namcap/rules/extravars.py | 2 +- Namcap/tests/pkgbuild/test_extravars.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Namcap/rules/extravars.py b/Namcap/rules/extravars.py index 0fb0b93..74eed0a 100644 --- a/Namcap/rules/extravars.py +++ b/Namcap/rules/extravars.py @@ -30,7 +30,7 @@ class package(PkgbuildRule): 'sha256sums', 'sha384sums', 'sha512sums', 'pkgname', 'pkgbase', 'pkgver', 'pkgrel', 'epoch', 'pkgdesc', 'groups', 'url', 'install', 'changelog', -'options', 'optdepends', 'checkdepends'] +'options', 'optdepends', 'checkdepends', 'validpgpkeys'] for varname in pkginfo[setvars]: if varname.islower() and varname not in stdvars \ and not varname.startswith('_'): diff --git a/Namcap/tests/pkgbuild/test_extravars.py b/Namcap/tests/pkgbuild/test_extravars.py index 459a87b..30262e5 100644 --- a/Namcap/tests/pkgbuild/test_extravars.py +++ b/Namcap/tests/pkgbuild/test_extravars.py @@ -78,6 +78,7 @@ glibc=2.12 optdepends=('gtk2') options=('!libtool') source=(ftp://ftp.example.com/pub/mypackage-0.1.tar.gz) +validpgpkeys=('D7EDD665AB6F255E2EB9BA2702FA998FBAD6674A') md5sums=('abcdefabcdef12345678901234567890') build() { -- 2.4.1
Re: [arch-projects] [namcap] [PATCH] Add py_mtime rule
) + if mtree_status == False and tar_status: + # mtree only + self.warning = [('py-mtime-mtree-warning', ())] + elif not tar_status: + # tar or both + self.errors = [('py-mtime-tar-error', ())] + self.infos = [('py-mtime-file-name %s', f[1:]) for f in _mtime_filter(_generic_timestamps(tar))] + +# vim: set ts=4 sw=4 noet: diff --git a/Namcap/util.py b/Namcap/util.py index 21d7163..0613202 100644 --- a/Namcap/util.py +++ b/Namcap/util.py @@ -20,6 +20,7 @@ import os import re import stat +import gzip def _read_carefully(path, readcall): if not os.path.isfile(path): @@ -77,4 +78,31 @@ def script_type(path): clean_filename = lambda s: re.search(r/tmp/namcap\.[0-9]*/(.*), s).group(1) +def _mtree_line(line): + returns head, {key:value} + # todo, un-hex the escaped chars + head,_,kvs = line.partition(' ') + kvs = dict(kv.split('=') for kv in kvs.split(' ')) + return head, kvs + +def load_mtree(tar): + takes a tar object, returns (path, {attributes}) + if '.MTREE' not in tar.getnames(): + raise StopIteration + zfile = tar.extractfile('.MTREE') + text = gzip.open(zfile).read().decode(utf-8) + defaults = {} + for line in text.split('\n'): + if not line: + continue + if line.startswith('#'): + continue + head, kvs = _mtree_line(line) + if head == '/set': + defaults = kvs + attr = {} + attr.update(defaults) + attr.update(kvs) + yield head, attr + # vim: set ts=4 sw=4 noet: diff --git a/namcap-tags b/namcap-tags index d638478..8b67330 100644 --- a/namcap-tags +++ b/namcap-tags @@ -67,6 +67,9 @@ perllocal-pod-present %s :: perllocal.pod found in %s. pkgname-in-description :: Description should not contain the package name. potential-non-fhs-info-page %s :: Potential non-FHS info page (%s) found. potential-non-fhs-man-page %s :: Potential non-FHS man page (%s) found. +py-mtime-mtree-warning :: Found .py file newer (sub-second) than associated .pyc/pyo. +py-mtime-tar-error :: Found .py file newer than associated .pyc/pyo. +py-mtime-file-name %s :: Python script (%s) is newer than associated .pyc/pyo. script-link-detected %s in %s :: Script link detected (%s) in file %s scrollkeeper-dir-exists %s :: Scrollkeeper directory exists (%s). Remember to not run scrollkeeper till post_{install,upgrade,remove}. site-ruby :: Found usr/lib/ruby/site_ruby in package, usr/lib/ruby/vendor_ruby should be used instead. -- 2.0.1 Apart from the one comment, the code looks fine to me. -- Jelle van der Waa signature.asc Description: Digital signature
[arch-projects] [namcap][PATCH] add two rules which check if a PKGBUILD for vcs packages contains the correct makedepends and conflicts array
Adds a unit test --- Namcap/rules/__init__.py| 3 ++- Namcap/rules/vcspackages.py | 43 +++ namcap-tags | 3 +++ 3 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 Namcap/rules/vcspackages.py diff --git a/Namcap/rules/__init__.py b/Namcap/rules/__init__.py index f7780d2..62c2617 100644 --- a/Namcap/rules/__init__.py +++ b/Namcap/rules/__init__.py @@ -60,7 +60,8 @@ from . import ( pkginfo, pkgnameindesc, sfurl, - splitpkgbuild + splitpkgbuild, + vcspackages ) all_rules = {} diff --git a/Namcap/rules/vcspackages.py b/Namcap/rules/vcspackages.py new file mode 100644 index 000..32b --- /dev/null +++ b/Namcap/rules/vcspackages.py @@ -0,0 +1,43 @@ +# +# namcap rules - vcspackages +# Copyright (C) 2013 Jelle van der Waa je...@vdwaa.nl +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +from Namcap.ruleclass import * + +vcspackages = {'-git': 'git', '-svn': 'subversion', '-bzr': 'bzr', '-hg': 'mercurial' } + +class ConflictsRule(PkgbuildRule): + name = conflictsrule + description = Verifies if a pkgname-vcs package conflicts with pkgname + def analyze(self, pkginfo, tar): + if 'name' in pkginfo: + if pkginfo[name].endswith(tuple(vcspackages)) and conflicts not in pkginfo: + self.warnings.append((vcs-package-conflicts, ())) + +class MakedependsRule(PkgbuildRule): + name = makedependsrule + description = Checks if a vcs package has the correct makedepends array + def analyze(self, pkginfo, tar): + if 'name' in pkginfo: + for vcsname, vcspkg in vcspackages.items(): + if not pkginfo['name'].endswith(vcsname): + continue + if 'makedepends' not in pkginfo or vcspkg not in pkginfo['makedepends']: + self.errors.append((vcs-package-makedepends-missing %s, vcspkg)) + +# vim: set ts=4 sw=4 noet: diff --git a/namcap-tags b/namcap-tags index 818c7a5..ecde1c0 100644 --- a/namcap-tags +++ b/namcap-tags @@ -77,6 +77,9 @@ use-pkgdir :: Use $pkgdir instead of $startdir/pkg use-srcdir :: Use $srcdir instead of $startdir/src using-dl-sourceforge :: Attempting to use dl sourceforge domain, use downloads.sourceforge.net instead variable-not-array %s :: Variable %s is not an array. +vcs-package-conflicts :: Vcs package should conflict with the non-vcs version +vcs-package-makedepends-missing %s :: Makedepends array should contain '%s' + # dependency tags dependency-already-satisfied %s :: Dependency %s included but already satisfied -- 1.8.4
[arch-projects] [namcap][PATCH] implement FS#27485, warn on unstripped files
--- Namcap/rules/elffiles.py | 38 +++ Namcap/tests/package/test_elffiles.py | 38 ++- namcap-tags | 1 + 3 files changed, 76 insertions(+), 1 deletion(-) diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.py index f8f16ac..b073cb7 100644 --- a/Namcap/rules/elffiles.py +++ b/Namcap/rules/elffiles.py @@ -23,6 +23,7 @@ import tempfile import subprocess from elftools.elf.elffile import ELFFile +from elftools.elf.sections import SymbolTableSection from Namcap.util import is_elf, clean_filename from Namcap.ruleclass import * @@ -143,4 +144,41 @@ class ELFExecStackRule(TarballRule): self.warnings = [(elffile-with-execstack %s, i) for i in exec_stacks] +class ELFUnstrippedRule(TarballRule): + + Checks for unstripped ELF files. Uses pyelftools to check if + .symtab exists. + + + name = elfunstripped + description = Check for unstripped ELF files. + + def analyze(self, pkginfo, tar): + unstripped_binaries = [] + + for entry in tar: + tmpname = _test_elf_and_extract(tar, entry) + if not tmpname: + continue + + try: + fp = open(tmpname, 'rb') + elffile = ELFFile(fp) + for section in elffile.iter_sections(): + if not isinstance(section, SymbolTableSection): + continue + + if section['sh_entsize'] == 0: + print ('symbol table empty') + continue + + if section.name == b'.symtab': + unstripped_binaries.append(entry.name) + fp.close() + finally: + os.unlink(tmpname) + if unstripped_binaries: + self.warnings = [(elffile-unstripped %s, i) + for i in unstripped_binaries] + # vim: set ts=4 sw=4 noet: diff --git a/Namcap/tests/package/test_elffiles.py b/Namcap/tests/package/test_elffiles.py index 6362a58..3e8a307 100644 --- a/Namcap/tests/package/test_elffiles.py +++ b/Namcap/tests/package/test_elffiles.py @@ -95,5 +95,41 @@ package() { ]) self.assertEqual(r.infos, []) -# vim: set ts=4 sw=4 noet: +class TestUnstripped(MakepkgTest): + pkgbuild = +pkgname=__namcap_test_unstripped +pkgver=1.0 +pkgrel=1 +pkgdesc=A package +arch=('i686' 'x86_64') +url=http://www.example.com/; +license=('GPL') +depends=('glibc') +source=() +options=(!purge !zipman !strip) +build() { + cd ${srcdir} + echo int main() { return 0; } main.c + /usr/bin/gcc -o main -Wa,-execstack main.c +} +package() { + install -D -m 644 ${srcdir}/main ${pkgdir}/usr/bin/unstripped +} + + def test_unstripped(self): + pkgfile = __namcap_test_unstripped-1.0-1-%(arch)s.pkg.tar % { arch: self.arch } + with open(os.path.join(self.tmpdir, PKGBUILD), w) as f: + f.write(self.pkgbuild) + self.run_makepkg() + pkg, r = self.run_rule_on_tarball( + os.path.join(self.tmpdir, pkgfile), + Namcap.rules.elffiles.ELFUnstrippedRule + ) + self.assertEqual(r.errors, []) + self.assertEqual(r.warnings, [ + (elffile-unstripped %s, + usr/bin/unstripped) + ]) + self.assertEqual(r.infos, []) +# vim: set ts=4 sw=4 noet: diff --git a/namcap-tags b/namcap-tags index 818c7a5..1b681a6 100644 --- a/namcap-tags +++ b/namcap-tags @@ -20,6 +20,7 @@ elffile-in-any-package %s :: ELF file ('%s') found in an 'any' package. elffile-not-in-allowed-dirs %s :: ELF file ('%s') outside of a valid path. elffile-with-textrel %s :: ELF file ('%s') has text relocations. elffile-with-execstack %s :: ELF file ('%s') has executable stack. +elffile-unstripped %s :: ELF file ('%s') is unstripped. empty-directory %s :: Directory (%s) is empty error-running-rule %s :: Error running rule '%s' extra-var-begins-without-underscore %s :: Non standard variable '%s' doesn't start with an underscore -- 1.8.4.2
[arch-projects] [namcap][PATCH] implement FS#27485, warn on unstripped files
--- Namcap/rules/elffiles.py | 37 + namcap-tags | 1 + 2 files changed, 38 insertions(+) diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.py index f8f16ac..20d117f 100644 --- a/Namcap/rules/elffiles.py +++ b/Namcap/rules/elffiles.py @@ -23,6 +23,7 @@ import tempfile import subprocess from elftools.elf.elffile import ELFFile +from elftools.elf.sections import SymbolTableSection from Namcap.util import is_elf, clean_filename from Namcap.ruleclass import * @@ -143,4 +144,40 @@ class ELFExecStackRule(TarballRule): self.warnings = [(elffile-with-execstack %s, i) for i in exec_stacks] +class ELFUnstrippedRule(TarballRule): + + Checks for unstripped ELF files. Uses pyelftools to check if + .symtab exists. + + + name = elfunstripped + description = Check for unstripped ELF files. + + def analyze(self, pkginfo, tar): + unstripped_binaries = [] + + for entry in tar: + tmpname = _test_elf_and_extract(tar, entry) + if not tmpname: + continue + + try: + fp = open(tmpname, 'rb') + elffile = ELFFile(fp) + for section in elffile.iter_sections(): + if not isinstance(section, SymbolTableSection): + continue + + if section['sh_entsize'] == 0: + print ('symbol table empty') + continue + + if section.name == b'.symtab': + unstripped_binaries.append(entry.name) + finally: + os.unlink(tmpname) + if unstripped_binaries: + self.warnings = [(elffile-unstripped %s, i) + for i in unstripped_binaries] + # vim: set ts=4 sw=4 noet: diff --git a/namcap-tags b/namcap-tags index 818c7a5..1b681a6 100644 --- a/namcap-tags +++ b/namcap-tags @@ -20,6 +20,7 @@ elffile-in-any-package %s :: ELF file ('%s') found in an 'any' package. elffile-not-in-allowed-dirs %s :: ELF file ('%s') outside of a valid path. elffile-with-textrel %s :: ELF file ('%s') has text relocations. elffile-with-execstack %s :: ELF file ('%s') has executable stack. +elffile-unstripped %s :: ELF file ('%s') is unstripped. empty-directory %s :: Directory (%s) is empty error-running-rule %s :: Error running rule '%s' extra-var-begins-without-underscore %s :: Non standard variable '%s' doesn't start with an underscore -- 1.8.4.2
[arch-projects] [namcap][PATCH] add two rules which check if a PKGBUILD for vcs packages contains the correct makedepends and conflicts array
--- Namcap/rules/__init__.py| 3 ++- Namcap/rules/vcspackages.py | 43 +++ namcap-tags | 3 +++ 3 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 Namcap/rules/vcspackages.py diff --git a/Namcap/rules/__init__.py b/Namcap/rules/__init__.py index f7780d2..62c2617 100644 --- a/Namcap/rules/__init__.py +++ b/Namcap/rules/__init__.py @@ -60,7 +60,8 @@ from . import ( pkginfo, pkgnameindesc, sfurl, - splitpkgbuild + splitpkgbuild, + vcspackages ) all_rules = {} diff --git a/Namcap/rules/vcspackages.py b/Namcap/rules/vcspackages.py new file mode 100644 index 000..32b --- /dev/null +++ b/Namcap/rules/vcspackages.py @@ -0,0 +1,43 @@ +# +# namcap rules - vcspackages +# Copyright (C) 2013 Jelle van der Waa je...@vdwaa.nl +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +from Namcap.ruleclass import * + +vcspackages = {'-git': 'git', '-svn': 'subversion', '-bzr': 'bzr', '-hg': 'mercurial' } + +class ConflictsRule(PkgbuildRule): + name = conflictsrule + description = Verifies if a pkgname-vcs package conflicts with pkgname + def analyze(self, pkginfo, tar): + if 'name' in pkginfo: + if pkginfo[name].endswith(tuple(vcspackages)) and conflicts not in pkginfo: + self.warnings.append((vcs-package-conflicts, ())) + +class MakedependsRule(PkgbuildRule): + name = makedependsrule + description = Checks if a vcs package has the correct makedepends array + def analyze(self, pkginfo, tar): + if 'name' in pkginfo: + for vcsname, vcspkg in vcspackages.items(): + if not pkginfo['name'].endswith(vcsname): + continue + if 'makedepends' not in pkginfo or vcspkg not in pkginfo['makedepends']: + self.errors.append((vcs-package-makedepends-missing %s, vcspkg)) + +# vim: set ts=4 sw=4 