Skip to main content

FreeBSD ports tree lint

Project description

Installation

Once you have installed Python and its packages manager pip, use one of the following commands, depending on if you want only this tool, the full set of PNU tools, or PNU plus a selection of additional third-parties tools:

pip install pnu-portstreelint
pip install PNU
pip install 'PNU[freebsd]' # if you use a platform other than FreeBSD
pip install pytnix

PortsTreeLint(8)

NAME

portstreelint - FreeBSD ports tree lint

SYNOPSIS

portstreelint [--show-cat|-C] [--show-mnt|-M] [--cat|-c LIST] [--mnt|-m LIST] [--port|-p LIST] [--plist NUM] [--broken NUM] [--deprecated NUM] [--forbidden NUM] [--unchanged NUM] [--check-host|-h] [--check-url|-u] [--output|-o FILE] [--debug] [--info] [--version] [--help|-?] [--]

DESCRIPTION

The portstreelint utility checks the FreeBSD ports tree Index and some parts of the ports' Makefiles for errors and warnings.

By default it will scan the whole port tree, but you can select a subset of the ports with the options --cat|-c for categories, --mnt|-m for maintainers and --port|-p for ports. All these options expect a parameter which can be a single item or a comma-separated list of items. If you combine several of these operators they will perform as a logical AND.

The --mnt|-m option defaults to @FreeBSD.org for unspecified domains.

In order to know which categories or maintainers are available for selection, you can use the --show-cat|-C and --show-mnt|-M options to view all the categories and maintainers with their number of associated ports.

The two costlier analysis are disabled by default. You can check if the port's www sites hostnames are resolvable with the --check-host|-h option (takes about 15 minutes on the whole port tree). And you can check if the port's www sites URL are available with the --check-url|-u option, which implies the previous one (takes about 6 hours on the whole port tree).

The checks list includes:

  • Nonexistent Makefile
  • Nonexistent INDEX:port-path
  • Unusual INDEX:installation-prefix (warning)
  • Too long INDEX:comments (> 70 characters) (warning)
  • Uncapitalized INDEX:comments
  • INDEX:comments ending with a dot
  • INDEX:comments different from Makefile:COMMENT
  • Nonexistent INDEX:description-file
  • URL ending INDEX:description-file
  • INDEX:description-file content same as INDEX:comment
  • INDEX:description-file content no longer than INDEX:comment
  • Nonexistent pkg-plist, Makefile:PLIST_FILES/PLIST/PLIST_SUB (debug)
  • Makefile:PLIST_FILES abuse (warning)
  • INDEX:maintainer different from Makefile:MAINTAINER
  • Unofficial categories (warning)
  • INDEX:categories different from Makefile:CATEGORIES
  • Empty INDEX:www-site
  • Unresolvable INDEX:www-site (optional)
  • Unaccessible INDEX:www-site (optional)
  • INDEX:www-site different from Makefile:WWW
  • Ports marked as BROKEN, DEPRECATED, FORBIDDEN, IGNORE, RESTRICTED (info)
  • Ports marked with an EXPIRATION_DATE (warning)
  • Ports marked as BROKEN, FORBIDDEN or DEPRECATED for too long (warning)
  • Ports unchanged for a long time (info)
  • Makefile:PORTVERSION and Makefile:DISTVERSION used simultaneously
  • VuXML vulnerabilities for the current port versions (warning)

It's possible to change the default values for PLIST_FILES abuse, BROKEN_since, DEPRECATED_since, FORBIDDEN_since and Unchanged_since with the --plist, --broken, --deprecated, --forbidden and --unchanged options, followed by a number of files for the first one and a number of days for the others.

Finally, there's a --output|-o option to generate a CSV delimited file with the per-maintainer findings to a specified filename. This allows for automated processing of the results, such as, for example, sending warning emails, storing results and displaying only diffs since previous run...

OPTIONS

Options Use
--show-cat|-C Show categories with ports count
--show-mnt|-M Show maintainers with ports count
--cat|-c LIST Select only the comma-separated categories in LIST
--mnt|-m LIST Select only the comma-separated maintainers in LIST
--port|-p LIST Select only the comma-separated ports in LIST
--plist NUM Set PLIST_FILES abuse to NUM files
--broken NUM Set BROKEN since to NUM days
--deprecated NUM Set DEPRECATED since to NUM days
--forbidden NUM Set FORBIDDEN since to NUM days
--unchanged NUM Set Unchanged since to NUM days
--check-host|-h Enable checking hostname resolution (long!)
--check-url|-u Enable checking URL (very long!)
--output|-o Enable per-maintainer CSV output to FILE
--debug Enable logging at debug level
--info Enable logging at info level
--version Print version and exit
--help|-? Print usage and this help message and exit
-- Options processing terminator

ENVIRONMENT

The PTLINT_DEBUG environment variable can be set to any value to enable debug mode.

FILES

The whole port tree under /usr/ports

  • as root, get the last version with "portsnap fetch update"

/usr/ports/INDEX-xx

  • where xx is the major version of FreeBSD that you are using (as I write this xx=14). As root, get the last version with "cd /usr/ports ; make fetchindex" or rebuild it from your port tree with "cd /usr/ports ; make index"

EXIT STATUS

The portstreelint utility exits 0 on success, and >0 if an error occurs.

EXAMPLES

To analyze the full port tree in the background, do:

$ nohup portstreelint --info -hu > stdout.txt 2> stderr.txt &

Results for this example are available there:

To analyze the full port tree in the background and generate a CSV file, do:

$ nohup portstreelint -huo csv_results.txt > /dev/null 2>&1 &

Results for this example are available there:

To analyze the ports of a specific maintainer identified by id@domain, do:

$ portstreelint --info -m id@domain

SEE ALSO

lint(1), portlint(1), vuxml(3)

STANDARDS

The portstreelint utility is not a standard UNIX command.

This implementation tries to follow the PEP 8 style guide for Python code.

PORTABILITY

None. Works only on FreeBSD, but who needs anything else?

HISTORY

While working on the 4th version of the pysec2vuxml tool, I noticed there were errors in the FreeBSD port Index, so I built the portlint2 tool to analyze this more thoroughly...

After discussions on the freebsd-ports mailing list an interest in checking port vulnerabilities arose, which led me to convert that standalone command into a Python package in order to benefit from my vuxml library.

LICENSE

It is available under the 3-clause BSD license.

AUTHORS

Hubert Tournier

CAVEATS

The IGNORE mark check is not reliable because this tool doesn't parse the ports' Makefiles, but just loads their variables without regard to the conditional tests that may surround them.

PORTREVISION is not taken into account in the vulnerabilities check which may leads to reporting false positives. The ports using exotic versioning schemes will also be skipped because the library we use for version comparisons is geared toward Python ports and limited for this usage.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pnu-portstreelint-1.1.3.tar.gz (21.9 kB view details)

Uploaded Source

Built Distribution

pnu_portstreelint-1.1.3-py3-none-any.whl (29.7 kB view details)

Uploaded Python 3

File details

Details for the file pnu-portstreelint-1.1.3.tar.gz.

File metadata

  • Download URL: pnu-portstreelint-1.1.3.tar.gz
  • Upload date:
  • Size: 21.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.0.0 CPython/3.9.18

File hashes

Hashes for pnu-portstreelint-1.1.3.tar.gz
Algorithm Hash digest
SHA256 4ac31474b950fa13d28e6756d99361dd7da00600ae5c98bd6c2fe017684fe9d5
MD5 5765809847d243a5a02eb9a2219dc8f1
BLAKE2b-256 b2689b97f57171579828c76dc462723c47e71e3432b1b7ab00cacaadd13b350e

See more details on using hashes here.

File details

Details for the file pnu_portstreelint-1.1.3-py3-none-any.whl.

File metadata

File hashes

Hashes for pnu_portstreelint-1.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 b08278365844ac241de8ac55b738e49f10b1f8112c01c01e1cffa36e2dcdae05
MD5 27d0c3be69044069afaab665c9720438
BLAKE2b-256 71b44f2936bdc298d423f207ec886006d57d9d10a28699ba11708e030acbca3e

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page