pkgcore · gentoo-bot · Jul 14, 2023 · Jul 7, 2023 · Jul 7, 2023
diff --git a/src/pkgcheck/checks/repo_metadata.py b/src/pkgcheck/checks/repo_metadata.py
@@ -12,6 +12,9 @@
 from . import Check, MirrorsCheck, RepoCheck
 
 
+DEPRECATED_HASHES = frozenset({"md5", "rmd160", "sha1", "whirlpool"})
+
+
 class MultiMovePackageUpdate(results.ProfilesResult, results.Warning):
     """Entry for package moved multiple times in profiles/updates files."""
 
@@ -174,7 +177,7 @@ class UnusedLicensesCheck(RepoCheck):
     """Check for unused license files."""
 
     _source = sources.RepositoryRepoSource
-    known_results = frozenset([UnusedLicenses])
+    known_results = frozenset({UnusedLicenses})
 
     def __init__(self, *args):
         super().__init__(*args)
@@ -213,7 +216,7 @@ class UnusedMirrorsCheck(MirrorsCheck, RepoCheck):
     """Check for unused mirrors."""
 
     _source = sources.RepositoryRepoSource
-    known_results = frozenset([UnusedMirrors])
+    known_results = frozenset({UnusedMirrors})
 
     def start(self):
         master_mirrors = set()
@@ -249,7 +252,7 @@ class UnusedEclassesCheck(RepoCheck):
     """Check for unused eclasses."""
 
     _source = sources.RepositoryRepoSource
-    known_results = frozenset([UnusedEclasses])
+    known_results = frozenset({UnusedEclasses})
 
     def __init__(self, *args):
         super().__init__(*args)
@@ -291,7 +294,7 @@ class LicenseGroupsCheck(RepoCheck):
     """Scan license groups for unknown licenses."""
 
     _source = (sources.EmptySource, (base.repo_scope,))
-    known_results = frozenset([UnknownLicenses])
+    known_results = frozenset({UnknownLicenses})
 
     def __init__(self, *args):
         super().__init__(*args)
@@ -561,6 +564,23 @@ class InvalidManifest(results.MetadataError, results.PackageResult):
     attr = "manifest"
 
 
+class DeprecatedManifestHash(results.PackageResult, results.Warning):
+    """Manifest uses deprecated hashes.
+
+    The package uses deprecated hash types in its Manifest file.
+    """
+
+    def __init__(self, hashes, **kwargs):
+        super().__init__(**kwargs)
+        self.hashes = tuple(hashes)
+
+    @property
+    def desc(self):
+        s = pluralism(self.hashes)
+        hashes = ", ".join(self.hashes)
+        return f"defines deprecated manifest hash types{s}: [ {hashes} ]"
+
+
 class ManifestCheck(Check):
     """Manifest related checks.
 
@@ -578,6 +598,7 @@ class ManifestCheck(Check):
             UnnecessaryManifest,
             DeprecatedChksum,
             InvalidManifest,
+            DeprecatedManifestHash,
         }
     )
 
@@ -620,9 +641,9 @@ def feed(self, pkgset):
                     yield MissingChksum(
                         f_inst.filename, sorted(missing), sorted(f_inst.chksums), pkg=pkg
                     )
-                elif f_inst.chksums and self.preferred_checksums != frozenset(f_inst.chksums):
-                    deprecated = set(f_inst.chksums).difference(self.preferred_checksums)
-                    yield DeprecatedChksum(f_inst.filename, sorted(deprecated), pkg=pkg)
+                elif f_inst.chksums:
+                    if deprecated := frozenset(f_inst.chksums).difference(self.preferred_checksums):
+                        yield DeprecatedChksum(f_inst.filename, sorted(deprecated), pkg=pkg)
                 seen.add(f_inst.filename)
 
         if pkg_manifest.thin:
@@ -635,6 +656,10 @@ def feed(self, pkgset):
         if unknown_manifests := manifest_distfiles.difference(seen):
             yield UnknownManifest(sorted(unknown_manifests), pkg=pkgset[0])
 
