<pre style='margin:0'>
Joshua Root (jmroot) pushed a commit to branch master
in repository macports-base.
</pre>
<p><a href="https://github.com/macports/macports-base/commit/df27eff7e79b8fab93820007fb214a0bdceddbdf">https://github.com/macports/macports-base/commit/df27eff7e79b8fab93820007fb214a0bdceddbdf</a></p>
<pre style="white-space: pre; background: #F8F8F8"><span style='display:block; white-space:pre;color:#808000;'>commit df27eff7e79b8fab93820007fb214a0bdceddbdf
</span>Author: Joshua Root <jmr@macports.org>
AuthorDate: Wed Mar 15 03:44:22 2023 +1100
<span style='display:block; white-space:pre;color:#404040;'> lint: warn about missing secure checksums by default
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> A warning about "missing size" displayed in PRs is all too often extra
</span><span style='display:block; white-space:pre;color:#404040;'> friction for contributors, when in fact a size isn't needed at all and
</span><span style='display:block; white-space:pre;color:#404040;'> is the least secure of all checksum types. There was one proposal to do
</span><span style='display:block; white-space:pre;color:#404040;'> something with the file size in certain specific cases (ticket 55502),
</span><span style='display:block; white-space:pre;color:#404040;'> but in 5 years it has not been implemented.
</span>---
src/port1.0/portlint.tcl | 12 +++++++-----
src/port1.0/tests/portlint.test | 7 ++++---
2 files changed, 11 insertions(+), 8 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/src/port1.0/portlint.tcl b/src/port1.0/portlint.tcl
</span><span style='display:block; white-space:pre;color:#808080;'>index 70dc37c36..d96043d80 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/src/port1.0/portlint.tcl
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/src/port1.0/portlint.tcl
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -127,19 +127,21 @@ proc portlint::lint_checksum_type_list {types} {
</span> set issues [list]
set using_secure false
<span style='display:block; white-space:pre;background:#ffe0e0;'>- foreach preferred $portchecksum::default_checksum_types {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach preferred $portchecksum::secure_checksum_types {
</span> if {$preferred ni $types} {
lappend issues "missing recommended checksum type: $preferred"
<span style='display:block; white-space:pre;background:#ffe0e0;'>- } elseif {$preferred in $portchecksum::secure_checksum_types} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } else {
</span> set using_secure true
}
}
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ global ports_lint_nitpick
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[tbool ports_lint_nitpick] && "size" ni $types} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ lappend issues "missing recommended checksum type: size"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span>
if {!$using_secure} {
foreach type $types {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- if {$type ni $portchecksum::default_checksum_types} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- lappend issues "checksum type is insecure on its own: $type"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ lappend issues "checksum type is insecure on its own: $type"
</span> }
}
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/src/port1.0/tests/portlint.test b/src/port1.0/tests/portlint.test
</span><span style='display:block; white-space:pre;color:#808080;'>index 25a089362..ca7f7bb42 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/src/port1.0/tests/portlint.test
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/src/port1.0/tests/portlint.test
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -32,6 +32,7 @@ test test_lint_checksum_type_list_missing_recommended {
</span> Verify that we are warned about a missing recommended field in the
list of checksums types passed to lint_checksum_type_list.
} -body {
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ set ports_lint_nitpick yes
</span> set preferred_checksum_types [list rmd160 sha256]
set results [portlint::lint_checksum_type_list $preferred_checksum_types]
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -94,15 +95,15 @@ test test_lint_checksum_type_list_mixed {
</span> Verify that we are warned about a missing recommended field when
multiple fields are specified
} -body {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- set preferred_checksum_types [list md5 rmd160 sha256]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set preferred_checksum_types [list md5 sha256 size]
</span> set results [portlint::lint_checksum_type_list $preferred_checksum_types]
if {[llength $results] == 0} {
return "FAIL: unexpected results: no results returned"
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[lsearch -regexp $results {missing.+size}] == -1} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- return "FAIL: no mention of missing recommended size field: $results"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[lsearch -regexp $results {missing.+rmd160}] == -1} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return "FAIL: no mention of missing recommended rmd160 field: $results"
</span> }
return "lint_checksum_type_list_mixed passed"
</pre><pre style='margin:0'>
</pre>