diff options
| author | Michael Kuhn <michael.kuhn@ovgu.de> | 2023-10-23 20:22:39 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-23 20:22:39 +0200 |
| commit | bf6d5df0ec4c0177a59e32c20f2c7128edb679d2 (patch) | |
| tree | f772d222507659e3fb8695e2e5d522438e65bff9 /lib | |
| parent | 3eac79bba7f64327bd69b6d2fc0e89fd3b5ef6e9 (diff) | |
| download | spack-bf6d5df0ec4c0177a59e32c20f2c7128edb679d2.tar.gz spack-bf6d5df0ec4c0177a59e32c20f2c7128edb679d2.tar.bz2 spack-bf6d5df0ec4c0177a59e32c20f2c7128edb679d2.tar.xz spack-bf6d5df0ec4c0177a59e32c20f2c7128edb679d2.zip | |
audit: add check for GitLab patches (#40656)
GitLab's .patch URLs only provide abbreviated hashes, while .diff URLs
provide full hashes. There does not seem to be a parameter to force
.patch URLs to also return full hashes, so we should make sure to use
the .diff ones.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/spack/spack/audit.py | 43 | ||||
| -rw-r--r-- | lib/spack/spack/test/audit.py | 4 |
2 files changed, 33 insertions, 14 deletions
diff --git a/lib/spack/spack/audit.py b/lib/spack/spack/audit.py index 176c45487f..8b13ffc7cf 100644 --- a/lib/spack/spack/audit.py +++ b/lib/spack/spack/audit.py @@ -307,10 +307,17 @@ def _check_build_test_callbacks(pkgs, error_cls): @package_directives def _check_patch_urls(pkgs, error_cls): - """Ensure that patches fetched from GitHub have stable sha256 hashes.""" + """Ensure that patches fetched from GitHub and GitLab have stable sha256 + hashes.""" github_patch_url_re = ( r"^https?://(?:patch-diff\.)?github(?:usercontent)?\.com/" - ".+/.+/(?:commit|pull)/[a-fA-F0-9]*.(?:patch|diff)" + r".+/.+/(?:commit|pull)/[a-fA-F0-9]+\.(?:patch|diff)" + ) + # Only .diff URLs have stable/full hashes: + # https://forum.gitlab.com/t/patches-with-full-index/29313 + gitlab_patch_url_re = ( + r"^https?://(?:.+)?gitlab(?:.+)/" + r".+/.+/-/(?:commit|merge_requests)/[a-fA-F0-9]+\.(?:patch|diff)" ) errors = [] @@ -321,19 +328,27 @@ def _check_patch_urls(pkgs, error_cls): if not isinstance(patch, spack.patch.UrlPatch): continue - if not re.match(github_patch_url_re, patch.url): - continue - - full_index_arg = "?full_index=1" - if not patch.url.endswith(full_index_arg): - errors.append( - error_cls( - "patch URL in package {0} must end with {1}".format( - pkg_cls.name, full_index_arg - ), - [patch.url], + if re.match(github_patch_url_re, patch.url): + full_index_arg = "?full_index=1" + if not patch.url.endswith(full_index_arg): + errors.append( + error_cls( + "patch URL in package {0} must end with {1}".format( + pkg_cls.name, full_index_arg + ), + [patch.url], + ) + ) + elif re.match(gitlab_patch_url_re, patch.url): + if not patch.url.endswith(".diff"): + errors.append( + error_cls( + "patch URL in package {0} must end with .diff".format( + pkg_cls.name + ), + [patch.url], + ) ) - ) return errors diff --git a/lib/spack/spack/test/audit.py b/lib/spack/spack/test/audit.py index 2efc2bbd88..a3d4bb8e3f 100644 --- a/lib/spack/spack/test/audit.py +++ b/lib/spack/spack/test/audit.py @@ -21,6 +21,10 @@ import spack.config (["wrong-variant-in-depends-on"], ["PKG-DIRECTIVES", "PKG-PROPERTIES"]), # This package has a GitHub patch URL without full_index=1 (["invalid-github-patch-url"], ["PKG-DIRECTIVES", "PKG-PROPERTIES"]), + # This package has invalid GitLab patch URLs + (["invalid-gitlab-patch-url"], ["PKG-DIRECTIVES", "PKG-PROPERTIES"]), + # This package has invalid GitLab patch URLs + (["invalid-selfhosted-gitlab-patch-url"], ["PKG-DIRECTIVES", "PKG-PROPERTIES"]), # This package has a stand-alone 'test*' method in build-time callbacks (["fail-test-audit"], ["PKG-DIRECTIVES", "PKG-PROPERTIES"]), # This package has no issues |