Extended spec PR check to validate the `Distribution` and `Vendor` tags. (#10328)

This commit is contained in:
Pawel Winogrodzki 2024-09-03 16:01:52 -07:00 коммит произвёл GitHub
Родитель e1958d3612
Коммит 76464470a7
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
26 изменённых файлов: 213 добавлений и 88 удалений

Просмотреть файл

@ -11,10 +11,10 @@
Summary: Useful extra bits for Python
Name: python-extras
Version: 1.0.0
Release: 15%{?dist}
Release: 16%{?dist}
License: MIT
URL: https://github.com/testing-cabal/extras
Vendor: Microsoft
Vendor: Microsoft Corporation
Distribution: Azure Linux
Source0: https://pypi.io/packages/source/e/extras/extras-%{version}.tar.gz
BuildArch: noarch
@ -62,6 +62,10 @@ rm -vrf *.egg-info
%{python3_sitelib}/extras-*.egg-info/
%changelog
* Tue Sep 03 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.0.0-16
- Release bump to fix package information.
- License verified.
* Tue Oct 13 2020 Steve Laughman <steve.laughman@microsoft.com> - 1.6.0-15
- Initial CBL-Mariner import from Fedora 33 (license: MIT)
- Disable circular dependency check

Просмотреть файл

@ -7,12 +7,15 @@
Name: python-pymongo
Version: 3.10.1
Release: 5%{?dist}
# All code is ASL 2.0 except bson/time64*.{c,h} which is MIT
License: ASL 2.0 and MIT
Release: 6%{?dist}
# All code is ASL 2.0 except for:
# - bson/time64*.{c,h} - MIT,
# - encoding_helpers.c - Unicode with a "Portions Copyright 2001 Unicode, Inc." header,
# - ssl_match_hostname.py - Python-2.0
License: ASL 2.0 and MIT and Python-2.0 and Unicode
Summary: Python driver for MongoDB
URL: https://github.com/mongodb/mongo-python-driver
Vendor: Microsoft
Vendor: Microsoft Corporation
Distribution: Azure Linux
Source0: https://github.com/mongodb/mongo-python-driver/archive/%{version}/pymongo-%{version}.tar.gz
# This patch removes the bundled ssl.match_hostname library as it was vulnerable to CVE-2013-7440
@ -90,28 +93,32 @@ chmod 755 %{buildroot}%{python3_sitearch}/bson/*.so
chmod 755 %{buildroot}%{python3_sitearch}/pymongo/*.so
%files doc
%license LICENSE
%license LICENSE THIRD-PARTY-NOTICES
%if 0%{!?bootstrap:1}
%doc doc/_build/html/*
%endif
%files -n python3-bson
%license LICENSE
%license LICENSE THIRD-PARTY-NOTICES
%doc README.rst
%{python3_sitearch}/bson
%files -n python3-pymongo
%license LICENSE
%license LICENSE THIRD-PARTY-NOTICES
%doc README.rst
%{python3_sitearch}/pymongo
%{python3_sitearch}/pymongo-%{version}-*.egg-info
%files -n python3-pymongo-gridfs
%license LICENSE
%license LICENSE THIRD-PARTY-NOTICES
%doc README.rst
%{python3_sitearch}/gridfs
%changelog
* Tue Sep 03 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 3.10.1-6
- Release bump to fix package information.
- License verified.
* Mon Oct 19 2020 Steve Laughman <steve.laughman@microsoft.com> - 3.10.1-5
- Initial CBL-Mariner import from Fedora 33 (license: MIT)

Просмотреть файл

@ -18,10 +18,10 @@ original structure is left untouched.}
Name: python-%{pypi_name}
Summary: Persistent/Functional/Immutable data structures
Version: 0.17.3
Release: 2%{?dist}
Release: 3%{?dist}
License: MIT
URL: http://github.com/tobgu/pyrsistent/
Vendor: Microsoft
Vendor: Microsoft Corporation
Distribution: Azure Linux
Source0: https://files.pythonhosted.org/packages/source/p/%{pypi_name}/%{pypi_name}-%{version}.tar.gz
# relax dependencies specified in setup.py
@ -71,6 +71,10 @@ rm -rf %{pypi_name}.egg-info
%{python3_sitearch}/%{pypi_name}-%{version}-py%{python3_version}.egg-info/
%changelog
* Tue Sep 03 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 0.17.3-3
- Release bump to fix package information.
- License verified.
* Thu Oct 22 2020 Steve Laughman <steve.laughman@microsoft.com> - 0.17.3-2
- Initial CBL-Mariner import from Fedora 33 (license: MIT)

