scripts/qa.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

#!/bin/bash
# Copyright 2007 Wulf C. Krueger <philantrop@gentoo.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# This is a script for running QA checks in both the official Gentoo Portage Tree
# as well as any overlay. 
# To see what it needs, how to use it and how to set some configuration options,
# please read on.

# Requirements:
# sys-apps/portage
# >=sys-apps/paludis-0.24.6 (with the "qa" USE flag set)
# dev-util/pkgcore-checks
# www-client/pybugz-0.7.0 (0.7.1 is broken, bug 197874)
# app-crypt/gnupg
# dev-util/cvs

# NOTE: The current directory must be the one to check for QA issues! 

# Parameters: 
# $1 = package name without (!) category
# $2 = path to the repository
#
# Example for app-editors/beaver in the official Gentoo Portage Tree:
# $1 = beaver 
# $2 = /home/krueger/workspace/gentoo-x86

# Configuration options:
# (All paths shouldn't have trailing slashes.)
# The path to the Gentoo Portage tree
GENTOO_PORTAGE_TREE="/home/krueger/workspace/gentoo-x86"
# The path to the Gentoo GLSAs
GLSA_DIR="/home/krueger/workspace/gentoo/xml/htdocs/security/en/glsa"
# Path for temporary files like the qa-results, glsa update timestamp file, etc.
TMP_DIR="/home/krueger/workspace/gentoo-stuff/tmp"
# The signing user's GPG directory
GPG_DIR="/home/krueger/.gnupg"
# A file that holds the password to the Manifest signing key (secure it!)
GPG_PASSWD_FILE="gentoo_pass"
# Defines which GPG key is used for Manifest signing 
GPG_KEY="CABCD089"

# Search for open bugs for the current package name
/usr/bin/bugz search "$1"

# We'll change dirs so keep the current one in mind.
pushd . >/dev/null 

# Delete the Manifest to avoid double-signing
rm -f Manifest 

# Fetch all files
for x in $(find . -type f -name "*.ebuild"); do
	echo "Fetching distfiles for $x..."
	USE=$(grep -h "IUSE=" *.ebuild | cut -d "=" -f 2 | tr ' ' '\n' | sed "s/[\n\"]//g" | sed "s/\+//g" | sort -u | tr '\n' ' ')
	export USE="${USE} $(cat ${GENTOO_PORTAGE_TREE}/profiles/desc/linguas.desc | grep -v '^#' | cut -d ' ' -f1 | sed '/./,$!d' | sed -e 's:^:linguas_:' | sort -u | tr '\n' ' ')"
	RESTRICT="mirror" ebuild $x fetch >/dev/null 2>&1
	# Make sure we *really* got all :-)
	RESTRICT="mirror" emerge --nodeps --fetch-all-uri $x >/dev/null 2>&1
    /usr/bin/ebuild $x manifest
done
unset USE

# Show the KEYWORDS matrix
echo 
adjutrix -k --log-level silent

# I wanted use reprehendo but it requires >=paludis-0.25.0 or paludis-scm and the latter sucks
# reprehendo --sign --key-id ${GPG_KEY}

# Sign the manifest
cat "${GPG_DIR}/${GPG_PASSWD_FILE}" | gpg -q --batch --passphrase-fd 0 --sign --clearsign --yes --default-key ${GPG_KEY} --homedir ${GPG_DIR} Manifest >/dev/null 2>&1
cp Manifest.asc Manifest
rm -f Manifest.asc

# See what Qualudis has to say about it...
#QA_DIR=$(pwd | sed -e "s:$2/::")
#cd "$2"

if [[ ${2: -10} = ${GENTOO_PORTAGE_TREE: -10} ]] ; then
#	qualudis --log-level warning ${QA_DIR}
	qualudis --log-level warning
elif [[ $2 != ${GENTOO_PORTAGE_TREE} ]] ; then
#	qualudis --log-level warning --master-repository-dir ${GENTOO_PORTAGE_TREE} ${QA_DIR}
	qualudis --log-level warning --master-repository-dir ${GENTOO_PORTAGE_TREE}
fi
echo

if [[ $(find "${TMP_DIR}" -type f -amin +1440 -name "glsa_update") != "" ]] ; then
	touch "${TMP_DIR}/glsa_update"
	echo "Updating GLSAs..."
	cd "${GLSA_DIR}/../../"
	cvs update -d -P >/dev/null 2>&1
fi

# The following GLSA is broken.
rm -f "${GLSA_DIR}"/glsa-200710-22.xml

# Change back to the original directory we were in.
popd >/dev/null

# pkgcore's pcheck is useful, too.
if [[ "$2" != ${GENTOO_PORTAGE_TREE} ]] ; then 
	pcheck --nocolor -o ${GENTOO_PORTAGE_TREE} --profile-base=${GENTOO_PORTAGE_TREE}/profiles --license-dir=${GENTOO_PORTAGE_TREE}/licenses --glsa-dir=${GLSA_DIR} -d UnusedLicense -d CategoryMetadataXmlCheck -d UnusedGlobalFlags
else
	pcheck --nocolor -r "$2" --profile-base=${GENTOO_PORTAGE_TREE}/profiles --license-dir=${GENTOO_PORTAGE_TREE}/licenses --glsa-dir=${GLSA_DIR} -d UnusedLicense -d CategoryMetadataXmlCheck -d UnusedGlobalFlags
fi

# And, finally, of course, repoman does its job.
repoman -q -x full | tail -n+5