Merge branch 'exit_on_nvchecker_cmd_source' into 'master'

fix(version): Fail if the 'cmd' source is used in .nvchecker.toml See merge request archlinux/devtools!295
fix(commitpkg): Quiet git ls-files output
2025-09-13 18:06:19 +02:00 · 2025-08-04 03:03:46 +02:00 · 2025-08-01 11:26:57 +02:00 · 2025-07-28 23:38:32 -04:00 · 2025-01-04 12:25:32 +01:00
4 changed files with 16 additions and 8 deletions
--- a/src/commitpkg.in
+++ b/src/commitpkg.in
@@ -155,7 +155,7 @@ if (( ${#needsversioning[*]} )); then
 		if [[ ! -f "${file}" ]]; then
 			continue
 		fi
-		if ! git ls-files --error-unmatch "$file"; then
+		if ! git ls-files --error-unmatch "$file" >/dev/null; then
 			die "%s is not under version control" "$file"
 		fi
 	done
--- a/src/lib/license/check.sh
+++ b/src/lib/license/check.sh
@@ -94,19 +94,19 @@ pkgctl_license_check() {
 		pushd "${path}" >/dev/null

 		if [[ ! -f PKGBUILD ]]; then
-			msg_error "${BOLD}${path}:${ALL_OFF} no PKGBUILD found"
+			msg_error "${BOLD}${pkgbase}:${ALL_OFF} no PKGBUILD found"
 			return 1
 		fi

-		if [[ ! -f .SRCINFO ]]; then
-			msg_error "${BOLD}${path}:${ALL_OFF} no .SRCINFO found"
-			return 1
-		fi
+		# reset common PKGBUILD variables
+		unset pkgbase

-		if ! pkgbase=$(grep --max-count=1 --extended-regexp "pkgbase = (.+)" .SRCINFO | awk '{print $3}'); then
-			msg_error "${BOLD}${path}:${ALL_OFF} pkgbase not found in .SRCINFO"
+		# shellcheck source=contrib/makepkg/PKGBUILD.proto
+		if ! . ./PKGBUILD; then
+			msg_error "${BOLD}${pkgbase}:${ALL_OFF} failed to source PKGBUILD"
 			return 1
 		fi
+		pkgbase=${pkgbase:-$pkgname}

 		if [[ ! -e LICENSE ]]; then
 			msg_error "${BOLD}${pkgbase}:${ALL_OFF} is missing the LICENSE file"
--- a/src/lib/license/setup.sh
+++ b/src/lib/license/setup.sh
@@ -191,7 +191,9 @@ path = [
    ".nvchecker.toml",
    "*.install",
    "*.sysusers",
+    "*sysusers.conf",
    "*.tmpfiles",
+    "*tmpfiles.conf",
    "*.logrotate",
    "*.pam",
    "*.service",
--- a/src/lib/version/check.sh
+++ b/src/lib/version/check.sh
@@ -350,6 +350,12 @@ nvchecker_check_config() {
 		printf "non-pkgbase section not supported in %s: %s" "${config}" "${property}"
 		return 1
 	fi
+
+	# check if the config is using the 'cmd' source
+	if grep --extended-regexp --quiet '^\s*source\s*=\s*["'\'']cmd["'\'']\s*$' "${config}"; then
+		printf "using the 'cmd' source in %s is disallowed" "${config}"
+		return 1
+	fi
 }

 nvchecker_check_error() {
Author	SHA1	Message	Date
Robin Candau	7336a6cb63	Merge branch 'exit_on_nvchecker_cmd_source' into 'master' fix(version): Fail if the 'cmd' source is used in .nvchecker.toml See merge request archlinux/devtools!295	2025-08-04 03:03:46 +02:00
Christian Heusel	01757e6904	fix(commitpkg): Quiet git ls-files output So far all files in `needsversioning=(...)` have been printed to the command line if they were found, which is not useful, especially now that we have more files present there. It makes sense however to keep the standard error output, as this gives a actionable suggestion what one should to to fix the issue: > error: pathspec 'PKGBUILD' did not match any file(s) known to git > Did you forget to 'git add'? Fixes #281 Signed-off-by: Christian Heusel <christian@heusel.eu>	2025-08-01 11:26:57 +02:00
Daniel M. Capella	c5fe8ff3e6	feat(license): Extend matches for sysusers/tmpfiles configs Eg. to match: - sysusers.conf - $pkgname.sysusers - $pkgname.sysusers.conf	2025-07-28 23:38:32 -04:00
Robin Candau	cfb99fd2d8	fix(version): Fail if the 'cmd' source is used in .nvchecker.toml The [cmd](https://nvchecker.readthedocs.io/en/latest/usage.html#find-with-a-command) source allows nvchecker to use a shell command line to get versions. Using this source within `.nvchecker.toml` would result in `pkgctl version {check,upgrade}` to run arbitrary commands which isn't desirable, as it can lead to various issues (e.g. missing packages / dependencies to run said commands or even executing malicious commands in hypothetical worst case scenarios)	2025-01-04 12:25:32 +01:00