1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
|
=============
Release Notes
=============
---------------------------
pkgcheck 0.9.7 (2021-03-27)
---------------------------
- pkgcheck scan: Fix raw repo creation for overlays.
---------------------------
pkgcheck 0.9.6 (2021-03-26)
---------------------------
- Add support for identifying misplaced eclass spec variables (#309).
---------------------------
pkgcheck 0.9.5 (2021-03-20)
---------------------------
- Don't include bash parser shared library in tarball and build platform
dependent wheels with the library prebuilt.
---------------------------
pkgcheck 0.9.4 (2021-03-19)
---------------------------
- MetadataVarCheck: Add KEYWORDS verification (#303).
- GitAddon: Store commit timestamp instead of date string.
- MissingLocalUseDesc: Add explicit result for local use flags missing
descriptions.
- DirectStableKeywords: Skip acct-group and acct-user categories (#308).
- PackageMetadataXmlCheck: Support proxied metadata.xml attribute.
---------------------------
pkgcheck 0.9.3 (2021-03-12)
---------------------------
- MisplacedVariable: New keyword flagging variables used outside their defined
scope.
- ReadonlyVariable: New keyword flagging read-only variables that are globally
assigned (#300).
- pkgcheck.utils: Fallback to assuming libstdc++ exists for build_library()
(#299).
---------------------------
pkgcheck 0.9.2 (2021-03-05)
---------------------------
- Update tree-sitter-bash to language version 13 to work with
>=tree-sitter-0.19.0.
---------------------------
pkgcheck 0.9.1 (2021-03-05)
---------------------------
- Support newline-separated values for lists in addition to comma-separated in
pkgcheck configs.
- pkgcheck scan: Bundle and load a config defining a GentooCI checkset matching
Gentoo CI error keywords.
- pkgcheck scan: Add --staged support for targeting staged git changes to
generate restrictions.
- pkgcheck: Suppress pkgcore-specific help options that should generally be
avoided by users but is required internally.
---------------------------
pkgcheck 0.9.0 (2021-02-23)
---------------------------
- pkgcheck ci: Add initial subcommand for CI-specific usage (e.g. used by
pkgcheck-action).
- EclassCheck: force bash error output to use the C locale.
- Officially export Result class in addition to all specific result
keywords/classes for API usage which can be useful for type
hinting purposes.
- pkgcheck scan: Respect version-level scan scope targets (#293).
- pkgcheck scan: Allow additive args for --exit. This allows adding
keywords to the default set (via '+Keyword') that trigger exit
failures without having to explicitly specify the 'error' set as
well.
- PackageUpdatesCheck: Use search repo to find old packages to fix
checking for OldPackageUpdate results in overlays.
- Make 'NonsolvableDeps' a scannable keyword alias.
- Drop metadata.xml indentation and empty element results from
warning to style level.
- Drop BadDescription and RedundantLongDescription result levels
from warning to style.
- Restrict UnknownCategoryDirs result to the gentoo repo.
- Apply target repo base profile masks across all scan profiles
(#281).
- Drop pickle-based reporter support -- use the scan API call to
create and access result objects.
- pkgcheck replay: Drop pickle stream support, use JSON support
instead from the JsonStream reporter.
---------------------------
pkgcheck 0.8.2 (2021-02-09)
---------------------------
- Generate checkrunners per target restriction (#279).
- Fix result object re-creation issues (#276).
---------------------------
pkgcheck 0.8.1 (2021-01-28)
---------------------------
- Include tree-sitter-bash files in dist tarball.
---------------------------
pkgcheck 0.8.0 (2021-01-27)
---------------------------
- Add Style priority level for keywords that's between Warning and Info levels.
- EclassDocMissingVar: Ignore underscore-prefixed vars as it's assumed these are
internal only.
- pkgcheck scan: Add support for profiles path target restrictions. Now
``pkgcheck scan`` can be pointed at dir and file targets inside the profiles
directory and relevant checks will be run against them. Note that dir targets
will run checks against all path descendents.
- pkgcheck scan: Add support for incremental profile scanning. This means all
profile changes will get run against relevant checks when using ``pkgcheck
scan --commits``.
- GentooRepoCheck: Allow specifically selected checks to override skip (#261).
- pkgcheck scan: Add support to forcibly disable all pkg filters via passing
'false', 'no', or 'n'. This provides the ability to disable any filters that
would otherwise be enabled by default.
- pkgcheck scan: Support checkset and check args for the --exit option.
- Use arches from profiles.desc instead of pulling them from make.defaults
(#237).
- pkgcheck scan: Enable profile checks when using ``pkgcheck scan --commits``
if profile changes are detected.
- DependencyCheck: Split outdated blocker checks into OutdatedBlockersCheck
since required addons are now strictly enforced for cache addons.
- pkgcheck scan: Staged changes are now ignored when using ``pkgcheck scan
--commits``. Note that due to how ``git stash`` works, they'll be unstaged
on scan completion.
- NonsolvableDepsInExp: Switch from warning level to error level to match other
visibility results.
- VirtualKeywordsUpdate: Replace MissingVirtualKeywords with result that flags
virtuals with keywords that could be added.
- Add basic API for running package scans (#52).
- pkgcheck scan: Drop 'repo' -f/--filter filter type since it's underused and
doesn't mesh well with the new, granular filtering support.
- BadCommitSummary: Escape regex strings in package names (#256).
- pkgcheck scan: Add support for targeted --filter options that can be enabled
per keyword, check, or checkset.
- pkgcheck scan: Re-add support for -C/--checksets option that must be defined
in the CHECKSETS config section. Also, move 'all' and 'net' aliases from
-c/--checks to virtual checksets.
- MisplacedEclassVar: Add support for flagging misplaced @PRE_INHERIT eclass
variables in ebuilds.
- Network requests now use streamed GET requests instead of HEAD with fallback
to avoid various webservers not supporting HEAD requests.
- MissingMove: Properly ignore git ebuild file renames.
- pkgcheck cache: Add initial -r/--repo option support (#251).
- Force using the fork start method for multiprocessing (#254).
- pkgcheck scan: Prefer path restrictions during restriction generation if the
targets are in the target repo.
- UnusedGlobalUseExpand: Check for unused global USE_EXPAND variables.
- Drop support for python-3.6 and python-3.7.
---------------------------
pkgcheck 0.7.9 (2020-12-05)
---------------------------
- GitCommitsCheck: Fix package vs category level summary checks.
---------------------------
pkgcheck 0.7.8 (2020-12-04)
---------------------------
- pkgcheck show: Add ``-C/--caches`` support.
- BadCommitSummary: Support flagging bad category level commit
summaries (#250).
- FormatReporter: Raise exception for unhandled integer key args.
- Treat git rename operations as addition and removal for package
changes (#249).
- PerlCheck is now an optional check that isn't run by default
since most users won't have the required dependency installed.
- Allow additive -c/--checks args that add checks to the default
set to run. For example, use ``pkgcheck scan -c=+PerlCheck`` to
run PerlCheck in addition to the default checks.
- InvalidManifest: Flag ebuilds with invalid Manifest files.
- pkgcheck scan: Support eclass file target restrictions.
- MissingMove: Flag packages on local commits that are renamed with
no corresponding move package update.
- MissingSlotmove: Flag packages on local commits with changed SLOT
with no corresponding slotmove package update.
- MaintainerNeeded: Flag packages with invalid maintainer-needed
comments (#239).
- pkgcheck scan: Display cache update progress by default.
- LiveOnlyPackage: Flag ebuilds that only have VCS-based versions.
- pkgcheck scan: Support a configurable exit status via ``--exit``
(#28).
- pkgcheck scan: Drop --sorted option that isn't useful enough to
keep around due to check parallelization.
- MatchingChksums: Ignore go.mod related false positives (#228).
- EclassDocMissingFunc: Flag eclasses missing docs for an exported
function.
- EclassDocMissingVar: Flag eclasses missing docs for an exported
variable.
- InternalEclassFunc: Flag ebuilds using internal functions from an
eclass.
- IndirectInherits: Flag ebuilds using functions from an indirectly
inherited eclass.
- MissingInherits: Flag ebuilds with missing eclass inherits.
- UnusedInherits: Flag ebuilds with unused eclass inherits.
- PythonCompatUpdate: Flag ebuilds with PYTHON_COMPAT that can be
updated to support newer python versions.
- Dump all pickled caches atomically (#244).
- UnsupportedEclassEapi: Flag ebuilds that inherit an eclass with
outdated @SUPPORTED_EAPIS.
- EclassDocError: Flag eclasses that fail eclass doc tag parsing.
- RedundantPackageUpdate: Flag package update entries that have the
same source and destination.
- ProfileAddon: Only enable exp profiles for explicitly selected
keywords and not when keywords are selected by default.
- pkgcheck scan: Don't load system/user configs when explicitly
disabled via ``--config no``.
---------------------------
pkgcheck 0.7.7 (2020-07-05)
---------------------------
- Avoid trying to match old packages against current repo for git support (#215).
- Rename DeprecatedPkg result keyword to DeprecatedDep and try to disambiguate its output
message (#218).
- FormatReporter: Use an empty string for unmatched variables (#211) and add the result output
name to the available attributes.
- DroppedKeywordsCheck: Disregard non-VCS pkgs without KEYWORDS (#224).
- Ignore license and keyword settings from system config for StableRequest results (#229).
- pkgcheck scan: Support output name arguments for -k/--keywords (#221).
- StableArchesAddon: Use known stable arches from arches.desc (GLEP 72) if available (#230).
- pkgcheck scan: Fully support custom user config files via --config.
- ProfilesAddon: Automatically enable experimental profiles for selected arches that only have
experimental profiles (#222) and selected keywords that require them (#225).
- VisibilityCheck: Sort failed package atoms for NonsolvableDep results (#223).
- Filter package atoms from path list when scanning git commits (#217).
- Use a ``git stash`` context manager when scanning commits so untracked files or uncommitted
changes are ignored.
- Only add eclass directory when scanning git commits if it exists in the target repo (#231).
---------------------------
pkgcheck 0.7.6 (2020-02-09)
---------------------------
- VariableInHomepage: Include parameter expansion chars in flagged variable and
drop flagging for unbracketed variables until bash parsing support exists.
- Drop PythonSingleUseMismatch result since python-single-r1.eclass will no
longer generate PYTHON_TARGETS.
- FetchablesUrlCheck: Disable package feed filtering so all defined SRC_URI
URLs are scanned by default.
- Output create/update git repo cache message to stderr by default to help tell
the user what's happening during possibly long scan delays.
- Add config file support at /etc/pkgcheck/pkgcheck.conf,
~/.config/pkgcheck/pkgcheck.conf, and metadata/pkgcheck.conf for system-wide,
user, and repo-specific default settings respectively. Any settings found in
those config files will be overridden by matching command line arguments.
Almost all command line arguments can be set in config files, see the man
page or online docs for config examples.
- For network checks, add fallback to GET requests if HEAD requests fail with
501 or 405 HTTP errors (#208).
---------------------------
pkgcheck 0.7.5 (2020-01-26)
---------------------------
- RedundantLongDescription: Flag redundant longdescription metadata.xml
elements (#205).
- RedundantDodir: Flag redundant dodir usage (#169).
- pkgcheck scan: Add special argument 'net' for -c/--checks option that enables
all network checks. This allows for easily running all network checks using
something similar to ``pkgcheck scan --net -c net``.
- AbsoluteSymlink: Flag dosym calls using paths starting with ${EPREFIX}.
- DeprecatedInsinto: Flag deprecated insinto usage with unnecessary quote usage.
- pkgcheck scan: Show a traceback and forcibly exit on unexpected exceptions
when running checks.
- EclassBashSyntaxError: Report bash syntax errors in eclasses.
- pkgcheck scan: Allow location specific scopes to override target path
restrict scope. This makes scanning against a file path target like
${REPO_PATH}/eclass only enable eclass checks instead of doing a full repo
scan.
- pkgcheck scan: Allow path target args of '.' or '..' to work as expected.
- RdependChange: Flag non-live, locally committed packages with altered RDEPEND
lacking revbumps.
- ``pkgcheck scan --commits`` now enables eclass checks if it notices any
relevant eclass changes in the local repo.
- EclassHeaderCheck: Add initial eclass header checks similar to the ones done
against ebuilds in the gentoo repo.
- pkgcheck scan: Drop the -C/--checkset option, it might return in some form
once reworked config file support is done.
- MetadataUrlCheck: Add initial check for metadata.xml URL validity (#167).
- Ignore unstaged changes when generating targets for ``pkgcheck scan
--commits``.
- RedundantUriRename: Flag redundant SRC_URI renames (#196).
---------------------------
pkgcheck 0.7.4 (2020-01-11)
---------------------------
- BinaryFile: Ignore some classes of false positives that use multiple
encodings.
- Output repo and commit related results after any package related results
found during scanning if using a relevant scan scope level.
- Sort git commit-related results by name or description for multiple results
against a single commit.
- BadCommitSummary: Convert to commit result instead of package result since it
directly relates to the commit made more than the package itself.
- Add optional ref argument support for --commits option. This allows passing a
commit or reference to diff the current tree against in order to determine
scanning targets.
- GitPkgCommitsCheck: Flag all incorrect copyright dates instead of just
outdated ones.
- GitCommitsCheck: Use a single ``git cat-file`` process for verifying all
Fixes/Reverts tags instead of one per commit.
- InvalidCommitMessage: Check for empty lines between summary, body, and tags.
---------------------------
pkgcheck 0.7.3 (2019-12-29)
---------------------------
- Flag git tags and commit messages that don't follow specifications described
in GLEP 66 (#186) via InvalidCommitTag and InvalidCommitMessage results.
- Skip reporting blocker dependencies marked as deprecated.
---------------------------
pkgcheck 0.7.2 (2019-12-20)
---------------------------
- pkgcheck scan: Change --filtered option to -f/--filter which supports both
'repo' and 'latest' arguments to filter scanned packages (#184).
- Fix ``pkgcheck scan --commits`` usage with overlays (#188).
- MissingUseDepDefault: Check unconditional use deps for missing defaults,
previously only conditional flags were being checked.
- DuplicateEclassInherits: Add initial result for flagging duplicate eclass
inherits.
- BadWhitespaceCharacter: Add initial result for flagging unicode whitespace in
ebuilds that bash doesn't treat as regular whitespace.
- ProfilesCheck: Add support for validating package.deprecated entries.
- Use .git/info/exclude from repos in addition to .gitignore to ignore files
for relevant checks.
---------------------------
pkgcheck 0.7.1 (2019-11-30)
---------------------------
- DeprecatedPkg: Add initial result for flagging package dependencies
deprecated via package.deprecated.
- DeprecatedEclassCheck: Add support for conditionally deprecating eclasses
with epatch and versionator being the first eclasses to be flagged for
conditional deprecation.
- SourcingCheck: Add separate check to validate ebuild sourcing and flag
invalid SLOTs via a new InvalidSlot result.
- pkgcheck scan: Add --sorted option to forcibly perform a global sort -- only
useful for limited cases such as generating expected test output.
- pkgcheck cache: Add support for listing and removing cache types for
non-registered repos.
- pkgcheck scan: Replace --git-disable/--profile-cache options with --cache. By
default all caches are enabled. To disable all of them, use something similar
to '--cache false'.
Cache types can also be enabled or disabled individually using a
comma-separated cache type list, e.g. '--cache profiles' will only enable
profiles caches and '--cache=-git' will only disable git caches leaving
all other caches enabled.
- Prioritize checks that scan for metadata errors so they get run before checks
that use the related metadata attrs.
- Fix memory leak when generating caches for certain git repos (#178).
- pkgcheck scan: Drop --profiles-base option.
- Avoid caching a repo's base package.mask for profile filters in order to
avoid more cases of profile cache invalidation.
- Split InvalidDependency into individual attr results, e.g. InvalidRdepend.
- Split RestrictsCheck into separate checks for RESTRICT and PROPERTIES.
- AbsoluteSymlinkCheck: Report dosym usage with path variables, e.g. ${ED}.
- BadHomepage: Flag packages using a generic Gentoo HOMEPAGE (#177).
- Add initial support for using a repo's .gitignore file to avoid reporting
matching files for certain results (#140).
---------------------------
pkgcheck 0.7.0 (2019-11-08)
---------------------------
- BadInsIntoCheck: Skip reporting insinto calls using subdirs since the related
commands don't support installing files into subdirs.
- PerlCheck: Run by default if perl and deps are installed otherwise skip unless
explicitly enabled.
- SourcingError: Add specific result for ebuilds that fail sourcing due to
metadata issues.
- Fix git --commits option restriction.
---------------------------
pkgcheck 0.6.9 (2019-11-04)
---------------------------
- MissingSlash: Avoid some types of false positives where the path variable is
used to create a simple string, but not as a path directly.
- BadPerlModuleVersion: Add support for verifying Gentoo's perl module
versioning scheme -- not run by default since it requires various perl
dependencies.
- BadCommitSummary: Also allow "${CATEGORY}/${P}:" prefixes.
- MetadataError: Fix suppressing duplicate results due to multiprocess usage.
- VisibleVcsPkg: Collapse profile reports for non-verbose mode.
- Use replacement character for non-UTF8 characters while decoding author,
committer, and message fields from git logs.
- pkgcheck scan: Try parsing target arguments as restrictions before falling
back to using path restrictions.
- EmptyProject: Check for projects with no members in projects.xml.
- StaticSrcUri: Check if SRC_URI uses static values for P or PV instead of the
dynamic, variable equivalents.
- MatchingChksums: Check for distfiles that share the same checksums but have
different names.
- pkgcheck scan: Parallelize checks for targets passed in via cli args.
- Sort versioned package results under package scanning scope so outputted
results are deterministic when scanning against single packages similar to
what the output is per package when running scans at a category or repo
level.
---------------------------
pkgcheck 0.6.8 (2019-10-06)
---------------------------
- pkgcheck scan: Add -t/--tasks option to limit the number of async tasks that
can run concurrently. Currently used to limit the number of concurrent
network requests made.
- Repository level checks are now run in parallel by default.
- Fix iterating over git commits to fix git-related checks.
---------------------------
pkgcheck 0.6.7 (2019-10-05)
---------------------------
- pkgcheck scan: All scanning scopes now run checks in parallel by default for
multi-core systems. For repo/category scope levels parallelism is done per
package while for package/version scope levels parallelism is done per
version. The -j/--jobs option was also added to allow controlling the amount
of processes used when scanning, by default it's set to the number of CPUs
the target system has.
- pkgcheck cache: Add initial cache subcommand to support updating/removing
caches used by pkgcheck. This allows users to forcibly update/remove caches
when they want instead of pkgcheck only handling the process internally
during the scanning process.
- Add specific result keywords for metadata issues relating to various package
attributes instead of using the generic MetadataError for all of them.
- Drop check for PortageInternals as the last usage was dropped from the tree.
- Add EmptyCategoryDir and EmptyPackageDir results to warn when the gentoo repo
has empty category or package directories that people removing packages
forgot to handle.
- Drop HttpsAvailableCheck and its related HttpsAvailable result. The network
checks should now support dynamically pinging sites to test for viability.
- Port network checks to use the requests module for http/https requests so
urllib is only used for ftp URLs.
---------------------------
pkgcheck 0.6.6 (2019-09-24)
---------------------------
- HttpsUrlAvailable: Check http URLs for https availability (not run by
default).
- MissingLicenseRestricts: Skip RESTRICT="mirror" for packages lacking SRC_URI.
- DeprecatedEapiCommand: Check for deprecated EAPI commands (e.g. dohtml usage in EAPI 6).
- BannedEapiCommand: Check for banned EAPI commands (e.g. dohtml usage in EAPI 7).
- StableRequestCheck: Use ebuild modification events instead of added events to
check for stabilization.
- Add support for filtering versioned results to only check the latest VCS and
non-VCS packages per slot.
- MissingSlotDep: Fix dep slot determination by using use flag stripped dep
atoms instead of unversioned atoms.
- Add HomepageUrlCheck and FetchablesUrlCheck network-based checks that check
HOMEPAGE and SRC_URI urls for various issues and require network access so
they aren't run by default. The ``--net`` option must be specified in order
to run them.
---------------------------
pkgcheck 0.6.5 (2019-09-18)
---------------------------
- InvalidUseFlags: Flag invalid USE flags in IUSE.
- UnknownUseFlags: Use specific keyword result for unknown USE flags in IUSE
instead of MetadataError.
- pkgcheck scan: Add ``info`` alias for -k/--keywords option and rename
errors/warnings aliases to ``error`` and ``warning``.
- Add Info result type and mark a several non-warning results as info level
(e.g. RedundantVersion and PotentialStable).
- MissingLicenseRestricts: Flag restrictive license usage missing required
RESTRICT settings.
- MissingSlotDepCheck: Properly report missing slotdeps for atom with use deps.
- pkgcheck scan: Add ``all`` alias for -c/--checks option.
- MissingSignOff: Add initial check for missing commit message sign offs.
- InvalidLicenseHeader: Add initial license header check for the gentoo repo.
- BadCommitSummary: Add initial commit message summary formatting check.
---------------------------
pkgcheck 0.6.4 (2019-09-13)
---------------------------
- Add FormatReporter supporting custom format string output.
- pkgcheck scan: Drop --metadata-xsd-required option since the related file is
now bundled with pkgcore.
- Add CsvReporter for outputting results in CSV format.
- pkgcheck scan: Add --commits option that use local git repo changes to
determine scan targets.
- DroppedUnstableKeywords: Disregard when stable target keywords exist.
- LocalUSECheck: Add test for USE flags with reserved underscore character.
- PathVariablesCheck: Drop 'into' from prefixed dir functions list to avoid
false positives in comments.
- MissingUnpackerDepCheck: Drop checks for jar files since most are being
directly installed and not unpacked.
- Make gentoo repo checks work for external gentoo repos on systems with a
configured gentoo system repo.
- UnknownFile: Flag unknown files in package directories for the gentoo repo.
---------------------------
pkgcheck 0.6.3 (2019-08-30)
---------------------------
- PathVariablesCheck: Flag double path prefix usage on uncommented lines only
to avoid some types of false positives.
- BadInsIntoCheck: flag ``insinto /usr/share/doc/${PF}`` usage for recent EAPIs
as it should be replaced by docinto and dodoc [-r] calls.
- BadInsIntoCheck: Drop old cron support.
- Skip global checks when running at cat/pkg/version restriction levels for
``pkgcheck scan``. Also, skip package level checks that require package set
context when running at a single version restriction level.
---------------------------
pkgcheck 0.6.2 (2019-08-26)
---------------------------
- TreeVulnerabilitiesCheck: Restrict to checking against the gentoo repo only.
- Allow explicitly selected keywords to properly enable their related checks if
they must be explicitly enabled.
- UnusedMirrorsCheck: Ignore missing checksums for fetchables that will be
caught by other checks.
- pkgcheck replay: Add support for replaying JsonStream reporter files.
- Add initial JsonStream reporter as an alternative to the pickle reporters for
serializing and deserializing result objects.
- Add support for comparing and hashing result objects.
- Fix triggering metadata.xml maintainer checks only for packages.
---------------------------
pkgcheck 0.6.1 (2019-08-25)
---------------------------
- NonexistentProfilePath: Change from warning to an error.
- Fix various XML result initialization due to missing attributes.
- MissingUnpackerDepCheck: Fix matching against versioned unpacker deps.
- Rename BadProto keyword to BadProtocol.
---------------------------
pkgcheck 0.6.0 (2019-08-23)
---------------------------
- Profile data is now cached on a per repo basis in ~/.cache/pkgcore/pkgcheck
(or wherever the related XDG cache environment variables point) to speed up
singular package scans. These caches are checked and verified for staleness
on each run and are enabled by default.
To forcibly disable profile caches include ``--profile-cache n`` or similar
as arguments to ``pkgcheck scan``.
- When running against a git repo, the historical package removals and
additions are scanned from ``git log`` and used to populate virtual repos
that enable proper stable request checks and nonexistent/outdated blocker
checks. Note that initial runs where these repos are being built from scratch
can take a minute or more depending on the system; however, subsequent runs
shouldn't take much time to update the cached repos.
To disable git support entirely include ``--git-disable y`` or similar as
arguments to ``pkgcheck scan``.
- zshcomp: Add initial support for keyword, check, and reporter completion.
- Enhance support for running against unconfigured, external repos. Now
``pkgcheck scan`` should be able to handle scanning against relevant paths to
unknown repos passed to it or against a repo with no arguments passed that
the current working directory is currently within.
- BadFilename: Flag SRC_URI targets that use unspecific ${PN}.ext filenames.
- HomepageInSrcUri: Flag ${HOMEPAGE} usage in SRC_URI.
- MissingConditionalTestRestrict: Flag missing ``RESTRICT="!test? ( test )"``.
- InvalidProjectMaintainer: Flag packages specifying non-existing project as
maintainer.
- PersonMaintainerMatchesProject: Flag person-type maintainer matching existing
projects.
- NonGentooAuthorsCopyright: Flag ebuilds with copyright stating owner other
than "Gentoo Authors" in the main gentoo repo.
- AcctCheck: Add various checks for acct-* packages.
- MaintainerWithoutProxy: Flag packages with a proxyless proxy maintainer.
- StaleProxyMaintProject: Flag packages using proxy-maint maintainer without
any proxied maintainers.
- BinaryFile: Flag binary files found in the repository.
- DoublePrefixInPath: Flag ebuilds using two consecutive paths including
EPREFIX.
- PythonReport: Add various python eclasses related checks.
- ObsoleteUri: Flag obsolete URIs (github/gitlab) that should be updated.
- VisibilityReport: Split NonsolvableDeps into stable, dev, and exp results
according to the status of the profile that triggered them.
- GitCommitsCheck: Add initial check support for unpushed git commits. This
currently includes the following keywords: DirectNoMaintainer,
DroppedStableKeywords, DroppedUnstableKeywords, DirectStableKeywords, and
OutdatedCopyright.
- MissingMaintainer: Flag packages missing a maintainer (or maintainer-needed
comment) in metadata.xml.
- EqualVersions: Flag ebuilds that have semantically equal versions.
- UnnecessarySlashStrip: Flag ebuilds using a path variable that strips a
nonexistent slash (usually due to porting to EAPI 7).
- MissingSlash: Flag ebuilds using a path variable missing a trailing slash
(usually due to porting to EAPI 7).
- DeprecatedChksum: Flag distfiles using outdated checksum hashes.
- MissingRevision: Flag packages lacking a revision in =cat/pkg dependencies.
- MissingVirtualKeywords: Flag virtual packages with keywords missing from
their dependencies.
- UnsortedKeywords: Flag packages with unsorted KEYWORDS.
- OverlappingKeywords: Flag packages with overlapping arch and ~arch KEYWORDS.
- DuplicateKeywords: Flag packages with duplicate KEYWORD entries.
- InvalidKeywords: Flag packages using invalid KEYWORDS.
---------------------------
pkgcheck 0.5.4 (2017-09-22)
---------------------------
- Add MetadataXmlEmptyElement check for empty elements in metadata.xml files.
- Add BadProfileEntry, UnknownProfilePackages, UnknownProfilePackageUse, and
UnknownProfileUse checks that scan various files in a repo's profiles
directory looking for old packages and/or USE flags.
- Merge replay functionality into pkgcheck and split the commands into 'scan',
'replay', and 'show' subcommands with 'scan' still being the default
subcommand so previous commandline usage for running pkgcheck remains the
same for now.
- Add 'errors' and 'warnings' aliases for the -k/--keywords option, e.g. if you
only want to scan for errors use the following: pkgcheck -k errors
- Fallback to the default repo if not running with a configured repo and one
wasn't specified.
- Add PortageInternals check for ebuilds using a function or variable internal
to portage similar to repoman.
- Add HttpsAvailable check for http links that should use https similar
to repoman.
- Add DuplicateFiles check for duplicate files in FILESDIR.
- Add EmptyFile check for empty files in FILESDIR.
- Add AbsoluteSymlink check similar to repoman's.
- Add UnusedInMasterLicenses, UnusedInMasterEclasses,
UnusedInMasterGlobalFlags, and UnusedInMasterMirrors reports that check if an
overlay is using the related items from the master repo that are unused there
(meaning they could be removed from the master soon).
- Add initial json reporter that outputs newline-delimited json for report
objects.
- Add BadFilename check for unspecific filenames such as ${PV}.tar.gz or
v${PV}.zip that can be found on raw github tag archive downloads.
- GPL2/BSD dual licensing was dropped to BSD as agreed by all contributors.
- Add check for REQUIRED_USE against default profile USE which flags packages
with default USE settings that don't satisfy their REQUIRED_USE for each
profile scanned.
- Add -k/--keywords option to only check for certain keywords.
- Add UnusedEclasses check.
- Drop --profiles-disable-deprecated option, deprecated profiles are skipped by
default now and can be enabled or disabled using the 'deprecated' argument to
-p/--profiles similar to the stable, dev, and exp keywords for profile
scanning.
- Add UnusedProfileDirs check that will output all profile dirs that aren't
specified as a profile in profiles.desc or aren't sourced by any as a parent.
- Add python3.6 support and drop python3.3 support.
- Add UnnecessaryManifest report for showing unnecessary manifest entries for
non-DIST targets on a repo with thin manifests enabled.
- Collapse -c/--check and -d/--disable-check into -c/--checks option using the
same extended comma toggling method used for --arches and --profiles options.
- Add support for checking REQUIRED_USE for validity.
- Drop -o/--overlayed-repo support and rely on properly configured masters.
- Add UnknownLicenses report for unknown licenses listed in license groups.
- Add support for running checks of a certain scope using -S/--scopes, e.g. to
run all repo scope checks on the gentoo repo use the following command:
pkgcheck -r gentoo -S repo
- Add UnusedMirrorsCheck to scan for unused third party mirrors.
- Add UnknownCategories report that shows categories that aren't listed in a
repo's (or its masters) categories.
- Update deprecated eclasses list.
- Drop restriction on current working directory for full repo scans. Previously
pkgcheck had to be run within a repo, now it should be able to run from
anywhere against a specified repo.
---------------------------
pkgcheck 0.5.3 (2016-05-29)
---------------------------
* Fix new installs using pip.
---------------------------
pkgcheck 0.5.2 (2016-05-28)
---------------------------
* Replace libxml2 with lxml-based validator for glep68 schema validation.
* UseAddon: Use profile-derived implicit USE flag lists instead of pre-EAPI 5
hacks. This also improves the unused global USE flag check to look for unused
USE_EXPAND flags.
* Add various repo-level sanity checks for profile and arch lists.
* Output reports for ~arch VCS ebuilds as well, previously only vcs ebuilds
with stable keywords would display warnings.
* Large reworking of profile and arch addon options. In summary, the majority
of the previous options have been replaced with -a/--arches and -p/--profiles
that accept comma separated lists of targets to enable or disable. The
keywords stable, dev, and exp that related to the sets of stable,
development, and experimental profiles from the targetted repo can also be
used as --profiles arguments.
For example, to scan all stable profiles use the following::
pkgcheck -p stable
To scan all profiles except experimental profiles (note the required use of
an equals sign when starting the argument list with a disabled target)::
pkgcheck -p=-exp
See the related man page sections for more details.
* Officially support python3 (3.3 and up).
* Add initial man page generated from argparse info.
* Migrate from optparse to argparse, usability-wise there shouldn't be any
changes.
* Drop ChangeLog file checks, the gentoo repo moved to git so ChangeLogs are
not in the repo anymore.
---------------------------
pkgcheck 0.5.1 (2015-08-10)
---------------------------
* Remove portdir references, if you use a custom config file you may need to
update 'portdir' references to use 'gentoo' instead or whatever your main
repo is.
---------------------------
pkgcheck 0.5.0 (2015-04-01)
---------------------------
* Suppress possible memory exhaustion cases for visibility checks due to
transitive use flag dependencies.
* Project, python module, and related scripts renamed from pkgcore-checks (or
in the case of the python module pkgcore_checks) to pkgcheck.
* Add --profile-disable-exp option to skip experimental profiles.
* Make the SizeViolation check test individual files in $FILESDIR, not the
entire $FILESDIR itself.
* Make UnusedLocalFlags scan metadata.xml for local use flags instead of the
deprecated repo-wide use.local.desc file.
* Stable arch related checks (e.g. UnstableOnly) now default to using only the
set of stable arches defined by profiles.desc.
* Add check for deprecated EAPIs.
* Conflicting manifests chksums scanning was added.
* Removed hardcoded manifest hashes list, use layout.conf defined list of
required hashes (didn't exist till ~5 years after the check was written).
* Update pkgcore API usage to move away from deprecated functionality.
----------------------------------
pkgcore-checks 0.4.15 (2011-10-27)
----------------------------------
* pkgcore-checks issue #2; if metadata.dtd is required but can't be fetched,
suppress metadata_xml check. If the check must be ran (thus unfetchable
metadata.dtd should be a failure), pass --metadata-dtd-required.
* pkgcore-checks now requires pkgcore 0.7.3.
* fix racey test failure in test_addons due to ProfileNode instance caching.
* fix exception in pkg directory checks for when files directory
doesn't exist.
* cleanup of deprecated api usage.
----------------------------------
pkgcore-checks 0.4.14 (2011-04-24)
----------------------------------
* Updated compatibility w/ recent snakeoil/pkgcore changes.
* deprecated eclasses list was updated.
* LICENSE checks for virtual/* are now suppressed.
----------------------------------
pkgcore-checks 0.4.13 (2010-01-08)
----------------------------------
* fix to use dep scanning in visibility where it was missing use deps that
can never be satisfied for a specific profile due to use masking/forcing.
* more visibility optimizations; Grand total in combination w/ optimziations
leveled in snakeoil/pkgcore since pkgcore-checks 0.4.12 released, 58%
faster now.
* ignore unstated 'prefix' flag in conditionals- much like bootstrap, its'
the latest unstated.
* added a null reporter for performance testing.
----------------------------------
pkgcore-checks 0.4.12 (2009-12-27)
----------------------------------
* corner case import error in metadata_xml scan for py3k is now fixed; if
you saw urllib.urlopen complaints, this is fixed.
* >snakeoil-0.3.4 is now required for sdist generation.
* visibility scans now use 22% less memory (around 130MB on python2.6 x86_64)
and is about 3% faster.
----------------------------------
pkgcore-checks 0.4.11 (2009-12-20)
----------------------------------
* minor speedup in visibility scans- about 3% faster now.
* fix a traceback in deprecated from when portage writes the ebuild cache out
w/out any _eclasses_ entry.
* fix a rare traceback in visibility scans where a virtual metapkg has zero
matches.
----------------------------------
pkgcore-checks 0.4.10 (2009-12-14)
----------------------------------
* fix a bug where use deps on metapkgs was invalidly being flagged.
---------------------------------
pkgcore-checks 0.4.9 (2009-11-26)
---------------------------------
* fix a bug in test running- bzr_verinfo isn't generated for pkgcore-checks
in sdist (no need), yet build_py was trying to regenerate it. Basically
broke installation on machines that lacked bzr.
---------------------------------
pkgcore-checks 0.4.8 (2009-11-26)
---------------------------------
* experimental py3k support.
* test runner improvements via depending on snakeoil.distutils_extensions.
---------------------------------
pkgcore-checks 0.4.7 (2009-10-26)
---------------------------------
* fix invalid flagging of use deps on PyQt4 for ia64; basically PyQt4[webkit]
is valid due to a pkg level masked use reversal... the checking code however
wasn't doing incremental expansion itself.. Same could occur for forced use.
---------------------------------
pkgcore-checks 0.4.6 (2009-10-22)
---------------------------------
* fix a bug in tristate use evaluation of potential USE combinations.
