diff options
Diffstat (limited to 'Library/Homebrew/dev-cmd/audit.rb')
| -rw-r--r-- | Library/Homebrew/dev-cmd/audit.rb | 200 |
1 files changed, 64 insertions, 136 deletions
diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index cb25ca794..aaac9c96b 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -307,25 +307,45 @@ class FormulaAuditor unversioned_name = unversioned_formula.basename(".rb") problem "#{formula} is versioned but no #{unversioned_name} formula exists" end - elsif ARGV.build_stable? - versioned_formulae = Dir[formula.path.to_s.gsub(/\.rb$/, "@*.rb")] - needs_versioned_alias = !versioned_formulae.empty? && - formula.tap && - formula.aliases.grep(/.@\d/).empty? - if needs_versioned_alias - _, last_alias_version = File.basename(versioned_formulae.sort.reverse.first) - .gsub(/\.rb$/, "") - .split("@") - major, minor, = formula.version.to_s.split(".") - alias_name = if last_alias_version.split(".").length == 1 - "#{formula.name}@#{major}" + elsif ARGV.build_stable? && + !(versioned_formulae = Dir[formula.path.to_s.gsub(/\.rb$/, "@*.rb")]).empty? + versioned_aliases = formula.aliases.grep(/.@\d/) + _, last_alias_version = + File.basename(versioned_formulae.sort.reverse.first) + .gsub(/\.rb$/, "").split("@") + major, minor, = formula.version.to_s.split(".") + alias_name_major = "#{formula.name}@#{major}" + alias_name_major_minor = "#{alias_name_major}.#{minor}" + alias_name = if last_alias_version.split(".").length == 1 + alias_name_major + else + alias_name_major_minor + end + valid_alias_names = [alias_name_major, alias_name_major_minor] + + if formula.tap && !formula.tap.core_tap? + valid_alias_names.map! { |a| "#{formula.tap}/#{a}" } + end + + valid_versioned_aliases = versioned_aliases & valid_alias_names + invalid_versioned_aliases = versioned_aliases - valid_alias_names + + if valid_versioned_aliases.empty? + if formula.tap + problem <<-EOS.undent + Formula has other versions so create a versioned alias: + cd #{formula.tap.alias_dir} + ln -s #{formula.path.to_s.gsub(formula.tap.path, "..")} #{alias_name} + EOS else - "#{formula.name}@#{major}.#{minor}" + problem "Formula has other versions so create an alias named #{alias_name}." end + end + + unless invalid_versioned_aliases.empty? problem <<-EOS.undent - Formula has other versions so create an alias: - cd #{formula.tap.alias_dir} - ln -s #{formula.path.to_s.gsub(formula.tap.path, "..")} #{alias_name} + Formula has invalid versioned aliases: + #{invalid_versioned_aliases.join("\n ")} EOS end end @@ -571,78 +591,7 @@ class FormulaAuditor def audit_homepage homepage = formula.homepage - if homepage.nil? || homepage.empty? - problem "Formula should have a homepage." - return - end - - unless homepage =~ %r{^https?://} - problem "The homepage should start with http or https (URL is #{homepage})." - end - - # Check for http:// GitHub homepage urls, https:// is preferred. - # Note: only check homepages that are repo pages, not *.github.com hosts - if homepage.start_with? "http://github.com/" - problem "Please use https:// for #{homepage}" - end - - # Savannah has full SSL/TLS support but no auto-redirect. - # Doesn't apply to the download URLs, only the homepage. - if homepage.start_with? "http://savannah.nongnu.org/" - problem "Please use https:// for #{homepage}" - end - - # Freedesktop is complicated to handle - It has SSL/TLS, but only on certain subdomains. - # To enable https Freedesktop change the URL from http://project.freedesktop.org/wiki to - # https://wiki.freedesktop.org/project_name. - # "Software" is redirected to https://wiki.freedesktop.org/www/Software/project_name - if homepage =~ %r{^http://((?:www|nice|libopenraw|liboil|telepathy|xorg)\.)?freedesktop\.org/(?:wiki/)?} - if homepage =~ /Software/ - problem "#{homepage} should be styled `https://wiki.freedesktop.org/www/Software/project_name`" - else - problem "#{homepage} should be styled `https://wiki.freedesktop.org/project_name`" - end - end - - # Google Code homepages should end in a slash - if homepage =~ %r{^https?://code\.google\.com/p/[^/]+[^/]$} - problem "#{homepage} should end with a slash" - end - - # People will run into mixed content sometimes, but we should enforce and then add - # exemptions as they are discovered. Treat mixed content on homepages as a bug. - # Justify each exemptions with a code comment so we can keep track here. - case homepage - when %r{^http://[^/]*\.github\.io/}, - %r{^http://[^/]*\.sourceforge\.io/} - problem "Please use https:// for #{homepage}" - end - - if homepage =~ %r{^http://([^/]*)\.(sf|sourceforge)\.net(/|$)} - problem "#{homepage} should be `https://#{$1}.sourceforge.io/`" - end - - # There's an auto-redirect here, but this mistake is incredibly common too. - # Only applies to the homepage and subdomains for now, not the FTP URLs. - if homepage =~ %r{^http://((?:build|cloud|developer|download|extensions|git|glade|help|library|live|nagios|news|people|projects|rt|static|wiki|www)\.)?gnome\.org} - problem "Please use https:// for #{homepage}" - end - - # Compact the above into this list as we're able to remove detailed notations, etc over time. - case homepage - when %r{^http://[^/]*\.apache\.org}, - %r{^http://packages\.debian\.org}, - %r{^http://wiki\.freedesktop\.org/}, - %r{^http://((?:www)\.)?gnupg\.org/}, - %r{^http://ietf\.org}, - %r{^http://[^/.]+\.ietf\.org}, - %r{^http://[^/.]+\.tools\.ietf\.org}, - %r{^http://www\.gnu\.org/}, - %r{^http://code\.google\.com/}, - %r{^http://bitbucket\.org/}, - %r{^http://(?:[^/]*\.)?archive\.org} - problem "Please use https:// for #{homepage}" - end + return if homepage.nil? || homepage.empty? return unless @online @@ -795,6 +744,15 @@ class FormulaAuditor return if @new_formula fv = FormulaVersions.new(formula) + + previous_version_and_checksum = fv.previous_version_and_checksum("origin/master") + [:stable, :devel].each do |spec_sym| + next unless spec = formula.send(spec_sym) + next unless previous_version_and_checksum[spec_sym][:version] == spec.version + next if previous_version_and_checksum[spec_sym][:checksum] == spec.checksum + problem "#{spec_sym}: sha256 changed without the version also changing; please create an issue upstream to rule out malicious circumstances and to find out why the file changed." + end + attributes = [:revision, :version_scheme] attributes_map = fv.version_attributes_map(attributes, "origin/master") @@ -892,14 +850,6 @@ class FormulaAuditor end def audit_text - if text =~ /system\s+['"]scons/ - problem "use \"scons *args\" instead of \"system 'scons', *args\"" - end - - if text =~ /system\s+['"]xcodebuild/ - problem %q(use "xcodebuild *args" instead of "system 'xcodebuild', *args") - end - bin_names = Set.new bin_names << formula.name bin_names += formula.aliases @@ -909,44 +859,16 @@ class FormulaAuditor end bin_names.each do |name| ["system", "shell_output", "pipe_output"].each do |cmd| - if text =~ %r{(def test|test do).*(#{Regexp.escape HOMEBREW_PREFIX}/bin/)?#{cmd}[\(\s]+['"]#{Regexp.escape name}[\s'"]}m + if text =~ %r{(def test|test do).*(#{Regexp.escape(HOMEBREW_PREFIX)}/bin/)?#{cmd}[\(\s]+['"]#{Regexp.escape(name)}[\s'"]}m problem %Q(fully scope test #{cmd} calls e.g. #{cmd} "\#{bin}/#{name}") end end end - - if text =~ /xcodebuild[ (]*["'*]*/ && !text.include?("SYMROOT=") - problem 'xcodebuild should be passed an explicit "SYMROOT"' - end - - if text.include? "Formula.factory(" - problem "\"Formula.factory(name)\" is deprecated in favor of \"Formula[name]\"" - end - - if text.include?("def plist") && !text.include?("plist_options") - problem "Please set plist_options when using a formula-defined plist." - end - - if text =~ /depends_on\s+['"]openssl['"]/ && text =~ /depends_on\s+['"]libressl['"]/ - problem "Formulae should not depend on both OpenSSL and LibreSSL (even optionally)." - end - - if text =~ /virtualenv_(create|install_with_resources)/ && - text =~ /resource\s+['"]setuptools['"]\s+do/ - problem "Formulae using virtualenvs do not need a `setuptools` resource." - end - - if text =~ /system\s+['"]go['"],\s+['"]get['"]/ - problem "Formulae should not use `go get`. If non-vendored resources are required use `go_resource`s." - end - - return unless text.include?('require "language/go"') && !text.include?("go_resource") - problem "require \"language/go\" is unnecessary unless using `go_resource`s" end def audit_lines text.without_patch.split("\n").each_with_index do |line, lineno| - line_problems(line, lineno+1) + line_problems(line, lineno + 1) end end @@ -1028,16 +950,19 @@ class FormulaAuditor problem ":apr is deprecated. Usage should be \"apr-util\"" end - if line =~ /depends_on :tex/ - problem ":tex is deprecated" - end + problem ":tex is deprecated" if line =~ /depends_on :tex/ if line =~ /depends_on\s+['"](.+)['"]\s+=>\s+:(lua|perl|python|ruby)(\d*)/ problem "#{$2} modules should be vendored rather than use deprecated `depends_on \"#{$1}\" => :#{$2}#{$3}`" end - if line =~ /depends_on\s+['"](.+)['"]\s+=>\s+.*(?<!\?[( ])['"](.+)['"]/ - problem "Dependency #{$1} should not use option #{$2}" + if line =~ /depends_on\s+['"](.+)['"]\s+=>\s+(.*)/ + dep = $1 + $2.split(" ").map do |o| + break if ["if", "unless"].include?(o) + next unless o =~ /^\[?['"](.*)['"]/ + problem "Dependency #{dep} should not use option #{$1}" + end end # Commented-out depends_on @@ -1224,11 +1149,6 @@ class FormulaAuditor problem "Use pkgshare instead of (share#{$1}\"#{formula.name}\")" end - def audit_caveats - return unless formula.caveats.to_s.include?("setuid") - problem "Don't recommend setuid in the caveats, suggest sudo instead." - end - def audit_reverse_migration # Only enforce for new formula being re-added to core and official taps return unless @strict @@ -1577,6 +1497,14 @@ class ResourceAuditor problem "#{u} should be `https://search.maven.org/remotecontent?filepath=#{$1}`" end + # Check pypi urls + if @strict + urls.each do |p| + next unless p =~ %r{^https?://pypi.python.org/(.*)} + problem "#{p} should be `https://files.pythonhosted.org/#{$1}`" + end + end + return unless @online urls.each do |url| next if !@strict && mirrors.include?(url) |