--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: lintian: Please warn about use of deprecated githubredir.debian.net in debian/watch files
- From: Chris Lamb <lamby@debian.org>
- Date: Mon, 26 Oct 2015 22:08:24 +0000
- Message-id: <1445897304.1784157.420904465.2536B0EE@webmail.messagingengine.com>
Package: lintian
Version: 2.5.38
Severity: wishlist
Tags: patch
Hi,
A patch is attached that adds support for warning about using the
deprecated (and now offline?) githubredir.debian.net scraper in
debian/watch files.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
commit 75bbb02a367409d5a66be300ef7db09ce0d10e89
Author: Chris Lamb <lamby@debian.org>
Date: Mon Oct 26 22:04:08 2015 +0000
Warn if debian/watch uses deprecated githubredir.debian.net scraper
Signed-off-by: Chris Lamb <lamby@debian.org>
diff --git a/checks/watch-file.desc b/checks/watch-file.desc
index 1b66da7..1ae2a8a 100644
--- a/checks/watch-file.desc
+++ b/checks/watch-file.desc
@@ -116,6 +116,19 @@ Info: The watch file specifies a SourceForge page or download server
project and <tt><tar-name></tt> with the name of the tarball
distributed within that project. Adjust the filename regex as necessary.
+Tag: debian-watch-file-uses-deprecated-githubredir
+Severity: important
+Certainty: certain
+Ref: https://lists.debian.org/debian-devel-announce/2014/10/msg00000.html
+Info: The watch file specifies a githubredir.debia.net URL, which is deprecated
+ Instead, use direct links to the tags page:
+ .
+ version=3
+ https://github.com/<user>/<project>/tags .*/(.*)\.tar\.gz
+ .
+ replacing <tt><user></tt> and <tt><project></tt> with the Github
+ username and project respectfully.
+
Tag: debian-watch-file-specifies-wrong-upstream-version
Severity: normal
Certainty: certain
diff --git a/checks/watch-file.pm b/checks/watch-file.pm
index 46ab633..737c25b 100644
--- a/checks/watch-file.pm
+++ b/checks/watch-file.pm
@@ -122,6 +122,10 @@ sub run {
if (m,\b\Qhttp://pypi.python.org/\E,) {
tag 'debian-watch-file-accesses-pypi-over-http', "line $.";
}
+ if (m%githubredir\.debian\.net%) {
+ tag 'debian-watch-file-uses-deprecated-githubredir',
+ "line $.";
+ }
if (
m{ (?:https?|ftp)://
diff --git a/t/tests/watch-file-general/debian/debian/watch b/t/tests/watch-file-general/debian/debian/watch
index 71b4717..e322710 100644
--- a/t/tests/watch-file-general/debian/debian/watch
+++ b/t/tests/watch-file-general/debian/debian/watch
@@ -26,4 +26,7 @@ http://pypi.python.org/foo scripts\.([\d.]+)\.tar\.gz debian uupdate
# Unsupported PyPI URL.
https://pypi.python.org/packages/source/p/pip/ pip-(\S+)\.tar\.gz
-# without any pgpsigurlmangle
\ No newline at end of file
+# Deprecated githubredir
+http://githubredir.debian.net/github/username/project /(.*).tar.gz
+
+# without any pgpsigurlmangle
diff --git a/t/tests/watch-file-general/desc b/t/tests/watch-file-general/desc
index 64d09c9..0e7a20e 100644
--- a/t/tests/watch-file-general/desc
+++ b/t/tests/watch-file-general/desc
@@ -15,5 +15,6 @@ Test-For:
debian-watch-file-unknown-version
debian-watch-file-unsupported-pypi-url
debian-watch-file-uses-deprecated-sf-redirector-method
+ debian-watch-file-uses-deprecated-githubredir
debian-watch-may-check-gpg-signature
References: Debian Bug#510398
diff --git a/t/tests/watch-file-general/tags b/t/tests/watch-file-general/tags
index a80f45b..1c54f22 100644
--- a/t/tests/watch-file-general/tags
+++ b/t/tests/watch-file-general/tags
@@ -1,4 +1,5 @@
E: watch-file-general source: debian-watch-file-unsupported-pypi-url line 27
+E: watch-file-general source: debian-watch-file-uses-deprecated-githubredir line 30
I: watch-file-general source: debian-watch-file-accesses-pypi-over-http line 24
I: watch-file-general source: debian-watch-file-should-dversionmangle-not-uversionmangle line 5
P: watch-file-general source: debian-watch-may-check-gpg-signature
@@ -8,6 +9,7 @@ W: watch-file-general source: debian-watch-file-should-mangle-version line 12
W: watch-file-general source: debian-watch-file-should-mangle-version line 14
W: watch-file-general source: debian-watch-file-should-mangle-version line 15
W: watch-file-general source: debian-watch-file-should-mangle-version line 27
+W: watch-file-general source: debian-watch-file-should-mangle-version line 30
W: watch-file-general source: debian-watch-file-should-use-sf-redirector line 12
W: watch-file-general source: debian-watch-file-should-use-sf-redirector line 14
W: watch-file-general source: debian-watch-file-should-use-sf-redirector line 15
--- End Message ---
--- Begin Message ---
Source: lintian
Source-Version: 2.5.40
We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 803106@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niels Thykier <niels@thykier.net> (supplier of updated lintian package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 27 Dec 2015 09:43:24 +0000
Source: lintian
Binary: lintian
Architecture: source
Version: 2.5.40
Distribution: unstable
Urgency: medium
Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org>
Changed-By: Niels Thykier <niels@thykier.net>
Description:
lintian - Debian package checker
Closes: 415558 759363 767754 775667 793149 797178 803106 804147 809248 809262 810028 810378 810649 811175 811309
Changes:
lintian (2.5.40) unstable; urgency=medium
.
* Summary of tag changes:
+ Added:
- debian-watch-file-uses-deprecated-githubredir
- file-in-root-and-usr
- hardening-no-bindnow
- hardening-no-pie
- library-in-root-and-usr
- old-style-config-script
- old-style-config-script-multiarch-path
- old-style-config-script-multiarch-path-arch-all
- vcs-field-uses-insecure-uri
+ Removed:
- debian-watch-file-accesses-pypi-over-http
- debian-watch-file-unsupported-pypi-url
.
* checks/binaries.{desc,pm}:
+ [JW] Exclude /usr/lib/debug/.build-id/ from foreign-architecture
checks. Thanks to Aurelien Jarno for the bug report. (Closes:
#809262)
+ [BR] Detect old style config script and detect Mutli-arch error.
+ [NT] Add experimental tag for missing "bindnow" and "pie"
hardening. Thanks to intrigeri for the suggestion.
(Closes: #759363)
* checks/changes-file.pm:
+ [JW] Use "~bpo7+N" as the suffix for wheezy-backports-sloppy
uploads. Thanks to Vincent Bernat for the bug report. (Closes:
#810028).
+ [JW] Use "~bpo8+N" as the suffix for jessie backports.
* checks/changes-file.desc:
+ [JW] Fix typo.
* checks/cruft.pm:
+ [BR] Pass information about minified javascript down to tag.
(Closes: #804147).
* checks/fields.{desc,pm}:
+ [NT] Apply patch from Dr. Tobias Quathamer <toddy@debian.org> to
check for some insecure protocols in Vcs-* fields.
(Closes: #810378)
* checks/files.pm:
+ [NT] Fix off-by-one in an "mtime" comparison, which could give
false-positive package-contains-timestamped-gzip warnings.
+ [NT] Downgrade image-file-in-usr-lib to pedantic given the
policy has relaxed on this point. (Closes: #415558)
* checks/files.desc:
+ [JW] Fix typo.
* checks/source-copyright.{desc,pm}:
+ [JW] Apply patch from Mattia Rizzolo to update the machine-readable
copyright format specification URL. (Closes: #809248)
+ [BR] Improve description text of tag
dep5-copyright-license-name-not-unique.
* checks/usrmerge.{desc,pm}:
+ [BR] Add usrmerge test from Marco d'Itri. (Closes: #767754).
* checks/watch-file.{desc,pm}:
+ [BR] Apply patch from Chris Lamb <lamby@debian.org>,
warn if debian/watch uses deprecated
githubredir.debian.net scraper (Closes: #803106).
+ [NT] Apply patch from Dmitry Shachnev <mitya57@debian.org> to
remove obsolete check. (Closes: #793149)
+ [NT] Apply patch from Sylvestre Ledru <sylvestre@debian.org> to
support version 4 of the debian/watch. (Closes: #811175)
.
* data/spelling/corrections*:
+ [JW] Add more corrections.
Thanks to Paul Wise for patch for one of them.
.
* debian/control:
+ [NT] Add ${perl:Depends} to Depends.
+ [NT] Use https://anonscm.debian.org/git/lintian/lintian.git in the
Vcs-* fields.
* debian/rules:
+ [NT] Convert to dh7 style build.
.
* frontend/lintian:
+ [NT] Limit the number of instances of the same tag when output is a
TTY. Add --no-tag-display-limit to disable this feature. Thanks
to Thijs Kinkhorst for the report. (Closes: #775667)
.
* lib/Lintian/Check.pm:
+ [JW] Remove work-around for Email::Valid bug (#663663), which is now
fixed even in oldstable.
+ [JW] Apply patch from Justin B Rye to fix an uninitialized value
warning. (Closes: #810649)
.
* reporting/html_reports:
+ [JW] Add missing "map_maintainer" call, which made the reporting
script omit packages on maintainer's pages. Thanks to Charles
Plessy for the report and to Dr. Tobias Quathamer for finding
the condition for triggering the bug. (Closes: #797178)
+ [NT] Share more data for a ~15% memory reduction on an old
dataset.
.
* t:
+ [NT] Fix test case relying on removed debhelper compat level.
(Closes: #811309)
Checksums-Sha1:
8e8bb95179ee4b2d2440b4d8e65f32c7f2b234ea 2781 lintian_2.5.40.dsc
210967140fc4aa4c87b8cb2809bd4010b13d21f6 1255892 lintian_2.5.40.tar.xz
Checksums-Sha256:
808aa6ad8132a6f7568c4c5e96db411068b545c315738013fa78455516d06f50 2781 lintian_2.5.40.dsc
39fd8ac51b60c36e3e12dd3465c3ee3e19862550eef99b8ed918fa3e583f69d5 1255892 lintian_2.5.40.tar.xz
Files:
081579937bb85d614ead8c68d94792d1 2781 devel optional lintian_2.5.40.dsc
ba9d459c747b24078694bf5731c04161 1255892 devel optional lintian_2.5.40.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJWoqL/AAoJEAVLu599gGRCmlQP+wTAnSNN/ZpZYsCfBa0H6+Kb
HGbF4axx5lnam2O4aI+OvBpMPmbnuX3acoki1XsG9GwB9s7cAb15htM/hiVLIk3G
wM4EKB3YwShFtP37dc9AF/9hNgsjajIuI2Gxho1d5k1cNJ/+8YShr2haQ3hDjE+1
4akD0AVamR8N2a94Hp+IOahMjJCiPUDZx/9XnMK60wvE3pJcD4YkahvNErIcIdYQ
7IT6JiRB1x7rb73mBEil2hEFtmMqNY+ocHHFtegj9gRfeaF0MrVoO8i0CFk/OG9k
5zUe93pCU+OAY1f3NxalqlzWos7f8TanEDvsTaknG2rCk8cj2vRjyCjmdquX9gML
F3pbyFMoVI7Cku/zjAVrQGhyENcQ1tYvF4Ah03K1w1IX2qMy6yV8MTRCp8EKRHC/
wab7VcNbKDELks9fQOsfUBL2G6gmMD1/fqKXN/Te5X+uhtOZO5lnwpMVY9k7tb3a
HGNdI/fkvbrippI4D8myyb9UAjreFsDg79nJobpc3e69GscXvBQ8JSn6/97NhCW5
xDhosz1/3LArzRngaMt9cc9fXYYvkPFINuc2NBn9UNN7qgVli/UDSwNF3QJg/+6M
2UB0venNJ068nkPg5nPoSqzyakgAt4mCjozBNPK4Eilbx61tqGAcXxklmkAr82z5
MNG3Kv7P90zIkyNdxt4H
=+Mss
-----END PGP SIGNATURE-----
--- End Message ---