Skip to content

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .
...
  • 4 commits
  • 2 files changed
  • 0 commit comments
  • 1 contributor
Commits on Nov 02, 2011
@fingolfin fingolfin Tweak NEWS file wording 885766d
@fingolfin fingolfin Fix and improve good_dirs / bad_dirs in .deb validation code
This adds git and mercurial files to the list of forbidden version control
"residues", and a FIXME for the weird %p/src exception.

Inspired SF.net patch #1970903.
4cd4de3
@fingolfin fingolfin Rudimentary validation of percent expansion in fields, and of the epoch b3585e4
@fingolfin fingolfin Validator now requires bdep on fink >= 0.31.99.git if RuntimeDepends …
…is used
f0ce5b3
Showing with 71 additions and 34 deletions.
  1. +17 −10 NEWS
  2. +54 −24 perlmod/Fink/Validation.pm
View
27 NEWS
@@ -6,39 +6,46 @@ For a more comprehensive changelog of the latest experimental code, see:
\-------------
0.32.0 ??? (20??-??-??)
- * Add new "RuntimeDepends" field, any .info file that wants to use this
+ * Added new "RuntimeDepends" field, any .info file that wants to use this
feature must BuildDepend on fink (>= 0.32.0-1)
+ * Improved package validator to reject .deb files including .hg / .git
+ directories.
+ * Improved package validator to detect some issues with percent expansions.
/-------------
| fink 0.31.x (see https://github.com/fink/fink/tree/branch_0_31)
\-------------
0.31.4 "perfidy" (2011-10-28)
+ * Synced base .info files against latest versions from dists.
+ * Added support for XCode 4.2 on Mac OS X 10.6.
+ * Fixed bootstrap issue when GNU sed is in the PATH.
+ * Updated mirror list.
0.31.3 "mendacity" (2011-10-12)
- * Add support for Mac OS X 10.7.2.
- * Add support for App Store version of Growl.app as well as legacy prefpane.
+ * Added support for Mac OS X 10.7.2.
+ * Added support for App Store version of Growl.app as well as legacy prefpane.
0.31.2 "perjury" (2011-09-26)
* No longer enforce "BDep:fink>=0.24.12" for use of PatchFile (nothing older
than that would be usable now anyway)
0.31.1 ""little white"" (2011-09-11)
- * Add support for Mac OS X 10.7.1.
+ * Added support for Mac OS X 10.7.1.
* Allow 32 bit systems to bootstrap on 10.6.
- * Simplify some code by taking advantage of the fact that the minimal
+ * Simplified some code by taking advantage of the fact that the minimal
supported OS version now is 10.5.
- * InstallScript now disables UseMaxBuildJobs rather than appending -j1 to
+ * Changed InstallScript to disable UseMaxBuildJobs rather than appending -j1 to
MAKEFLAGS.
* Bug fixes
0.31.0 "fib" (2011-07-20)
- * Add support for Mac OS X 10.7.
- * Drop support for any Mac OS X version before 10.5. So 10.5, 10.6 and 10.7
- are the only supported OS X versions now.
+ * Added support for Mac OS X 10.7.
+ * Dropped support for any Mac OS X version before 10.5. So 10.5, 10.6 and
+ 10.7 are the only supported OS X versions now.
* Append "-j" to MAKEFLAGS in the InstallScript regardless of the setting of
UseMaxBuildJobs (.info field) and MaxBuildJobs (fink.conf)
- * Turn MaxBuildJobs on by default.
+ * Turned MaxBuildJobs on by default.
