From 3dbd74262fb8135eabcd8e3a1a95e9616007da70 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Mon, 15 May 2017 14:58:01 +0200 Subject: [PATCH 1/4] lint: add popular URL shorteners to the banned list --- fdroidserver/lint.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fdroidserver/lint.py b/fdroidserver/lint.py index 125a9638..b7dbdea1 100644 --- a/fdroidserver/lint.py +++ b/fdroidserver/lint.py @@ -53,6 +53,10 @@ http_url_shorteners = [ forbid_shortener('goo.gl'), forbid_shortener('t.co'), forbid_shortener('ur1.ca'), + forbid_shortener('is.gd'), + forbid_shortener('bit.ly'), + forbid_shortener('tiny.cc'), + forbid_shortener('tinyurl.com'), ] http_checks = https_enforcings + http_url_shorteners + [ From 1178d032f3c5e88059be4aa622b3afa3af65e524 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Mon, 15 May 2017 15:17:33 +0200 Subject: [PATCH 2/4] lint: support new per-package subdirs for l18n and dev signatures Graphics and localized text can now be stored in the package folders, always in a folder that is named for the locale. The upstream developer signature is also now stored, so that the upstream APK can be reproduced even if they remove their APKs. #291 fdroiddata!2229 fdroiddata!2224 fdroidclient#15 fdroidserver#174 --- fdroidserver/lint.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fdroidserver/lint.py b/fdroidserver/lint.py index b7dbdea1..a1702225 100644 --- a/fdroidserver/lint.py +++ b/fdroidserver/lint.py @@ -121,6 +121,8 @@ regex_checks = { ], } +locale_pattern = re.compile(r'^[a-z]{2,3}(-[A-Z][A-Z])?$') + def check_regexes(app): for f, checks in regex_checks.items(): @@ -325,12 +327,12 @@ def check_files_dir(app): files = set() for name in os.listdir(dir_path): path = os.path.join(dir_path, name) - if not os.path.isfile(path): + if not (os.path.isfile(path) or name == 'signatures' or locale_pattern.match(name)): yield "Found non-file at %s" % path continue files.add(name) - used = set() + used = {'signatures', } for build in app.builds: for fname in build.patch: if fname not in files: @@ -339,6 +341,8 @@ def check_files_dir(app): used.add(fname) for name in files.difference(used): + if locale_pattern.match(name): + continue yield "Unused file at %s" % os.path.join(dir_path, name) From 4570d9dc8a75eb0a3cb3b76e434beef455317324 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Mon, 15 May 2017 16:46:52 +0200 Subject: [PATCH 3/4] lint: use only license tags from https://spdx.org/license-list closes #234 --- fdroidserver/lint.py | 348 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 344 insertions(+), 4 deletions(-) diff --git a/fdroidserver/lint.py b/fdroidserver/lint.py index a1702225..9aebd998 100644 --- a/fdroidserver/lint.py +++ b/fdroidserver/lint.py @@ -87,10 +87,6 @@ regex_checks = { (re.compile(r'.*\s$'), "Unnecessary trailing space"), ], - 'License': [ - (re.compile(r'^(|None|Unknown)$'), - "No license specified"), - ], 'Summary': [ (re.compile(r'^$'), "Summary yet to be filled"), @@ -351,6 +347,13 @@ def check_format(app): yield "Run rewritemeta to fix formatting" +def check_license_tag(app): + '''Ensure all license tags are in https://spdx.org/license-list''' + if app.License.rstrip('+') not in SPDX: + yield 'Invalid license tag "%s"! Use only tags from https://spdx.org/license-list' \ + % (app.License) + + def