From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D7CEC1382C5 for ; Mon, 26 Mar 2018 09:29:20 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D04CFE082F; Mon, 26 Mar 2018 09:29:14 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 63278E0824 for ; Mon, 26 Mar 2018 09:29:14 +0000 (UTC) Received: from gilles-t431s.local (LAubervilliers-656-1-215-246.w217-128.abo.wanadoo.fr [217.128.14.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: eva) by smtp.gentoo.org (Postfix) with ESMTPSA id 7FCFD335C2E for ; Mon, 26 Mar 2018 09:29:12 +0000 (UTC) Message-ID: <1522056537.27899.7.camel@gentoo.org> Subject: Re: [gentoo-dev] RFC: Repoman to warn about suspicious =-dependencies From: Gilles Dartiguelongue To: gentoo-dev@lists.gentoo.org Date: Mon, 26 Mar 2018 11:28:57 +0200 In-Reply-To: <1520163453.836.11.camel@gentoo.org> References: <1520163453.836.11.camel@gentoo.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-RK57i+v2qdg92OLFdc3v" X-Mailer: Evolution 3.24.6 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Archives-Salt: e0146f11-12a2-46bc-baea-16cfd1b48770 X-Archives-Hash: eaedc84a0d85fc029e4c3a7fb4a868e8 --=-RK57i+v2qdg92OLFdc3v Content-Type: multipart/mixed; boundary="=-fcDylr6sxpTAqbe+AhI+" --=-fcDylr6sxpTAqbe+AhI+ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Le dimanche 04 mars 2018 =C3=A0 12:37 +0100, Micha=C5=82 G=C3=B3rny a =C3= =A9crit : > Hi, everyone. >=20 > I have proposed a new check for repoman [1] (with a patch at [2]) > that > would warn developers about suspicious '=3D' deps. >=20 > By suspicious, I mean dependencies '=3Dfoo-1.2.3' which are sometimes > mistakenly used instead of '~foo-1.2.3', and cause some degree of > mayhem > when someone revbumps the package (either by preventing people from > upgrading or causing depgraph breakage). >=20 > The check would trigger whenever '=3D'-class dependency is used without > a revision specified and without the '*' suffix. It would suggest to > either use '~' operator when any revision is acceptable, or > explicitly > specify '-r0' (which is equivalent to no revision specified). >=20 > In other words, repoman would complain at: >=20 > =3Ddev-foo/bar-1.2.3 >=20 > but it will be happy if you used: >=20 > ~dev-foo/bar-1-2.3 > =3Ddev-foo/bar-1.2.3-r0 >=20 > I think this cause the trouble of specifying '-r0' rather rarely, and > it > will decrease the number of mistakes, also effectively making Gentoo > development easier. It is somewhat inspired by the handling of slot > operators (where repoman explicitly asks you to use ':*' instead > of no operator when the latter would be ambiguous). >=20 > What do you think? Sounds good. The attached script hopefully gives a good indication of how much packages would be affected. A local run raises about 92 ebuilds. --=-fcDylr6sxpTAqbe+AhI+ Content-Disposition: attachment; filename="list-pinned-deps.py" Content-Transfer-Encoding: base64 Content-Type: text/x-python; name="list-pinned-deps.py"; charset="UTF-8" IyEvdXNyL2Jpbi9lbnYgcHl0aG9uCgpmcm9tIHBvcnRhZ2UgaW1wb3J0IGlzdmFsaWRhdG9tLCBw b3J0ZGIKCmZvciBjcHYgaW4gcG9ydGRiLmNwdl9hbGwoKToKICAgIGRlcHMgPSBwb3J0ZGIuYXV4 X2dldChjcHYsIFsnREVQRU5EJywgJ1JERVBFTkQnLCAnUERFUEVORCddKQogICAgYXRvbXMgPSBz ZXQoJyAnLmpvaW4oZGVwcykuc3BsaXQoJyAnKSkKCiAgICBzdXNwaWNpb3VzID0gW10KICAgIGZv ciBhdG9tIGluIGF0b21zOgogICAgICAgIGlmIG5vdCBpc3ZhbGlkYXRvbShhdG9tKToKICAgICAg ICAgICAgY29udGludWUKICAgICAgICAKICAgICAgICAjIERyb3AgVVNFLWRlcGVuZGVuY2llcyBh bmQgc2xvdHMKICAgICAgICBhdG9tX3NpbXBsZSA9IGF0b20uc3BsaXQoJzonKVswXS5zcGxpdCgn WycpWzBdCiAgICAgICAgaWYgYXRvbVswXSA9PSAnPScgYW5kIGF0b21fc2ltcGxlWy0xXSAhPSAn KicgYW5kIG5vdCBhdG9tX3NpbXBsZS5lbmRzd2l0aCgnOTk5OScpOgogICAgICAgICAgICBzdXNw aWNpb3VzLmFwcGVuZChhdG9tKQoKICAgIGlmIHN1c3BpY2lvdXM6CiAgICAgICAgcHJpbnQoJyVz OiAlcycgJSAoY3B2LCBzdXNwaWNpb3VzKSkK --=-fcDylr6sxpTAqbe+AhI+-- --=-RK57i+v2qdg92OLFdc3v Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQKTBAABCgB9FiEEX+aBqe7MmoWBwzA1lSmjXZiBxnkFAlq4vVlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDVG RTY4MUE5RUVDQzlBODU4MUMzMzAzNTk1MjlBMzVEOTg4MUM2NzkACgkQlSmjXZiB xnnXvg/8DbdGBpO9lvlzBX8szly8rEZ+kZ8Ti5m4v6am7MQYfzhYzez8rxeX4MpG cdDAaKpktc1SfNFcku6zR2lnfA72sxNLMfrY8qGSv1BNCVMTw6HrbTcPl7eRLKsJ ZSdr9oVacPchcHQwtCbWq8iaoiVQsAG/ELedPMRhpS1wj6WNsHIVjypU0YsKGZUZ IBxnFFKlBq3Dl/AHNcc7oDPiAHsp0ApYtko8OfsPmSG6na6AiJMDGK1KDgGfPfUX 70jDoWAVZVBaPk9kjfhX2Z8fZ7GPE6xpKhs8Hbnx8TnEMzFA4P3ZpPm67570Y80f 8rYMLXbgi2q0cIHyY8PCG5yJP2S6J+Qbn7iByWvVzgN3you7MVdukE/FelAeVo9f 6/G1nFvmIdCpH1skGXAMYI5/4SuFSpdjJ8bboNFus7MQLkWtBA0sENNUaYEHdf9W Wa3BtwCQpKZ00q6xWgjE1wUwq7ZINMlfz1SOKk1dqazPcYZ9QEld/NhPAFPWxYbD dPK+iWRpQxMoo7hx4NAvg60yty7N9RYBJNUvLfYcS9hYfB67YGEbp+UTMMHlHBzj aotJa9k8JfpPRfuFcQJJJw8Gn1l4Vrgr8jr5o63FgFH5WQKs/IZPKETF8pqLTSEK iuF1XEc5jqpA5LEPLywUPMI+9i7At9oOUNu6NAll/SihcXgDPtQ= =mIBB -----END PGP SIGNATURE----- --=-RK57i+v2qdg92OLFdc3v--