/-------------
| fink 0.30.x (see https://github.com/fink/fink/tree/branch_0_30)
View
78 perlmod/Fink/Validation.pm
@@ -23,7 +23,7 @@
package Fink::Validation;
-use Fink::Services qw(&read_properties &read_properties_var &expand_percent &file_MD5_checksum &pkglist2lol &version_cmp);
+use Fink::Services qw(&read_properties &read_properties_var &expand_percent &expand_percent2 &file_MD5_checksum &pkglist2lol &version_cmp);
use Fink::Config qw($config);
use Cwd qw(getcwd);
use File::Find qw(find);
@@ -287,6 +287,8 @@ our %pkglist_fields = map {lc $_, 1}
'Suggests',
'Recommends',
'Enhances',
+ # 'Architecture' is not a "Depends"-style list, but its syntax is
+ # like a package-list, so piggy-back on those fields' parser
'Architecture',
);
@@ -378,7 +380,7 @@ sub validate_info_file {
my $filename = shift;
my $val_prefix = shift;
my ($properties, $info_level, $test_properties);
- my ($pkgname, $pkginvarname, $pkgversion, $pkgrevision, $pkgfullname, $pkgdestdir, $pkgpatchpath);
+ my ($pkgname, $pkginvarname, $pkgversion, $pkgrevision, $pkgepoch, $pkgfullname, $pkgdestdir, $pkgpatchpath);
my $value;
my ($basepath, $buildpath);
my ($type, $type_hash);
@@ -510,6 +512,9 @@ sub validate_info_file {
$pkgversion = '' unless defined $pkgversion;
$pkgrevision = $properties->{revision};
$pkgrevision = '' unless defined $pkgrevision;
+ $pkgepoch = $properties->{epoch};
+ $pkgepoch = '' unless defined $pkgepoch;
+ # TODO: If epoch has been specified, the pkgfullname should make use of it, too
$pkgfullname = "$pkgname-$pkgversion-$pkgrevision";
$pkgdestdir = "$buildpath/root-".$pkgfullname;
@@ -540,7 +545,14 @@ sub validate_info_file {
print "'.' and '+' ($filename)\n";
$looks_good = 0;
}
-
+ if ($pkgepoch !~ /^([1-9][0-9]*)?$/) {
+ # Strictly speaking "0" is also a legal epoch (and in fact the default epoch
+ # value), but we don't want people to add "Epoch: 0" fields to their packages,
+ # so we forbid that.
+ print "Error: Package epoch must be a positive integer ($filename)\n";
+ $looks_good = 0;
+ }
+
# TODO: figure out how to validate multivariant Type:
# - make sure syntax is okay
# - make sure each type appears as a type_*[] in Package
@@ -638,16 +650,36 @@ sub validate_info_file {
}
+ $expand = { 'n' => $pkgname,
+ 'N' => $pkgname,
+ 'v' => $pkgversion,
+ 'V' => $pkgversion,
+ 'r' => $pkgrevision,
+ 'e' => $pkgepoch,
+ 'f' => $pkgfullname,
+ 'p' => $basepath, 'P' => $basepath,
+ 'd' => $pkgdestdir,
+ 'i' => $pkgdestdir.$basepath,
+# 'a' => $pkgpatchpath,
+ 'b' => '.',
+ 'm' => $config->param('Architecture'),
+ %{$expand},
+ 'ni' => $pkginvarname,
+ 'Ni' => $pkginvarname
+ };
+
if (&validate_info_component(
properties => $properties,
filename => $filename,
info_level => $info_level,
+ expand => $expand,
) == 0) {
$looks_good = 0;
} elsif ($properties->{infotest} and &validate_info_component(
properties => $test_properties,
filename => $filename,
info_level => $info_level,
+ expand => $expand,
is_infotest => 1,
) == 0) {
$looks_good = 0;
@@ -737,6 +769,7 @@ sub validate_info_file {
splitoff_field => $splitoff_field,
filename => $filename,
info_level => $info_level,
+ expand => { 'N' => $pkgname, %{$expand} },
builddepends => $properties->{builddepends},
) == 0) {
$looks_good = 0;
@@ -809,21 +842,6 @@ sub validate_info_file {
}
}
- $expand = { 'n' => $pkgname,
- 'v' => $pkgversion,
- 'r' => $pkgrevision,
- 'f' => $pkgfullname,
- 'p' => $basepath, 'P' => $basepath,
- 'd' => $pkgdestdir,
- 'i' => $pkgdestdir.$basepath,
-# 'a' => $pkgpatchpath,
- 'b' => '.',
- 'm' => $config->param('Architecture'),
- %{$expand},
- 'ni' => $pkginvarname,
- 'Ni' => $pkginvarname
- };
-
my %patchfile_fields = map { lc $_, 1 } grep { /^patchfile(|[2-9]|[1-9]\d+)$/ } keys %$properties;
my %patchfile_md5_fields = map { lc $_, 1 } grep { /^patchfile(|[2-9]|[1-9]\d+)-md5$/ } keys %$properties;
@@ -1082,6 +1100,7 @@ sub validate_info_component {
my $splitoff_field = $options{splitoff_field};
my $filename = $options{filename};
my $info_level = $options{info_level};
+ my $expand = $options{expand};
my $is_infotest = $options{is_infotest};
# make sure this $option is available even in parent
@@ -1202,6 +1221,12 @@ sub validate_info_component {
$looks_good = 0;
}
}
+
+ # verify only well-defined percent expansions are used.
