[meta] APKBUILD linter, sanity checker, fixer, consistifier, whatever tool
This is a meta issue to track various requirements around what will become an APKBUILD
auditing tool. It will live in scripts/
and be run as a pre-receive
(or update
) hook.
Basic requirements (still in flux):
-
Conform to POSIX shell -
Consistent formatting (newlines, tabs, alphabetizing, separation of .patch
from.*
) -
Greedy $pkgname-$pkgver
(ensure no cases of/foo/foo/foo-$pkgver
) -
Check for required use of ${}
variables, e.g.${pkgname}_${pkgver}
-
Ensure all packages have a maintainer, or some placeholder? -
Check/remove unused variables, see: #836 (comment 11725) -
Check/remove unused functions, redundant subpackages, and things like that. -
Ensure no duplicate sha512sums
or stale garbage in it. (abuild checksum
sometimes isn't perfect) -
Ensure dependencies such as autoconf
,automake
,libtool
are not present if they are not needed. Maybe look through commit history to see ifprepare()
(./autogen.sh
orautoreconf -i
or similar) had been removed butmakedepends
was not updated? Heuristic of course. -
Check that circular dependencies are not introduced (see ./scripts/depsort
) -
Check that impossible dependencies are not created (e.g. arch="!ppc"
paired with conditionaldepends="${depends} libfoo"
) -
Check that dependencies continue to resolve correctly (no delete package that is still needed) -
Tool to unpack and do ./configure --help
(or similar), save the output to a new repo so we candiff
the current options to previous ones. -
Check that all files present (adjacent to APKBUILD
) are referenced, used, or consumed in some way. Error if unused files. This needs to be reliable to be useful. -
Ensure all comments are properly formatted (to whatever format we agree) -
Ensure all provides
,replaces
, and!foo
are present and accurate -
Ensure all permissions are correct (e.g. #280)
Other resources: