Bug#781952: RFS:complexity/1.2-1 [ITP] -- tool for analyzing the complexity of C program functions

[Paul Wise <pabs@debian.org>]

Control: tags -1 + moreinfo
Control: outlook -1 Blocked by non-free content, missing copyright info

On Sun, 5 Apr 2015 Dmitry Bogatov wrote:

>      complexity -  tool for analyzing the complexity of C program functions

As this is on my TODO list for check-all-the-things, I'm willing to
review and sponsor. In exchange for the upload, I will require a patch
for check-all-the-things to support complexity. Please take a look at
the check-all-the-things README and commit or send a patch. 

https://anonscm.debian.org/cgit/collab-maint/check-all-the-things.git

These issues are blockers for uploading:

doc/gendocs_template says it is licensed under the CC-BY-ND-3.0
license, which doesn't allow derivatives and is not a free license.

debian/copyright is missing the embedded code copies in lib and m4. I
don't know if the ftpmasters will require those to be present but I
would suggest to document them anyway.

These issues would be nice to fix:

You might want to use upstream's xz tarballs, they are smaller.

debian/upstream/signing-key.pgp should be renamed .asc

Please ask upstream to include doc/mk.sh in the tarball.

Personally I would wrap debian/watch at the space (use a \).

Please send upstream a patch to not install cx-vs-mc.

I would suggest using https in all the debian/copyright URLs.

I would suggest running wrap-and-sort -sa

DH_VERBOSE is not normally turned on in debian/rules.

tests/complexity.test should use mktemp instead of referencing /tmp

src/char-types.map has a typo: caracter => character

I would suggest using dh-autoreconf instead of autotools-dev.

The code in src/ appears to get compiled three times, once in
dh_auto_build, once in dh_auto_test and once in dh_auto_install.

The following are generated files and should be removed before
dh_auto_configure and rebuilt during the build process. Personally I
would suggest all of them should be removed from the upstream VCS and
the ones that aren't autotools requirements should be removed from the
upstream tarballs.

aclocal.m4
bootstrap
src/char-types.h
configure
config.h.in
Makefile.in
*/Makefile.in
lib/Makefile.am
doc/complexity.info
doc/gendocs_template
doc/invoke-complexity.texi

The following are embedded code copies and should be removed before
dh_auto_configure and copied in from build-dependencies.

lib
m4

You may want to add some upstream metadata:

https://wiki.debian.org/UpstreamMetadata

Automatic checks:

gcc:

gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I..   -D_FORTIFY_SOURCE=2  -g -O2 -Werror=array-bounds -Werror=clobbered -Werror=volatile-register-var -Werror=implicit-function-declaration -fPIE -fstack-protector-strong -Wformat -Werror=format-security   -c -o unistd.o unistd.c
unistd.c:2:0: warning: "_GL_UNISTD_INLINE" redefined
 #define _GL_UNISTD_INLINE _GL_EXTERN_INLINE
 ^
In file included from ../config.h:967:0,
                 from unistd.c:1:
./unistd.h:139:0: note: this is the location of the previous definition
 # define _GL_UNISTD_INLINE _GL_INLINE
 ^

ar:

ar cru libgnu.a fd-hook.o unistd.o xsize.o asnprintf.o printf-args.o printf-parse.o vasnprintf.o
ar: `u' modifier ignored since `D' is the default (see `U')

check-all-the-things:

The duck gnutls errors can be fixed by using www.gnu.org instead.

$ duck
E: debian/control: Vcs-Git: git://anonscm.debian.org/users/kaction-guest/complexity.git: ERROR (Certainty:certain)
   fatal: '/git/users/kaction-guest/complexity.git' does not appear to be a git repository
   fatal: Could not read from remote repository.
   
   Please make sure you have the correct access rights
   and the repository exists.

E: debian/control: Homepage: https://gnu.org/software/complexity: ERROR (Certainty:certain)
   Curl:56 HTTP:0 Failure when receiving data from the peer gnutls_handshake() warning: The server name sent was not recognized

E: debian/copyright:3: URL: https://gnu.org/software/complexity: ERROR (Certainty:possible)
   Curl:56 HTTP:0 Failure when receiving data from the peer gnutls_handshake() warning: The server name sent was not recognized

$ find -empty
./doc/texi-stamp

$ cppcheck -j1 --quiet -f . | grep -vF 'cppcheck: error: could not find or open any of the paths given.'
[src/complexity.c:211]: (error) Memory leak: lines_scoring
[src/complexity.c:67]: (error) va_list 'ap' was opened but not closed by va_end().

$ flawfinder -Q -c .
Flawfinder version 1.31, (C) 2001-2014 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 169
<lots of output>

$ find -type f -iname '*.sh' -exec checkbashisms {} +
possible bashism in ./doc/mk.sh line 3 ('command' with option other than -p):
ag=`command -v autogen`

$ uscan --download-current-version --destdir .
complexity: Version (1.2) available on remote site:
  https://ftp.gnu.org/gnu/complexity/complexity-1.2.tar.gz
  (local version is 1.2)
gpgv: Signature made Sun 21 Dec 2014 02:06:49 AWST using DSA key ID BFBF0221
gpgv: [don't know]: invalid packet (ctb=2d)
gpgv: keydb_search failed: invalid packet
gpgv: Can't check signature: public key not found
uscan warning: OpenPGP signature did not verify.

$ find -type f \( -iname '*.pgp' -o -iname '*.gpg' \) -exec cat {} + | hokey lint
hokey (hopenpgp-tools) 0.14.1
Copyright (C) 2012-2015  Clint Adams
hokey comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions.
hokey: ParseError {unconsumed = ".......

$ codespell --quiet-level=3
./bootstrap:1785: alse  ==> else
./bootstrap:1818: propogate  ==> propagate
./build-aux/depcomp:403: Maked  ==> Marked, made
./build-aux/depcomp:412: Maked  ==> Marked, made
./build-aux/depcomp:416: Maked  ==> Marked, made
./build-aux/config.sub:1411: nto  ==> not  | disable due to \n
./build-aux/texinfo.tex:1052: openin  ==> opening
./build-aux/texinfo.tex:1194: openin  ==> opening
./build-aux/texinfo.tex:1195: openin  ==> opening
./build-aux/texinfo.tex:1196: openin  ==> opening
./build-aux/texinfo.tex:1197: openin  ==> opening
./build-aux/texinfo.tex:1198: openin  ==> opening
./build-aux/texinfo.tex:1199: openin  ==> opening
./build-aux/texinfo.tex:1406: adn  ==> and
./build-aux/texinfo.tex:4978: openin  ==> opening
./build-aux/texinfo.tex:4987: openin  ==> opening
./build-aux/texinfo.tex:6151: openin  ==> opening
./build-aux/texinfo.tex:6190: openin  ==> opening
./build-aux/texinfo.tex:8261: openin  ==> opening
./build-aux/texinfo.tex:8521: openin  ==> opening
./build-aux/texinfo.tex:8881: openin  ==> opening
./build-aux/texinfo.tex:8896: openin  ==> opening
./doc/invoke-complexity.texi:427: infomation  ==> information
./doc/complexity.info:968: infomation  ==> information

$ find -type f -iname '*.tex' -exec lacheck {} +
<lots of output>

# Users of binary packages do not need install instructions.
$ find -type f -iname '*README*' -a ! \( -iname README.md -o -iname README.install \) -exec grep --ignore-case --fixed-strings --with-filename install {} +
./README:Provided you have the full installation of autogen:
./README:(including libopts and templates), then building and installing
./README:  configure && make && make install

$ find -type f -iname '*.sh' -exec shellcheck {} +
<lots of output>

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part