Roughly, if a flag is masked *and* forced, the result is it's masked.
* compatibility fixes for pkgcore 0.5; 0.5 isn't required, but advised.
---------------------------------
pkgcore-checks 0.4.5 (2008-11-07)
---------------------------------
* verify whether or not a requested use state is actually viable when profile
masking/forcing is taken into account.
---------------------------------
pkgcore-checks 0.4.4 (2008-10-21)
---------------------------------
* EAPI2 support for checking use/transitive use deps.
* ticket 216; basically portage doesn't always write out _eclasses_ entries
in the cache- if they're empty, it won't. pkgcore-checks visibility vcs
eclass tests assumed otherwise- this is now fixed.
* pcheck now only outputs the number of tests it's running if --debug is
enabled.
---------------------------------
pkgcore-checks 0.4.3 (2008-03-18)
---------------------------------
* ticket 8; false positive unused global USE flags due to not stripping '+-'
from iuse defaults.
* ticket 7: tune down metadata xml checks verbosity.
* dropped ModularXPortingReport; no longer needed.
----------------------------------
pkgcore-checks 0.4.2 (2007-12-15)
----------------------------------
* minor release to be EAPI=1 compatible wrt IUSE defaults
----------------------------------
pkgcore-checks 0.4.1 (2007-07-16)
----------------------------------
* fixed ticket 90; NonExistantDeps occasionally wouldn't report later versions
of an offender.
* --disable-arches option; way to specifically disable an arch (blacklisting)
instead of having to specify all arches.
-------------------------------
pkgcore-checks 0.4 (2007-06-06)
-------------------------------
* update to use snakeoil api.
* Add check to metadata_check.DependencyReport for self-blocking atoms; for
example, if dev-util/diffball RDEPEND has !dev-util/diffball.
* ticket 82; Fix BadProto result object so it has proper threshold.
* Fix class serialization bug in RestrictsReport.
* profile loadup optimization; pkgcore weakly caches the intermediate nodes,
pcheck's profile loadup however specifically released the profiles every
looping; now it temporarily holds onto it, thus allowing the caching to kick
in. Among other things, cuts file reads down from 1800 to around around 146.
--------------------
pkgcore-checks 0.3.5
--------------------
* addition of __attrs__ to base.Result classes; use this if __slots__ doesn't
suffice for listing the attrs to pickle.
* Thanks to Michael Sterret for pointing it out; tweak cleanup scan so that it
notes 1.12 overshadows 1.11 (stable keywords overshadow earlier unstable
versions): for example-
1.11: ~x86 ~amd64
1.12: x86 ~amd64
--------------------
pkgcore-checks 0.3.4
--------------------
* treat pkg.restrict as a depset.
--------------------
pkgcore-checks 0.3.3
--------------------
* drop digest specific checks; portage now prunes digests on sync regardless
of whether or not the repo is m2 pure; thus, no way to detect if a missing
digest is actually a screwup in the repo, or if it's portage being 'special'.
May re-add the checks down the line, currently however removing them for
the common case.
* back down check for files directory if manifest2; manifest2 glep didn't
specify that files directory could be dropped, but portage has deviated there.
Since been backed down, but getting ahead so we don't need an intermediate
release when they try it again.
* added check for missing metadata.xml; refactored common error class selection
logic into base class.
--------------------
pkgcore-checks 0.3.2
--------------------
* correct tracebacks when dealing with a few result objects from repo_metadata
--------------------
pkgcore-checks 0.3.1
--------------------
* makes StaleUnstable abide by --arches; ticket 59 (thanks leio).
* stop complaining about empty keywords, since they're now allowed instead of
using -\*.
------------------
pkgcore-checks 0.3
------------------
* heavy refactoring of reporter subsystem, and clean up of check results.
Better messages, better output for normal usage. to_xml() methods were
dropped (XmlReporter handles it on it's own), same for to_str() in favor
of short_desc and long_desc attributes.
* whitespace checks now output one result for each classification for an
ebuild, instead of emitting reports for each line.
* all remaining 'info' statements are pushed to stderr now.
* new PickleStream reporter; used to serialize check results, and flush the
stream out stdout. If you need to get at the data generated, this is the
sanest way to do it (alternatives require trying to deserialize what a
reporter does, thus losing data).
* added new tool replay-pcheck-stream; used to replay a pickle stream through
alternative reporters.
------------------
pkgcore-checks 0.2
------------------
* invocation args have changed- please see readme for details of how to
use pcheck.
* test suite added; not yet complete coverage, but 90% of the way there.
* --list-checks output format is fair bit more human-readable now.
* better support for overlays (should work fine with appropriate commandline
options supplied)
* optimizations, and performance regression fixes; fair bit faster then .1.
* new checks can be added via pkgcore 0.2 plugins cache.
* UI improvements; color, and human readable output.
* --xml option was dropped, use --reporter to specify the desired reporter,
and --list-reporters to see what reporters are available
* added --enable, --disable options to prune add/remove specific checks from
the run.
* add config based 'suites' that can be ran; basically, sets of tests/targets
to run via pcheck. See README for details.
* whitespace checks.
------------------
pkgcore-checks 0.1
------------------
* inital release
|