public inbox for gentoo-portage-dev@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-portage-dev] [PATCH] repoman: flag URIs using http:// when https:// is available
@ 2016-06-13  4:22 Mike Frysinger
  2016-06-13  8:17 ` Alexander Berntsen
  2016-06-27 21:13 ` [gentoo-portage-dev] [PATCH v2] " Mike Frysinger
  0 siblings, 2 replies; 3+ messages in thread
From: Mike Frysinger @ 2016-06-13  4:22 UTC (permalink / raw
  To: gentoo-portage-dev

---
 repoman/pym/repoman/modules/scan/ebuild/checks.py | 17 +++++++++++++++++
 repoman/pym/repoman/modules/scan/ebuild/errors.py |  2 ++
 repoman/pym/repoman/qa_data.py                    |  4 +++-
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/repoman/pym/repoman/modules/scan/ebuild/checks.py b/repoman/pym/repoman/modules/scan/ebuild/checks.py
index 15e225156db4..1a21096dd4d1 100644
--- a/repoman/pym/repoman/modules/scan/ebuild/checks.py
+++ b/repoman/pym/repoman/modules/scan/ebuild/checks.py
@@ -682,6 +682,23 @@ class EMakeParallelDisabledViaMAKEOPTS(LineCheck):
 	error = errors.EMAKE_PARALLEL_DISABLED_VIA_MAKEOPTS
 
 
+class UriUseHttps(LineCheck):
+	"""Check that we use https:// for known good sites."""
+	repoman_check_name = 'uri.https'
+	_SITES = (
+		'[-._a-zA-Z0-9]*apache\.org',
+		'curl\.haxx\.se',
+		'((dev|www)\.)?gentoo\.org',
+		'github\.com',
+		'savannah\.(non)?gnu\.org',
+		'((gcc|www)\.)?gnu\.org',
+		'(sf|sourceforge)\.net',
+		'(www\.)?sourceware\.org',
+	)
+	re = re.compile(r'.*\bhttp://(%s)' % r'|'.join(_SITES))
+	error = errors.URI_HTTPS
+
+
 class NoAsNeeded(LineCheck):
 	"""Check for calls to the no-as-needed function."""
 	repoman_check_name = 'upstream.workaround'
diff --git a/repoman/pym/repoman/modules/scan/ebuild/errors.py b/repoman/pym/repoman/modules/scan/ebuild/errors.py
index 3090de0d1a2c..14e47e35877e 100644
--- a/repoman/pym/repoman/modules/scan/ebuild/errors.py
+++ b/repoman/pym/repoman/modules/scan/ebuild/errors.py
@@ -47,3 +47,5 @@ USEQ_ERROR = (
 	'Ebuild calls deprecated useq function on line: %d')
 HASQ_ERROR = (
 	'Ebuild calls deprecated hasq function on line: %d')
+URI_HTTPS = (
+	'Ebuild uses http:// but should use https:// on line: %d')
diff --git a/repoman/pym/repoman/qa_data.py b/repoman/pym/repoman/qa_data.py
index b9475e801368..055fc4b72c59 100644
--- a/repoman/pym/repoman/qa_data.py
+++ b/repoman/pym/repoman/qa_data.py
@@ -222,7 +222,8 @@ qahelp = {
 		"The ebuild makes use of an obsolete construct"),
 	"upstream.workaround": (
 		"The ebuild works around an upstream bug,"
-		" an upstream bug should be filed and tracked in bugs.gentoo.org")
+		" an upstream bug should be filed and tracked in bugs.gentoo.org"),
+	"uri.https": "URI uses http:// but should use https://",
 }
 
 qacats = list(qahelp)
@@ -271,6 +272,7 @@ qawarnings = set((
 	"LIVEVCS.stable",
 	"LIVEVCS.unmasked",
 	"IUSE.rubydeprecated",
+	"uri.https",
 ))
 
 
-- 
2.8.2



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [gentoo-portage-dev] [PATCH] repoman: flag URIs using http:// when https:// is available
  2016-06-13  4:22 [gentoo-portage-dev] [PATCH] repoman: flag URIs using http:// when https:// is available Mike Frysinger
@ 2016-06-13  8:17 ` Alexander Berntsen
  2016-06-27 21:13 ` [gentoo-portage-dev] [PATCH v2] " Mike Frysinger
  1 sibling, 0 replies; 3+ messages in thread
From: Alexander Berntsen @ 2016-06-13  8:17 UTC (permalink / raw
  To: gentoo-portage-dev

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Looks OK to me, but I'll let Brian have primary ACK on repoman for
some time forward.

- -- 
Alexander
bernalex@gentoo.org
https://secure.plaimi.net/~alexander
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJXXmwUAAoJENQqWdRUGk8BPfkQAKI+/VxoA7cIH/NFWoBp77WV
M1DpzWy2VYm+dxrjRMWvtFLsNp/oJdDlzW53+z8djTFOs5fJ6SSB6CU41yxF3NWk
g3vhbpoqM6qRu+3PynWRhWnVixcKW6Yi0/CszIyikH9j4NMpAdPmF0CF8hHZiykB
o3By3IkHEh1WBJA+JUf39Fwqac0KKBhe4HwyRut/n410M/BbV9mRaiwn/CG4+E0/
V7H/Ov8UOIqO9Uo+gV6PntK3tKl7pJsmUb+FiTzTMVktPNd0bbuZnJVIQRIoYEIJ
A9fssRiC8obOTPs3sdxZfpCBV9zQG6FskvbG+/exrttg2PifVnUZB7WRTFQQ+EOm
Cxu4NB1f2+yHNQqWUVsefNSpQUd6VKnNFbTyssk5zRmfOP0iDNo30lf7KiKrZcs6
WD6K84ZT6zCDw2Um/PFBPtvuykmB5hBh9gV1thk0T4VkDdWwkkdCSNUGcskE4tKN
Sz/QKGgJVNJUrVPfO6leuQxiqJ82FrDfgCZ5B4CLBTwZ2iBizSKiBrlV29qAHJaZ
zFCv3vNif00QAjgfbn42mcHAirX2Jbq60qQrpbwtpxkiI+9B08QvmzqAZe8NExTd
4ltlFq3156rAyo3JN9yuyUA4toNgT5SsebvKG099j35mHoaT3I+51IfZdiAK8Xq9
AhXvLQHR/4SRidkuPeHZ
=HPCf
-----END PGP SIGNATURE-----


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [gentoo-portage-dev] [PATCH v2] repoman: flag URIs using http:// when https:// is available
  2016-06-13  4:22 [gentoo-portage-dev] [PATCH] repoman: flag URIs using http:// when https:// is available Mike Frysinger
  2016-06-13  8:17 ` Alexander Berntsen
@ 2016-06-27 21:13 ` Mike Frysinger
  1 sibling, 0 replies; 3+ messages in thread
From: Mike Frysinger @ 2016-06-27 21:13 UTC (permalink / raw
  To: gentoo-portage-dev

---
v2
	- add more sites
	- check the trailing URL to filter false positives

 repoman/pym/repoman/modules/scan/ebuild/checks.py | 22 ++++++++++++++++++++++
 repoman/pym/repoman/modules/scan/ebuild/errors.py |  2 ++
 repoman/pym/repoman/qa_data.py                    |  4 +++-
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/repoman/pym/repoman/modules/scan/ebuild/checks.py b/repoman/pym/repoman/modules/scan/ebuild/checks.py
index 15e225156db4..83f9362b7506 100644
--- a/repoman/pym/repoman/modules/scan/ebuild/checks.py
+++ b/repoman/pym/repoman/modules/scan/ebuild/checks.py
@@ -682,6 +682,28 @@ class EMakeParallelDisabledViaMAKEOPTS(LineCheck):
 	error = errors.EMAKE_PARALLEL_DISABLED_VIA_MAKEOPTS
 
 
+class UriUseHttps(LineCheck):
+	"""Check that we use https:// for known good sites."""
+	repoman_check_name = 'uri.https'
+	_SITES = (
+		'([-._a-zA-Z0-9]*\.)?apache\.org',
+		# Most FDO sites support https, but not all (like tango).
+		# List the most common ones here for now.
+		'((anongit|bugs|cgit|patchwork|people|specifications|www|xorg)\.)?freedesktop\.org',
+		'((bugs|dev|www)\.)?gentoo\.org',
+		'github\.(io|com)',
+		'savannah\.(non)?gnu\.org',
+		'((gcc|www)\.)?gnu\.org',
+		'curl\.haxx\.se',
+		'(sf|sourceforge)\.net',
+		'(www\.)?sourceware\.org',
+	)
+	# Try to anchor the end of the URL so we don't get false positives
+	# with http://github.com.foo.bar.com/.  Unlikely, but possible.
+	re = re.compile(r'.*\bhttp://(%s)(\s|["\'/]|$)' % r'|'.join(_SITES))
+	error = errors.URI_HTTPS
+
+
 class NoAsNeeded(LineCheck):
 	"""Check for calls to the no-as-needed function."""
 	repoman_check_name = 'upstream.workaround'
diff --git a/repoman/pym/repoman/modules/scan/ebuild/errors.py b/repoman/pym/repoman/modules/scan/ebuild/errors.py
index 3090de0d1a2c..14e47e35877e 100644
--- a/repoman/pym/repoman/modules/scan/ebuild/errors.py
+++ b/repoman/pym/repoman/modules/scan/ebuild/errors.py
@@ -47,3 +47,5 @@ USEQ_ERROR = (
 	'Ebuild calls deprecated useq function on line: %d')
 HASQ_ERROR = (
 	'Ebuild calls deprecated hasq function on line: %d')
+URI_HTTPS = (
+	'Ebuild uses http:// but should use https:// on line: %d')
diff --git a/repoman/pym/repoman/qa_data.py b/repoman/pym/repoman/qa_data.py
index 48ab389d086e..03711b6ed5d0 100644
--- a/repoman/pym/repoman/qa_data.py
+++ b/repoman/pym/repoman/qa_data.py
@@ -224,7 +224,8 @@ qahelp = {
 		"The ebuild makes use of an obsolete construct"),
 	"upstream.workaround": (
 		"The ebuild works around an upstream bug,"
-		" an upstream bug should be filed and tracked in bugs.gentoo.org")
+		" an upstream bug should be filed and tracked in bugs.gentoo.org"),
+	"uri.https": "URI uses http:// but should use https://",
 }
 
 qacats = list(qahelp)
@@ -273,6 +274,7 @@ qawarnings = set((
 	"LIVEVCS.stable",
 	"LIVEVCS.unmasked",
 	"IUSE.rubydeprecated",
+	"uri.https",
 ))
 
 
-- 
2.8.2



^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2016-06-27 21:13 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-13  4:22 [gentoo-portage-dev] [PATCH] repoman: flag URIs using http:// when https:// is available Mike Frysinger
2016-06-13  8:17 ` Alexander Berntsen
2016-06-27 21:13 ` [gentoo-portage-dev] [PATCH v2] " Mike Frysinger

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox