From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: Re: `guix lint' warn of GitHub autogenerated source tarballs Date: Fri, 21 Dec 2018 21:50:51 +0100 Message-ID: <87imzmmwno.fsf@gnu.org> References: <87pntxwqx0.fsf@gnu.org> <08635A1A-EDA5-44B0-8C8A-532F16683154@flashner.co.il> <20181219192926.GB2581@macbook41> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:48665) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gaRl3-00043V-Dh for guix-devel@gnu.org; Fri, 21 Dec 2018 15:50:58 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gaRkz-0007yp-Eg for guix-devel@gnu.org; Fri, 21 Dec 2018 15:50:54 -0500 In-Reply-To: <20181219192926.GB2581@macbook41> (Efraim Flashner's message of "Wed, 19 Dec 2018 21:29:26 +0200") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Efraim Flashner Cc: guix-devel@gnu.org Hi! Efraim Flashner skribis: > Here's what I currently have. I don't think I've tried running the tests > I've written yet, and Ludo said there was a better way to check if the > download was a git-fetch or a url-fetch. As the logic is currently > written it'll flag any package hosted on github owned by 'archive' or > any package named 'archive' in addition to the ones we want. OK. I think you=E2=80=99re pretty much there anyway, so please don=E2=80= =99t drop the ball. ;-) Some comments follow: > From 8a07c8aea1f23db48a9e69956ad15f79f0f70e35 Mon Sep 17 00:00:00 2001 > From: Efraim Flashner > Date: Tue, 23 Oct 2018 12:01:53 +0300 > Subject: [PATCH] lint: Add checker for unstable tarballs. > > * guix/scripts/lint.scm (check-source-unstable-tarball): New procedure. > (%checkers): Add it. > * tests/lint.scm ("source-unstable-tarball", source-unstable-tarball: > source #f", "source-unstable-tarball: valid", source-unstable-tarball: > not-github", source-unstable-tarball: git-fetch"): New tests. [...] > +(define (check-source-unstable-tarball package) > + "Emit a warning if PACKAGE's source is an autogenerated tarball." > + (define (github-tarball? origin) > + (string-contains origin "github.com")) > + (define (autogenerated-tarball? origin) > + (string-contains origin "/archive/")) > + (let ((origin (package-source package))) > + (unless (not origin) ; check for '(source #f)' > + (let ((uri (origin-uri origin)) > + (dl-method (origin-method origin))) > + (unless (not (pk dl-method "url-fetch")) > + (when (and (github-tarball? uri) > + (autogenerated-tarball? uri)) > + (emit-warning package > + (G_ "the source URI should not be an autogenerat= ed tarball") > + 'source))))))) You should use =E2=80=98origin-uris=E2=80=99 (plural), which always returns= a list of URIs, and iterate on them (see =E2=80=98check-mirror-url=E2=80=99 as an exa= mple.) Also, when you have a URI, you can obtain just the host part and decode the path part like this: --8<---------------cut here---------------start------------->8--- scheme@(guile-user)> (string->uri "https://github.com/foo/bar/archive/whatn= ot") $2 =3D #< scheme: https userinfo: #f host: "github.com" port: #f path:= "/foo/bar/archive/whatnot" query: #f fragment: #f> scheme@(guile-user)> (uri-host $2) $3 =3D "github.com" scheme@(guile-user)> (split-and-decode-uri-path (uri-path $2)) $4 =3D ("foo" "bar" "archive" "whatnot") --8<---------------cut here---------------end--------------->8--- That way you should be able to get more accurate matching than with =E2=80=98string-contains=E2=80=99. Does that make sense? The tests look good=E2=80=A6 but could you make sure they pass? :-) Thank you! Ludo=E2=80=99.