FS#22527 - Check if source tarballs contain valid files according to the PKGBUIL

Attached to Project: AUR web interface
Opened by Jelle van der Waa (jelly) - Thursday, 20 January 2011, 17:00 GMT
Last edited by Lukas Fleischer (lfleischer) - Tuesday, 18 September 2012, 15:31 GMT
Task Type Feature Request
Category Backend
Status Closed
Assigned To Lukas Fleischer (lfleischer)
Architecture All
Severity Medium
Priority Normal
Reported Version 1.7.0
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

After having seen a lot of AUR packages, I have spotted a large amount of packages containing files that aren't needed or shouldn't be included.

So I thought of a new way of checking the tarball:

1. extract PKGBUILD from tarball
2. grab non urls from sources array and check if they are in the tarball
3. check if there is an install file, check if it exists in the tarball
4. if all conditions are met, let the tarball pass otherwise it would fail.
This task depends upon

Closed by  Lukas Fleischer (lfleischer)
Tuesday, 18 September 2012, 15:31 GMT
Reason for closing:  Won't implement
Additional comments about closing:  See  FS#15043 .
Comment by Lukas Fleischer (lfleischer) - Thursday, 20 January 2011, 17:34 GMT
This actually doesn't sound too bad. We could use the extracted PKGBUILD to create a list of source packages (with "http://", "https://", "ftp://" stuff stripped), ".install" files and the "PKGBUILD" file itself and compare that with the tarball contents. Only problem I see is that there might be problems if variable substituions are used in the "source" array or "install" file specificaiton. So this is kinda related to  FS#15043  (although not the same).

Loading...