+        used_hashes = frozenset().union(*pkg_manifest.distfiles.values())
+        if deprecated_hashes := DEPRECATED_HASHES.intersection(used_hashes):
+            yield DeprecatedManifestHash(sorted(deprecated_hashes), pkg=pkgset[0])
+
 
 class ConflictingChksums(results.VersionResult, results.Error):
     """Checksum conflict detected between two files."""
@@ -682,7 +707,7 @@ class ManifestCollisionCheck(Check):
     """
 
     _source = (sources.RepositoryRepoSource, (), (("source", sources.PackageRepoSource),))
-    known_results = frozenset([ConflictingChksums, MatchingChksums])
+    known_results = frozenset({ConflictingChksums, MatchingChksums})
 
     def __init__(self, *args):
         super().__init__(*args)
@@ -746,13 +771,45 @@ class ProjectMetadataCheck(RepoCheck):
     """Check projects.xml for issues."""
 
     _source = (sources.EmptySource, (base.repo_scope,))
-    known_results = frozenset([EmptyProject])
+    known_results = frozenset({EmptyProject})
 
     def __init__(self, *args):
         super().__init__(*args)
         self.repo = self.options.target_repo
 
     def finish(self):
-        for _key, project in self.repo.projects_xml.projects.items():
+        for project in self.repo.projects_xml.projects.values():
             if not project.recursive_members:
                 yield EmptyProject(project)
+
+
+class DeprecatedRepoHash(results.Warning):
+    """Repositories ``manifest-hashes`` defines deprecated hashes.
+
+    The repository defines deprecated hashes in ``manifest-hashes``.
+    """
+
+    def __init__(self, hashes):
+        super().__init__()
+        self.hashes = tuple(hashes)
+
+    @property
+    def desc(self):
+        s = pluralism(self.hashes)
+        hashes = ", ".join(self.hashes)
+        return f"defines deprecated manifest-hash{s}: [ {hashes} ]"
+
+
+class RepoManifestHashCheck(RepoCheck):
+    """Check ``manifest-hashes`` config for issues."""
+
+    _source = (sources.EmptySource, (base.repo_scope,))
+    known_results = frozenset({DeprecatedRepoHash})
+
+    def __init__(self, *args):
+        super().__init__(*args)
+        self.repo = self.options.target_repo
+
+    def finish(self):
+        if deprecated_hashes := DEPRECATED_HASHES.intersection(self.repo.config.manifests.hashes):
+            yield DeprecatedRepoHash(sorted(deprecated_hashes))
diff --git a/testdata/data/repos/standalone/ManifestCheck/DeprecatedManifestHash/expected.json b/testdata/data/repos/standalone/ManifestCheck/DeprecatedManifestHash/expected.json
@@ -0,0 +1 @@
+{"__class__": "DeprecatedManifestHash", "category": "ManifestCheck", "package": "MissingChksum", "hashes": ["rmd160", "sha1"]}
diff --git a/testdata/data/repos/standalone/RepoManifestHashCheck/DeprecatedRepoHash/expected.json b/testdata/data/repos/standalone/RepoManifestHashCheck/DeprecatedRepoHash/expected.json
@@ -0,0 +1 @@
+{"__class__": "DeprecatedRepoHash", "hashes": ["sha1", "whirlpool"]}
diff --git a/testdata/repos/standalone/metadata/layout.conf b/testdata/repos/standalone/metadata/layout.conf
@@ -5,3 +5,4 @@ eapis-banned = 1
 eapis-deprecated = 5
 properties-allowed = interactive live
 restrict-allowed = bindist fetch mirror test
+manifest-hashes = BLAKE2B SHA1 SHA512 WHIRLPOOL
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{"__class__": "DeprecatedManifestHash", "category": "ManifestCheck", "package": "MissingChksum", "hashes": ["rmd160", "sha1"]}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{"__class__": "DeprecatedRepoHash", "hashes": ["sha1", "whirlpool"]}