blob: 12c4aebe912b6ec5bcbd2c695058cb6f7bbc6d4c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
From 1efaa3996e7f722ad05d67982b5b3ea78441dd41 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Thu, 20 Jul 2017 07:56:11 +0000
Subject: [PATCH] abuild: add sanitycheck for secfixes comment
The secfixes comment will be parsed and added to alpine-secdb. add
sanitycheck so we catch errors early.
---
abuild.in | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/abuild.in b/abuild.in
index 7cf87e2..53926fc 100644
--- a/abuild.in
+++ b/abuild.in
@@ -219,6 +219,7 @@ default_sanitycheck() {
check_maintainer || die "Provide a valid RFC822 maintainer address"
check_depends_dev || warning "depends_dev found but no development subpackage found"
+ check_secfixes_comment || return 1
makedepends_has 'g++' && ! options_has toolchain && warning "g++ should not be in makedepends"
return 0
@@ -816,6 +817,26 @@ check_maintainer() {
fi
}
+check_secfixes_comment() {
+ local c=$(sed -E -n -e '/^# secfixes:/,/(^[^#]|^$)/p' $APKBUILD | grep '^#')
+ local invalid=$(echo "$c" \
+ | grep -v -E '(^# secfixes:|^# +- [A-Z0-9-]+|^# [0-9]+.*:$|^#$)')
+ if [ -z "$invalid" ]; then
+ return 0
+ fi
+
+ # check if there are tabs
+ if echo "$invalid" | grep -q $'\t'; then
+ error "secfixes comment must not have tabs:"
+ echo "$c" | grep $'\t' >&2
+ return 1
+ fi
+
+ error "secfixes comment is not valid:"
+ echo "$invalid" >&2
+ return 1
+}
+
check_depends_dev() {
if [ -z "$depends_dev" ]; then
return 0
--
2.13.2
|