noet: diff --git a/namcap-tags b/namcap-tags index 818c7a5..ecde1c0 100644 --- a/namcap-tags +++ b/namcap-tags @@ -77,6 +77,9 @@ use-pkgdir :: Use $pkgdir instead of $startdir/pkg use-srcdir :: Use $srcdir instead of $startdir/src using-dl-sourceforge :: Attempting to use dl sourceforge domain, use downloads.sourceforge.net instead variable-not-array %s :: Variable %s is not an array. +vcs-package-conflicts :: Vcs package should conflict with the non-vcs version +vcs-package-makedepends-missing %s :: Makedepends array should contain '%s' + # dependency tags dependency-already-satisfied %s :: Dependency %s included but already satisfied -- 1.8.4
[arch-projects] [namcap][PATCH] add two rules which check if a PKGBUILD for vcs packages contains the correct makedepends and conflicts array
--- Namcap/rules/__init__.py| 3 ++- Namcap/rules/vcspackages.py | 43 +++ namcap-tags | 3 +++ 3 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 Namcap/rules/vcspackages.py diff --git a/Namcap/rules/__init__.py b/Namcap/rules/__init__.py index f7780d2..62c2617 100644 --- a/Namcap/rules/__init__.py +++ b/Namcap/rules/__init__.py @@ -60,7 +60,8 @@ from . import ( pkginfo, pkgnameindesc, sfurl, - splitpkgbuild + splitpkgbuild, + vcspackages ) all_rules = {} diff --git a/Namcap/rules/vcspackages.py b/Namcap/rules/vcspackages.py new file mode 100644 index 000..041ddf9 --- /dev/null +++ b/Namcap/rules/vcspackages.py @@ -0,0 +1,43 @@ +# +# namcap rules - vcspackages +# Copyright (C) 2013 Jelle van der Waa je...@vdwaa.nl +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +from Namcap.ruleclass import * + +vcspackages = {'-git': 'git', '-svn': 'subversion', '-bzr': 'bzr', '-hg': 'mercurial' } + +class ConflictsRule(PkgbuildRule): + name = conflictsrule + description = Verifies if a pkgname-vcs package conflicts with pkgname + def analyze(self, pkginfo, tar): + if 'name' in pkginfo: + if any(pkginfo[name].endswith(vcs) for vcs in vcspackages) and not conflicts in pkginfo: + self.warnings.append((vcs-package-conflicts, ())) + +class MakedependsRule(PkgbuildRule): + name = makedependsrule + description = Checks if a vcs package has the correct makedepends array + def analyze(self, pkginfo, tar): + if 'name' in pkginfo: + for vcsname, vcspkg in vcspackages.items(): + if not pkginfo['name'].endswith(vcsname): + continue + if 'makedepends' not in pkginfo or vcspkg not in pkginfo['makedepends']: + self.errors.append((vcs-package-makedepends-missing %s, vcspkg)) + +# vim: set ts=4 sw=4 noet: diff --git a/namcap-tags b/namcap-tags index 818c7a5..ecde1c0 100644 --- a/namcap-tags +++ b/namcap-tags @@ -77,6 +77,9 @@ use-pkgdir :: Use $pkgdir instead of $startdir/pkg use-srcdir :: Use $srcdir instead of $startdir/src using-dl-sourceforge :: Attempting to use dl sourceforge domain, use downloads.sourceforge.net instead variable-not-array %s :: Variable %s is not an array. +vcs-package-conflicts :: Vcs package should conflict with the non-vcs version +vcs-package-makedepends-missing %s :: Makedepends array should contain '%s' + # dependency tags dependency-already-satisfied %s :: Dependency %s included but already satisfied -- 1.8.4
[arch-projects] [namcap][PATCH] check if the description is set in a PKGBUILD
--- Namcap/rules/missingvars.py | 7 +++ namcap-tags | 1 + 2 files changed, 8 insertions(+) diff --git a/Namcap/rules/missingvars.py b/Namcap/rules/missingvars.py index 90146f3..8211c1b 100644 --- a/Namcap/rules/missingvars.py +++ b/Namcap/rules/missingvars.py @@ -76,4 +76,11 @@ class TagsRule(PkgbuildRule): if maintainertag != 1: self.warnings.append((missing-maintainer, ())) +class DescSetRule(PkgbuildRule): + name = descset + description = Verifies that the description is set in a PKGBUILD + def analyze(self, pkginfo, tar): + if desc not in pkginfo or len(pkginfo[desc]) == 0: + self.errors.append((missing-description, ())) + # vim: set ts=4 sw=4 noet: diff --git a/namcap-tags b/namcap-tags index 818c7a5..bb5f664 100644 --- a/namcap-tags +++ b/namcap-tags @@ -47,6 +47,7 @@ link-level-dependence %s in %s :: Link-level dependence (%s) in file %s lots-of-docs %f :: Package was %.0f%% docs by size; maybe you should split out a docs package mime-cache-not-updated :: Mime-file found. Add update-mime-database usr/share/mime to the install file missing-backup-file %s :: File in backup array (%s) not found in package +missing-description :: Missing description in PKGBUILD. missing-contributor :: Missing Contributor tag missing-custom-license-dir usr/share/licenses/%s :: Missing custom license directory (usr/share/licenses/%s) missing-custom-license-file usr/share/licenses/%s/* :: Missing custom license file in package (usr/share/licenses/%s/*) -- 1.8.4
[arch-projects] [namcap] Fix warnings from new pacman.conf options
--- pycman/config.py | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pycman/config.py b/pycman/config.py index 55b7688..577092d 100644 --- a/pycman/config.py +++ b/pycman/config.py @@ -65,7 +65,8 @@ SINGLE_OPTIONS = ( 'Architecture', 'XferCommand', 'CleanMethod', - 'SigLevel' + 'SigLevel', + 'LocalFileSigLevel' ) BOOLEAN_OPTIONS = ( @@ -75,7 +76,8 @@ BOOLEAN_OPTIONS = ( 'TotalDownload', 'CheckSpace', 'VerbosePkgLists', - 'ILoveCandy' + 'ILoveCandy', + 'Color' ) def pacman_conf_enumerator(path): -- 1.8.2
Re: [arch-projects] [PATCH 4/4] fhs: disallow installing in /srv
On Tue, Feb 28, 2012 at 3:34 PM, Seblu se...@seblu.net wrote: On Sun, Feb 26, 2012 at 4:20 PM, Tom Gundersen t...@jklm.no wrote: On Sun, Feb 26, 2012 at 3:46 PM, Seblu se...@seblu.net wrote: On Sun, Feb 26, 2012 at 2:56 PM, Tom Gundersen t...@jklm.no wrote: /srv is admin territory, similar to /home. No package should put stuff there. Are you sure of this? Currently many http packages use /srv/http to put static files. e.g backuppc, flyspray, roundcube... http://www.pathname.com/fhs/pub/fhs-2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM The consensus seems to be that we don't let packages put stuff in /srv, so I thought it would make sense to let namcap reflect this. Sure ! I just wondering what is the arch way of doing web package :) -- Sébastien Luttringer www.seblu.net Take a look out phpmyadmin -- Jelle van der Waa
[arch-projects] FS#26726 error message should say 'Daemon' instead of 'Dameon'
Just a typo fix, sorry for the misformed patch. Signed-off-by: Jelle van der Waa je...@vdwaa.nl --- rc.d |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/rc.d b/rc.d index 3f2835e..aed2e42 100755 --- a/rc.d +++ b/rc.d @@ -36,7 +36,7 @@ filter_daemons() { for daemon in ${daemons[@]}; do # check if daemons is valid if ! have_daemon $daemon; then - printf ${C_FAIL}:: ${C_DONE}Dameon script ${C_FAIL}${daemon}${C_DONE} does \ + printf ${C_FAIL}:: ${C_DONE}Daemon script ${C_FAIL}${daemon}${C_DONE} does \ not exist or is not executable.${C_CLEAR}\n 2 exit 2 fi -- 1.7.7.2