GitLab

Avoid filename conflicts on case-insensitive filesystems

See merge request !7

pydepends: recognize extension modules with limited ABI (*.abi3.so)

See merge request !6

Ignore ELF/RELRO checks for .debug packages

See merge request !3

MutableMapping moved to collections.abc module

See merge request !2

https://docs.python.org/3.10/library/collections.abc.html

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>

Fix warning for OFL license

See merge request !1

The 'bzr' package was replaced with 'breezy' in the repos.
Update the VCS makedepends rule to report the correct package.

Signed-off-by: Michael Straube <michael.straube at posteo.de>
Signed-off-by: Kyle Keen <keenerd@gmail.com>

Namcap errors when a PKGBUILD has no source array. Test if the PKGBUILD
has a source array in the VCSMakedepends rule to avoid such errors.

Fixes FS#65042

Signed-off-by: Michael Straube <michael.straube at posteo.de>
Signed-off-by: Kyle Keen <keenerd@gmail.com>

Include a rule to check for vulnerable RUNPATH ELF binary entries, which
allow arbitrary code execution by loading shared libraries from an
attacker controller path.
Signed-off-by: Kyle Keen <keenerd@gmail.com>

Signed-off-by: Kyle Keen <keenerd@gmail.com>

Signed-off-by: Sven-Hendrik Haase <svenstaro@gmail.com>

Signed-off-by: Kyle Keen <keenerd@gmail.com>

Adds support for the following compression methods introduced in pacman
5.2:

- zstd
- lz4
- lzip

Signed-off-by: George Rawlinson <george at rawlinson.net.nz>
Signed-off-by: Kyle Keen <keenerd@gmail.com>

As far as I can tell, this was never used.

In commit 9b56647a

 the parsepkgbuild
script was switched from defining a PATH as a directory in /tmp, to
actually passing in a PATH=/dummy to `env -i`... which makes sense as
the defined PATH did not used to be used. However, even before that,
it's not safe to use mkdir -p in order to define a restricted shell
without access to the PATH, as it's not guaranteed to be owned by the
creator.

In any event, the time for mkdir -p is long past.

Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
Signed-off-by: Kyle Keen <keenerd@gmail.com>

It is now possible to use b2sums to verify file integrity. See
https://git.archlinux.org/pacman.git/commit/?id=e03752e6adc86cbb4cb4f52a38f6e3e98cbe9dd5



Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
Signed-off-by: Kyle Keen <keenerd@gmail.com>

When listing out the contents of a variable, use loops and references
to the variables in order to reduce code and make it easier to extend.

In the future, a new metadata type can be added simply by appending to
meta_keys=()

Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
Signed-off-by: Kyle Keen <keenerd@gmail.com>

Just as it is unnecessary to run certain commands in a post_upgrade
script, if a hook already runs it, so too is it usually unnecessary to
depend on the package that installs the hook.

Sometimes these dependencies are left in even when the install script is
removed, because people lack understanding in the true subtleties of
hooks and the commands they run -- but the commands do not depend on the
list of files which trigger them in order to function, and are fully
operative when installed later. In fact, they will already be required
by the software that uses the results.

e.g. desktop-file-utils and shared-mime-info provide hooks to compile
the mime and desktop file databases, but upon first installing the hook,
a full database will already be compiled. The hook does not need to be
triggered by the filepath, and thus does not need to be a dependency of
every package that provides a desktop or mime file. Instead, desktop
environments which need a mim...

Arch Linux now has pacman hooks that provide automatic handling for
update-{desktop,mime}-database without each package requiring a hard
dependency and a post_upgrade hook. This means it is no longer correct
to depend on the packages or provide an install script. Instead, remove
this entirely. Fixes FS#56898

Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
Signed-off-by: Kyle Keen <keenerd@gmail.com>

Architecture-specific variables should be useable as soon as a package
is not built for 'any' architecture. With the deprecation of i686, this
becomes relevant, as many packages are now only built for x86_64.
However, the source (and checksums) may be _not_ architecture-agnostic,
e.g. should _not_ be listed as source= but source_x86_64=.

This patch silences the extra-var-begins-without-underscore message
which is currently emitted in that case.

Signed-off-by: Erich Eckner <arch at eckner.net>
Signed-off-by: Kyle Keen <keenerd@gmail.com>

If a VCS source is renamed using the "::" syntax the makedepends are not
detected. If there are files starting with <name of VCS binary> in the source
array false positives are produced. See the gitlab package for example. Make
the matching more robust to avoid such issues.

Signed-off-by: Michael Straube <michael.straube at posteo.de>
Signed-off-by: Kyle Keen <keenerd@gmail.com>

Signed-off-by: Michael Straube <michael.straube at posteo.de>
Signed-off-by: Kyle Keen <keenerd@gmail.com>

Signed-off-by: Michael Straube <michael.straube at posteo.de>
Signed-off-by: Kyle Keen <keenerd@gmail.com>

Add a rule that warns about make dependencies already listed as
dependencies.

Signed-off-by: Michael Straube <michael.straube at posteo.de>
Signed-off-by: Kyle Keen <keenerd@gmail.com>

Signed-off-by: Michael Straube <michael.straube at posteo.de>
Signed-off-by: Kyle Keen <keenerd@gmail.com>

Signed-off-by: Michael Straube <michael.straube at posteo.de>
Signed-off-by: Kyle Keen <keenerd@gmail.com>

For split pkgbuilds the pkgbase variable is optional. If not specified,
the first element in the pkgname array is used. Currently parsepkgbuild.sh
fails to detect split pkgbuilds if pkgbase is not specified. Therefore the
split pkgbuild rules are not applied to such pkgbuilds.

Instead of testing if pkgbase is set, test if the pkgname array has more
than one element. If so, set pkgbase accordingly.

Signed-off-by: Michael Straube <michael.straube at posteo.de>
Signed-off-by: Kyle Keen <keenerd@gmail.com>

Use a PkgbuildRule instead of a PkgInfoRule
Signed-off-by: Kyle Keen <keenerd@gmail.com>

Signed-off-by: Kyle Keen <keenerd@gmail.com>

Looks like DF_BIND_NOW has the same function as DT_BIND_NOW.
Signed-off-by: Kyle Keen <keenerd@gmail.com>

Signed-off-by: Kyle Keen <keenerd@gmail.com>

Signed-off-by: Kyle Keen <keenerd@gmail.com>

Namcap already depends on pyelftools, which contains an elegant way to
retrieve the soname information directly from libalpm.so (demonstrated
in readelf.py).

Using hardcoded strings means the testsuite periodically breaks (every
time the external pacman project bumps their soname), for no good reason
and at least a few bad ones.

Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
Signed-off-by: Kyle Keen <keenerd@gmail.com>

This patch series cleans up unused imports and resolves the deprecation
warning showns with Python 3.7

From: Jelle van der Waa <jelle@vdwaa.nl>
Date: Thu,  5 Jul 2018 22:28:30 +0200
Subject: [arch-projects] [namcap][PATCH 2/3] util: remove unused
 clean_filename
In-Reply-To: <20180705202831.3704-1-jelle@vdwaa.nl>
References: <20180705202831.3704-1-jelle@vdwaa.nl>
Message-ID: <20180705202831.3704-3-jelle@vdwaa.nl>

By removing the unused imports for clean_filename this function is now
unused.
Signed-off-by: Kyle Keen <keenerd@gmail.com>

Namcap does not support sha224 checksums but makepkg does.
Add sha224 support.

Signed-off-by: Michael Straube <michael.straube at posteo.de>
Signed-off-by: Kyle Keen <keenerd@gmail.com>