alint - linting labels and tags
A label and a tag are 2 attributes given to each test in alint, a label is composed by a collection of words separated by dashes and it is meant to convey the general idea of what the test does. A tag is a string with AL followed by an integer, those being assigned in increasing order as new tests are made but never re-using old ones.
tests can be skipped by setting an environment variable composed of SKIP_ + the label in uppercase with the dashes replaced by underscore or by setting an environment variable composed of SKIP_ + the tag.
Severity is assigned to each tag and indicates how serious the violation found is:
Will cause problems during build or when the package is delivered to users. Should be fixed immediately.
Might cause problems during build or when the package is delivered to users in certain situations. Should be fixed soon.
Won’t directly cause issues during build or when the package is delivered to users. Should be fixed when convenient.
This also holds style issues that are dictated on the CODINGSTYLE.md file.
Won’t cause any issues, are specific style issues pertinent to a concerned developer or contributor. the APKBUILD_STYLE variable can be set to a specific value to enable a subset of checks that the specific developer or user uses.
When a check belongs to this category this manual page also provides information on which developers use a specific style check as developers can sometimes both want to have the same check done on their own style.
Current valid values are:
• leo (style linting for leo)
Certainty is assigned to each tag and indicates how certain a test is that the violation found is not a false positive
The test is certain that this is not a false positive
The test is not certain that this is a false positive, but there is a high chance it isn’t
The following is a table of every tag, along with its tag, label, severity, certainty, along with linter (which binary checks for it) and fixer (whether apkbuild-fixer can fix it automatically).
The following labels and tags are used by the aports-lint program.
The Package being introduced is already present in another repo. Solve the conflict by:
• If the
package in the uppermost repo has more recent changes, merge
them.
• Then delete the package in the upper repo.
Duplicate packages will shadow each other in the repo and the one with the higher version will win, it can also cause programs to compile against the wrong version of a package. E.g: if main/foo-1-r0 and testing/foo-2-r0 exist and main/bar is updated to version 2 which requires foo>=2-r0 then it will fail because it will only find main/foo-1-r0 and not testing/foo-2-r0.
Severity: Serious, Certainty: Certain
The package depends on a package in a upper repo. The package must be moved to the upper repo or the dependency moved to the repo the package is.
Packages cannot depend on a package on an upper repo. Packages in main cannot depend on packages in other repos. Packages in community can depend on main and itself only. Packages in testing can depend on main, community and itself only. Packages in unmaintained can depend on package on any repo but non-free.
Severity: Serious, Certainty: Certain
The APKBUILD has duplicate depends. One of them must be removed.
Declaring duplicate dependencies is superfluous.
Severity: Minor, Certainty: Certain
The package makedepends on a package in a upper repo. The package must be moved to the upper repo or the dependency moved to the repo the package is.
Packages cannot makedepend on a package on an upper repo. Packages in main cannot makedepend on packages in other repos. Packages in community can depend on main and itself only. Packages in testing can makedepend on main, community and itself only. Packages in unmaintained can makedepend on packages of any repo but non-free.
Severity: Serious, Certainty: Certain
The APKBUILD has duplicate makedepends. One of them must be removed.
Declaring duplicate dependencies is superfluous.
Severity: Minor, Certainty: Certain
The package checkdepends on a package in a upper repo. The package must be moved to the upper repo or the dependency moved to the repo the package is.
Packages cannot checkdepend on a package on an upper repo. Packages in main cannot checkdepend on packages in other repos. Packages in community can checkdepend on main and itself only. Packages in testing can checkdepend on main, community and itself only. Packages in unmaintained can checkdepend on package on any repo but non-free.
Severity: Serious, Certainty: Certain
The APKBUILD has duplicate checkdepends. One of them must be removed.
Declaring duplicate dependencies is superfluous.
Severity: Minor, Certainty: Certain
The pkgname variable of the APKBUILD has value foo but the directory in which the APKBUILD is found is not named foo
Severity: Important, Certainty: Certain
A package is present in 2 to 3 of the 3 types of following dependencies: depends, makedepends and checkdepends. All of them are installed during creation of the package, please specify only once in the lowest common denominator location.
Severity: Important, Certainty: Certain
A package is present in depends, makedepends or checkdepends that is considered deprecated.
The deprecated packages are hard-coded into aports-lint with the option of adding custom ones via CUSTOM_DEPRECATED_PACKAGES variable. They are considered no longer fit for usage in Alpine Linux and should be removed IMMEDIATELY.
