From bb40e56925ea39a75b03aa205f4a783ea3b1f7ab Mon Sep 17 00:00:00 2001 From: Jon Turney Date: Wed, 18 Jan 2023 14:52:28 +0000 Subject: Validate character set used by the package version, V Just as package name, only allow alphanumerics and '-._+' Warn about other characters, just as we already warn about '-', and add an exception for the one existing package which breaks these rules (with a ~). Also: '._+' should be allowed in R --- calm/package.py | 14 +++++++++++--- calm/past_mistakes.py | 8 ++++---- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/calm/package.py b/calm/package.py index c8f079a..43a403e 100755 --- a/calm/package.py +++ b/calm/package.py @@ -404,8 +404,8 @@ def read_one_package(packages, p, relpath, dirpath, files, kind, strict): # warn if filename doesn't follow P-V-R naming convention # # P must match the package name, V can contain anything, R must - # start with a number - match = re.match(r'^' + re.escape(p) + r'-(.+)-(\d[0-9a-zA-Z.]*)(-src|)\.(tar' + common_constants.PACKAGE_COMPRESSIONS_RE + r'|hint)$', f) + # start with a number and can't include a hyphen + match = re.match(r'^' + re.escape(p) + r'-(.+)-(\d[0-9a-zA-Z._+]*)(-src|)\.(tar' + common_constants.PACKAGE_COMPRESSIONS_RE + r'|hint)$', f) if not match: logging.error("file '%s' in package '%s' doesn't follow naming convention" % (f, p)) return True @@ -417,7 +417,7 @@ def read_one_package(packages, p, relpath, dirpath, files, kind, strict): # we already know P to split unambiguously), but this is a bad # idea. if '-' in v: - if v in past_mistakes.hyphen_in_version.get(p, []): + if v in past_mistakes.illegal_char_in_version.get(p, []): lvl = logging.INFO else: lvl = logging.ERROR @@ -428,6 +428,14 @@ def read_one_package(packages, p, relpath, dirpath, files, kind, strict): logging.error("file '%s' in package '%s' has a version which doesn't start with a digit" % (f, p)) warnings = True + if not re.match(r'^[\w\-._+]*$', v): + if v in past_mistakes.illegal_char_in_version.get(p, []): + lvl = logging.INFO + else: + lvl = logging.ERROR + warnings = True + logging.log(lvl, "file '%s' in package '%s' has a version which contains illegal characters" % (f, p)) + # if not there already, add to version-release list vr = '%s-%s' % (v, r) vr_list.add(vr) diff --git a/calm/past_mistakes.py b/calm/past_mistakes.py index 6678d86..fed6c49 100644 --- a/calm/past_mistakes.py +++ b/calm/past_mistakes.py @@ -27,14 +27,16 @@ # uses. # -# packages with historical versions containing a hyphen -hyphen_in_version = { +# packages with historical versions containing a hyphen, or other illegal +# character +illegal_char_in_version = { 'ctorrent': ['1.3.4-dnh3.2'], 'email': ['3.2.1-git', '3.2.3-git'], 'email-debuginfo': ['3.2.1-git', '3.2.3-git'], 'fdupes': ['1.50-PR2'], 'gendef': ['1.0-svn2931'], 'gendef-debuginfo': ['1.0-svn2931'], + 'gt5': ['1.5.0~20111220+bzr29'], 'hidapi': ['0.8.0-rc1'], 'hidapi-debuginfo': ['0.8.0-rc1'], 'libhidapi-devel': ['0.8.0-rc1'], @@ -48,8 +50,6 @@ hyphen_in_version = { 'mingw64-x86_64-hidapi-debuginfo': ['0.8.0-rc1'], 'recode': ['3.7-beta2'], 'recode-debuginfo': ['3.7-beta2'], - 'tack': ['1.07-20150606'], - 'tack-debuginfo': ['1.07-20150606'], } # cygport places this into the requires of every debuginfo package, including -- cgit v1.2.3