Commit Graph

105 Commits

Author SHA1 Message Date
Ludovic Courtès
c423ae8918
packages: Add 'package-patched-vulnerabilities'.
* guix/packages.scm (patch-file-name): New procedure.
(%vulnerability-regexp): New variable.
(package-patched-vulnerabilities): New procedure.
* guix/scripts/lint.scm (patch-file-name): Remove.
(check-vulnerabilities): Adjust to use
'package-patched-vulnerabilities'.
* tests/packages.scm ("package-patched-vulnerabilities"): New test.
2018-06-09 12:02:28 +02:00
Julien Lepiller
10673d150f
guix: Fix typo.
* guix/scripts/lint.scm: Fix typo.
2018-05-11 14:36:53 +02:00
Efraim Flashner
f4007b2547
lint: 'check-vulnerabilities' also checks package properties.
* guix/scripts/lint.scm (check-vulnerabilities): Also check for CVEs
listed as mitigated in the package properties.
* tests/lint.scm ("cve: known safe from vulnerability"): New test.
2017-12-10 21:59:07 +02:00
Ludovic Courtès
0a154c15a8
lint: Adjust file-name length test for out-of-tree file names.
* guix/scripts/lint.scm (check-patch-file-names): Adjust
file-name-length calculation.
2017-11-28 15:52:01 +01:00
Ludovic Courtès
eef01cfe8e
lint: 'patch-file-names' checks for file name length.
Reported at <https://bugs.gnu.org/27943>
by Danny Milosavljevic <dannym@scratchpost.org>.

* guix/scripts/lint.scm (%distro-directory): New variable.
(check-patch-file-names): Add check for the file name length.
* tests/lint.scm ("patches: file name too long"): New test.
2017-11-28 15:05:55 +01:00
Ludovic Courtès
6d6d193221
lint: 'refresh' gracefully handles lack of networking access.
* guix/scripts/lint.scm (check-for-updates): Wrap
'package-latest-release*' call in 'with-networking-fail-safe'.
2017-10-28 09:45:54 +02:00
Ludovic Courtès
4b879e0acf
lint: Extract network-related exception handling.
* guix/scripts/lint.scm (call-with-networking-fail-safe): New procedure.
(with-networking-fail-safe): New macro.
(current-vulnerabilities*): Rewrite in terms of 'with-networking-fail-safe'.
2017-10-28 09:45:54 +02:00
Ludovic Courtès
a1ff7e1d8d
scripts: Factorize option parsing sans 'GUIX_BUILD_OPTIONS'.
* guix/scripts.scm (parse-command-line): Add #:build-options? parameter
and honor it.
* guix/scripts/challenge.scm (guix-challenge): Use 'parse-command-line'
with #:build-options? #f instead of 'args-fold*'.
* guix/scripts/gc.scm (guix-gc): Likewise.
* guix/scripts/graph.scm (guix-graph): Likewise.
* guix/scripts/hash.scm (guix-hash): Likewise.
* guix/scripts/lint.scm (guix-lint): Likewise.
* guix/scripts/refresh.scm (guix-refresh): Likewise.
* guix/scripts/size.scm (guix-size): Likewise.
* guix/scripts/weather.scm (guix-weather): Likewise.
2017-10-28 09:45:53 +02:00
Ludovic Courtès
61f28fe7e9
lint: 'home-page' checker reports permanent redirects.
* guix/scripts/lint.scm (probe-uri): Add special case for HTTP 301.
(validate-uri): Likewise.
* tests/lint.scm ("home-page: 301, invalid")
("home-page: 301 -> 200", "home-page: 301 -> 404")
("source: 301 -> 200", "source: 301 -> 404"): New tests.
2017-10-12 23:47:48 +02:00
Ludovic Courtès
735f6b63d0
lint: Remove extra newline.
* guix/scripts/lint.scm (check-for-updates): Remove trailing "~%".
2017-10-09 23:17:49 +02:00
Efraim Flashner
adf0c531a8
guix: lint: Add checker for new upstream versions.
* guix/scripts/lint.scm (check-for-updates): New procedure.
(%checkers): Add it.
* guix/scripts/refresh.scm (importer-modules, %updaters): Move
from here ...
* guix/upstream.scm: ... to here.
2017-10-09 14:05:17 +03:00
Tobias Geerinckx-Rice
57d2898772
Handle the same HTTP redirects everywhere.
* guix/build/download.scm (http-fetch): Complete the hard-coded list of HTTP
redirection status codes.
* guix/http-client.scm (http-fetch): Likewise.
* guix/scripts/lint.scm (probe-uri): Likewise.
2017-09-05 20:57:13 +02:00
Ludovic Courtès
9081a776ea
lint: formatting: Detect sexp boundaries.
* guix/scripts/lint.scm (report-formatting-issues)[last-line]: Remove.
[sexp-last-line]: New procedure.
Use it.
2017-08-01 15:32:07 +02:00
Arun Isaac
5ae59eb6d9
guix: lint: Slightly simplify `check-source-file-name'.
* guix/scripts/lint.scm (check-source-file-name): Implement file name matching
  with regular expression.
2017-05-23 04:35:06 +05:30
Arun Isaac
ad25e9962e
gnu: lint: Fix typo.
* guix/scripts/lint.scm (check-source-file-name): Fix wrong return value in
  docstring.
2017-05-23 04:35:06 +05:30
Ludovic Courtès
27c81fcb86
lint: inputs-should-be-native: Add "cmake".
Suggested by Nicolas Goaziou <mail@nicolasgoaziou.fr>.

* guix/scripts/lint.scm (check-inputs-should-be-native)[input-names]:
Add "cmake".
2017-05-18 14:22:03 +02:00
Ludovic Courtès
69daee23af
ui: Rename '_' to 'G_'.
This avoids collisions with '_' when the latter is used as a 'match'
pattern for instance.  See
<https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00464.html>.

* guix/ui.scm: Rename '_' to 'G_'.
* po/guix/Makevars (XGETTEXT_OPTIONS): Adjust accordingly.
* build-aux/compile-all.scm (warnings): Remove 'format'.
* gnu/packages.scm,
gnu/services.scm,
gnu/services/shepherd.scm,
gnu/system.scm,
gnu/system/shadow.scm,
guix/gnupg.scm,
guix/http-client.scm,
guix/import/cpan.scm,
guix/import/elpa.scm,
guix/import/pypi.scm,
guix/nar.scm,
guix/scripts.scm,
guix/scripts/archive.scm,
guix/scripts/authenticate.scm,
guix/scripts/build.scm,
guix/scripts/challenge.scm,
guix/scripts/container.scm,
guix/scripts/container/exec.scm,
guix/scripts/copy.scm,
guix/scripts/download.scm,
guix/scripts/edit.scm,
guix/scripts/environment.scm,
guix/scripts/gc.scm,
guix/scripts/graph.scm,
guix/scripts/hash.scm,
guix/scripts/import.scm,
guix/scripts/import/cpan.scm,
guix/scripts/import/cran.scm,
guix/scripts/import/crate.scm,
guix/scripts/import/elpa.scm,
guix/scripts/import/gem.scm,
guix/scripts/import/gnu.scm,
guix/scripts/import/hackage.scm,
guix/scripts/import/nix.scm,
guix/scripts/import/pypi.scm,
guix/scripts/import/stackage.scm,
guix/scripts/lint.scm,
guix/scripts/offload.scm,
guix/scripts/pack.scm,
guix/scripts/package.scm,
guix/scripts/perform-download.scm,
guix/scripts/publish.scm,
guix/scripts/pull.scm,
guix/scripts/refresh.scm,
guix/scripts/size.scm,
guix/scripts/substitute.scm,
guix/scripts/system.scm,
guix/ssh.scm,
guix/upstream.scm: Use 'G_' instead of '_'.  Most of this change was
obtained by running: "sed -i -e's/(_ "/(G_ "/g' `find -name \*.scm`".
2017-05-03 16:16:17 +02:00
Ludovic Courtès
1730c5b509
lint: Avoid non-literal format strings.
Reported by Mathieu Othacehe <m.othacehe@gmail.com>
at <http://bugs.gnu.org/26498>.

* guix/scripts/lint.scm (warn-if-package-has-input): Rename to...
(package-input-intersection): ... this.  Remove 'linted' and 'message'
parameters.  Return a list of inputs.
(check-inputs-should-be-native): Adjust accordingly.
(check-inputs-should-not-be-an-input-at-all): Likewise.
2017-04-16 12:08:30 +02:00
Alex Kost
689db38e34
ui: Support Texinfo markup in package synopses.
* guix/ui.scm (package-field-string): New procedure.
(package-description-string): Use it.
(package-synopsis-string): New procedure.
(package->recutils): Use it.
* guix/scripts/lint.scm (check-synopsis-style)[check-texinfo-markup]:
New procedure.  Use it in checks.
* tests/lint.scm: Test it.
* gnu/packages/perl.scm (perl-try-tiny)[synopsis]: Adjust for the
Texinfo markup.
2017-03-27 10:55:16 +03:00
Ludovic Courtès
4fd06a4dd1
http-client: Avoid name clash with 'open-connection-for-uri' in 2.2.0.
* guix/build/download.scm (open-connection-for-uri): Add note about
same-named binding in Guile 2.2.0.
* guix/http-client.scm: Use 'guix:open-connection-for-uri' for the
procedure coming from (guix build download).
* guix/scripts/lint.scm: Likewise.
* guix/scripts/substitute.scm: Likewise.
2017-03-18 00:39:50 +01:00
Ludovic Courtès
f1a892c96f
lint: Use the "@" syntax for versioned packages in warnings.
* guix/scripts/lint.scm (emit-warning): Use the "@" syntax.
2017-01-31 23:51:09 +01:00
Ludovic Courtès
55b2d92145
Use 'mlambda' instead of 'memoize'.
* gnu/packages.scm (find-newest-available-packages): Use 'mlambda'
instead of (memoize (lambda ...) ...).
* gnu/packages/bootstrap.scm (package-with-bootstrap-guile): Likewise.
* guix/build-system/gnu.scm (package-with-explicit-inputs)[rewritten-input]:
Likewise.
* guix/build-system/python.scm (package-with-explicit-python)[transform]:
Likewise.
* guix/derivations.scm (derivation->string): Likewise.
* guix/gnu-maintenance.scm (gnu-package?): Likewise.
* guix/modules.scm (module-file-dependencies): Likewise.
* guix/scripts/graph.scm (standard-package-set): Likewise.
* guix/scripts/lint.scm (official-gnu-packages*): Likewise.
* guix/store.scm (store-regexp*): Likewise.
* guix/utils.scm (location): Likewise.
2017-01-28 18:55:20 +01:00
Ludovic Courtès
f9704f179a
Add (guix memoization).
* guix/combinators.scm (memoize): Remove.
* guix/memoization.scm: New file.
* Makefile.am (MODULES): Add it.
* gnu/packages.scm, gnu/packages/bootstrap.scm,
guix/build-system/gnu.scm, guix/build-system/python.scm,
guix/derivations.scm, guix/gnu-maintenance.scm,
guix/import/cran.scm, guix/import/elpa.scm,
guix/modules.scm, guix/scripts/build.scm,
guix/scripts/graph.scm, guix/scripts/lint.scm,
guix/store.scm, guix/utils.scm: Adjust imports accordingly.
2017-01-28 18:55:20 +01:00
Ludovic Courtès
ac080e296e
lint: Display PACKAGE@VERSION.
* guix/scripts/lint.scm (run-checkers): Remove 'name' variable.  Display
PACKAGE@VERSION instead of PACKAGE-VERSION.
2017-01-21 16:43:26 +01:00
Leo Famulari
de32aa74b4
Merge branch 'master' into python-build-system 2016-11-25 11:20:21 -05:00
Ludovic Courtès
fac46e3f5e
lint: Add 'mirror-url' checker.
* guix/scripts/lint.scm (origin-uris): New procedure.
(check-source): Use it.
(check-mirror-url): New procedure.
(%checkers): Add 'mirror-url' checker.
* tests/lint.scm ("mirror-url")
("mirror-url: one suggestion"): New tests.
* doc/guix.texi (Invoking guix lint): Document it.
2016-11-19 18:44:53 +01:00
Hartmut Goebel
e442246a2f
lint: more packages to probably be a native input.
* guix/scripts/lint.scm (check-inputs-should-be-native package): Add python
  packages which are typically used for testing or for building the
  documentation.
2016-11-15 17:37:50 +01:00
Hartmut Goebel
891a843d51
guix: Add lint-checker for packages which should be no inputs at all.
Also refactor some common code into a new function.

Examples for these pacakges are python(2)-setuptools and python(2)-pip, which
are installed together with python itself.

* guix/scripts/lint.scm (warn-if-package-has-input): New procedure.
  (check-inputs-should-be-native package): Use it; rename and clean-up
  variables. (check-inputs-should-not-be-an-input-at-all): New procedure.
  (%checkers) Add it.
* doc/guix.texi (Python Modules): Document it.
* tests/lint.scm: ("inputs: python-setuptools should not be an input at all
  (input)", "inputs: python-setuptools should not be an input at all
  (native-input)" "inputs: python-setuptools should not be an input at all
  (propagated-input)"): Add tests.
2016-11-15 17:37:49 +01:00
Ludovic Courtès
c169d91e5a
lint: 'cve' checker catches 'tls-certificate-error'.
Reported by Frederick Muriithi <fredmanglis@gmail.com>.

* guix/scripts/lint.scm (tls-certificate-error-string): New procedure.
(validate-uri): Use it.
(current-vulnerabilities*): Catch 'tls-certificate-error' and print a
warning.
2016-11-09 21:24:44 +01:00
Ludovic Courtès
bc3c41ce36
download: Verify TLS certificates unless asked not to.
Fixes <http://bugs.gnu.org/24466>.
Reported by Leo Famulari <leo@famulari.name>.

* guix/build/download.scm (%x509-certificate-directory): New variable.
(make-credendials-with-ca-trust-files, peer-certificate)
(assert-valid-server-certificate, print-tls-certificate-error): New
procedures.  Add 'print-tls-certificate-error' as an exception printer
for 'tls-certificate-error'.
(tls-wrap): Add #:verify-certificate? parameter and honor it.
(open-connection-for-uri): Likewise.
(http-fetch): Likewise.
(url-fetch): Likewise.
* guix/download.scm (url-fetch)[builder]: Pass #:verify-certificate? #f.
* guix/scripts/lint.scm (probe-uri): Add case for 'tls-certificate-error'.
(validate-uri): Likewise.
* doc/guix.texi (Invoking guix download): Mention 'SSL_CERT_DIR'.
2016-11-07 23:39:01 +01:00
Ludovic Courtès
4bb54cc42f
lint: Suggest @code instead of quotes.
* guix/scripts/lint.scm (%quoted-identifier-rx): New variable.
(check-description-style)[check-quotes]: New procedure.
Use it.
* tests/lint.scm ("description: suggest ornament instead of quotes"):
New test.
2016-10-19 15:54:10 +02:00
Ludovic Courtès
9bee2bd1b0
lint: 'cve' checker reports the replacement's vulnerabilities.
Before, 'guix lint -c cve' would report the vulnerabilities of the
original package while pretending they are the vulnerabilities of the
replacement.

* guix/scripts/lint.scm (check-vulnerabilities): Consider the package
replacement before calling 'package-vulnerabilities'.
* tests/lint.scm ("cve: vulnerability fixed in replacement version"):
New test.
2016-10-03 23:30:49 +02:00
Eric Bavier
83f18e0653
guix: lint: Check descriptions for trademark signs.
* guix/scripts/lint.scm (check-description-style): Emit a warning if
trademark signs found in description.
* tests/lint.scm (description: may not contain trademark signs): Add
test.
2016-08-28 23:24:18 -05:00
David Craven
8f9d70fcb9
lint: 'inputs-should-be-native' checks for extra-cmake-modules and qttools.
* guix/scripts/lint.scm (check-inputs-should-be-native): Warn when
  extra-cmake-modules or qttools isn't a native-input.
2016-08-02 13:29:24 +02:00
David Craven
99fe215cc1
lint: 'inputs-should-be-native' checks for intltool, itstool and glib:bin.
* guix/scripts/lint.scm (check-inputs-should-be-native): Warn when intltool,
itstool or glib:bin isn't a native-input.
* tests/lint.scm (inputs: glib:bin is probably a native input): Add test.

Co-authored-by: Ludovic Courtès <ludo@gnu.org>
2016-07-24 19:54:15 +02:00
Ludovic Courtès
bfcb3d767b
lint: 'validate-uri' reports suspiciously small 200 responses.
* guix/scripts/lint.scm (validate-uri): Upon 200 http-response, check
the 'response-content-length' and emit a warning when it is <= 1000.
* tests/lint.scm (call-with-http-server): Add 'data' parameter.
(with-http-server): Likewise.
(%long-string): New variable.
("home-page: 200"): Pass %LONG-STRING to 'with-http-server'.
("home-page: 404", "source: 200", "source: 404"): Likewise.
("home-page: 200 but short length"): New test.
("source: 200 but short length"): New test.
2016-07-13 00:50:05 +02:00
Ludovic Courtès
99effc8faa
lint: Honor 'cpe-name' and 'cpe-version' package properties.
* guix/scripts/lint.scm (package-name->cpe-name): Remove.
(package-vulnerabilities): Honor 'cpe-name' and 'cpe-version'
properties.
* gnu/packages/grub.scm (grub)[properties]: New field.
* gnu/packages/gnuzilla.scm (icecat)[properties]: Add 'cpe-name' and
'cpe-version'.
* doc/guix.texi (Invoking guix lint): Mention 'cpe-name'.
2016-05-17 18:15:53 +02:00
Ludovic Courtès
958dd3ce68
utils: Move combinators to (guix combinators).
* guix/utils.scm (compile-time-value, memoize, fold2)
(fold-tree, fold-tree-leaves): Move to...
* guix/combinators: ... here.  New file.
* tests/utils.scm ("fold2, 1 list", "fold2, 2 lists")
(fold-tree tests): Move to...
* tests/combinators.scm: ... here.  New file.
* Makefile.am (MODULES, SCM_TESTS): Add them.
* gnu/packages.scm, gnu/packages/bootstrap.scm,
gnu/services/herd.scm, guix/build-system/gnu.scm,
guix/build-system/python.scm, guix/derivations.scm,
guix/gnu-maintenance.scm, guix/import/elpa.scm,
guix/scripts/archive.scm, guix/scripts/build.scm,
guix/scripts/graph.scm, guix/scripts/lint.scm,
guix/scripts/size.scm, guix/scripts/substitute.scm,
guix/serialization.scm, guix/store.scm, guix/ui.scm: Adjust imports
accordingly.
2016-05-04 23:35:55 +02:00
Ludovic Courtès
5c6a062d48
lint: 'check-vulnerabilities' follows package replacements.
* guix/scripts/lint.scm (check-vulnerabilities): Check the replacement
of PACKAGE.
* tests/lint.scm ("cve: patched vulnerability in replacement"): New test.
2016-04-28 18:03:01 +02:00
Ludovic Courtès
20be23c3b6
lint: Report synopses/descriptions that are not strings.
Suggested by John Darrington.

* guix/scripts/lint.scm (check-description-style): Emit a warning when
DESCRIPTION is not a string.
(check-synopsis-style): Likewise.
(check-gnu-synopsis+description): Likewise.
* tests/lint.scm ("description: not a string", "synopsis: not a
string"): New tests.
2016-04-27 11:57:48 +02:00
Danny Milosavljevic
013c3fb8c7 lint: Emit an ANSI erase-in-line sequence.
* guix/scripts/lint.scm (run-checkers): Add '\x1b[K' to progress
messages and after 'for-each'.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2016-04-14 10:20:14 +02:00
Ludovic Courtès
14d6ca3e4d lint: Do not leak file descriptors for TLS connections.
Partially fixes <http://bugs.gnu.org/20145>.

* guix/scripts/lint.scm (probe-uri): Use 'close-connection' instead of
'close-port'.
2016-03-17 23:53:53 +01:00
Ludovic Courtès
4ce783a2f9 lint: cve: Gracefully handle HTTP errors.
* guix/scripts/lint.scm (current-vulnerabilities*): New procedure.
(package-vulnerabilities): Use it.
2016-03-04 11:48:52 +01:00
Ludovic Courtès
937690f909 lint: derivation: Disable grafts, but check replacements.
* guix/scripts/lint.scm (check-derivation): Pass #:graft? #f.  When
'package-replacement' exists, compute its derivation.
2016-03-03 09:46:17 +01:00
Mathieu Lirzin
f3044a4b7b lint: Rewrite 'check-patch-file-names'.
* guix/scripts/lint.scm (check-patch-file-names): Improve clarity by
reversing the logic.
2016-01-28 16:31:38 +01:00
Mathieu Lirzin
90ca918668 lint: Remove an unneeded clause in 'check-patch-file-names'.
* guix/scripts/lint.scm (check-patch-file-names): Don't check if patches
start with the package full name since matching the package name (which
is a prefix of the full name) is sufficient.
2016-01-28 16:31:38 +01:00
Ludovic Courtès
f888c0b120 lint: cve: Catch host name lookup errors.
* guix/scripts/lint.scm (package-vulnerabilities): Catch
'getaddrinfo-error'.
2016-01-06 15:54:12 +01:00
Ludovic Courtès
c5b303c57f lint: The CPE name of GRUB is "grub2".
Reported by Leo Famulari.

* guix/scripts/lint.scm (package-name->cpe-name): Add "grub".
2015-12-20 22:34:22 +01:00
Ludovic Courtès
4e70fe4d0e lint: Do not report already-patched vulnerabilities.
* guix/scripts/lint.scm (patch-file-name): New procedure.
(check-vulnerabilities): Use it to filter out patched vulnerabilities.
* tests/lint.scm ("cve: one patched vulnerability"): New test.
2015-11-28 16:15:31 +01:00
Ludovic Courtès
5432734b00 lint: Add "cve" checker.
Fixes <http://bugs.gnu.org/21289>.

* guix/scripts/lint.scm (package-name->cpe-name, package-vulnerabilities)
(check-vulnerabilities): New procedures.
* guix/scripts/lint.scm (%checkers): Add "cve" checker.
* tests/lint.scm ("cve", "cve: one vulnerability"): New tests.
* doc/guix.texi (Invoking guix lint): Mention it.
2015-11-26 23:04:19 +01:00