From b1f3fef606dd1106ca163e5c7f4da0023f308c96 Mon Sep 17 00:00:00 2001 From: Stefan Schubert <22217677+malaupa@users.noreply.github.com> Date: Thu, 11 May 2023 14:14:54 +0200 Subject: [PATCH] fix: md5sums entries and lintian errors/warnings (#656) Missing trailing ./ in md5sums for changelog.Debian.gz caused md5sums-lists-nonexistent-file and file-missing-in-md5sums and is fixed using files.AsExplicitRelativePath. Adding copyright file fixes no-copyright-file. Set file_info fixes executable-is-not-world-readable, non-standard-executable-perm, non-standard-file-perm. Adding section fixes unknown-section, empty-field. Using standard compress/gzip module fixes package-contains-timestamped-gzip, because klauspost/pgzip does not support empty mod time. Adding urgency and distribution in changelog fixes syntax-error-in-debian-changelog. Adding mail address to maintainer fixes malformed-contact. Correcting description fixes description-starts-with-package-name and description-starts-with-leading-spaces. --- deb/deb.go | 7 +++++-- testdata/acceptance/core.withchangelog.yaml | 15 ++++++++++++--- testdata/acceptance/deb.dockerfile | 16 ++++++++++++++-- testdata/changelog.yaml | 12 ++++++++++-- testdata/copyright | 5 +++++ 5 files changed, 46 insertions(+), 9 deletions(-) create mode 100644 testdata/copyright diff --git a/deb/deb.go b/deb/deb.go index 565833f..84e3a90 100644 --- a/deb/deb.go +++ b/deb/deb.go @@ -4,6 +4,7 @@ package deb import ( "archive/tar" "bytes" + "compress/gzip" "crypto/md5" // nolint:gas "crypto/sha1" "errors" @@ -22,7 +23,6 @@ import ( "github.com/goreleaser/nfpm/v2/files" "github.com/goreleaser/nfpm/v2/internal/sign" "github.com/klauspost/compress/zstd" - gzip "github.com/klauspost/pgzip" "github.com/ulikunitz/xz" ) @@ -454,6 +454,9 @@ func createChangelogInsideDataTar(tarw *tar.Writer, g io.Writer, info *nfpm.Info fileName string, ) (int64, error) { var buf bytes.Buffer + // we need here a non timestamped compression -> https://github.com/klauspost/pgzip doesn't support that + // https://github.com/klauspost/pgzip/blob/v1.2.6/gzip.go#L322 vs. + // https://cs.opensource.google/go/go/+/refs/tags/go1.20.4:src/compress/gzip/gzip.go;l=157 out, err := gzip.NewWriterLevel(&buf, gzip.BestCompression) if err != nil { return 0, fmt.Errorf("could not create gzip writer: %w", err) @@ -482,7 +485,7 @@ func createChangelogInsideDataTar(tarw *tar.Writer, g io.Writer, info *nfpm.Info return 0, err } - if _, err = fmt.Fprintf(g, "%x %s\n", digest.Sum(nil), fileName); err != nil { + if _, err = fmt.Fprintf(g, "%x %s\n", digest.Sum(nil), files.AsExplicitRelativePath(fileName)); err != nil { return 0, err } diff --git a/testdata/acceptance/core.withchangelog.yaml b/testdata/acceptance/core.withchangelog.yaml index 64d100b..d5cf7df 100644 --- a/testdata/acceptance/core.withchangelog.yaml +++ b/testdata/acceptance/core.withchangelog.yaml @@ -4,16 +4,25 @@ platform: "linux" changelog: "./testdata/changelog.yaml" version: "v1.2.3" release: "simple" -maintainer: "Foo Bar" +maintainer: "Foo Bar " description: | - Foo bar - Multiple lines + Program foo bar + Multiple lines vendor: "foobar" homepage: "https://foobar.org" license: "MIT" +section: misc contents: - src: ./testdata/fake dst: /usr/bin/fake + file_info: + mode: 0755 - src: ./testdata/whatever.conf dst: /etc/foo/whatever.conf type: config + file_info: + mode: 0644 +- src: ./testdata/copyright + dst: /usr/share/doc/foo/ + file_info: + mode: 0644 diff --git a/testdata/acceptance/deb.dockerfile b/testdata/acceptance/deb.dockerfile index 9c470b9..9df34a2 100644 --- a/testdata/acceptance/deb.dockerfile +++ b/testdata/acceptance/deb.dockerfile @@ -140,8 +140,20 @@ RUN lintian /tmp/foo.deb > lintian.out RUN test $(grep -c 'debian-changelog-file-missing-or-wrong-name' lintian.out) = 0 RUN test $(grep -c 'changelog-not-compressed-with-max-compression' lintian.out) = 0 RUN test $(grep -c 'unknown-control-file' lintian.out) = 0 -# TODO: RUN test $(grep -c 'package-contains-timestamped-gzip' lintian.out) = 0 -# TODO: RUN test $(grep -c 'syntax-error-in-debian-changelog' lintian.out) = 0 +RUN test $(grep -c 'package-contains-timestamped-gzip' lintian.out) = 0 +RUN test $(grep -c 'md5sums-lists-nonexistent-file' lintian.out) = 0 +RUN test $(grep -c 'file-missing-in-md5sums' lintian.out) = 0 +RUN test $(grep -c 'syntax-error-in-debian-changelog' lintian.out) = 0 +RUN test $(grep -c 'no-copyright-file' lintian.out) = 0 +RUN test $(grep -c 'executable-is-not-world-readable' lintian.out) = 0 +RUN test $(grep -c 'non-standard-executable-perm' lintian.out) = 0 +RUN test $(grep -c 'non-standard-file-perm' lintian.out) = 0 +RUN test $(grep -c 'unknown-section' lintian.out) = 0 +RUN test $(grep -c 'empty-field' lintian.out) = 0 +RUN test $(grep -c 'syntax-error-in-debian-changelog' lintian.out) = 0 +RUN test $(grep -c 'malformed-contact' lintian.out) = 0 +RUN test $(grep -c 'description-starts-with-package-name' lintian.out) = 0 +RUN test $(grep -c 'description-starts-with-leading-spaces' lintian.out) = 0 # ---- rules test ---- FROM min AS rules diff --git a/testdata/changelog.yaml b/testdata/changelog.yaml index dd55eb0..59142c8 100644 --- a/testdata/changelog.yaml +++ b/testdata/changelog.yaml @@ -1,4 +1,8 @@ -- semver: "1.1.0-1" +- deb: + urgency: medium + distributions: + - bookworm + semver: "1.1.0-1" date: "2009-12-08T22:00:00Z" packager: "Carlos A Becker " urgency: "low" @@ -7,7 +11,11 @@ - note: "note 1" - note: "note 2" -- semver: "1.0.0-1" +- deb: + urgency: medium + distributions: + - bookworm + semver: "1.0.0-1" date: "2009-11-10T23:00:00Z" packager: "Carlos A Becker " urgency: "low" diff --git a/testdata/copyright b/testdata/copyright new file mode 100644 index 0000000..61a60bd --- /dev/null +++ b/testdata/copyright @@ -0,0 +1,5 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Files: + * +Copyright: 2023 The foo bar +License: MIT \ No newline at end of file