v1.7.0 merge to master

CHANGELOG.md

@@ -0,0 +1,212 @@
+# pre-commit-macadmin change log
+
+All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/).
+
+
+## [1.7.0] - 2020-10-06
+
+### Added
+- Added pre-commit-macadmin change log (this file)
+- Ensure no superclass processors (e.g. URLGetter) are used, as these are intended to be referred to by other processors rather than directly used in recipes
+- Warn if setting a MinimumVersion greater than or equal to 2 in AutoPkg recipes, because some administrators may be running 1.4.1 and waiting for processor authors to add Python 3 compatibility
+- Validate `minimum_os_version` and `maximum_os_version` keys in Munki pkginfo files
+
+### Changed
+- Set MinimumVersion needed for [C]URL* processors to 1.4, to ensure utilization of URLGetter
+- Updated valid Munki script shebangs to include Munki embedded Python symlink and path
+
+
+## [1.6.2] - 2020-01-20
+
+### Fixed
+- Added missing sys module for Python version determination
+
+
+## [1.6.1] - 2019-12-26
+
+### Fixed
+- Convert subprocess output to string
+
+
+## [1.6.0] - 2019-12-26
+
+### Added
+- Validate possible values of RestartAction key in Munki pkginfo
+- New hook to check Git user email configuration (`git config user.email`)
+
+
+## [1.5.2] - 2019-11-26
+
+### Fixed
+- Removed redundant EndOfCheckPhase check
+- Added URLGetter minimum version (although we should never need this since URLGetter is not meant to be called directly)
+
+
+## [1.5.1] - 2019-09-21
+
+### Added
+- Checking for downloader processors without EndOfCheckPhase
+
+
+## [1.5.0] - 2019-09-17
+
+### Added
+- Warn if using deprecated AutoPkg processors (only one exists now: CURLDownloader)
+- Allow specifying multiple acceptable recipe prefixes
+
+### Fixed
+- Updated minimum AutoPkg versions required for processors to only include significant digits for LooseVersion comparison
+
+
+## [1.4.0] - 2019-08-22
+
+### Added
+- Detect and warn on AutoPkg recipe identifier duplication
+- Warn if any Munki pkginfo script is missing a shebang
+
+
+## [1.3.0] - 2019-07-03
+
+### Added
+- `--strict` mode for check-autopkg-recipes hook, along with numerous conventions that it can validate
+- Catch identifier loops, where recipe and its parent have the same identifier
+
+### Fixed
+- Better handling of unicode
+- Fixed warning output when recipe list is invalid
+- Fixed shared FileWaveImporter processor identifier
+
+### Changed
+- Handle recipe lists that have prefixes
+- Allow pkg recipes with no process (stubs for software already in pkg format at time of download)
+
+
+## [1.2.1] - 2019-06-28
+
+### Added
+- Better parsing of MunkiPkg build-info files, and validation of keys
+- Better handle processors with missing Processor keys
+- Warn if MunkiPkg project target disk is not the startup disk
+- Validate required keys in MunkiPkg build-info files
+- Validate bundle identifier in MunkiPkg build-info files
+
+
+## [1.2.0] - 2019-06-27
+
+### Added
+- Checking AutoPkg recipe processors for missing Processor key
+- Validation of EndOfCheckPhase placement within download recipes
+
+### Changed
+- Created shared function for checking required keys for pkginfo files and AutoPkg recipes
+- No longer requiring an Input key for AutoPkg recipes
+
+
+## [1.1.4] - 2019-06-24
+
+### Changed
+- Skip processor checks for AutoPkg recipes without a Process
+
+
+## [1.1.3] - 2019-06-24
+
+### Added
+- Added `--ignore-min-vers-before` argument to check-autopkg-recipes hook
+- Added checking for `%NAME%.app` in check-autopkg-recipes hook
+
+
+## [1.1.2] - 2019-06-22
+
+### Added
+- Added validation of AutoPkg recipe MinimumVersion in check-autopkg-recipes hook
+
+### Changed
+- Fail early and stop processing files that don't parse
+
+
+## [1.1.1] - 2019-06-13
+
+### Fixed
+- Fixed issue that returned wrong pass/fail result for check-munki-pkgsinfo and check-autopkg-recipes hooks
+
+
+## [1.1.0] - 2019-06-13
+
+### Added
+- Added a note about combining list arguments in yaml config
+- Added note about multi-line list args
+- Ensure no trailing slashes on items_to_copy in check-munki-pkgsinfo
+
+### Changed
+- Specified which yaml loader to use
+- Removed zip as an package extension
+
+### Fixed
+- Fixed issue that caused incorrect pass/fail for check-munki-pkgsinfo and check-autopkg-recipes hooks
+
+
+## [1.0.5] - 2019-03-15
+
+### Added
+- Added args documentation to read me
+
+
+## [1.0.4] - 2019-03-14
+
+### Added
+- Added check for approved catalogs
+
+
+## [1.0.3] - 2019-03-13
+
+### Fixed
+- Fixed variable capitalization
+
+
+## [1.0.2] - 2019-03-13
+
+### Added
+- Enabled basic type checking for pkginfo dicts
+
+### Changed
+- Adjusted required keys in check-munki-pkgsinfo to include name and description by default
+- Temporarily skipping top level plist type (dict) checking
+
+
+## [1.0.1] - 2019-03-03
+
+### Added
+- Added forbid-autopkg-trust-info hook
+- Added check for recipe prefix enforcement
+
+### Fixed
+- Fixed bug in check-autopkg-recipes hook
+
+
+## 1.0.0 - 2019-03-01
+
+- Initial release
+
+
+[Unreleased]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.7.0...HEAD
+[1.6.2]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.6.2...v1.7.0
+[1.6.2]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.6.1...v1.6.2
+[1.6.1]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.6.0...v1.6.1
+[1.6.0]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.5.2...v1.6.0
+[1.5.2]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.5.1...v1.5.2
+[1.5.1]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.5.0...v1.5.1
+[1.5.0]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.4.0...v1.5.0
+[1.4.0]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.3.0...v1.4.0
+[1.3.0]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.2.1...v1.3.0
+[1.2.1]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.2.0...v1.2.1
+[1.2.0]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.1.4...v1.2.0
+[1.1.4]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.1.3...v1.1.4
+[1.1.3]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.1.2...v1.1.3
+[1.1.2]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.1.1...v1.1.2
+[1.1.1]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.1.0...v1.1.1
+[1.1.0]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.0.5...v1.1.0
+[1.0.5]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.0.4...v1.0.5
+[1.0.4]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.0.3...v1.0.4
+[1.0.3]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.0.2...v1.0.3
+[1.0.2]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.0.1...v1.0.2
+[1.0.1]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.0.0...v1.0.1

README.md

@@ -13,7 +13,7 @@ For any hook in this repo you wish to use, add the following to your pre-commit
 
 ```yaml
 -   repo: https://github.com/homebysix/pre-commit-macadmin
-    rev: v1.6.2
+    rev: v1.7.0
     hooks:
     -   id: check-plists
     # -   id: ...
@@ -119,7 +119,7 @@ When combining arguments that take lists (for example: `--required-keys`, `--cat
 
 ```yaml
 -   repo: https://github.com/homebysix/pre-commit-macadmin
-    rev: v1.6.2
+    rev: v1.7.0
     hooks:
     -   id: check-munki-pkgsinfo
         args: ['--catalogs', 'testing', 'stable', '--']
@@ -129,7 +129,7 @@ But if you also use the `--categories` argument, you would move the trailing `--
 
 ```yaml
 -   repo: https://github.com/homebysix/pre-commit-macadmin
-    rev: v1.6.2
+    rev: v1.7.0
     hooks:
     -   id: check-munki-pkgsinfo
         args: ['--catalogs', 'testing', 'stable', '--categories', 'Design', 'Engineering', 'Web Browsers', '--']
@@ -141,7 +141,7 @@ If it looks better to your eye, feel free to use a multi-line list for long argu
 
 ```yaml
 -   repo: https://github.com/homebysix/pre-commit-macadmin
-    rev: v1.6.2
+    rev: v1.7.0
     hooks:
     -   id: check-munki-pkgsinfo
         args: [

pre_commit_hooks/check_autopkg_recipes.py

@@ -71,8 +71,8 @@ def validate_recipe_prefix(recipe, filename, prefix):
 
 
 def validate_comments(filename, strict):
-    """Warn about comments in <!-- --> format that would break during
-    plutil -convert xml1."""
+    """Warn about comments in <!-- --> format that would break when running
+    plutil -convert xml1."""
 
     passed = True
     with open(filename, "r") as openfile:
@@ -151,6 +151,14 @@ def validate_endofcheckphase(process, filename):
 def validate_minimumversion(process, min_vers, ignore_min_vers_before, filename):
     """Ensure MinimumVersion is set appropriately for the processors used."""
 
+    # Warn if using a MinimumVersion greater than or equal to 2
+    if LooseVersion(min_vers) >= LooseVersion("2"):
+        print(
+            "{}: WARNING: Choosing MinimumVersion {} limits the potential "
+            "audience for your AutoPkg recipe. Consider using MinimumVersion "
+            "1.4.1 if your processors support it.".format(filename, min_vers)
+        )
+
     # Processors for which a minimum version of AutoPkg is required.
     # Note: Because LooseVersion considers version 1.0 to be "less than" 1.0.0,
     # specifying more trailing zeros than needed in the dict below may result
@@ -159,8 +167,8 @@ def validate_minimumversion(process, min_vers, ignore_min_vers_before, filename)
         "AppPkgCreator": "1.0",
         "BrewCaskInfoProvider": "0.2.5",
         "CodeSignatureVerifier": "0.3.1",
-        "CURLDownloader": "0.5.1",
-        "CURLTextSearcher": "0.5.1",
+        "CURLDownloader": "1.4",
+        "CURLTextSearcher": "1.4",
         "DeprecationWarning": "1.1",
         "EndOfCheckPhase": "0.1.0",
         "FileFinder": "0.2.3",
@@ -186,8 +194,9 @@ def validate_minimumversion(process, min_vers, ignore_min_vers_before, filename)
         "StopProcessingIf": "0.1.0",
         "Symlinker": "0.1.0",
         "Unarchiver": "0.1.0",
+        "URLDownloader": "1.4",
         "URLGetter": "1.4",
-        "URLTextSearcher": "0.2.9",
+        "URLTextSearcher": "1.4",
         "Versioner": "0.1.0",
     }
 
@@ -225,6 +234,26 @@ def validate_no_deprecated_procs(process, filename):
     return passed
 
 
+def validate_no_superclass_procs(process, filename):
+    """Warn if any superclass processors (which are used by other processors
+    rather than called in recipes) are used."""
+
+    # Processors that have been deprecated.
+    superclass_procs = ("URLGetter",)
+
+    passed = True
+    for proc in process:
+        if proc.get("Processor") in superclass_procs:
+            print(
+                "{}: WARNING: The processor {} is intended to be used "
+                "by other processors, not used directly in recipes.".format(
+                    filename, proc.get("Processor")
+                )
+            )
+
+    return passed
+
+
 def validate_no_var_in_app_path(process, filename):
     """Ensure %NAME% is not used in app paths that should be hard coded."""
 
@@ -396,6 +425,26 @@ def main(argv=None):
             if not validate_restart_action_key(input_key["pkginfo"], filename):
                 retval = 1
 
+            # Check for common mistakes in min/max OS version keys
+            os_vers_corrections = {
+                "min_os": "minimum_os_version",
+                "max_os": "maximum_os_version",
+                "min_os_vers": "minimum_os_version",
+                "max_os_vers": "maximum_os_version",
+                "minimum_os": "minimum_os_version",
+                "maximum_os": "maximum_os_version",
+                "minimum_os_vers": "minimum_os_version",
+                "maximum_os_vers": "maximum_os_version",
+            }
+            for os_vers_key in os_vers_corrections:
+                if os_vers_key in input_key["pkginfo"]:
+                    print(
+                        "{}: You used {} when you probably meant {}.".format(
+                            filename, os_vers_key, os_vers_corrections[os_vers_key]
+                        )
+                    )
+                    retval = 1
+
             # TODO: Additional pkginfo checks here.
 
         # Warn about comments that would be lost during `plutil -convert xml1`
@@ -424,6 +473,9 @@ def main(argv=None):
             if not validate_no_deprecated_procs(process, filename):
                 retval = 1
 
+            if not validate_no_superclass_procs(process, filename):
+                retval = 1
+
             if args.strict:
                 if not validate_proc_type_conventions(process, filename):
                     retval = 1