check_extlib_dir(apps): dir_path = os.path.join('build', 'extlib') files = set() @@ -429,6 +432,7 @@ def main(): check_builds, check_files_dir, check_format, + check_license_tag, ] for check_func in app_check_funcs: @@ -440,5 +444,341 @@ def main(): sys.exit(1) +# A compiled, public domain list of official SPDX license tags from: +# https://github.com/sindresorhus/spdx-license-list/blob/v3.0.1/spdx-simple.json +# The deprecated license tags have been removed from the list, they are at the +# bottom, starting after the last license tags that start with Z. +# This is at the bottom, since its a long list of data +SPDX = [ + "PublicDomain", # an F-Droid addition, until we can enforce a better option + "Glide", + "Abstyles", + "AFL-1.1", + "AFL-1.2", + "AFL-2.0", + "AFL-2.1", + "AFL-3.0", + "AMPAS", + "APL-1.0", + "Adobe-Glyph", + "APAFML", + "Adobe-2006", + "AGPL-1.0", + "Afmparse", + "Aladdin", + "ADSL", + "AMDPLPA", + "ANTLR-PD", + "Apache-1.0", + "Apache-1.1", + "Apache-2.0", + "AML", + "APSL-1.0", + "APSL-1.1", + "APSL-1.2", + "APSL-2.0", + "Artistic-1.0", + "Artistic-1.0-Perl", + "Artistic-1.0-cl8", + "Artistic-2.0", + "AAL", + "Bahyph", + "Barr", + "Beerware", + "BitTorrent-1.0", + "BitTorrent-1.1", + "BSL-1.0", + "Borceux", + "BSD-2-Clause", + "BSD-2-Clause-FreeBSD", + "BSD-2-Clause-NetBSD", + "BSD-3-Clause", + "BSD-3-Clause-Clear", + "BSD-3-Clause-No-Nuclear-License", + "BSD-3-Clause-No-Nuclear-License-2014", + "BSD-3-Clause-No-Nuclear-Warranty", + "BSD-4-Clause", + "BSD-Protection", + "BSD-Source-Code", + "BSD-3-Clause-Attribution", + "0BSD", + "BSD-4-Clause-UC", + "bzip2-1.0.5", + "bzip2-1.0.6", + "Caldera", + "CECILL-1.0", + "CECILL-1.1", + "CECILL-2.0", + "CECILL-2.1", + "CECILL-B", + "CECILL-C", + "ClArtistic", + "MIT-CMU", + "CNRI-Jython", + "CNRI-Python", + "CNRI-Python-GPL-Compatible", + "CPOL-1.02", + "CDDL-1.0", + "CDDL-1.1", + "CPAL-1.0", + "CPL-1.0", + "CATOSL-1.1", + "Condor-1.1", + "CC-BY-1.0", + "CC-BY-2.0", + "CC-BY-2.5", + "CC-BY-3.0", + "CC-BY-4.0", + "CC-BY-ND-1.0", + "CC-BY-ND-2.0", + "CC-BY-ND-2.5", + "CC-BY-ND-3.0", + "CC-BY-ND-4.0", + "CC-BY-NC-1.0", + "CC-BY-NC-2.0", + "CC-BY-NC-2.5", + "CC-BY-NC-3.0", + "CC-BY-NC-4.0", + "CC-BY-NC-ND-1.0", + "CC-BY-NC-ND-2.0", + "CC-BY-NC-ND-2.5", + "CC-BY-NC-ND-3.0", + "CC-BY-NC-ND-4.0", + "CC-BY-NC-SA-1.0", + "CC-BY-NC-SA-2.0", + "CC-BY-NC-SA-2.5", + "CC-BY-NC-SA-3.0", + "CC-BY-NC-SA-4.0", + "CC-BY-SA-1.0", + "CC-BY-SA-2.0", + "CC-BY-SA-2.5", + "CC-BY-SA-3.0", + "CC-BY-SA-4.0", + "CC0-1.0", + "Crossword", + "CrystalStacker", + "CUA-OPL-1.0", + "Cube", + "curl", + "D-FSL-1.0", + "diffmark", + "WTFPL", + "DOC", + "Dotseqn", + "DSDP", + "dvipdfm", + "EPL-1.0", + "ECL-1.0", + "ECL-2.0", + "eGenix", + "EFL-1.0", + "EFL-2.0", + "MIT-advertising", + "MIT-enna", + "Entessa", + "ErlPL-1.1", + "EUDatagrid", + "EUPL-1.0", + "EUPL-1.1", + "Eurosym", + "Fair", + "MIT-feh", + "Frameworx-1.0", + "FreeImage", + "FTL", + "FSFAP", + "FSFUL", + "FSFULLR", + "Giftware", + "GL2PS", + "Glulxe", + "AGPL-3.0", + "GFDL-1.1", + "GFDL-1.2", + "GFDL-1.3", + "GPL-1.0", + "GPL-2.0", + "GPL-3.0", + "LGPL-2.1", + "LGPL-3.0", + "LGPL-2.0", + "gnuplot", + "gSOAP-1.3b", + "HaskellReport", + "HPND", + "IBM-pibs", + "IPL-1.0", + "ICU", + "ImageMagick", + "iMatix", + "Imlib2", + "IJG", + "Info-ZIP", + "Intel-ACPI", + "Intel", + "Interbase-1.0", + "IPA", + "ISC", + "JasPer-2.0", + "JSON", + "LPPL-1.0", + "LPPL-1.1", + "LPPL-1.2", + "LPPL-1.3a", + "LPPL-1.3c", + "Latex2e", + "BSD-3-Clause-LBNL", + "Leptonica", + "LGPLLR", + "Libpng", + "libtiff", + "LAL-1.2", + "LAL-1.3", + "LiLiQ-P-1.1", + "LiLiQ-Rplus-1.1", + "LiLiQ-R-1.1", + "LPL-1.02", + "LPL-1.0", + "MakeIndex", + "MTLL", + "MS-PL", + "MS-RL", + "MirOS", + "MITNFA", + "MIT", + "Motosoto", + "MPL-1.0", + "MPL-1.1", + "MPL-2.0", + "MPL-2.0-no-copyleft-exception", + "mpich2", + "Multics", + "Mup", + "NASA-1.3", + "Naumen", + "NBPL-1.0", + "Net-SNMP", + "NetCDF", + "NGPL", + "NOSL", + "NPL-1.0", + "NPL-1.1", + "Newsletr", + "NLPL", + "Nokia", + "NPOSL-3.0", + "NLOD-1.0", + "Noweb", + "NRL", + "NTP", + "Nunit", + "OCLC-2.0", + "ODbL-1.0", + "PDDL-1.0", + "OCCT-PL", + "OGTSL", + "OLDAP-2.2.2", + "OLDAP-1.1", + "OLDAP-1.2", + "OLDAP-1.3", + "OLDAP-1.4", + "OLDAP-2.0", + "OLDAP-2.0.1", + "OLDAP-2.1", + "OLDAP-2.2", + "OLDAP-2.2.1", + "OLDAP-2.3", + "OLDAP-2.4", + "OLDAP-2.5", + "OLDAP-2.6", + "OLDAP-2.7", + "OLDAP-2.8", + "OML", + "OPL-1.0", + "OSL-1.0", + "OSL-1.1", + "OSL-2.0", + "OSL-2.1", + "OSL-3.0", + "OpenSSL", + "OSET-PL-2.1", + "PHP-3.0", + "PHP-3.01", + "Plexus", + "PostgreSQL", + "psfrag", + "psutils", + "Python-2.0", + "QPL-1.0", + "Qhull", + "Rdisc", + "RPSL-1.0", + "RPL-1.1", + "RPL-1.5", + "RHeCos-1.1", + "RSCPL", + "RSA-MD", + "Ruby", + "SAX-PD", + "Saxpath", + "SCEA", + "SWL", + "SMPPL", + "Sendmail", + "SGI-B-1.0", + "SGI-B-1.1", + "SGI-B-2.0", + "OFL-1.0", + "OFL-1.1", + "SimPL-2.0", + "Sleepycat", + "SNIA", + "Spencer-86", + "Spencer-94", + "Spencer-99", + "SMLNJ", + "SugarCRM-1.1.3", + "SISSL", + "SISSL-1.2", + "SPL-1.0", + "Watcom-1.0", + "TCL", + "TCP-wrappers", + "Unlicense", + "TMate", + "TORQUE-1.1", + "TOSL", + "Unicode-DFS-2015", + "Unicode-DFS-2016", + "Unicode-TOU", + "UPL-1.0", + "NCSA", + "Vim", + "VOSTROM", + "VSL-1.0", + "W3C-20150513", + "W3C-19980720", + "W3C", + "Wsuipa", + "Xnet", + "X11", + "Xerox", + "XFree86-1.1", + "xinetd", + "xpp", + "XSkat", + "YPL-1.0", + "YPL-1.1", + "Zed", + "Zend-2.0", + "Zimbra-1.3", + "Zimbra-1.4", + "Zlib", + "zlib-acknowledgement", + "ZPL-1.1", + "ZPL-2.0", + "ZPL-2.1", +] + if __name__ == "__main__": main() From 114d5dc8c68e125da6f55cadc38874e032ab189d Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Mon, 15 May 2017 16:58:10 +0200 Subject: [PATCH 4/4] make tests pass new lint rules --- tests/metadata/dump/org.adaway.yaml | 2 +- tests/metadata/dump/org.smssecure.smssecure.yaml | 2 +- tests/metadata/dump/org.videolan.vlc.yaml | 2 +- tests/metadata/info.guardianproject.checkey.txt | 2 +- tests/metadata/info.guardianproject.urzip.yml | 2 +- tests/metadata/obb.main.oldversion.txt | 2 +- tests/metadata/obb.main.twoversions.txt | 2 +- tests/metadata/obb.mainpatch.current.txt | 2 +- tests/metadata/org.adaway.json | 2 +- tests/metadata/org.smssecure.smssecure.txt | 2 +- tests/metadata/org.videolan.vlc.yml | 2 +- tests/repo/index.xml | 8 ++++---- tests/run-tests | 2 +- 13 files changed, 16 insertions(+), 16 deletions(-) diff --git a/tests/metadata/dump/org.adaway.yaml b/tests/metadata/dump/org.adaway.yaml index 3e5b2394..ae82809d 100644 --- a/tests/metadata/dump/org.adaway.yaml +++ b/tests/metadata/dump/org.adaway.yaml @@ -40,7 +40,7 @@ Disabled: null Donate: http://sufficientlysecure.org/index.php/adaway FlattrID: '369138' IssueTracker: https://github.com/dschuermann/ad-away/issues -License: GPLv3 +License: GPL-3.0 Litecoin: null MaintainerNotes: '' Name: null diff --git a/tests/metadata/dump/org.smssecure.smssecure.yaml b/tests/metadata/dump/org.smssecure.smssecure.yaml index 06b70b8d..ea608b97 100644 --- a/tests/metadata/dump/org.smssecure.smssecure.yaml +++ b/tests/metadata/dump/org.smssecure.smssecure.yaml @@ -37,7 +37,7 @@ Disabled: null Donate: null FlattrID: null IssueTracker: https://github.com/SMSSecure/SMSSecure/issues -License: GPLv3 +License: GPL-3.0 Litecoin: null MaintainerNotes: '' Name: null diff --git a/tests/metadata/dump/org.videolan.vlc.yaml b/tests/metadata/dump/org.videolan.vlc.yaml index e173fcba..dde25b36 100644 --- a/tests/metadata/dump/org.videolan.vlc.yaml +++ b/tests/metadata/dump/org.videolan.vlc.yaml @@ -24,7 +24,7 @@ Disabled: null Donate: http://www.videolan.org/contribute.html#money FlattrID: null IssueTracker: http://www.videolan.org/support/index.html#bugs -License: GPLv3 +License: GPL-3.0 Litecoin: null MaintainerNotes: 'Instructions and dependencies here: http://wiki.videolan.org/AndroidCompile diff --git a/tests/metadata/info.guardianproject.checkey.txt b/tests/metadata/info.guardianproject.checkey.txt index 43faaade..eea6c7be 100644 --- a/tests/metadata/info.guardianproject.checkey.txt +++ b/tests/metadata/info.guardianproject.checkey.txt @@ -1,5 +1,5 @@ Categories:Development,GuardianProject -License:GPLv3 +License:GPL-3.0 Web Site:https://dev.guardianproject.info/projects/checkey Source Code:https://github.com/guardianproject/checkey Issue Tracker:https://dev.guardianproject.info/projects/checkey/issues diff --git a/tests/metadata/info.guardianproject.urzip.yml b/tests/metadata/info.guardianproject.urzip.yml index a1650816..1406d43e 100644 --- a/tests/metadata/info.guardianproject.urzip.yml +++ b/tests/metadata/info.guardianproject.urzip.yml @@ -18,7 +18,7 @@ Description: | ★ 致用户:我们还缺少你喜欢的功能?发现了一个 bug?请告诉我们!我们乐于听取您的意见。请发送电子邮件至: support@guardianproject.info 或者加入我们的聊天室 https://guardianproject.info/contact IssueTracker: https://dev.guardianproject.info/projects/urzip/issues -License: GPLv3 +License: GPL-3.0 Repo: https://github.com/guardianproject/urzip.git RepoType: git SourceCode: https://github.com/guardianproject/urzip diff --git a/tests/metadata/obb.main.oldversion.txt b/tests/metadata/obb.main.oldversion.txt index 56c4a9f5..943f0c15 100644 --- a/tests/metadata/obb.main.oldversion.txt +++ b/tests/metadata/obb.main.oldversion.txt @@ -1,5 +1,5 @@ Categories:Development -License:GPLv3 +License:GPL-3.0 Source Code:https://github.com/eighthave/urzip Bitcoin:1Fi5xUHiAPRKxHvyUGVFGt9extBe8Srdbk diff --git a/tests/metadata/obb.main.twoversions.txt b/tests/metadata/obb.main.twoversions.txt index d06afa36..d358da88 100644 --- a/tests/metadata/obb.main.twoversions.txt +++ b/tests/metadata/obb.main.twoversions.txt @@ -1,5 +1,5 @@ Categories:Development -License:GPLv3 +License:GPL-3.0 Source Code:https://github.com/eighthave/urzip Bitcoin:1Fi5xUHiAPRKxHvyUGVFGt9extBe8Srdbk diff --git a/tests/metadata/obb.mainpatch.current.txt b/tests/metadata/obb.mainpatch.current.txt index 2f7571f5..2007a69e 100644 --- a/tests/metadata/obb.mainpatch.current.txt +++ b/tests/metadata/obb.mainpatch.current.txt @@ -1,5 +1,5 @@ Categories:Development -License:GPLv3 +License:GPL-3.0 Source Code:https://github.com/eighthave/urzip Bitcoin:1Fi5xUHiAPRKxHvyUGVFGt9extBe8Srdbk diff --git a/tests/metadata/org.adaway.json b/tests/metadata/org.adaway.json index c95a8878..dda8ae60 100644 --- a/tests/metadata/org.adaway.json +++ b/tests/metadata/org.adaway.json @@ -22,7 +22,7 @@ "Donate": "http://sufficientlysecure.org/index.php/adaway", "FlattrID": "369138", "IssueTracker": "https://github.com/dschuermann/ad-away/issues", - "License": "GPLv3", + "License": "GPL-3.0", "Provides": "org.sufficientlysecure.adaway", "Repo": "https://github.com/dschuermann/ad-away.git", "RepoType": "git", diff --git a/tests/metadata/org.smssecure.smssecure.txt b/tests/metadata/org.smssecure.smssecure.txt index d4ff2384..655857ef 100644 --- a/tests/metadata/org.smssecure.smssecure.txt +++ b/tests/metadata/org.smssecure.smssecure.txt @@ -1,5 +1,5 @@ Categories:Phone & SMS -License:GPLv3 +License:GPL-3.0 Web Site:http://www.smssecure.org Source Code:https://github.com/SMSSecure/SMSSecure Issue Tracker:https://github.com/SMSSecure/SMSSecure/issues diff --git a/tests/metadata/org.videolan.vlc.yml b/tests/metadata/org.videolan.vlc.yml index 7d38ecce..33c46f13 100644 --- a/tests/metadata/org.videolan.vlc.yml +++ b/tests/metadata/org.videolan.vlc.yml @@ -1,6 +1,6 @@ Categories: - Multimedia -License: GPLv3 +License: GPL-3.0 WebSite: http://www.videolan.org/vlc/download-android.html SourceCode: http://git.videolan.org/?p=vlc-ports/android.git;a=summary IssueTracker: "http://www.videolan.org/support/index.html#bugs" diff --git a/tests/repo/index.xml b/tests/repo/index.xml index 052381a2..88507d52 100644 --- a/tests/repo/index.xml +++ b/tests/repo/index.xml @@ -41,7 +41,7 @@ obb.main.oldversion.1444412523.png <p>No description available</p> - GPLv3 + GPL-3.0 Development Development @@ -76,7 +76,7 @@ obb.main.twoversions.1101617.png <p>No description available</p> - GPLv3 + GPL-3.0 Development Development @@ -134,7 +134,7 @@ obb.mainpatch.current.1619.png <p>No description available</p> - GPLv3 + GPL-3.0 Development Development @@ -167,7 +167,7 @@ 一个实用工具,获取已安装在您的设备上的应用的有关信息 info.guardianproject.urzip.100.png <p>It’s Urzip 是一个获得已安装 APK 相关信息的实用工具。它从您的设备上已安装的所有应用开始,一键触摸即可显示 APK 的指纹,并且提供到达 virustotal.com 和 androidobservatory.org 的快捷链接,让您方便地了解特定 APK 的档案。它还可以让您导出签名证书和生成 ApkSignaturePin Pin 文件供 TrustedIntents 库使用。</p><p>★ Urzip 支持下列语言: Deutsch, English, español, suomi, 日本語, 한국어, Norsk, português (Portugal), Русский, Slovenščina, Türkçe 没看到您的语言?帮忙翻译本应用吧: https://www.transifex.com/projects/p/urzip</p><p>★ 致用户:我们还缺少你喜欢的功能?发现了一个 bug?请告诉我们!我们乐于听取您的意见。请发送电子邮件至: support@guardianproject.info 或者加入我们的聊天室 https://guardianproject.info/contact</p> - GPLv3 + GPL-3.0 Development,GuardianProject,1,2.0 Development https://dev.guardianproject.info/projects/urzip diff --git a/tests/run-tests b/tests/run-tests index 563145a5..f640322e 100755 --- a/tests/run-tests +++ b/tests/run-tests @@ -262,7 +262,7 @@ REPOROOT=`create_test_dir` cd $REPOROOT mkdir repo mkdir metadata -echo "License:GPL" >> metadata/fake.txt +echo "License:GPL-2.0" >> metadata/fake.txt echo "Summary:Yup still fake" >> metadata/fake.txt echo "Categories:Internet" >> metadata/fake.txt echo "Description:" >> metadata/fake.txt