Severity: Serious, Certainty: Certain
A patch specified in ‘$sources‘ is missing a description. The description should at the very least explain why the patch is necessary.
Severity: Minor, Certainty: Certain
The following labels and tags are used by the apkbuild-lint program
The value of builddir matches the default of $srcdir/$pkgname-$pkgver. The builddir declaration can be removed.
Starting with v2.29.0 (Alpine version 3.3) of abuild the value is set automatically.
Some packages are excluded from this as they are built by abuild during bootstrap and as such are built with the pkgname plus the -bootstrap suffix.
More packages can be added to the exceptions by passing a whitespace-separated list in the variable CUSTOM_BOOTSTRAP_PACKAGES.
Severity: Minor, Certainty: Certain
The APKBUILD has || return 1 statements. They can be safely removed.
Starting with version v2.15.0 of abuild the building process is executed with set -e effectively adding a || return 1 to every command.
Severity: Minor, Certainty: Certain
The APKBUILD’s pkgname variable is quoted. It must not be quoted.
Severity: Minor, Certainty: Certain
The APKBUILD’s pkgver variable is quoted. It must not be quoted.
Severity: Minor, Certainty: Certain
The APKBUILD has variables that are empty values, they can safely be removed.
Empty variables can be removed to make the APKBUILD smaller and more concise.
Severity: Minor, Certainty: Certain
The APKBUILD has custom variables that are not prefixed with an underscore. prefix the variables with underscore.
Variables that do no affect behavior of abuild should be prefixed with an underscore so maintainers and contributors can easily distinguish their importance.
Severity: Important, Certainty: Certain
The APKBUILD is using spaces instead of tabs for indenting. Replace the spaces with tabs.
APKBUILDs use tab characters (t) not spaces for indentation.
Severity: Important, Certainty: Certain
The APKBUILD has trailing whitespace characters. Remove them.
Trailing whitespace is superfluous.
Severity: Important, Certainty: Certain
The APKBUILD uses backticks for running a shell command, use ‘$()‘ instead.
Severity: Serious, Certainty: Possible
The APKBUILD uses the function keyword to declare a function. Use function() instead.
the function keyword is a bashism. abuild uses Posix-compliant shell with the local keyword.
Severity: Serious, Certainty: Certain
The APKBUILD has a space character between the name of a function and the parenthesis that denote it is a function. Remove the superfluous space.
Severity: Minor, Certainty: Certain
The APKBUILD doesn’t have a space after the function parenthesis or has more than one space. Use only one space after the function parenthesis.
Severity: Minor, Certainty: Certain
The APKBUILD has a newline before the opening brace of a function. Put the opening brace in the same line as the declaration with one space after the function parenthesis.
Severity: Minor, Certainty: Certain
The APKBUILD has cd "$builddir" statements that are superfluous. Remove them.
Staring with v3.3.0 of abuild the prepare, build, check and package functions automatically have their working directory set to the value of builddir. It is also possible that there are 2 cd "$builddir" statements one after the other.
Severity: Minor, Certainty: Possible
pkgname has uppercase characters, pkgname must have only lowercase characters.
More pkgnames can be added to the exceptions by passing a whitespace-separated list in the variable CUSTOM_UPPERCASE_PKGNAMES.
Severity: Serious, Certainty: Certain
pkgver has -r followed by a number, that is reserved for the relaease of a package as defined by the pkgrel variable.
Severity: Serious, Certainty: Certain
_builddir is set instead of builddir, which is an old variable from before builddir existed as a concept understood by abuild.
Severity: Serious, Certainty: Certain
A variable declaration containing only integers should not be quoted.
Severity: Minor, Certainty: Certain
"$pkgname" is used in the source url. This tightly couples the pkgname to the upstream name, which makes it harder to rename packages or create specialized / variants of packages.
Instead, use the upstream name fully written out. This only counts for the url itself, not the local archive name prefix.
Severity: Minor, Certainty: Certain
Usage of double underscore in variables is forbidden, use always one underscore for variables that are not used by abuild.
Severity: Minor, Certainty: Certain
Variables should have no capitalized letters
Severity: Minor, Certainty: Certain
Variable has braces around it while it is not required, remove the braces.
Severity: Minor, Certainty: Possible
The variables ‘cpandepends‘, ‘cpanmakedepends‘ and ‘cpancheckdepends‘ were created by the apkbuild-cpan program but are now deprecated and their contents must be merged into the contents of its respective variable.
Severity: Minor, Certainty: Certain
Don’t overwrite ‘CFLAGS‘, ‘GOFLAGS‘, ‘CPPFLAGS‘, ‘CXXFLAGS‘ and ‘FFLAGS‘. There flags are generally defined outside the of the APKBUILD and should not be overwritten because they contain important flags that should not be discarded. Instead, expand the variable. For example: ‘CFLAGS="$CFLAGS .."‘
It is still possible to change the flags by using variable substitution. For example: ‘CFLAGS="${CFLAGS/-Dflag}"‘
This list might be expanded as more variables are found that should not be overwritten.
Severity: Serious, Certainty: Certain
A option in the option= variable has a value that is not used by abuild, while it most likely won’t cause any problems it is considered good form to remove it.
The variable VALID_CUSTOM_OPTIONS can be used to denote other options that are acceptable, it takes a whitespace-separated list.
Severity: Minor, Certainty: Certain
The prepare() function is defined but a call to default_prepare (which applies all patches in source=) is missing. Please add default_prepare where appropriate in the definition of prepare().
Severity: Serious, Certainty: Certain
The variable ’arch’ in the APKBUILD has an invalid value in it, the only options are the name of the arches used by Alpine Linux and the strings ’noarch’ and ’all’.
The acceptable arches are taken from /usr/share/abuild/functions.sh as those are the ones recognized by abuild and thus Alpine Linux as valid arches, if you have other arches, read below.
The variable CUSTOM_VALID_ARCHES can be used to denote other arches that are to be considered valid, it takes a whitespace-separated list.
Severity: Serious, Certainty: Certain
The pkgver matches a regex for a bad version, this means that the pkgver is a version that is not desirable, like a testing/experimental branch.
The variable CUSTOM_BAD_VERSIONS can be used to add more pkgname@regexes... combinations, separated by whitespace.
Severity: Important, Certainty: Certain
The given URL is volatile and will change checksum due to unexpected factors.
The most common example is GitHub pull-requests/GitLab Merge Requests which change as the author pushes commits, another is GitHub commits which might change as GitHub changes their version of Git in their infrastructure.
Severity: Serious, Certainty: Certain
OpenRC service files need to use ‘#!/sbin/openrc-run‘ to properly work. See https://github.com/OpenRC/openrc/blob/master/service-script-guide.md#syntax-of-service-scripts for more details.
Severity: Important, Certainty: Certain
It’s discouraged to write custom start / stop function for service files. In most cases it suffices to define ‘command‘, ‘command_args‘, and ‘pidfile‘. See https://github.com/OpenRC/openrc/blob/master/service-script-guide.md#dont-write-your-own-startstop-functions for more information.
Severity: Important, Certainty: Certain
The secfixes header is missing a colon at the end.
Severity: Serious, Certainty: Certain
The pkgver-pkgrel header is colon at the end.
Severity: Serious, Certainty: Certain
The pkgver-pkgrel header has an invalid pkgver.
Severity: Serious, Certainty: Certain
The pkgver-pkgrel header has an invalid pkgrel.
Severity: Serious, Certainty: Certain
The security identifier is missing a leading hyphen.
Severity: Serious, Certainty: Certain
The CVE identifier has too many or too few leading whitespaces, it must have exactly 5 whitespaces between the comment marker and the mapping hyphen.
Severity: Serious, Certainty: Certain
The pkgver-pkgrel header has too many or too few leading whitespaces, it must have exactly 3 whitespaces between the comment marker and the mapping hyphen.
Severity: Serious, Certainty: Certain
The CVE identifier is not formatted correctly, please check the output string for the reason why.
Severity: Minor, Certainty: Certain
The GNUTLS-SA identifier is not formatted correctly, please check the output string for the reason why.
Severity: Minor, Certainty: Certain
An unknown identifier was passed, if it is a legitimate identifier then please contact the authors to add support for it.
Severity: Minor, Certainty: Certain
The XSA identifier is not formatted correctly, please check the output string for the reason why.
Severity: Minor, Certainty: Certain
There are duplicate values of known identifiers. While this doesn’t cause problems while building it may cause false positives for users that rely on our secdb to know if something is fixed.
Severity: Serious, Certainty: Certain
The GHSL identifier is not formatted correctly, please check the output string for the reason why.
Severity: Minor, Certainty: Certain