subject:"Bug#776267\: lintian\: Add check for unsupported PyPI URL in debian\/watch"

Bug#776267: lintian: Add check for unsupported PyPI URL in debian/watch

2015-04-17 Thread Stuart Prescott


Hi Axel,

On Fri, 17 Apr 2015 20:33:08 Axel Beckert wrote:
> Thanks for that hint. I've updated the tag's description as follows:
> 
> https://anonscm.debian.org/cgit/lintian/lintian.git/commit/?id=a3cb0264b3a1b
> a403145b249683d5e0bab8e7c52
> 
> I hope that's fine. If not: Send patches! ;-)

Looks good to me -- thanks!

Stuart

-- 
Stuart Prescotthttp://www.nanonanonano.net/   stu...@nanonanonano.net
Debian Developer   http://www.debian.org/ stu...@debian.org
GPG fingerprint90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7


-- 
To UNSUBSCRIBE, email to debian-lint-maint-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/2280671.uyo5R0u8t5@jatayu

Bug#776267: lintian: Add check for unsupported PyPI URL in debian/watch

2015-04-17 Thread Axel Beckert

Hi Stuart,

Stuart Prescott wrote:
> Having recently tried to write a d/watch file for pypi, I'd suggest that the 
> redirector service is a much better thing to recommend -- pypi.debian.net 
> works very nicely.

Thanks for that hint. I've updated the tag's description as follows:

https://anonscm.debian.org/cgit/lintian/lintian.git/commit/?id=a3cb0264b3a1ba403145b249683d5e0bab8e7c52

I hope that's fine. If not: Send patches! ;-)

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE


-- 
To UNSUBSCRIBE, email to debian-lint-maint-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150417183308.ga5...@sym.noone.org

Bug#776267: lintian: Add check for unsupported PyPI URL in debian/watch

2015-04-17 Thread Stuart Prescott

Hi!

Having recently tried to write a d/watch file for pypi, I'd suggest that the 
redirector service is a much better thing to recommend -- pypi.debian.net 
works very nicely.

Compare:

http://pypi.debian.net/foo/foo-(.*).tar.gz

with the suggested

opts="filenamemangle=s/\S+\/([^\/]+\.tar\.gz)#md5=[[:alnum:]]+$/$1/" \
https://pypi.python.org/simple/pip/ \
\S+/pip-(\S+)\.tar\.gz#md5=[[:alnum:]]+

(no-one should have to deal with that sort of unmaintainable regex)

Note that is without adding the pgp signature finding options which for the 
first example is just

opts=pgpsigurlmangle=s/$/.asc/ 

and for the second is sufficiently horrid that I shall graciously decline.

cheers
Stuart


-- 
Stuart Prescotthttp://www.nanonanonano.net/   stu...@nanonanonano.net
Debian Developer   http://www.debian.org/ stu...@debian.org
GPG fingerprint90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7


-- 
To UNSUBSCRIBE, email to debian-lint-maint-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/162.vvEcsqDHHj@jatayu

Bug#776267: lintian: Add check for unsupported PyPI URL in debian/watch

2015-01-31 Thread Ben Finney

Attached is an updated patch which improves the comments and URLs for testing.

-- 
 \  “It's dangerous to be right when the government is wrong.” |
  `\   —Francois Marie Arouet Voltaire |
_o__)  |
Ben Finney 
--- a/checks/watch-file.desc
+++ b/checks/watch-file.desc
@@ -174,3 +174,15 @@ Certainty: certain
 Info: The watch file contains a standard template included by dh_make.
  Please remove them once you have implemented the watch file.
 
+Tag: debian-watch-file-unsupported-pypi-url
+Severity: important
+Certainty: certain
+Ref: https://wiki.python.org/moin/PyPISimple
+Info: The watch file specifies a PyPI URL which is not a supported API.
+ Instead, use PyPI's Simple API:
+ .
+   https://pypi.python.org/simple//
+ .
+ replacing  with the canonical name of the
+ Python project.
+
diff --git a/checks/watch-file.pm b/checks/watch-file.pm
index cd0f8de..35522b8 100644
--- a/checks/watch-file.pm
+++ b/checks/watch-file.pm
@@ -132,6 +132,10 @@ sub run {
 tag 'debian-watch-file-should-use-sf-redirector', "line $.";
 }
 
+if (m%https?://pypi\.python\.org/packages/source/%) {
+tag 'debian-watch-file-unsupported-pypi-url', "line $.";
+}
+
 # This bit is as-is from uscan.pl:
 my ($base, $filepattern, $lastversion, $action) = split ' ', $_, 4;
 # Per #765995, $base might be undefined.
diff --git a/t/tests/watch-file-general/debian/debian/watch b/t/tests/watch-file-general/debian/debian/watch
index 260fa39..aa45280 100644
--- a/t/tests/watch-file-general/debian/debian/watch
+++ b/t/tests/watch-file-general/debian/debian/watch
@@ -20,5 +20,7 @@ version=42
 # Specifies the same version number as the package.
 http://example.com/ foo([\d.]+)\.tar\.gz 2.0.ds1-1 uupdate
 
+# Unsupported PyPI URL.
+https://pypi.python.org/packages/source/p/pip/ pip-(\S+)\.tar\.gz
 
-# without any pgpsigurlmangle
\ No newline at end of file
+# without any pgpsigurlmangle

--- a/t/tests/watch-file-general/desc
+++ b/t/tests/watch-file-general/desc
@@ -13,5 +13,6 @@ Test-For:
  debian-watch-file-should-use-sf-redirector
  debian-watch-file-specifies-wrong-upstream-version
  debian-watch-file-unknown-version
+ debian-watch-file-unsupported-pypi-url
  debian-watch-file-uses-deprecated-sf-redirector-method
 References: Debian Bug#510398

--- a/t/tests/watch-file-general/tags
+++ b/t/tests/watch-file-general/tags
@@ -1,3 +1,4 @@
+E: watch-file-general source: debian-watch-file-unsupported-pypi-url line 24
 I: watch-file-general source: debian-watch-file-should-dversionmangle-not-uversionmangle line 5
 P: watch-file-general source: debian-watch-may-check-gpg-signature
 W: watch-file-general source: debian-watch-file-declares-multiple-versions line 18
@@ -5,6 +6,7 @@ W: watch-file-general source: debian-watch-file-declares-multiple-versions line
 W: watch-file-general source: debian-watch-file-should-mangle-version line 12
 W: watch-file-general source: debian-watch-file-should-mangle-version line 14
 W: watch-file-general source: debian-watch-file-should-mangle-version line 15
+W: watch-file-general source: debian-watch-file-should-mangle-version line 24
 W: watch-file-general source: debian-watch-file-should-use-sf-redirector line 12
 W: watch-file-general source: debian-watch-file-should-use-sf-redirector line 14
 W: watch-file-general source: debian-watch-file-should-use-sf-redirector line 15


signature.asc
Description: Digital signature

Bug#776267: lintian: Add check for unsupported PyPI URL in debian/watch

2015-01-31 Thread Ben Finney

On 25-Jan-2015, James McCoy wrote:
> Through a discussion on IRC, it came up that many of the Python Team
> maintained packages use http(s)://pypi.python.org/packages/source/...
> URLs, which aren't currently working.  Turns out that's not a URL that
> should be relied upon

Thanks, the reference to https://wiki.python.org/moin/PyPISimple>
is helpful.

> and http(s)://pypi.python.org/simple/... should be used instead.

But from experimenting just now, simply replacing ‘/packages/source/’
with ‘/simple/’ is not enough.

The “simple API” page has URLs with leading paths, and fragment
identifiers, so they won't match. They also need to be parsed with the
‘filenamemangle’ option to find the actual filename from the URL.

Instead, the replacement for:

https://pypi.python.org/packages/source/p/pip/ \
pip-(\S+)\.tar\.gz

needs to be something like:

opts="filenamemangle=s/\S+\/([^\/]+\.tar\.gz)#md5=[[:alnum:]]+$/$1/" \
https://pypi.python.org/simple/pip/ \
\S+/pip-(\S+)\.tar\.gz#md5=[[:alnum:]]+

Perhaps something clearer already exists, to suggest as a uscan
configuration replacement. Where is it documented?

> The attached patch adds a new check for this, referring to the
> upstream documentation for this "simple HTML" API[0].

The Lintian tag description should point to a document that explains
in detail how to re-write the uscan configuration for this new PyPI
API.

Unfortunately the information at the upstream documentation is not
specific to Debian's uscan, and isn't sufficient to write a working
configuration.

Does the Debian project already have this documented? That would be a
better reference in the Lintian tag description.

-- 
 \“I got fired from my job the other day. They said my |
  `\  personality was weird. … That's okay, I have four more.” |
_o__)   —Bug-Eyed Earl, _Red Meat_ |
Ben Finney 

signature.asc
Description: Digital signature

Bug#776267: lintian: Add check for unsupported PyPI URL in debian/watch

2015-01-25 Thread James McCoy

Package: lintian
Version: 2.5.30+deb8u3
Severity: wishlist
Tags: patch

Through a discussion on IRC, it came up that many of the Python Team
maintained packages use http(s)://pypi.python.org/packages/source/...
URLs, which aren't currently working.  Turns out that's not a URL that
should be relied upon and http(s)://pypi.python.org/simple/... should be
used instead.

The attached patch adds a new check for this, referring to the upstream
documentation for this "simple HTML" API[0].

[0]: https://wiki.python.org/moin/PyPISimple

Cheers,
James

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lintian depends on:
ii  binutils   2.25-4
ii  bzip2  1.0.6-7+b2
ii  diffstat   1.58-1
ii  file   1:5.22+15-1
ii  gettext0.19.3-2
ii  hardening-includes 2.7
ii  intltool-debian0.35.0+20060710.1
ii  libapt-pkg-perl0.1.29+b2
ii  libarchive-zip-perl1.39-1
ii  libclass-accessor-perl 0.34-1
ii  libclone-perl  0.37-1+b1
ii  libdpkg-perl   1.17.23
ii  libemail-valid-perl1.195-1
ii  libfile-basedir-perl   0.03-1
ii  libipc-run-perl0.92-1
ii  liblist-moreutils-perl 0.33-2+b1
ii  libparse-debianchangelog-perl  1.2.0-1.1
ii  libtext-levenshtein-perl   0.11-1
ii  libtimedate-perl   2.3000-2
ii  liburi-perl1.64-1
ii  man-db 2.7.0.2-5
ii  patchutils 0.3.3-1
ii  perl [libdigest-sha-perl]  5.20.1-4
ii  t1utils1.38-3+b1

Versions of packages lintian recommends:
ii  libautodie-perl 2.25-1
ii  libperlio-gzip-perl 0.18-3+b1
ii  perl5.20.1-4
ii  perl-modules [libautodie-perl]  5.20.1-4

Versions of packages lintian suggests:
pn  binutils-multiarch 
ii  dpkg-dev   1.17.23
ii  libhtml-parser-perl3.71-1+b3
ii  libtext-template-perl  1.46-1
ii  libyaml-perl   1.13-1
ii  xz-utils   5.1.1alpha+20120614-2+b3

-- no debconf information
>From ca5a5ebed9650db558e60141bee02c41be1c5110 Mon Sep 17 00:00:00 2001
From: James McCoy 
Date: Sun, 25 Jan 2015 21:47:22 -0500
Subject: [PATCH] checks/watch-file: Add check for unsupported PyPI URL

Signed-off-by: James McCoy 
---
 checks/watch-file.desc | 12 
 checks/watch-file.pm   |  4 
 t/tests/watch-file-general/debian/debian/watch |  4 +++-
 t/tests/watch-file-general/desc|  1 +
 t/tests/watch-file-general/tags|  2 ++
 5 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/checks/watch-file.desc b/checks/watch-file.desc
index 89b2ff2..fb8e98b 100644
--- a/checks/watch-file.desc
+++ b/checks/watch-file.desc
@@ -174,3 +174,15 @@ Certainty: certain
 Info: The watch file contains a standard template included by dh_make.
  Please remove them once you have implemented the watch file.
 
+Tag: debian-watch-file-unsupported-pypi-url
+Severity: important
+Certainty: certain
+Ref: https://wiki.python.org/moin/PyPISimple
+Info: The watch file specifies a PyPI URL which is not a supported API.
+ Instead, use PyPI's Simple API:
+ .
+   https://pypi.python.org/simple//
+ .
+ replacing  with the canonical name of the
+ Python project.
+
diff --git a/checks/watch-file.pm b/checks/watch-file.pm
index cd0f8de..35522b8 100644
--- a/checks/watch-file.pm
+++ b/checks/watch-file.pm
@@ -132,6 +132,10 @@ sub run {
 tag 'debian-watch-file-should-use-sf-redirector', "line $.";
 }
 
+if (m%https?://pypi\.python\.org/packages/source/%) {
+tag 'debian-watch-file-unsupported-pypi-url', "line $.";
+}
+
 # This bit is as-is from uscan.pl:
 my ($base, $filepattern, $lastversion, $action) = split ' ', $_, 4;
 # Per #765995, $base might be undefined.
diff --git a/t/tests/watch-file-general/debian/debian/watch b/t/tests/watch-file-general/debian/debian/watch
index 260fa39..aa45280 100644
--- a/t/tests/watch-file-general/debian/debian/watch
+++ b/t/tests/watch-file-general/debian/debian/watch
@@ -20,5 +20,7 @@ version=42
 # Specifies the same version number as the package.
 http://example.com/ foo([\d.]+)\.tar\.gz 2.0.ds1-1 uupdate
 
+# Unsupported PyPi URL
+https://pypi.python.org/packages/source/p/pip/ pip-(.*)\.tar\.gz
 
-# without any pgpsigurlmangle
\ No newline at end of file
+# without any pgpsigurlmangle
diff --git a/t/t

Bug#776267: lintian: Add check for unsupported PyPI URL in debian/watch

Bug#776267: lintian: Add check for unsupported PyPI URL in debian/watch

Bug#776267: lintian: Add check for unsupported PyPI URL in debian/watch

Bug#776267: lintian: Add check for unsupported PyPI URL in debian/watch

Bug#776267: lintian: Add check for unsupported PyPI URL in debian/watch

Bug#776267: lintian: Add check for unsupported PyPI URL in debian/watch

6 matches

Site Navigation

Mail list logo

Footer information