+ &expand_percent2($value, $expand,
+ 'err_action' => 'undef',
+ 'err_info' => $filename.' '.$field );
+
foreach my $atom (split /[,|]/, $pkglist) {
$atom =~ s/\A\s*//;
$atom =~ s/\s*\Z//;
@@ -1250,7 +1275,7 @@ sub validate_info_component {
# TODO: Insert appropriate fink version
$value = $properties->{runtimedepends};
if (defined $value) {
- $looks_good = 0 unless _min_fink_version($options{builddepends}, '0.31.99.cvs', 'use of RuntimeDepends', $filename);
+ $looks_good = 0 unless _min_fink_version($options{builddepends}, '0.31.99.git', 'use of RuntimeDepends', $filename);
}
# check syntax of each line of Shlibs field
@@ -1504,9 +1529,11 @@ sub _validate_dpkg {
# these are used in a regex and are automatically prepended with ^
# make sure to protect regex metachars!
- my @bad_dirs = ("$basepath/src/", "$basepath/man/", "$basepath/info/", "$basepath/doc/", "$basepath/libexec/", "$basepath/lib/locale/", ".*/CVS/", ".*/RCS/", '.*/\.svn/', "$basepath/bin/.*/", "$basepath/sbin/.*/");
- my @good_dirs = ( map "$basepath/$_", qw/ bin sbin include lib opt share var etc src Applications Library\/Frameworks / );
- # allow $basepath/Library/ by itself
+ my @bad_dirs = ( map "$basepath/$_/", qw( src man info doc libexec lib/locale bin/.* sbin/.* ) );
+ push(@bad_dirs, ( map ".*/$_/", qw( CVS RCS \.svn \.git \.hg ) ) ); # forbid version control residues
+
+ my @good_dirs = ( map "$basepath/$_/", qw( bin sbin include lib opt share var etc Applications Library/Frameworks ) );
+ # allow $basepath/Library/ by itself, but with nothing below it other than what we explicitly allowed already
# (needed since we allow $basepath/Library/Frameworks)
push(@good_dirs, "$basepath/Library/\$");
push(@good_dirs, '/usr/X11');
@@ -1663,9 +1690,12 @@ sub _validate_dpkg {
&stack_msg($msgs, "File installed outside of $basepath, /Applications/XDarwin.app, /private/etc/fonts, /usr/X11, and /usr/X11R6", $filename);
}
}
- } elsif ($filename ne "$basepath/src/" and @found_bad_dir = grep { $filename =~ /^$_/ } @bad_dirs) {
+ } elsif ($filename eq "$basepath/src/") {
+ # FIXME: For some reason, we allow the inclusion of $basepath/src,
+ # which may exist but must be empty. The reason for this should either
+ # be documented, or this hack be removed.
+ } elsif (@found_bad_dir = grep { $filename =~ /^$_/ } @bad_dirs) {
# Directories from this list are not allowed to exist in the .deb.
- # The only exception is $basepath/src which may exist but must be empty
&stack_msg($msgs, "File installed into deprecated directory $found_bad_dir[0]", $filename);
} elsif (not grep { $filename =~ /^$_/ } @good_dirs) {
# Directories from this list are the top-level dirs that may exist in the .deb.

No commit comments for this range

Something went wrong with that request. Please try again.