[gentoo-dev] RFC: Repoman to warn about suspicious =-dependencies

public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-dev] RFC: Repoman to warn about suspicious =-dependencies
@ 2018-03-04 11:37 Michał Górny
  2018-03-26  9:28 ` Gilles Dartiguelongue
  2018-03-26  9:33 ` Dirkjan Ochtman
  0 siblings, 2 replies; 3+ messages in thread
From: Michał Górny @ 2018-03-04 11:37 UTC (permalink / raw)
  To: gentoo-dev

Hi, everyone.

I have proposed a new check for repoman [1] (with a patch at [2]) that
would warn developers about suspicious '=' deps.

By suspicious, I mean dependencies '=foo-1.2.3' which are sometimes
mistakenly used instead of '~foo-1.2.3', and cause some degree of mayhem
when someone revbumps the package (either by preventing people from
upgrading or causing depgraph breakage).

The check would trigger whenever '='-class dependency is used without
a revision specified and without the '*' suffix. It would suggest to
either use '~' operator when any revision is acceptable, or explicitly
specify '-r0' (which is equivalent to no revision specified).

In other words, repoman would complain at:

  =dev-foo/bar-1.2.3

but it will be happy if you used:

  ~dev-foo/bar-1-2.3
  =dev-foo/bar-1.2.3-r0

I think this cause the trouble of specifying '-r0' rather rarely, and it
will decrease the number of mistakes, also effectively making Gentoo
development easier. It is somewhat inspired by the handling of slot
operators (where repoman explicitly asks you to use ':*' instead
of no operator when the latter would be ambiguous).

What do you think?

[1]:https://bugs.gentoo.org/649482
[2]:https://archives.gentoo.org/gentoo-portage-dev/message/59acb3995301966102b58fa8ed5bb6a5

-- 
Best regards,
Michał Górny

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [gentoo-dev] RFC: Repoman to warn about suspicious =-dependencies
  2018-03-04 11:37 [gentoo-dev] RFC: Repoman to warn about suspicious =-dependencies Michał Górny
@ 2018-03-26  9:28 ` Gilles Dartiguelongue
  2018-03-26  9:33 ` Dirkjan Ochtman
  1 sibling, 0 replies; 3+ messages in thread
From: Gilles Dartiguelongue @ 2018-03-26  9:28 UTC (permalink / raw)
  To: gentoo-dev


[-- Attachment #1.1: Type: text/plain, Size: 1476 bytes --]

Le dimanche 04 mars 2018 à 12:37 +0100, Michał Górny a écrit :
> Hi, everyone.
> 
> I have proposed a new check for repoman [1] (with a patch at [2])
> that
> would warn developers about suspicious '=' deps.
> 
> By suspicious, I mean dependencies '=foo-1.2.3' which are sometimes
> mistakenly used instead of '~foo-1.2.3', and cause some degree of
> mayhem
> when someone revbumps the package (either by preventing people from
> upgrading or causing depgraph breakage).
> 
> The check would trigger whenever '='-class dependency is used without
> a revision specified and without the '*' suffix. It would suggest to
> either use '~' operator when any revision is acceptable, or
> explicitly
> specify '-r0' (which is equivalent to no revision specified).
> 
> In other words, repoman would complain at:
> 
>   =dev-foo/bar-1.2.3
> 
> but it will be happy if you used:
> 
>   ~dev-foo/bar-1-2.3
>   =dev-foo/bar-1.2.3-r0
> 
> I think this cause the trouble of specifying '-r0' rather rarely, and
> it
> will decrease the number of mistakes, also effectively making Gentoo
> development easier. It is somewhat inspired by the handling of slot
> operators (where repoman explicitly asks you to use ':*' instead
> of no operator when the latter would be ambiguous).
> 
> What do you think?

Sounds good. The attached script hopefully gives a good indication of
how much packages would be affected. A local run raises about 92
ebuilds.

[-- Attachment #1.2: list-pinned-deps.py --]
[-- Type: text/x-python, Size: 597 bytes --]

#!/usr/bin/env python

from portage import isvalidatom, portdb

for cpv in portdb.cpv_all():
    deps = portdb.aux_get(cpv, ['DEPEND', 'RDEPEND', 'PDEPEND'])
    atoms = set(' '.join(deps).split(' '))

    suspicious = []
    for atom in atoms:
        if not isvalidatom(atom):
            continue
        
        # Drop USE-dependencies and slots
        atom_simple = atom.split(':')[0].split('[')[0]
        if atom[0] == '=' and atom_simple[-1] != '*' and not atom_simple.endswith('9999'):
            suspicious.append(atom)

    if suspicious:
        print('%s: %s' % (cpv, suspicious))

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 981 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [gentoo-dev] RFC: Repoman to warn about suspicious =-dependencies
  2018-03-04 11:37 [gentoo-dev] RFC: Repoman to warn about suspicious =-dependencies Michał Górny
  2018-03-26  9:28 ` Gilles Dartiguelongue
@ 2018-03-26  9:33 ` Dirkjan Ochtman
  1 sibling, 0 replies; 3+ messages in thread
From: Dirkjan Ochtman @ 2018-03-26  9:33 UTC (permalink / raw)
  To: Gentoo Development

[-- Attachment #1: Type: text/plain, Size: 487 bytes --]

On Sun, Mar 4, 2018 at 12:37 PM, Michał Górny <mgorny@gentoo.org> wrote:

> I think this cause the trouble of specifying '-r0' rather rarely, and it
> will decrease the number of mistakes, also effectively making Gentoo
> development easier. It is somewhat inspired by the handling of slot
> operators (where repoman explicitly asks you to use ':*' instead
> of no operator when the latter would be ambiguous).
>
> What do you think?
>

Sounds good!

Regards,

Dirkjan

[-- Attachment #2: Type: text/html, Size: 867 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2018-03-26  9:34 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-04 11:37 [gentoo-dev] RFC: Repoman to warn about suspicious =-dependencies Michał Górny
2018-03-26  9:28 ` Gilles Dartiguelongue
2018-03-26  9:33 ` Dirkjan Ochtman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox