Bug#776267: lintian: Add check for unsupported PyPI URL in debian/watch
Package: lintian
Version: 2.5.30+deb8u3
Severity: wishlist
Tags: patch
Through a discussion on IRC, it came up that many of the Python Team
maintained packages use http(s)://pypi.python.org/packages/source/...
URLs, which aren't currently working. Turns out that's not a URL that
should be relied upon and http(s)://pypi.python.org/simple/... should be
used instead.
The attached patch adds a new check for this, referring to the upstream
documentation for this "simple HTML" API[0].
[0]: https://wiki.python.org/moin/PyPISimple
Cheers,
James
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages lintian depends on:
ii binutils 2.25-4
ii bzip2 1.0.6-7+b2
ii diffstat 1.58-1
ii file 1:5.22+15-1
ii gettext 0.19.3-2
ii hardening-includes 2.7
ii intltool-debian 0.35.0+20060710.1
ii libapt-pkg-perl 0.1.29+b2
ii libarchive-zip-perl 1.39-1
ii libclass-accessor-perl 0.34-1
ii libclone-perl 0.37-1+b1
ii libdpkg-perl 1.17.23
ii libemail-valid-perl 1.195-1
ii libfile-basedir-perl 0.03-1
ii libipc-run-perl 0.92-1
ii liblist-moreutils-perl 0.33-2+b1
ii libparse-debianchangelog-perl 1.2.0-1.1
ii libtext-levenshtein-perl 0.11-1
ii libtimedate-perl 2.3000-2
ii liburi-perl 1.64-1
ii man-db 2.7.0.2-5
ii patchutils 0.3.3-1
ii perl [libdigest-sha-perl] 5.20.1-4
ii t1utils 1.38-3+b1
Versions of packages lintian recommends:
ii libautodie-perl 2.25-1
ii libperlio-gzip-perl 0.18-3+b1
ii perl 5.20.1-4
ii perl-modules [libautodie-perl] 5.20.1-4
Versions of packages lintian suggests:
pn binutils-multiarch <none>
ii dpkg-dev 1.17.23
ii libhtml-parser-perl 3.71-1+b3
ii libtext-template-perl 1.46-1
ii libyaml-perl 1.13-1
ii xz-utils 5.1.1alpha+20120614-2+b3
-- no debconf information
>From ca5a5ebed9650db558e60141bee02c41be1c5110 Mon Sep 17 00:00:00 2001
From: James McCoy <jamessan@debian.org>
Date: Sun, 25 Jan 2015 21:47:22 -0500
Subject: [PATCH] checks/watch-file: Add check for unsupported PyPI URL
Signed-off-by: James McCoy <jamessan@debian.org>
---
checks/watch-file.desc | 12 ++++++++++++
checks/watch-file.pm | 4 ++++
t/tests/watch-file-general/debian/debian/watch | 4 +++-
t/tests/watch-file-general/desc | 1 +
t/tests/watch-file-general/tags | 2 ++
5 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/checks/watch-file.desc b/checks/watch-file.desc
index 89b2ff2..fb8e98b 100644
--- a/checks/watch-file.desc
+++ b/checks/watch-file.desc
@@ -174,3 +174,15 @@ Certainty: certain
Info: The watch file contains a standard template included by dh_make.
Please remove them once you have implemented the watch file.
+Tag: debian-watch-file-unsupported-pypi-url
+Severity: important
+Certainty: certain
+Ref: https://wiki.python.org/moin/PyPISimple
+Info: The watch file specifies a PyPI URL which is not a supported API.
+ Instead, use PyPI's Simple API:
+ .
+ https://pypi.python.org/simple/<distribution-name>/
+ .
+ replacing <tt><distribution-name></tt> with the canonical name of the
+ Python project.
+
diff --git a/checks/watch-file.pm b/checks/watch-file.pm
index cd0f8de..35522b8 100644
--- a/checks/watch-file.pm
+++ b/checks/watch-file.pm
@@ -132,6 +132,10 @@ sub run {
tag 'debian-watch-file-should-use-sf-redirector', "line $.";
}
+ if (m%https?://pypi\.python\.org/packages/source/%) {
+ tag 'debian-watch-file-unsupported-pypi-url', "line $.";
+ }
+
# This bit is as-is from uscan.pl:
my ($base, $filepattern, $lastversion, $action) = split ' ', $_, 4;
# Per #765995, $base might be undefined.
diff --git a/t/tests/watch-file-general/debian/debian/watch b/t/tests/watch-file-general/debian/debian/watch
index 260fa39..aa45280 100644
--- a/t/tests/watch-file-general/debian/debian/watch
+++ b/t/tests/watch-file-general/debian/debian/watch
@@ -20,5 +20,7 @@ version=42
# Specifies the same version number as the package.
http://example.com/ foo([\d.]+)\.tar\.gz 2.0.ds1-1 uupdate
+# Unsupported PyPi URL
+https://pypi.python.org/packages/source/p/pip/ pip-(.*)\.tar\.gz
-# without any pgpsigurlmangle
\ No newline at end of file
+# without any pgpsigurlmangle
diff --git a/t/tests/watch-file-general/desc b/t/tests/watch-file-general/desc
index bcb8112..f86823e 100644
--- a/t/tests/watch-file-general/desc
+++ b/t/tests/watch-file-general/desc
@@ -13,5 +13,6 @@ Test-For:
debian-watch-file-should-use-sf-redirector
debian-watch-file-specifies-wrong-upstream-version
debian-watch-file-unknown-version
+ debian-watch-file-unsupported-pypi-url
debian-watch-file-uses-deprecated-sf-redirector-method
References: Debian Bug#510398
diff --git a/t/tests/watch-file-general/tags b/t/tests/watch-file-general/tags
index de38a58..f37f4f5 100644
--- a/t/tests/watch-file-general/tags
+++ b/t/tests/watch-file-general/tags
@@ -1,3 +1,4 @@
+E: watch-file-general source: debian-watch-file-unsupported-pypi-url line 24
I: watch-file-general source: debian-watch-file-should-dversionmangle-not-uversionmangle line 5
P: watch-file-general source: debian-watch-may-check-gpg-signature
W: watch-file-general source: debian-watch-file-declares-multiple-versions line 18
@@ -5,6 +6,7 @@ W: watch-file-general source: debian-watch-file-declares-multiple-versions line
W: watch-file-general source: debian-watch-file-should-mangle-version line 12
W: watch-file-general source: debian-watch-file-should-mangle-version line 14
W: watch-file-general source: debian-watch-file-should-mangle-version line 15
+W: watch-file-general source: debian-watch-file-should-mangle-version line 24
W: watch-file-general source: debian-watch-file-should-use-sf-redirector line 12
W: watch-file-general source: debian-watch-file-should-use-sf-redirector line 14
W: watch-file-general source: debian-watch-file-should-use-sf-redirector line 15
--
2.1.4
Reply to: