From 481fa07d1a740e22fa65bf7d3cd181d6f5ab091e Mon Sep 17 00:00:00 2001 From: "B. Watson" Date: Fri, 2 Aug 2024 22:14:27 -0400 Subject: sbolint github URL checking, WIP. --- TODO | 6 ++++ sbolint | 119 ++++++++++++++++++++++++++++++---------------------------------- 2 files changed, 61 insertions(+), 64 deletions(-) diff --git a/TODO b/TODO index d4c23bd..c9d60e2 100644 --- a/TODO +++ b/TODO @@ -1,3 +1,9 @@ +TODO: sbolint: complain about backticks and chown blah.blah +TODO: sbopkglint: maybe complain louder if an empty /usr/bin dir exists? aterm... +TODO: sbopkglint: change "forbidden" to: + --- etc/ld.so.conf not allowed to exist in SBo packages. +TODO: sbopkglint: grep for LD_LIBRARY_PATH in /etc/profile.d/* scripts. + This stuff is implemented, probably works, needs more testing: DONE: sbolint and sbopkglint both: complain if PRGNAM has invalid characters. DONE: if sbopkglint finds a hardcoded $PKG in /var/lib/pkgtools/scripts/*, diff --git a/sbolint b/sbolint index 6a021e0..28b5ac9 100755 --- a/sbolint +++ b/sbolint @@ -1199,41 +1199,21 @@ sub curl_head_request { return close($pipe); } -# WIP, maybe no longer needed -## sub check_github_url { -## my $file = shift; -## my $url = shift; -## return unless $url =~ m{(https?:)//github\.com}; -## -## if($1 eq "http:") { -## log_warning("$file: github URL $url should be https"); -## } -## -## (my $expect_filename = $url) =~ s,.*/,,; -## my(undef, undef, undef, $user, $prog, $archive, $ver, $filename) = split /\//, $url; -## warn "user $user, prog $prog, archive $archive, ver $ver, filename $filename, expect_filename $expect_filename\n"; -## -## # assume these are correct, for now -## return if $user eq 'downloads'; -## return if $archive eq 'releases'; -## -## # TODO: work out what to do about /raw/ -## return if $archive eq 'raw'; -## -## if($archive ne 'archive') { -## log_warning("$file: unknown github URL type: $url"); -## return; -## } -## -## # OK, good URLs look like this: -## # https://github.com/jeetsukumaran/DendroPy/archive/v4.4.0/DendroPy-4.4.0.tar.gz -## # ...and bad ones look like this: -## # https://github.com/haiwen/seafile-client/archive/v4.4.2.tar.gz -## # Corrected version of the bad one would be: -## # https://github.com/haiwen/seafile-client/archive/v4.4.2/seafile-client-4.4.2.tar.gz -## # Notice the "v" isn't part of the version number. It's not always there, -## # and sometimes it's a different letter (r, or g, or capital V, etc). -## } +# github is a mess... +# OK, good URLs look like this: +# https://github.com/jeetsukumaran/DendroPy/archive/v4.4.0/DendroPy-4.4.0.tar.gz +# ...and bad ones look like this: +# https://github.com/haiwen/seafile-client/archive/v4.4.2.tar.gz +# Corrected version of the bad one would be: +# https://github.com/haiwen/seafile-client/archive/v4.4.2/seafile-client-4.4.2.tar.gz +# Notice the "v" isn't part of the version number. It's not always there. +# If there's a "v" and it's immediately followed by a number, it's not part of +# the version number. If it's followed by something other than a number, e.g. +# ver-1.0 or v.1.0, it *is* part of the version number. +# Since git allows / characters in tag names, we sometimes get a URL like: +# https://github.com/jeremysalwen/lv2file/archive/upstream/0.95/lv2file-upstream-0.95.tar.gz +# ...which is perfectly valid. However, this is invalid: +# https://github.com/jeremysalwen/lv2file/archive/upstream/0.95.tar.gz sub check_github_url { my $file = shift; @@ -1241,55 +1221,66 @@ sub check_github_url { my $old_url = $url; my $new_url; my $ext; + my $tag; + my $ver; + my $dir; # do not police releases/ or raw/ URLs, only archive/ - return unless $url =~ m{github\.com/.*archive/}; + return unless $url =~ m{github\.com/[^/]*/[^/]*/archive/}; if($url =~ s,refs/tags/,,) { log_error "$file: github URLs should not have refs/tags/"; } - #https: // site/ .../ .../ archive/ - (my $proto, undef, undef, $user, $proj, undef, $tag, $filename, $extra) = split /\//, $url; + #https: // site/ .../ .../ archive/ ...everything else. + (my $proto, undef, undef, $user, $proj, undef, @parts) = split /\//, $url; log_error "$file: github URLs must be https://" unless $proto eq 'https:'; - if(!defined $filename) { - log_error "$file: github URL is non-canonical (not enough components)"; - $tag =~ s,(\.tar\.gz|\.zip)$,,; - $ext = $1; - } + my $filename = pop @parts; + $filename =~ m,(\.tar\.gz|\.zip)$,; + $ext = $1; - # TODO: this is not an error, because github projects are allowed to have / - # in their tag names. So we get this *valid* URL: - # https://github.com/zfsonlinux/zfs-auto-snapshot/archive/upstream/1.2.4/zfs-auto-snapshot-upstream-1.2.4.tar.gz - if(defined $extra) { - #log_error "$file: github URL is non-canonical (too many components)"; - log_note "$file: github URL has extra components, don't (yet) know how to check it."; - return; + if(!defined $ext) { + log_warning("$file: github URL should end in .tar.gz or .zip"); + $ext = ""; } - # TODO: commit hashes have to be complete in the filename, and may be - # truncated in the dir name after arvhive/ - - my $ver = $tag; - $ver =~ s,^v(\d),$1,; - - if(defined $filename) { - $filename =~ /(\.tar\.gz|\.zip)$/; - $ext = $1; + if(@parts == 0) { + # filename loox like: tag.tar.gz + ($tag = $filename) =~ s,(\.tar\.gz|\.zip)$,,; + log_error "$file: github URL is non-canonical (not enough components)"; + $dir = $tag; + } elsif(@parts == 1) { + $tag = $dir = $parts[0]; + if($tag =~ /^[0-9a-f]{6,}$/ && $tag !~ /^20\d{6,}/) { + # commit hash. the /^20\d{6,}/ is to exclude ISO dates like 20240402 + if(length($tag) < 40) { + # shortened, maybe the full hash is in the filename? + if($filename =~ /([0-9a-f]{40})\./) { + $tag = $1; # leave $dir alone! it's allowed to be shortened. + } else { + # if not, we give up. + log_error("$file: github commit URL needs full 40-digit commit hash in filename"); + return; + } + } + } + } else { + $tag = join("-", @parts); + $dir = join("/", @parts); } - if(!defined $ext) { - log_warning "$file: github URL not .tar.gz or .zip"; - $ext = ""; - } + ($ver = $tag) =~ s,^v(\d),$1,i; + + # TODO: commit hashes have to be complete in the filename, and may be + # truncated in the dir name after archive/ if(defined $filename && $filename ne "$proj-$ver$ext") { log_error "$file: github URL has wrong filename $filename"; } - $new_url = "https://github.com/$user/$proj/archive/$tag/$proj-$ver$ext"; + $new_url = "https://github.com/$user/$proj/archive/$dir/$proj-$ver$ext"; if($old_url ne $new_url) { log_warning("$file: canonical github URL should be: $new_url"); -- cgit v1.2.3