Просмотреть файл

@ -10,10 +10,10 @@
Summary: Invoke py.test as distutils command with dependency resolution
Name: python-%{modulename}
Version: 4.0
Release: 12%{?dist}
Release: 13%{?dist}
License: MIT
URL: https://pypi.python.org/pypi/pytest-runner
Vendor: Microsoft
Vendor: Microsoft Corporation
Distribution: Azure Linux
# setuptools-scm requires a pypi tarball and doesn't like github tarball
Source0: https://files.pythonhosted.org/packages/source/p/%{modulename}/%{modulename}-%{version}.tar.gz
@ -58,6 +58,10 @@ Python 3 version.
%{python3_sitelib}/__pycache__/ptr.*
%changelog
* Tue Sep 03 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 4.0-13
- Release bump to fix package information.
- License verified.
* Thu Oct 22 2020 Steve Laughman <steve.laughman@microsoft.com> - 4.0-12
- Initial CBL-Mariner import from Fedora 33 (license: MIT)

Просмотреть файл

@ -16,11 +16,11 @@ Documentation is available on Read the Docs: http://recommonmark.readthedocs.org
Name: python-%{github_name}
Version: 0.6.0
Release: 4%{?dist}
Release: 5%{?dist}
Summary: %{sum}
License: MIT
URL: https://github.com/%{project_owner}/%{github_name}
Vendor: Microsoft
Vendor: Microsoft Corporation
Distribution: Azure Linux
Source0: https://github.com/%{project_owner}/%{github_name}/archive/%{version}/%{github_name}-%{version}.tar.gz
BuildArch: noarch
@ -81,6 +81,10 @@ popd # Leave buildroot bindir
%{_bindir}/cm2*-%{python3_version}
%changelog
* Tue Sep 03 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 0.6.0-5
- Release bump to fix package information.
- License verified.
* Thu Oct 14 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 0.6.0-4
- Converting the 'Release' tag to the '[number].[distribution]' format.

Просмотреть файл

@ -5,11 +5,11 @@
Name: python-%{pypi_name}
Version: 0.5.0
Release: 22%{?dist}
Release: 23%{?dist}
Summary: Testscenarios, a pyunit extension for dependency injection
License: ASL 2.0 and BSD
URL: https://launchpad.net/testscenarios
Vendor: Microsoft
Vendor: Microsoft Corporation
Distribution: Azure Linux
Source0: https://pypi.python.org/packages/source/t/%{pypi_name}/%{pypi_name}-%{version}.tar.gz
BuildArch: noarch
@ -71,6 +71,9 @@ CFLAGS="%{optflags}" %{__python3} setup.py build
%{python3_sitelib}/*
%changelog
* Tue Sep 03 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 0.5.0-23
- Release bump to fix package information.
* Fri Apr 29 2022 Muhammad Falak <mwani@microsoft.com> - 0.5.0-22
- Add BR on `pip` to enable ptest
- License verified

Просмотреть файл

@ -27,11 +27,11 @@ framework.}
Name: python-%{pkgname}
Version: 2.4.0
Release: 8%{?dist}
Release: 9%{?dist}
Summary: Extensions to the Python unit testing framework
License: MIT
URL: https://launchpad.net/testtools
Vendor: Microsoft
Vendor: Microsoft Corporation
Distribution: Azure Linux
Source0: https://files.pythonhosted.org/packages/source/t/%{libname}/%{libname}-%{version}.tar.gz
Patch0: testtools-2.4.0-remove_backports.patch
@ -107,6 +107,10 @@ make PYTHON=%{__python3} check
%endif
%changelog
* Tue Sep 03 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 2.4.0-9
- Release bump to fix package information.
- License verified.
* Tue Oct 13 2020 Steve Laughman <steve.laughman@microsoft.com> - 2.4.0-8
- Initial CBL-Mariner import from Fedora 33 (license: MIT)

