From: Leo Famulari <leo@famulari.name>
To: 46182@debbugs.gnu.org
Subject: [bug#46182] [PATCH] lint: Add 'check-git-protocol' checker.
Date: Fri, 29 Jan 2021 20:04:06 -0500 [thread overview]
Message-ID: <f9137838eca39b768e49f4ee7852dd32edce7e8c.1611968623.git.leo@famulari.name> (raw)
We could also make it warn about use of the HTTP protocol (as opposed to
HTTPS). Your thoughts?
* guix/lint.scm (check-git-protocol): New procedure.
(%local-checkers): Add 'git-protocol' checker.
* doc/guix.texi (Invoking guix lint): Document it.
---
doc/guix.texi | 6 +++++-
guix/lint.scm | 25 ++++++++++++++++++++++++-
2 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index ff9e8da2e0..d17e2f2e96 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -28,7 +28,7 @@ Copyright @copyright{} 2014, 2015, 2016 Alex Kost@*
Copyright @copyright{} 2015, 2016 Mathieu Lirzin@*
Copyright @copyright{} 2014 Pierre-Antoine Rault@*
Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/Kammer@*
-Copyright @copyright{} 2015, 2016, 2017, 2019, 2020 Leo Famulari@*
+Copyright @copyright{} 2015, 2016, 2017, 2019, 2020, 2021 Leo Famulari@*
Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020 Ricardo Wurmus@*
Copyright @copyright{} 2016 Ben Woodcroft@*
Copyright @copyright{} 2016, 2017, 2018 Chris Marusich@*
@@ -11736,6 +11736,10 @@ Parse the @code{source} URL to determine if a tarball from GitHub is
autogenerated or if it is a release tarball. Unfortunately GitHub's
autogenerated tarballs are sometimes regenerated.
+@item git-protocol
+Check if the package's source code is fetched using the insecure @code{git://}
+protocol.
+
@item derivation
Check that the derivation of the given packages can be successfully
computed for all the supported systems (@pxref{Derivations}).
diff --git a/guix/lint.scm b/guix/lint.scm
index 311bc94cc3..5a609b0454 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -11,6 +11,7 @@
;;; Copyright © 2018, 2019 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2020 Chris Marusich <cmmarusich@gmail.com>
;;; Copyright © 2020 Timothy Sample <samplet@ngyro.com>
+;;; Copyright © 2021 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -51,7 +52,7 @@
#:use-module (guix gnu-maintenance)
#:use-module (guix cve)
#:use-module ((guix swh) #:hide (origin?))
- #:autoload (guix git-download) (git-reference?
+ #:autoload (guix git-download) (git-reference? git-fetch
git-reference-url git-reference-commit)
#:use-module (guix import stackage)
#:use-module (ice-9 match)
@@ -84,6 +85,7 @@
check-source
check-source-file-name
check-source-unstable-tarball
+ check-git-protocol
check-mirror-url
check-github-url
check-license
@@ -918,6 +920,23 @@ descriptions maintained upstream."
(origin-uris origin))
'())))
+(define (check-git-protocol package)
+ "Emit a warning if PACKAGE's source URI protocol is 'git://'."
+ (define (check-source-uri-scheme uri)
+ (if (eqv? (uri-scheme uri) 'git)
+ (list
+ (make-warning package
+ (G_ "the source URI should not use the git:// protocol")
+ #:field 'source))
+ '()))
+
+ (let ((origin (package-source package)))
+ (if (and (origin? origin)
+ (eqv? (origin-method origin) git-fetch))
+ (check-source-uri-scheme
+ (string->uri (git-reference-url (origin-uri origin))))
+ '())))
+
(define (check-mirror-url package)
"Check whether PACKAGE uses source URLs that should be 'mirror://'."
(define (check-mirror-uri uri) ;XXX: could be optimized
@@ -1476,6 +1495,10 @@ or a list thereof")
(name 'source-unstable-tarball)
(description "Check for autogenerated tarballs")
(check check-source-unstable-tarball))
+ (lint-checker
+ (name 'git-protocol)
+ (description "Check for use of the git:// protocol")
+ (check check-git-protocol))
(lint-checker
(name 'derivation)
(description "Report failure to compile a package to a derivation")
--
2.30.0
next reply other threads:[~2021-01-30 1:05 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-30 1:04 Leo Famulari [this message]
2021-03-11 0:14 ` [bug#46182] [PATCH] lint: Add 'check-git-protocol' checker zimoun
2021-03-11 1:46 ` Leo Famulari
2021-03-11 9:44 ` zimoun
2023-10-20 2:22 ` Maxim Cournoyer
2023-10-20 12:45 ` Simon Tournier
2023-10-20 15:37 ` Maxim Cournoyer
2021-03-11 22:29 ` Ludovic Courtès
2022-05-22 4:15 ` Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f9137838eca39b768e49f4ee7852dd32edce7e8c.1611968623.git.leo@famulari.name \
--to=leo@famulari.name \
--cc=46182@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.