repoman: Warn on = dependencies without * or revision

Warn if the '=' package dependency operator is used along with pure
version with no revision specified. This means to catch a common mistake
of developers copying '=' from upstream dependency specification while
'~' operator would be more appropriate. This causes unintended depgraph
breakage when the dependencies are revbumped e.g. due to dependency
changes, or prevents people from upgrading.

The developers are given two suggestions: either to use '~' if any
revision is acceptable, or to explicitly specify '-r0' when they really
do accept -r0 only.

Bug: https://bugs.gentoo.org/649482
Reviewed-by: Zac Medico <zmedico@gentoo.org>

3 files changed, 11 insertions, 0 deletions

diff --git a/repoman/cnf/qa_data/qa_data.yaml b/repoman/cnf/qa_data/qa_data.yaml
index 32994e013..49ffdaf74 100644
--- a/repoman/cnf/qa_data/qa_data.yaml
+++ b/repoman/cnf/qa_data/qa_data.yaml
@@ -26,6 +26,7 @@ qahelp:
         badinexp: "User-visible ebuilds with unsatisfied dependencies (matched against *visible* ebuilds) in experimental arch"
         badmaskedinexp: "Masked ebuilds with unsatisfied dependencies (matched against *all* ebuilds) in experimental arch"
         badtilde: "Uses the ~ dep operator with a non-zero revision part, which is useless (the revision is ignored)"
+        equalsversion: "Suspicious =-dependency with a specific version and no rev. Please either use ~ if any revision is acceptable, or append -r0 to silence the warning."
         missingslot: "RDEPEND matches more than one SLOT but does not specify a slot and/or use the := or :* slot operator"
         perlcore: "This ebuild directly depends on a package in perl-core; it should use the corresponding virtual instead."
         syntax: "Syntax error in dependency string (usually an extra/missing space/parenthesis)"
diff --git a/repoman/cnf/repository/qa_data.yaml b/repoman/cnf/repository/qa_data.yaml
index 4aa961633..2e9e16b1d 100644
--- a/repoman/cnf/repository/qa_data.yaml
+++ b/repoman/cnf/repository/qa_data.yaml
@@ -44,6 +44,7 @@ qawarnings:
     - dependency.badindev
     - dependency.badmaskedindev
     - dependency.badtilde
+    - dependency.equalsversion
     - dependency.missingslot
     - dependency.perlcore
     - DESCRIPTION.toolong
diff --git a/repoman/pym/repoman/modules/scan/depend/_depend_checks.py b/repoman/pym/repoman/modules/scan/depend/_depend_checks.py
index 79fd0a0c2..690b95aa0 100644
--- a/repoman/pym/repoman/modules/scan/depend/_depend_checks.py
+++ b/repoman/pym/repoman/modules/scan/depend/_depend_checks.py
@@ -152,6 +152,15 @@ def _depend_checks(ebuild, pkg, portdb, qatracker, repo_metadata, qadata):
 						qacat, "%s: %s uses the ~ operator"
 						" with a non-zero revision: '%s'" %
 						(ebuild.relative_path, mytype, atom))
+				# plain =foo-1.2.3 without revision or *
+				if atom.operator == "=" and '-r' not in atom.version:
+					qacat = 'dependency.equalsversion'
+					qatracker.add_error(
+						qacat, "%s: %s uses the = operator with"
+						" no revision: '%s'; if any revision is"
+						" acceptable, use '~' instead; if only -r0"
+						" then please append '-r0' to the dep" %
+						(ebuild.relative_path, mytype, atom))
 
 				check_missingslot(atom, mytype, ebuild.eapi, portdb, qatracker,
 					ebuild.relative_path, ebuild.metadata)