lp:ubuntu/wily-proposed/click-reviewers-tools

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #1219644: Account plugins should be made confinable by apparmor

High

Confirmed

Link a bug report

Related blueprints

34. By Jamie Strandboge on 2015-10-09

[ Jamie Strandboge ]
* multiple 'desktop' hooks should only be 'info' these days (LP: #1496402)
* verify snaps that use 'bus-name' are of 'type: framework'
* clickreviews/cr_lint.py:
  - snappy package.yaml defaults to 'architectures' and 'architecture' is
    deprecated. Adjust and add a warning for deprecation.
  - arm64 is a valid architecture now
  - don't warn on libc6 libraries with check_external_symlinks
  - don't traceback on broken symlinks when checking for hardcoded paths
    (LP: #1502962)
* clickreviews/cr_security.py: don't complain about missing AppArmor
  template vars if we detect this is unconfined boilerplate policy

33. By Jamie Strandboge on 2015-09-10

[ Alberto Mardegan ]
* clickreviews/cr_online_accounts.py: Do not check for "type" element in OA
  .service files
* clickreviews/cr_online_accounts.py: Support the new "accounts" hook

[ Jamie Strandboge ]
* clickreviews/cr_common.py: add peer_hooks_link to __init__ and use it
  as the link for missing and disallowed hooks
* clickreviews/cr_online_accounts.py: set peer_hooks_link to use
  https://wiki.ubuntu.com/SecurityTeam/Specifications/OnlineAccountsConfinement
* clickreviews/tests/test_cr_online_accounts.py: don't stub or check for
  "type" element in OA .service files
* Makefile: make sure check-names.list is up to date via 'make check'

[ Ricardo Kirkner ]
* Refactor to abstract check name generation.
  This will be used in a follow up branch to normalize check names in a way
  that allows extracting semantic meaning of check names from review results
  data.
* build name from review_type, prefix, app and extra parts using : as
  separator
* list all possible check types by running tests and extracting seen check
  names

[ Daniel Holbach ]
* Fix pep8 issues.

32. By Jamie Strandboge on 2015-07-09

* data/apparmor-easyprof-ubuntu.json: add "keep-display-on" to ubuntu
  common policy
* cr_security.py:
  - webapps may use "keep-display-on"
  - error if security-policy specified in snaps
* cr_lint.py:
  - give link to frameworks guide if framework specified
  - do not error if apparmor-profile specified with snap (handled by above
    change)

31. By Jamie Strandboge on 2015-07-07

* cr_security.py:
  - webview is not required with ubuntu-account-plugin
  - bin-path and systemd hooks shouldn't be used any more to ascertain if an
    app is a service or binary since snappy build is no longer adding them
    and snappy install ignores them (LP: #1472296)
* cr_common.py: comment that snappy-systemd hook is deprecated
* cr_lint.py: comment that snappy-systemd hook is deprecated
* cr_systemd.py:
  - directly parse package.yaml instead of parsing deprecated snappy-systemd
    hook
  - remove snappy-systemd hook checks now that it is ignored by snappy
    install in stable releases
* cr_bin_path.py: remove bin-path hook checks now that it is ignored by
  snappy install in stable releases

30. By Jamie Strandboge on 2015-06-26

* cr_security.py: verify required and allowed policy groups with the
  ubuntu-account-plugin template (LP: #1468792)
* cr_systemd.py: whitespace pep8 fixes for trusty to fix FTBFS in SDK
  staging ppa

29. By Jamie Strandboge on 2015-06-25

* README: add notes on where to upload review tools to keep projects in sync
* cr_online_accounts.py: account-provider and account-qml-plugin can now be
  allowed if used with apparmor (LP: #1219644)
* cr_security.py:
  - verify when account-provider and account-qml-plugin are used that the
    security manifest uses the "ubuntu-account-plugin" template
  - correctly update the cached json if needed
* apparmor_policy.py: fix bug that prevented get_policy_file() from working

28. By Jamie Strandboge on 2015-06-10

[ Jamie Strandboge ]
* Makefile: perform run-pyflakes in check target
* cr_systemd.py: add bus-name checks and update testsuite
* add security yaml checks
* cr_lint.py: don't allow same key in 'binaries' and 'services'
* cr_lint.py: implement hashes.yaml checks
* update README
* cr_desktop.py: add check to help transition away from obsoleted
  ubuntu-html5-app-launcher
* cr_common.py: remove snappy 'integration' checks
* cr_systemd.py: implement ports checks
* cr_systemd.py, cr_bin_path.py: error out if services or binaries is empty,
  repectively
* cr_lint.py: update pkgname checks for snaps-- shouldn't have '.' in the
  name
* cr_lint.py: add snappy-config checks
* cr_lint.py: maintainer isn't needed in compat click manifest for snaps
  that don't specify vendor
* debian/control: Depends on binutils (for 'ar')

[ Marcus Tomlinson ]
* cr_scope.py: add "keywords" to the list of optional scope .ini keys

27. By Jamie Strandboge on 2015-05-01

cr_security.py: add ubuntu-sdk-15.04 framework and policy version
(LP: #1449368)

26. By Daniel Holbach on 2015-04-20

[ Michael Vogt ]
* Fixed a number of issues raised by pyflakes.

[ Ricardo Kirkner ]
* support overrides in all click-check scripts
* refactored click checks to avoid duplication
* handle checks from branch as well as installed system-wide when running
  all checks

[ Jamie Strandboge ]
* update bin-path tests for new binaries yaml
* 'oem' is a valid type
* handle missing 'hooks' in manifest with oem snaps (LP: #1434279)
* cr_common.py: add config, immutable-config and oem in support of oem snaps
* obsolete framework click hook and meta/*.framework
* don't allow 'type: framework' to specify 'frameworks'
* fix click-show-files with native snaps
* click-show-files should show package.yaml
* add framework policy checks
* update systemd tests to check package.yaml
* .strip() whitespace in control_description_match
* check_package_filename() store downloads packages with _all instead of
  _multi. Account for that. We may want to remove this check entirely.
* cr_security.py: adjust for ubuntu-core/15.04 policy changes
* cr_security.py: policy_vendor is no longer redflagged
* cr_lint.py: don't strip 'all' from compat architecture list on snappy
* cr_lint.py: don't review unused control['Architecture'] on snappy

[ Fabian Ezequiel Gallina ]
* fix missing import on clickreviews/cr_framework.py
* add test for non-string framework

[ Alex Abreu ]
* fix webapp exec with no homepage url or with exec field code (LP:
  #1441185)

[ James Westby ]
* Drop the checks on the package name in the filename.
  The filename doesn't matter, and the store generates it anyway,
  so checking it is a waste, and keeps breaking as we change the
  rules.

25. By Jamie Strandboge on 2015-03-18

* don't fail if DEBIAN/md5sums doesn't exist with snap packages. The snap
  package format uses a different method for integrity checking
* add bin/click-check-systemd
* adjust bin/click-run-checks to call click-check-systemd