Просмотреть файл

@ -1,8 +1,8 @@
Summary: precision numeric processing language
Name: bc
Version: 1.07.1
Release: 4%{?dist}
License: GPLv2+
Release: 5%{?dist}
License: GPLv3+
URL: https://www.gnu.org/software/bc/
Group: System Environment/base
Vendor: Microsoft Corporation
@ -46,17 +46,26 @@ popd
%{_mandir}/*/*
%changelog
* Tue Sep 03 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.07.1-5
- License verified.
* Fri Jan 22 2021 Andrew Phelps <anphel@microsoft.com> 1.07.1-4
- Fix check test. Remove sha1. Change URL to GNU bc homepage.
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 1.07.1-3
- Added %%license line automatically
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 1.07.1-2
- Initial CBL-Mariner import from Photon (license: Apache2).
* Mon Oct 1 2018 Sujay G <gsujay@vmware.com> 1.07.1-1
- Bump bc version to 1.07.1
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.06.95-3
- GA - Bump release of all rpms
* Tue Aug 4 2015 Kumar Kaushik <kaushikk@vmware.com> 1.06.95-2
- Adding the post uninstall section.
* Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 1.06.95-1
- initial version

Просмотреть файл

@ -1,10 +1,10 @@
Summary: Compiler Cache
Name: ccache
Version: 4.8.3
Release: 1%{?dist}
Release: 2%{?dist}
License: BeOpen AND BSD AND GPLv3+ AND (Patrick Powell's AND Holger Weiss' license) AND Public Domain AND Python AND zlib
Vendor: Microsoft Corporation
Distribution: Mariner
Distribution: Azure Linux
URL: https://ccache.dev
Source0: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
BuildRequires: cmake
@ -56,6 +56,9 @@ done
%{_libdir}/*
%changelog
* Tue Sep 03 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 4.8.3-2
- Fix the 'Distribution' tag.
* Fri Nov 10 2023 Andrew Phelps <anphel@microsoft.com> - 4.8.3-1
- Upgrade to version 4.8.3

Просмотреть файл

@ -8,8 +8,8 @@
Summary: The DejaVu fonts families
Name: dejavu-fonts
Version: 2.37
Release: 2%{?dist}
License: Bistream Vera Font AND Arev Fonts
Release: 3%{?dist}
License: Bistream Vera Font AND Arev Fonts AND AMSFonts AND Public Domain
Vendor: Microsoft Corporation
Distribution: Azure Linux
Group: System Environment/Base
@ -101,6 +101,9 @@ install ttf/DejaVuMathTeXGyre.ttf %{buildroot}%{_serif_fontdir}
%{_serif_fontdir}/*.ttf
%changelog
* Tue Sep 03 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 2.37-3
- License verified.
* Fri Jul 09 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 2.37-2
- Renaming to 'dejavu-fonts'.
- Adding 'dejavu-sans-mono-fonts' and 'dejavu-serif-fonts' subpackages.

Просмотреть файл

@ -1,8 +1,8 @@
Summary: Docbook-xsl-1.79.1
Name: docbook-style-xsl
Version: 1.79.1
Release: 13%{?dist}
License: ASL 2.0
Release: 14%{?dist}
License: ASL 2.0 AND MIT
Vendor: Microsoft Corporation
Distribution: Azure Linux
Group: Development/Tools
@ -96,12 +96,15 @@ fi
%files
%defattr(-,root,root)
%license COPYING
%license COPYING extensions/LICENSE.txt
%{_datadir}/xml/docbook/xsl-stylesheets-%{version}
%{_datadir}/sgml/docbook/xsl-stylesheets
%{_docdir}/*
%changelog
* Tue Sep 03 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.79.1-14
- License verified.
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> - 1.79.1-10
- Added %%license line automatically

Просмотреть файл

@ -3,7 +3,7 @@
Summary: Tool to check ELF binary hardening configuration
Name: hardening-check
Version: 2.6
Release: 2%{?dist}
Release: 3%{?dist}
License: GPLv2+
URL: http://packages.debian.org/hardening-wrapper
Group: Development/Tools
@ -53,6 +53,9 @@ make
%{_mandir}/man1/hardening-check.1.*
%changelog
* Tue Sep 03 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 2.6-3
- License verified.
* Wed May 20 2020 Henry Beberman <henry.beberman@microsoft.com> - 2.6-2
- Initial CBL-Mariner import from Fedora 26 (license: MIT).
- Changed package name from 'hardening-wrapper'.

Просмотреть файл

@ -1,11 +1,11 @@
Summary: The Kube-Vip cloud provider functions as a general-purpose cloud provider for on-premises bare-metal or virtualized setups
Name: kube-vip-cloud-provider
Version: 0.0.10
Release: 1%{?dist}
Release: 2%{?dist}
License: ASL 2.0
URL: https://github.com/kube-vip/kube-vip-cloud-provider
Group: Applications/Text
Vendor: Microsoft
Vendor: Microsoft Corporation
Distribution: Azure Linux
Source0: https://github.com/kube-vip/%{name}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
#Note that the source file should be renamed to the format {name}-%{version}.tar.gz
@ -40,6 +40,9 @@ install kube-vip-cloud-provider %{buildroot}%{_bindir}/kube-vip-cloud-provider
%{_bindir}/kube-vip-cloud-provider
%changelog
* Tue Sep 03 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 0.0.10-2
- Release bump to fix package information.
* Mon Jul 08 2024 Tobias Brick <tobiasb@microsoft.com> - 0.0.10-1
- Upgrade to 0.0.10
- Patch CVE-2023-47108

Просмотреть файл

@ -1,11 +1,11 @@
Summary: Provides a way for the Kubernetes users to utilize the local storage in each node
Name: local-path-provisioner
Version: 0.0.24
Release: 1%{?dist}
Release: 2%{?dist}
License: ASL 2.0
URL: https://github.com/rancher/local-path-provisioner
Group: Applications/Text
Vendor: Microsoft
Vendor: Microsoft Corporation
Distribution: Azure Linux
Source0: https://github.com/rancher/%{name}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
#Note that the source file should be renamed to the format {name}-%{version}.tar.gz
@ -30,6 +30,9 @@ install local-path-provisioner %{buildroot}%{_bindir}/local-path-provisioner
%{_bindir}/local-path-provisioner
%changelog
* Tue Sep 03 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 0.0.24-2
- Release bump to fix package information.
* Fri Oct 27 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 0.0.24-1
- Auto-upgrade to 0.0.24 - Azure Linux 3.0 - package upgrades

Просмотреть файл

@ -1,13 +1,12 @@
Summary: A fast, simple LZW file compressor
Name: ncompress
Version: 5.0
Release: 1%{?dist}
Release: 2%{?dist}
License: Unlicense
Vendor: Microsoft Corporation
Distribution: Azure Linux
URL: https://github.com/vapier/ncompress
#Source0: https://github.com/vapier/%{name}/archive/v%{version}.tar.gz
Source0: %{name}-%{version}.tar.gz
Source0: https://github.com/vapier/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
BuildRequires: gcc
BuildRequires: glibc-devel
BuildRequires: make
@ -47,5 +46,8 @@ make PREFIX=%{_prefix} DESTDIR=%{buildroot} install_core
%{_mandir}/man1/*
%changelog
* Tue Sep 03 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 5.0-2
- License verified.
* Mon May 17 2021 Thomas Crain <thcrain@microsoft.com> - 5.0-1
- Original version for CBL-Mariner

Просмотреть файл

@ -1,8 +1,8 @@
Summary: Universally Unique Identifier library
Name: uuid
Version: 1.6.2
Release: 50%{?dist}
License: MIT
Release: 51%{?dist}
License: ISC
Vendor: Microsoft Corporation
Distribution: Azure Linux
URL: http://www.ossp.org/pkg/lib/uuid/
@ -117,6 +117,7 @@ make check
%postun -p /sbin/ldconfig
%files
%license README
%doc AUTHORS ChangeLog HISTORY NEWS PORTING README SEEALSO THANKS TODO USERS
%{_bindir}/uuid
%{_libdir}/libossp-uuid.so.*
@ -147,6 +148,9 @@ make check
%{_libdir}/libossp-uuid_dce.so
%changelog
* Tue Sep 03 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.6.2-51
- License verified.
* Mon Nov 30 2020 Nicolas Ontiveros <niontive@microsoft.com> - 1.6.2-50
- Initial CBL-Mariner import from Fedora 33 (license: MIT).
- Replace ldconfig_scriptlets with post/postun ldconfig calls

Просмотреть файл

@ -202,7 +202,7 @@ createrepo_c-1.0.3-1.azl3.aarch64.rpm
libxml2-2.11.5-1.azl3.aarch64.rpm
libxml2-devel-2.11.5-1.azl3.aarch64.rpm
docbook-dtd-xml-4.5-11.azl3.noarch.rpm
docbook-style-xsl-1.79.1-13.azl3.noarch.rpm
docbook-style-xsl-1.79.1-14.azl3.noarch.rpm
libsepol-3.6-1.azl3.aarch64.rpm
glib-2.78.1-4.azl3.aarch64.rpm
libltdl-2.4.7-1.azl3.aarch64.rpm

Просмотреть файл

@ -202,7 +202,7 @@ createrepo_c-1.0.3-1.azl3.x86_64.rpm
libxml2-2.11.5-1.azl3.x86_64.rpm
libxml2-devel-2.11.5-1.azl3.x86_64.rpm
docbook-dtd-xml-4.5-11.azl3.noarch.rpm
docbook-style-xsl-1.79.1-13.azl3.noarch.rpm
docbook-style-xsl-1.79.1-14.azl3.noarch.rpm
libsepol-3.6-1.azl3.x86_64.rpm
glib-2.78.1-4.azl3.x86_64.rpm
libltdl-2.4.7-1.azl3.x86_64.rpm

Просмотреть файл

@ -42,8 +42,8 @@ ca-certificates-base-3.0.0-7.azl3.noarch.rpm
ca-certificates-legacy-3.0.0-7.azl3.noarch.rpm
ca-certificates-shared-3.0.0-7.azl3.noarch.rpm
ca-certificates-tools-3.0.0-7.azl3.noarch.rpm
ccache-4.8.3-1.azl3.aarch64.rpm
ccache-debuginfo-4.8.3-1.azl3.aarch64.rpm
ccache-4.8.3-2.azl3.aarch64.rpm
ccache-debuginfo-4.8.3-2.azl3.aarch64.rpm
check-0.15.2-1.azl3.aarch64.rpm
check-debuginfo-0.15.2-1.azl3.aarch64.rpm
chkconfig-1.25-1.azl3.aarch64.rpm
@ -75,7 +75,7 @@ debugedit-debuginfo-5.0-2.azl3.aarch64.rpm
diffutils-3.10-1.azl3.aarch64.rpm
diffutils-debuginfo-3.10-1.azl3.aarch64.rpm
docbook-dtd-xml-4.5-11.azl3.noarch.rpm
docbook-style-xsl-1.79.1-13.azl3.noarch.rpm
docbook-style-xsl-1.79.1-14.azl3.noarch.rpm
dwz-0.14-2.azl3.aarch64.rpm
dwz-debuginfo-0.14-2.azl3.aarch64.rpm
e2fsprogs-1.47.0-2.azl3.aarch64.rpm

Просмотреть файл

@ -43,8 +43,8 @@ ca-certificates-base-3.0.0-7.azl3.noarch.rpm
ca-certificates-legacy-3.0.0-7.azl3.noarch.rpm
ca-certificates-shared-3.0.0-7.azl3.noarch.rpm
ca-certificates-tools-3.0.0-7.azl3.noarch.rpm
ccache-4.8.3-1.azl3.x86_64.rpm
ccache-debuginfo-4.8.3-1.azl3.x86_64.rpm
ccache-4.8.3-2.azl3.x86_64.rpm
ccache-debuginfo-4.8.3-2.azl3.x86_64.rpm
check-0.15.2-1.azl3.x86_64.rpm
check-debuginfo-0.15.2-1.azl3.x86_64.rpm
chkconfig-1.25-1.azl3.x86_64.rpm
@ -78,7 +78,7 @@ debugedit-debuginfo-5.0-2.azl3.x86_64.rpm
diffutils-3.10-1.azl3.x86_64.rpm
diffutils-debuginfo-3.10-1.azl3.x86_64.rpm
docbook-dtd-xml-4.5-11.azl3.noarch.rpm
docbook-style-xsl-1.79.1-13.azl3.noarch.rpm
docbook-style-xsl-1.79.1-14.azl3.noarch.rpm
dwz-0.14-2.azl3.x86_64.rpm
dwz-debuginfo-0.14-2.azl3.x86_64.rpm
e2fsprogs-1.47.0-2.azl3.x86_64.rpm

Просмотреть файл

@ -12,38 +12,67 @@ import sys
from spec_source_attributions import get_spec_source, VALID_SOURCE_ATTRIBUTIONS
EXPECTED_DISTRIBUTION_TAG = "Azure Linux"
EXPECTED_VENDOR_TAG = "Microsoft Corporation"
# Checking if the specs contains a 'Distribution' tag.
DISTRIBUTION_TAG_PRESENT_REGEX = re.compile(r"^\s*Distribution:\s*", re.MULTILINE)
# Checking if the specs include only the valid 'Distribution: Azure Linux' tag.
invalid_distribution_tag_regex = re.compile(
r'^\s*Distribution:\s*(?!Azure Linux\s*$)\S+', re.MULTILINE)
INVALID_DISTRIBUTION_TAG_REGEX = re.compile(
rf"^\s*Distribution:\s*(?!{EXPECTED_DISTRIBUTION_TAG}\s*$)\S+", re.MULTILINE
)
# Checking if the specs include only the valid 'Vendor: Microsoft Corporation' tag.
INVALID_VENDOR_TAG_REGEX = re.compile(
rf"^\s*Vendor:\s*(?!{EXPECTED_VENDOR_TAG}\s*$)\S+", re.MULTILINE
)
# Checking if the specs contains a 'Vendor' tag.
VENDOR_TAG_PRESENT_REGEX = re.compile(r"^\s*Vendor:\s*", re.MULTILINE)
# Checking for the deprecated '%patch[number]' format.
# For more info, see: https://rpm-software-management.github.io/rpm/manual/spec.html.
invalid_patch_macro_regex = re.compile(
r'^\s*%patch\d', re.MULTILINE)
INVALID_PATCH_MACRO_REGEX = re.compile(r"^\s*%patch\d", re.MULTILINE)
# Check for '%patch' macros not using the '-P' flag.
invalid_toolchain_patch_macro = re.compile(
r'^\s*%patch((?!-P\s+\d+).)*$', re.MULTILINE)
INVALID_TOOLCHAIN_PATCH_MACRO = re.compile(r"^\s*%patch((?!-P\s+\d+).)*$", re.MULTILINE)
license_regex = re.compile(
r"\b(license verified|verified license)\b", re.IGNORECASE)
LICENSE_REGEX = re.compile(r"\b(license verified|verified license)\b", re.IGNORECASE)
valid_release_tag_regex = re.compile(
r'^[1-9]\d*%\{\?dist\}$')
VALID_RELEASE_TAG_REGEX = re.compile(r"^[1-9]\d*%\{\?dist\}$")
valid_source_attributions_one_per_line = "\n".join(f"- {key}: '{value}'" for key, value in VALID_SOURCE_ATTRIBUTIONS.items())
VALID_SOURCE_ATTRIBUTIONS_ONE_PER_LINE = "\n".join(
f"- {key}: '{value}'" for key, value in VALID_SOURCE_ATTRIBUTIONS.items()
)
def check_distribution_tag(spec_path: str):
def check_distribution_tag_correct(spec_path: str):
"""Checks if the 'Distribution' tags match 'Azure Linux'. """
with open(spec_path) as file:
contents = file.read()
if invalid_distribution_tag_regex.search(contents) is not None:
if INVALID_DISTRIBUTION_TAG_REGEX.search(contents) is not None:
print(f"""
ERROR: detected an invalid 'Distribution' tag.
Please use 'Distribution: Azure Linux'.
Please use 'Distribution: {EXPECTED_DISTRIBUTION_TAG}'.
""")
return False
return True
def check_distribution_tag_exists(spec_path: str):
"""Checks if the 'Distribution' tag exists. """
with open(spec_path) as file:
contents = file.read()
if DISTRIBUTION_TAG_PRESENT_REGEX.search(contents) is None:
print(f"""
ERROR: missing 'Distribution' tag.
Please add 'Distribution: {EXPECTED_DISTRIBUTION_TAG}'.
""")
return False
@ -55,7 +84,7 @@ def check_patch_macro(spec_path: str):
with open(spec_path) as file:
contents = file.read()
if invalid_patch_macro_regex.search(contents) is not None:
if INVALID_PATCH_MACRO_REGEX.search(contents) is not None:
print(f"""
ERROR: use of deprecated '%patch[number]' format (no space between '%patch' and the number of the patch).
@ -73,7 +102,7 @@ def check_release_tag(spec_path: str):
"""Checks if the 'Release' tag is in one of Azure Linux's expected formats. """
spec = Spec.from_file(spec_path)
if valid_release_tag_regex.match(spec.release) is None:
if VALID_RELEASE_TAG_REGEX.match(spec.release) is None:
print(f"""
ERROR: invalid 'Release' tag.
@ -90,7 +119,7 @@ def check_license_verification(spec_path: str):
"""Checks if the package's license has been verified. """
spec = Spec.from_file(spec_path)
if len(license_regex.findall(spec.changelog)) == 0:
if len(LICENSE_REGEX.findall(spec.changelog)) == 0:
print(f"""
ERROR: license not verified.
@ -117,7 +146,7 @@ ERROR: no valid source attribution.
Make sure to indicate the origin of the spec file in the changelog.
Currently supported source attributions (in form of regular expressions):
{valid_source_attributions_one_per_line}
{VALID_SOURCE_ATTRIBUTIONS_ONE_PER_LINE}
If you're importing a spec from a source, which doesn't fit the currently supported list,
please update the 'VALID_SOURCE_ATTRIBUTIONS' variable inside the '{dirname(realpath(__file__))}/spec_source_attributions.py' script.
@ -137,8 +166,8 @@ def check_toolchain_patch_lines(spec_path: str, toolchain_specs: set):
with open(spec_path) as file:
contents = file.read()
if invalid_toolchain_patch_macro.search(contents) is not None:
if INVALID_TOOLCHAIN_PATCH_MACRO.search(contents) is not None:
print(f"""
ERROR: detected a toolchain spec with invalid '%patch' macros.
@ -150,26 +179,59 @@ ERROR: detected a toolchain spec with invalid '%patch' macros.
return True
def check_vendor_tag_correct(spec_path: str):
"""Checks if the 'Vendor' tags match 'Microsoft Corporation'. """
with open(spec_path) as file:
contents = file.read()
if INVALID_VENDOR_TAG_REGEX.search(contents) is not None:
print(f"""
ERROR: detected an invalid 'Vendor' tag.
Please use 'Vendor: {EXPECTED_VENDOR_TAG}'.
""")
return False
return True
def check_vendor_tag_exists(spec_path: str):
"""Checks if the 'Vendor' tag exists. """
with open(spec_path) as file:
contents = file.read()
if VENDOR_TAG_PRESENT_REGEX.search(contents) is None:
print(f"""
ERROR: missing 'Vendor' tag.
Please add 'Vendor: {EXPECTED_VENDOR_TAG}'.
""")
return False
return True
SPEC_CHECKS = [
check_distribution_tag_correct,
check_distribution_tag_exists,
check_license_verification,
check_patch_macro,
check_release_tag,
check_source_attribution,
check_vendor_tag_correct,
check_vendor_tag_exists,
]
def check_spec(spec_path, toolchain_specs):
spec_correct = True
print(f"Checking {spec_path}")
print(f"Checking {spec_path}.")
if not check_distribution_tag(spec_path):
spec_correct = False
for spec_check in SPEC_CHECKS:
if not spec_check(spec_path):
spec_correct = False
if not check_patch_macro(spec_path):
spec_correct = False
if not check_release_tag(spec_path):
spec_correct = False
if not check_source_attribution(spec_path):
spec_correct = False
if not check_license_verification(spec_path):
spec_correct = False
if not check_toolchain_patch_lines(spec_path, toolchain_specs):
spec_correct = False
@ -190,7 +252,7 @@ if __name__ == '__main__':
nargs='+',
help='path to an RPM spec file')
args = parser.parse_args()
toolchain_specs = set(args.toolchain_specs.split())
specs_correct = True

Просмотреть файл

@ -5,7 +5,7 @@ Release: 1%{?dist}
License: MIT
URL: https://test.com
Group: Test
Vendor: Microsoft
Vendor: Microsoft Corporation
Distribution: Azure Linux
%description

Просмотреть файл

@ -5,7 +5,7 @@ Release: 1%{?dist}
License: MIT
URL: https://test.com
Group: Test
Vendor: Microsoft
Vendor: Microsoft Corporation
Distribution: Azure Linux
%description

Просмотреть файл

@ -5,7 +5,7 @@ Release: 1%{?dist}
License: MIT
URL: https://test.com
Group: Test
Vendor: Microsoft
Vendor: Microsoft Corporation
Distribution: Azure Linux
BuildArch: noarch

Просмотреть файл

@ -5,7 +5,7 @@ Release: 1%{?dist}
License: MIT
URL: https://test.com
Group: Test
Vendor: Microsoft
Vendor: Microsoft Corporation
Distribution: Azure Linux
BuildArch: noarch

Просмотреть файл

@ -6,7 +6,7 @@ Release: 1%{?dist}
License: MIT
URL: https://test.com
Group: Test
Vendor: Microsoft
Vendor: Microsoft Corporation
Distribution: Azure Linux
%description