Change log for click-reviewers-tools package in Ubuntu
| 1 → 50 of 50 results | First • Previous • Next • Last |
| Deleted in artful-release (Reason: always out of date. use snap instead) |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
click-reviewers-tools (0.46) zesty; urgency=medium
[ Jamie Strandboge ]
* add snapd interfaces for up to and including snapd 2.24
* sr_lint.py:
- don't flag reference, Canonical and accepted vendor kernel and gadgets
- adjust error text for check_meta_gui_desktop()
- don't warn when using 'grade' with 'type: os'
- only check for presence of Exec= in desktop file since there is no
guarantee that the binary will match a command name
- add check_hooks() (LP: #1586465)
- add check_hooks_plugs()
- add check_assumes() (LP: #1586429)
- don't flag 'core' os snap for manual review
- linux-generic-bbb is allowed as a kernel
- remove interface checks that are now handled by sr_declaration.py
- powerpc is a valid arch
- remove check_license_agreement() and check_license_version() since they
are no longer support (LP: 1605068)
- support confinement: classic
- add check_apps_aliases()
- handle ms, ns and us granularities, integers larger than 60 and fix a
traceback in stop-timeout error reporting (LP: #1654451)
- remove unsupported 'daemon: dbus' and add 'daemon: notify'
- don't allow specifying interfaces with 'confinement: classic'
(LP: 1655369)
- add a mechanism to override certain snaps that use a desktop interface
but don't require a desktop file (LP: #1670162)
- allow ints and floats as values for env variables
* sr_security.py:
- whitelist a few files for Canonical demo snaps
- add 'core' snap to sec_mode_overrides
- remove interface checks that are now handled by sr_declaration.py
- remove policy_vendor and policy_version checks since they don't apply
to declaration checks
- allow sticky dirs in the squashfs since some stage-packages ship them
- allow overriding snaps that can use browser-support with daemon
* common.py:
- remove 'application/octet-stream; charset=binary' from
magic_binary_file_descriptions to reduce false positives in
_list_all_compiled_binaries() (LP: #1591253)
- don't traceback in recursive_rm if encounter a directory we cannot read
- allow snaps to symlink to SNAP and SNAP_DATA in find_external_symlinks()
- 'icon' is an allowed optional field
- 'aliases' is allowed as an optional apps field
* sr_common.py:
- add 'content' and 'default-provider' as valid attributes
for the content interface
- add 'privileged-containers' as valid attribute for docker-support
- don't read in old apparmor policy or use aa_policy dict and use only
the base declaration
- add 'dbus' attributes
- add in progress unity8 interface
- adjust _verify_pkgname() for snapd commit 88665e9a
* add sr_declaration.py:
- check snap.yaml against base and snap declarations
* add bin/create-snap-declaration.py
* cr_common.py: refactor anything that uses aa_policy from common.py
* bin/click-review:
- support --plugs and --slots and apply them as snap declaration overrides
- support --allow-classic and apply it as 'confinement: classic' override
* setup.cfg: fix deprecation warnings with pep8
[ Celso Providelo ]
* sr_lint.py: support 'grade' field in snap-v2 (LP: #1618123)
-- Jamie Strandboge <email address hidden> Tue, 28 Mar 2017 20:46:43 +0000
Available diffs
- diff from 0.45 to 0.46 (44.5 KiB)
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
click-reviewers-tools (0.45) yakkety; urgency=medium
* data/apparmor-easyprof-ubuntu.json:
- move all snappy interfaces into 'common' since snapd requires manually
connecting privileged interfaces
- refresh for newest interfaces
* sr_lint.py:
- don't flag ubuntu-core OS snap for manual review
- don't flag certain snap names for manual review for particular
interfaces
- mark 'confinement' with incorrect snap types as 'info' to workaround
snapcraft always adding it (safe because snapd ignores it)
- don't flag pc-kernel, pi2-kernel and dragonboard-kernel for manual
review
- 'type: gadget' is valid with 'confinement'
- add meta/gui/*.desktop checks for Exec=
- warn if plugging desktop interfaces without specifying and desktop files
- don't error if find binaries in gadget snaps in check_architecture_all()
* sr_common.py:
- content interface 'read' and 'write' are lists, not strings
* sr_security.py:
- specifying slots with gadgets should not trigger manual review
- don't allow 'browser-support' with 'daemon'
- add file checks from unsquashfs -lls output
* bin/click-review: show traceback if for runtime errors
-- Jamie Strandboge <email address hidden> Mon, 29 Aug 2016 12:22:17 -0500
Available diffs
- diff from 0.44 to 0.45 (12.5 KiB)
click-reviewers-tools (0.44~16.04.1) xenial-proposed; urgency=medium
[ Jamie Strandboge ]
* data/apparmor-easyprof-ubuntu.json:
- add pulseaudio interface
- add bluetooth policy group for Touch for 15.04 and higher
- add location-observe and location-control
- move all core interfaces to 'common'
- add gsettings interface
- set home to auto-approve
- add mpris interface
- add camera interface
- add optical-drive interface
- add serial-port interface
- add content interface
* clickreviews/common.py:
- don't fail on libmvec.so since it comes from libc6 too (LP: #1584346)
- extend the regex to also match ld-linux-x86-64.so.2
* sr_common.py:
- update _verify_pkgname() and _verify_appname() to use the same regex as
in snapd and various tests
- update attributes to be slots or plugs side and cleanup code for
specifying attributes
* bin/click-review, clickreviews/modules.py: exit '1' if error with
init_object or running checks
* sr_lint.py:
- support 'environment' key in yaml (LP: #1583259)
- support 'confinement' key in yaml
* sr_security.py:
- specifying mpris slot should not warn
- adjust profile name length checks to use series 16 security label format
* run_tests: exit non-zero with failures, errors or unexpectedSuccesses
* cr_lint.py:
- 'puritine' is a known, but redflagged hook
- skip external symlinks and md5sums checks for puritine (since we expect
external symlinks and the hash checks fail on broken symlinks)
- 'puritine' hook should not be used with 'apparmor'
* clickreviews/apparmor_policy.py: adjust for rename of store team
(LP: #1608943)
[ Celso Providelo ]
* support for interface abbreviated syntax (LP: #1595184)
-- Jamie Strandboge <email address hidden> Tue, 02 Aug 2016 08:43:31 -0500
Available diffs
- diff from 0.43~14.04.1 to 0.44~16.04.1 (10.0 KiB)
click-reviewers-tools (0.44) yakkety; urgency=medium
[ Jamie Strandboge ]
* data/apparmor-easyprof-ubuntu.json:
- add pulseaudio interface
- add bluetooth policy group for Touch for 15.04 and higher
- add location-observe and location-control
- move all core interfaces to 'common'
- add gsettings interface
- set home to auto-approve
- add mpris interface
- add camera interface
- add optical-drive interface
- add serial-port interface
- add content interface
* clickreviews/common.py:
- don't fail on libmvec.so since it comes from libc6 too (LP: #1584346)
- extend the regex to also match ld-linux-x86-64.so.2
* sr_common.py:
- update _verify_pkgname() and _verify_appname() to use the same regex as
in snapd and various tests
- update attributes to be slots or plugs side and cleanup code for
specifying attributes
* bin/click-review, clickreviews/modules.py: exit '1' if error with
init_object or running checks
* sr_lint.py:
- support 'environment' key in yaml (LP: #1583259)
- support 'confinement' key in yaml
* sr_security.py:
- specifying mpris slot should not warn
- adjust profile name length checks to use series 16 security label format
* run_tests: exit non-zero with failures, errors or unexpectedSuccesses
* cr_lint.py:
- 'puritine' is a known, but redflagged hook
- skip external symlinks and md5sums checks for puritine (since we expect
external symlinks and the hash checks fail on broken symlinks)
- 'puritine' hook should not be used with 'apparmor'
* clickreviews/apparmor_policy.py: adjust for rename of store team
(LP: #1608943)
[ Celso Providelo ]
* support for interface abbreviated syntax (LP: #1595184)
-- Jamie Strandboge <email address hidden> Tue, 02 Aug 2016 08:23:46 -0500
Available diffs
- diff from 0.43 to 0.44 (9.9 KiB)
click-reviewers-tools (0.43~14.04.1) xenial-proposed; urgency=medium
[ Jamie Strandboge ]
* sr_lint.py:
- kernel snaps may have external symlinks
- handle top-level plugs and slots with yaml data as 'null' (LP: #1579201)
- add epoch checks (LP: #1583298)
- .pyc are arch-independent, so don't complain about them
- add confinement checks (LP: #1580819)
* data/apparmor-easyprof-ubuntu.json:
- add opengl interface as 'common' (LP: #1572140)
- add reserved bluez, network-manager and location-observe interfaces
* sr_security.py:
- remove last reference to 'cap'
- turn resquash test into info for now until the squashfs-tools bugs are
fixed and this is a reliable check
* when 'confinement' is 'devmode', override the result type to 'info'
- common.py: add override_result_type to allow in support of 'confinement'
overrides
- sr_common.py: add _devmode_override()
- sr_security.py: use override_result_type if in devmode
- LP: #1584231
-- Jamie Strandboge <email address hidden> Fri, 20 May 2016 16:06:55 -0500
Available diffs
- diff from 0.42 to 0.43~14.04.1 (6.4 KiB)
click-reviewers-tools (0.43) yakkety; urgency=medium
[ Jamie Strandboge ]
* sr_lint.py:
- kernel snaps may have external symlinks
- handle top-level plugs and slots with yaml data as 'null' (LP: #1579201)
- add epoch checks (LP: #1583298)
- .pyc are arch-independent, so don't complain about them
- add confinement checks (LP: #1580819)
* data/apparmor-easyprof-ubuntu.json:
- add opengl interface as 'common' (LP: #1572140)
- add reserved bluez, network-manager and location-observe interfaces
* sr_security.py:
- remove last reference to 'cap'
- turn resquash test into info for now until the squashfs-tools bugs are
fixed and this is a reliable check
* when 'confinement' is 'devmode', override the result type to 'info'
- common.py: add override_result_type to allow in support of 'confinement'
overrides
- sr_common.py: add _devmode_override()
- sr_security.py: use override_result_type if in devmode
-- Jamie Strandboge <email address hidden> Fri, 20 May 2016 16:01:16 -0500
Available diffs
- diff from 0.42 to 0.43 (6.3 KiB)
| Superseded in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
click-reviewers-tools (0.42) xenial; urgency=medium
* add test to verify snapd-control is reserved
* sr_lint.py: implement interface slots checks
* sr_security.py: implement interface slots checks (force manual review for
now when specifying slots)
* debian/links: create snap-review symlink to click-review
-- Jamie Strandboge <email address hidden> Thu, 21 Apr 2016 09:10:27 -0500
Available diffs
- diff from 0.41 to 0.42 (5.2 KiB)
click-reviewers-tools (0.41) xenial; urgency=medium * sr_lint.py: verify key name in the apps dictionary (LP: #1570914) -- Jamie Strandboge <email address hidden> Fri, 15 Apr 2016 10:24:17 -0500
Available diffs
- diff from 0.40 to 0.41 (1.1 KiB)
click-reviewers-tools (0.40) xenial; urgency=medium * sr_lint.py: ppc64el and s390x are valid architectures * add bool-file interface tests * remove obsoleted old-security interface checks * properly handle app 'plugs' without toplevel 'plugs' (LP: #1569226) * implement native plugs and app plugs checks -- Jamie Strandboge <email address hidden> Wed, 13 Apr 2016 15:19:47 -0500
Available diffs
- diff from 0.39 to 0.40 (11.1 KiB)
click-reviewers-tools (0.39) xenial; urgency=medium
* bin/click-review:
- exit 1 if fatal error, 2 if found errors/warnings and 3 if found
warnings (LP: #1523255)
- make help output more verbose (including return codes)
- add overrides as optional positional argument
* [cs]r_lint.py: change the order of the checks so that an obsolete or
deprecated in the override takes precedence over 'available'
* migrate from skills to interfaces (LP: #1549427)
* sr_security.py:
- improve requash failure error message
- short-circuit if squashfs has symlinks (LP: 1555305)
- os snap is not built with -all-root, ignore checksum mismatch
* cr_security.py: webapps may now use camera, microphone and connectivity
* sr_lint.py:
- adjust for stop -> stop-command and poststop -> post-stop-command
- make unknown field warning for apps more clear
- normalize path specified in snap.yaml for command
* remove type framework, frameworks and bus-name checks since frameworks
aren't supported on 16.04 (LP: #1557126)
* debian/control: Build-Depends on pyflakes3 instead of pyflakes
-- Jamie Strandboge <email address hidden> Tue, 22 Mar 2016 10:37:09 -0500
Available diffs
- diff from 0.38 to 0.39 (20.8 KiB)
click-reviewers-tools (0.38) xenial; urgency=medium * sr_security.py: add check_squashfs_resquash() -- Jamie Strandboge <email address hidden> Fri, 26 Feb 2016 08:41:28 -0600
Available diffs
- diff from 0.37 to 0.38 (2.8 KiB)
click-reviewers-tools (0.37) xenial; urgency=medium
[ Jamie Strandboge ]
* cr_lint.py: 'accounts' hook was added in 15.04.1. The other checks are
already in place since r553 which missed this addition
* refactor and make less click-centric such that click and snap v1 tests
use existing scripts and snap v2 will use new scripts. The cr_* tests have
16.04 checks removed (since this simplifies them and this code won't be
run any way)
* add bin/detect-package and detect_package()
* rename unpack-click as unpack-package
* add snap v2 lint checks (LP: #1532842)
* add snap v2 security checks
* squashfs snaps no longer require manual review
* debian/control: bump squashfs-tools to Depends and add to Build-Depends
[ James Tait ]
* cr_lint.py: Don't check for the presence of readme.md if the package is a
squashfs filesystem. Snappy 2.0 uses squashfs as its file format, and
doesn't require readme.md.
-- Jamie Strandboge <email address hidden> Mon, 22 Feb 2016 16:41:14 -0600
Available diffs
- diff from 0.36 to 0.37 (65.1 KiB)
click-reviewers-tools (0.36) xenial; urgency=medium
[ Daniel Holbach ]
* Add check if suspected (using python-magic) compiled binaries
aren't actually just message catalogs (.mo files) (LP: #1530894).
[ Martin Albisetti ]
* add gadget type
[ Michael Vogt ]
* Merge partial support for snap.yaml in 16.04
-- Jamie Strandboge <email address hidden> Mon, 01 Feb 2016 11:37:35 -0600
Available diffs
- diff from 0.35.1 to 0.36 (3.6 KiB)
click-reviewers-tools (0.35.1) xenial; urgency=medium * No change rebuild for newer python3 -- Jamie Strandboge <email address hidden> Mon, 01 Feb 2016 10:07:35 -0600
Available diffs
- diff from 0.35 to 0.35.1 (312 bytes)
click-reviewers-tools (0.35) xenial; urgency=medium
[ Jamie Strandboge ]
* clickreviews/cr_systemd.py:
- add checks for listen-stream, socket, socket-user and socket-group
- remove vendor checks with bus-name (LP: #1510522)
* clickreviews/cr_security.py:
- make sure that the generated profile name is under the current 253
character maximum. This might have to be adjusted after the AppArmor
stacking work is completed (LP: #1499544)
- adjust for xenial snappy defaulting to using 'network-client' instead
of 'networking'
- use 'NEEDS REVIEW' instead of 'MANUAL REVIEW'
* clickreviews/cr_lint.py:
- check if package ships .click directory
- add a few more vcs files
- remove vendor-specific checks. 'vendor' is still allowed for
compatibility with older snappy versions, but no formatting checks are
performed (LP: #1510522)
- 'Maintainer' checks in the click manifest should only be done with click
packages (LP: #1510522)
- don't prompt manual review when find .excludes file
- add kernel and os as valid snap types
- remove package filename checks. They were meaningless and hard to
maintain
- sort unknown snappy yaml keys
- use 'NEEDS REVIEW' instead of 'MANUAL REVIEW'
* clickreviews/cr_common.py:
- add valid yaml keys for kernel snaps
- add a couple more mime types for detecting binaries (useful for arm
kernels)
* update data/apparmor-easyprof-ubuntu.json for 16.04 policy
* Makefile: add json syntax check
* several changes for squashfs snaps that won't have a click manifest, etc.
Importantly, this means that only package.yaml is looked at and a lot of
click specific tests can be skipped
- cr_common.py:
+ rename a few variable to not be click specific
+ add self.pkgfmt
+ adjust __init__() to conditionally use package.yaml on squashfs,
otherwise click manifest
+ make click data structure initialization conditional on if click
or not (eg, don't run hooks code on squashfs images)
- adjust clickreviews/cr_* to conditionally run certain click-only tests
on click packages
- adjust architecture checks to use self.pkg_arch and rename
control_architecture_specified_needed as architecture_specified_needed
- cr_security.py:
+ revamp to use package.yaml on non-click instead of now nonexistent
security manifest
+ update push-helper template test to not make hooks specific
+ network-client should not be allowed with push helpers either
+ conditionally look for INSTALL_DIR on 16.04 systems in security-policy
+ adjust security-override checks on 16.04 to follow 16.04 yaml
+ make click manifest checks conditional on if click
- cr_tests.py: mock _pkgfmt_type(), _pkgfmt_version() and _is_squashfs()
[ Michael Nelson ]
* add support for non-mocked tests
[ Michael Vogt ]
* add support for squashfs snaps (currently will trigger manual review)
[ Daniel Holbach ]
* Pass absolute path of click or snap file - that way it's safe even if we
chdir (LP: #1514346).
* Allow translated scope .ini fields to have 3 letters as their lang_code
identifier, ie. 'ast'. (LP: #1517017)
* Ensure "urls" is not empty (LP: #1522777)
[ James Tait ]
* Add a handful of links to askubuntu questions to explain some of the
rejection messages.
[ Alberto Mardegan ]
* Allow "accounts" hook since the 15.04.1 framework
* Online Accounts: update to latest plugin hook format (LP: #1520605)
[ Marcus Tomlinson ]
* Forbid the internal "DebugMode" scope.ini key from making its way into the
store (LP: #1511063)
-- Jamie Strandboge <email address hidden> Mon, 14 Dec 2015 16:09:52 -0600
Available diffs
- diff from 0.34 to 0.35 (32.0 KiB)
| Superseded in xenial-release |
| Obsolete in wily-release |
| Deleted in wily-proposed (Reason: moved to release) |
click-reviewers-tools (0.34) wily; urgency=medium [ Jamie Strandboge ] * multiple 'desktop' hooks should only be 'info' these days (LP: #1496402) * verify snaps that use 'bus-name' are of 'type: framework' * clickreviews/cr_lint.py: - snappy package.yaml defaults to 'architectures' and 'architecture' is deprecated. Adjust and add a warning for deprecation. - arm64 is a valid architecture now - don't warn on libc6 libraries with check_external_symlinks - don't traceback on broken symlinks when checking for hardcoded paths (LP: #1502962) * clickreviews/cr_security.py: don't complain about missing AppArmor template vars if we detect this is unconfined boilerplate policy -- Jamie Strandboge <email address hidden> Fri, 09 Oct 2015 17:47:39 -0500
Available diffs
- diff from 0.33 to 0.34 (4.9 KiB)
click-reviewers-tools (0.33) wily; urgency=medium
[ Alberto Mardegan ]
* clickreviews/cr_online_accounts.py: Do not check for "type" element in OA
.service files
* clickreviews/cr_online_accounts.py: Support the new "accounts" hook
[ Jamie Strandboge ]
* clickreviews/cr_common.py: add peer_hooks_link to __init__ and use it
as the link for missing and disallowed hooks
* clickreviews/cr_online_accounts.py: set peer_hooks_link to use
https://wiki.ubuntu.com/SecurityTeam/Specifications/OnlineAccountsConfinement
* clickreviews/tests/test_cr_online_accounts.py: don't stub or check for
"type" element in OA .service files
* Makefile: make sure check-names.list is up to date via 'make check'
[ Ricardo Kirkner ]
* Refactor to abstract check name generation.
This will be used in a follow up branch to normalize check names in a way
that allows extracting semantic meaning of check names from review results
data.
* build name from review_type, prefix, app and extra parts using : as
separator
* list all possible check types by running tests and extracting seen check
names
[ Daniel Holbach ]
* Fix pep8 issues.
-- Jamie Strandboge <email address hidden> Thu, 10 Sep 2015 11:17:00 -0500
Available diffs
- diff from 0.32 to 0.33 (22.6 KiB)
click-reviewers-tools (0.32) wily; urgency=medium
* data/apparmor-easyprof-ubuntu.json: add "keep-display-on" to ubuntu
common policy
* cr_security.py:
- webapps may use "keep-display-on"
- error if security-policy specified in snaps
* cr_lint.py:
- give link to frameworks guide if framework specified
- do not error if apparmor-profile specified with snap (handled by above
change)
-- Jamie Strandboge <email address hidden> Thu, 09 Jul 2015 08:57:26 -0500
Available diffs
- diff from 0.28 to 0.32 (12.8 KiB)
- diff from 0.31 to 0.32 (2.0 KiB)
click-reviewers-tools (0.31) wily; urgency=medium
* cr_security.py:
- webview is not required with ubuntu-account-plugin
- bin-path and systemd hooks shouldn't be used any more to ascertain if an
app is a service or binary since snappy build is no longer adding them
and snappy install ignores them (LP: #1472296)
* cr_common.py: comment that snappy-systemd hook is deprecated
* cr_lint.py: comment that snappy-systemd hook is deprecated
* cr_systemd.py:
- directly parse package.yaml instead of parsing deprecated snappy-systemd
hook
- remove snappy-systemd hook checks now that it is ignored by snappy
install in stable releases
* cr_bin_path.py: remove bin-path hook checks now that it is ignored by
snappy install in stable releases
-- Jamie Strandboge <email address hidden> Tue, 07 Jul 2015 15:11:15 -0500
Available diffs
- diff from 0.30 to 0.31 (9.0 KiB)
click-reviewers-tools (0.30) wily; urgency=medium
* cr_security.py: verify required and allowed policy groups with the
ubuntu-account-plugin template (LP: #1468792)
* cr_systemd.py: whitespace pep8 fixes for trusty to fix FTBFS in SDK
staging ppa
-- Jamie Strandboge <email address hidden> Fri, 26 Jun 2015 09:27:09 -0500
Available diffs
- diff from 0.29 to 0.30 (1.7 KiB)
click-reviewers-tools (0.29) wily; urgency=medium
* README: add notes on where to upload review tools to keep projects in sync
* cr_online_accounts.py: account-provider and account-qml-plugin can now be
allowed if used with apparmor (LP: #1219644)
* cr_security.py:
- verify when account-provider and account-qml-plugin are used that the
security manifest uses the "ubuntu-account-plugin" template
- correctly update the cached json if needed
* apparmor_policy.py: fix bug that prevented get_policy_file() from working
-- Jamie Strandboge <email address hidden> Thu, 25 Jun 2015 17:54:21 -0500
Available diffs
- diff from 0.28 to 0.29 (2.9 KiB)
click-reviewers-tools (0.28) wily; urgency=medium
[ Jamie Strandboge ]
* Makefile: perform run-pyflakes in check target
* cr_systemd.py: add bus-name checks and update testsuite
* add security yaml checks
* cr_lint.py: don't allow same key in 'binaries' and 'services'
* cr_lint.py: implement hashes.yaml checks
* update README
* cr_desktop.py: add check to help transition away from obsoleted
ubuntu-html5-app-launcher
* cr_common.py: remove snappy 'integration' checks
* cr_systemd.py: implement ports checks
* cr_systemd.py, cr_bin_path.py: error out if services or binaries is empty,
repectively
* cr_lint.py: update pkgname checks for snaps-- shouldn't have '.' in the
name
* cr_lint.py: add snappy-config checks
* cr_lint.py: maintainer isn't needed in compat click manifest for snaps
that don't specify vendor
* debian/control: Depends on binutils (for 'ar')
[ Marcus Tomlinson ]
* cr_scope.py: add "keywords" to the list of optional scope .ini keys
-- Jamie Strandboge <email address hidden> Wed, 10 Jun 2015 16:07:33 -0500
Available diffs
- diff from 0.27 to 0.28 (18.8 KiB)
click-reviewers-tools (0.25.1) vivid; urgency=medium
* Fix 'Invalid framework "ubuntu-sdk-15.04"' error.
Change is already in wily and corresponds to r453 in
clickreviews/cr_security.py. (LP: #1449368)
-- Daniel Holbach <email address hidden> Tue, 05 May 2015 18:07:42 +0200
Available diffs
- diff from 0.25 to 0.25.1 (535 bytes)
click-reviewers-tools (0.27) wily; urgency=medium
* cr_security.py: add ubuntu-sdk-15.04 framework and policy version
(LP: #1449368)
-- Jamie Strandboge <email address hidden> Fri, 01 May 2015 10:46:57 -0500
Available diffs
- diff from 0.24~snappy0.14.04.1 (in ~snappy-dev/ubuntu/beta) to 0.27 (78.7 KiB)
- diff from 0.24~snappy0.14.10.1 (in ~snappy-dev/ubuntu/beta) to 0.27 (78.7 KiB)
- diff from 0.19~snappy1 (in ~snappy-dev/ubuntu/tools) to 0.27 (pending)
- diff from 0.26~snappy0.14.04.1 (in ~snappy-dev/ubuntu/tools) to 0.27 (63.6 KiB)
- diff from 0.26 (in ~snappy-dev/ubuntu/tools) to 0.27 (63.5 KiB)
- diff from 0.26~snappy0.14.10.1 (in ~snappy-dev/ubuntu/tools) to 0.27 (63.7 KiB)
- diff from 0.25 to 0.27 (66.1 KiB)
| Superseded in wily-release |
| Obsolete in vivid-release |
| Deleted in vivid-proposed (Reason: moved to release) |
click-reviewers-tools (0.25) vivid; urgency=medium
[ Michael Vogt ]
* Fixed a number of issues raised by pyflakes.
[ Ricardo Kirkner ]
* support overrides in all click-check scripts
* refactored click checks to avoid duplication
* handle checks from branch as well as installed system-wide when running
all checks
[ Jamie Strandboge ]
* update bin-path tests for new binaries yaml
* 'oem' is a valid type
* handle missing 'hooks' in manifest with oem snaps (LP: #1434279)
* cr_common.py: add config, immutable-config and oem in support of oem snaps
* obsolete framework click hook and meta/*.framework
* don't allow 'type: framework' to specify 'frameworks'
* fix click-show-files with native snaps
* click-show-files should show package.yaml
* add framework policy checks
* update systemd tests to check package.yaml
* .strip() whitespace in control_description_match
* check_package_filename() store downloads packages with _all instead of
_multi. Account for that. We may want to remove this check entirely.
* cr_security.py: adjust for ubuntu-core/15.04 policy changes
* cr_security.py: policy_vendor is no longer redflagged
* cr_lint.py: don't strip 'all' from compat architecture list on snappy
* cr_lint.py: don't review unused control['Architecture'] on snappy
[ Fabian Ezequiel Gallina ]
* fix missing import on clickreviews/cr_framework.py
* add test for non-string framework
[ Alex Abreu ]
* fix webapp exec with no homepage url or with exec field code (LP:
#1441185)
[ James Westby ]
* Drop the checks on the package name in the filename.
The filename doesn't matter, and the store generates it anyway,
so checking it is a waste, and keeps breaking as we change the
rules.
-- Daniel Holbach <email address hidden> Mon, 20 Apr 2015 17:26:18 +0200
Available diffs
- diff from 0.24 to 0.25 (32.7 KiB)
click-reviewers-tools (0.24) vivid; urgency=medium
* don't fail if DEBIAN/md5sums doesn't exist with snap packages. The snap
package format uses a different method for integrity checking
* add bin/click-check-systemd
* adjust bin/click-run-checks to call click-check-systemd
-- Jamie Strandboge <email address hidden> Wed, 18 Mar 2015 14:27:51 -0500
Available diffs
- diff from 0.23 to 0.24 (1.6 KiB)
click-reviewers-tools (0.23) vivid; urgency=medium * fix pep8 warning when building on trusty
Available diffs
- diff from 0.22 to 0.23 (657 bytes)
click-reviewers-tools (0.22) vivid; urgency=medium
[ Alexandre Abreu ]
* Relax the rule that states that webapps with a model search path shouldn't
have url patterns listed in the command line. In order to avoid confusion,
we allow this to happen (and it already works fine the command line
patterns being appended to the locally defined ones). (LP: #1406643)
[ Jamie Strandboge ]
* add testsuite test to verify apparmor-profile can't be specified with
apparmor
* add apparmor-profile hook tests
* fix test_check_optional_domain_suffix_without_protocol2() to actually test
with 'nonexistent' key
* debian/control:
- add python3-yaml to Build-Depends and Depends
- update Vcs-Bzr to point to lp:click-reviewers-tools
* add snappy-systemd hook tests and update the testsuite accordingly
* apparmor-profile hook may be used anywhere apparmor can be, but not with
apparmor itself (apparmor-profile is still redflagged)
* implement snappy package.yaml lint tests
* implement snappy package.yaml services tests
* implement snappy readme.md lint tests
* implement snappy package.yaml binaries tests
* one more snappy workaround for check_package_filename()
-- Jamie Strandboge <email address hidden> Mon, 09 Mar 2015 15:08:44 -0500
Available diffs
- diff from 0.21 to 0.22 (29.6 KiB)
click-reviewers-tools (0.21) vivid; urgency=medium
[ Pete Woods ]
* Add childscopes field to recognised list.
* Add documentation link of the scope config files:
CONFIGFILES in lp:unity-scopes-api.
[ Michael Vogt ]
* snappy: add two new optional fields: source, type.
[ Jamie Strandboge ]
* also use <email address hidden> to signify a core-app
* calculate arch correctly in check_package_filename()
* add ubuntu-core-15.04 to self.major_framework_policy
* add checks for self.major_framework_policy to policy_vendor checks
* bin-path should no longer require snappy-systemd hook
* warn, don't error, on 'Could not find compiled binaries for architecture'
since it might be ok to, for example, ship a shell script but you only
want it on ARM devices
* apparmor-profile is an allowed hook, but a redflagged one
* don't error that apparmor is missing if apparmor-profile is present
[ Daniel Holbach ]
* Deal with multi-arch clicks properly. (LP: #1395204)
-- Daniel Holbach <email address hidden> Tue, 03 Mar 2015 14:17:13 +0100
Available diffs
- diff from 0.20 to 0.21 (5.7 KiB)
click-reviewers-tools (0.20) vivid; urgency=medium
[ Martin Albisetti ]
* Remove checks that validate namespaces and email addresses, those are
better suited for the store, which knows the information about the
uploading user. (LP: #1408644)
-- Daniel Holbach <email address hidden> Wed, 14 Jan 2015 12:12:25 +0100
Available diffs
- diff from 0.19 to 0.20 (2.2 KiB)
click-reviewers-tools (0.19) vivid; urgency=medium
[ Ricardo Kirkner ]
* fetch framework data before running framework related checks
* use mtime instead of ctime to check remote file freshness
* allow specifying overrides for framework checks
* handle case when overrides data is malformed
[ Alexandre Abreu ]
* add support for local html5 app launch mode for webapp-container
(LP: #1388988)
[ Jamie Strandboge ]
* open scopes .ini file as utf8 (LP: #1371692)
* allow for translatable fields in the scopes .ini file (LP: #1392133)
* don't require desktop hook with systemd or framework
* com.ubuntu.snappy can use <email address hidden>
(LP: #1395007)
* add bin-path click hook checks and tests (LP: #1395001)
* add preliminary framework hook checks and tests (LP: #1395004)
* refactor hooks checks into parent class (LP: #1395005)
* sort click-review results in print_findings
* add preliminary systemd hook checks and tests
* update apparmor policy json and adjust security checks to properly handle
different policy vendors
* update data/apparmor-easyprof-ubuntu.json for 1.3
* don't warn if specifying 'default' with ubuntu-snappy vendor
* systemd hook renamed to snappy-systemd
* allow filenames to end with .snap
* allow flat namesapces in check_maintainer_email()
[ Daniel Holbach ]
* Add askubuntu explanation for policy_version_is_highest.
* Add askubuntu explanation for debug builds. (LP: #1390163)
-- Daniel Holbach <email address hidden> Tue, 16 Dec 2014 17:07:36 +0100
Available diffs
- diff from 0.18 to 0.19 (36.3 KiB)
| Superseded in vivid-release |
| Obsolete in utopic-release |
| Deleted in utopic-proposed (Reason: moved to release) |
click-reviewers-tools (0.18) utopic; urgency=medium * Let setup.py handle non-ascii characters in d/changelog. -- Daniel Holbach <email address hidden> Wed, 15 Oct 2014 10:32:57 +0200
Available diffs
- diff from 0.17 to 0.18 (622 bytes)
click-reviewers-tools (0.17) utopic; urgency=medium * webapps may use content_exchange_source (LP: #1380694) * online accounts shouldn't specify id and should warn when they do. (LP: #1380534) * click-show-files: cleanup unpack directory at end -- Jamie Strandboge <email address hidden> Tue, 14 Oct 2014 11:35:43 -0500
Available diffs
- diff from 0.16 to 0.17 (2.4 KiB)
click-reviewers-tools (0.16) utopic; urgency=medium * add i386 and amd64 to self.valid_control_architectures -- Jamie Strandboge <email address hidden> Thu, 09 Oct 2014 09:02:55 -0500
Available diffs
- diff from 0.15 to 0.16 (1.4 KiB)
click-reviewers-tools (0.15) utopic; urgency=medium
* don't error in check_application() if no scope or desktop hook when pay-ui
hook is present
* updates for push security checks:
- apps may specify push-notification-client
- push-helpers must use the new 'ubuntu-push-helper' template
-- Jamie Strandboge <email address hidden> Wed, 08 Oct 2014 15:15:53 -0500
Available diffs
- diff from 0.14 to 0.15 (1.6 KiB)
click-reviewers-tools (0.14) utopic; urgency=medium
* don't error when account-provider and account-qml-plugin does not also
have apparmor policy. There is no policy for these yet so the errors
are confusing
* add Makefile for some convenience functions
* reuse the unpacked click dir
-- Jamie Strandboge <email address hidden> Thu, 02 Oct 2014 15:15:58 -0500
Available diffs
- diff from 0.13 to 0.14 (2.8 KiB)
click-reviewers-tools (0.13) utopic; urgency=medium
* reduce to 'info' when security policy does not end with .apparmor
(LP: #1358317)
-- Jamie Strandboge <email address hidden> Wed, 01 Oct 2014 08:09:42 -0500
Available diffs
- diff from 0.11 to 0.13 (3.8 KiB)
- diff from 0.12 to 0.13 (829 bytes)
click-reviewers-tools (0.12) utopic; urgency=medium [ Jamie Strandboge ] * traceback in a more friendly way if the json can't be parsed * adjust click-review --sdk to start reporting again (LP: #1375787) * add additional tests for online accounts (LP: #1357211) * explicitly mark 'networking' as bad policy group when using push-notification-client (it was already implicitly bad) -- Jamie Strandboge <email address hidden> Wed, 01 Oct 2014 07:14:33 -0500
Available diffs
- diff from 0.11 to 0.12 (3.4 KiB)
click-reviewers-tools (0.11) utopic; urgency=medium
[ Jamie Strandboge ]
* allow 'accounts' policy group with network scopes.
* fix fetch URL for apparmor json to point to json file, not html page
(LP: #1375326)
* check if security policy does not end with .apparmor (LP: #1358317)
* cleanup all the temp directories on shutdown (LP: #1370577)
* shouldn't warn when app is coreapp when it uses x-source or x-test
(LP: #1371180)
[ Daniel Holbach ]
* be clearer about unloadable ClickReview classes.
-- Jamie Strandboge <email address hidden> Mon, 29 Sep 2014 17:01:58 -0500
Available diffs
- diff from 0.10 to 0.11 (3.5 KiB)
click-reviewers-tools (0.10) utopic; urgency=medium
[ Daniel Holbach ]
* Split out code to find Click*Review classes in the clickreviews package
into its own module, add tests for it.
* Refactor bin/click-review to make it easier to extend.
* Add --sdk option, so the SDK can start using it. (LP: #1363857)
* Safeguard against broken clickreviews check modules, or modules that are
still in development. (LP: #1364449)
[ Jamie Strandboge ]
* There is now a special pay-ui hook instead of the payui app reusing the
desktop hook. We added a check for manual review for when the 'pay-ui'
hook was implemented in previous commits, but now we should adjust the
cr_desktop.py hook to not error when the pay-ui hook is specified but
the desktop hook is not.
* The accounts policy group is now a common policy group (14.10) and
webapps more fully integrate with accounts these days, so don't flag
accounts as unusual any more.
* Mark checks requiring manual review by using a special key in the json
data.
* Add commented out camera policy group to list of ok policygroups for
webapps.
[ Ricardo Kirkner ]
* Updated frameworks.json using myapps api. (LP: #1363096)
-- Daniel Holbach <email address hidden> Wed, 24 Sep 2014 16:10:43 +0200
Available diffs
- diff from 0.9 to 0.10 (8.0 KiB)
click-reviewers-tools (0.9) utopic; urgency=medium
[ Jamie Strandboge ]
* data/frameworks.json: add ubuntu-sdk-14.10-qml-dev3
* make missing --enable-back-forward informational for webapp desktop file
checks
[ Daniel Holbach ]
* special-case 'com.ubuntu.scopes'.
[ Pete Woods ]
* Match scope review with actual ini file specifications. (LP: #1350427)
* Point to the correct scope ini path.
[ Daniel Holbach ]
* Add 'click-review', a more versatile approach to what 'click-run-checks'
was doing. (LP: #1355215)
* Run pep8 during the build.
-- Daniel Holbach <email address hidden> Wed, 20 Aug 2014 16:03:35 +0200
Available diffs
- diff from 0.8 to 0.9 (5.2 KiB)
click-reviewers-tools (0.8) utopic; urgency=medium [ Zoltan Balogh ] * Give an error if the app is using deprecated Friends API (LP: #1340869) [ Martin Albisetti, Daniel Holbach ] * refactor the way we handle frameworks into a central static list which should be easy to update. [ Jamie Strandboge ] * updated clickreviews/cr_tests.py for 14.10*dev2 * bin/repack-click: use -Zgzip when repacking to remain compatible with debfile (ie, click install) * warn on new hooks * implement url-dispatcher hook checks * implement scope hook checks * implement content-hub hook checks * debian/control: Build-Depends and Depends on python3-lxml * implement account-* hook checks * redflag the upcoming pay-ui hook * update security tests to not require apparmor-easyprof-ubuntu or apparmor-easyprof by using a static list to ease updating * debian/control: drop Build-Depends and Depends on apparmor-easyprof and apparmor-easyprof-ubuntu * update data/apparmor-easyprof-ubuntu.json to not include friends policy group in 1.2 (LP: #1340869) * refactor the way we handle apparmor policy into a central static list which should be easy to update. * implement push-helper tests (LP: #1346481) [ Daniel Holbach ] * refer to documentation about click in case we encounter .deb packages. * fix some pep8 warnings. -- Daniel Holbach <email address hidden> Fri, 25 Jul 2014 16:20:24 +0200
Available diffs
- diff from 0.7.1 to 0.8 (38.6 KiB)
click-reviewers-tools (0.7.1) utopic; urgency=medium
* Merge r198:
[ Jamie Strandboge ]
- ubuntu-scope-local-content template is no longer available.
-- Daniel Holbach <email address hidden> Thu, 05 Jun 2014 16:21:33 +0200
Available diffs
- diff from 0.6 to 0.7.1 (4.3 KiB)
- diff from 0.7 to 0.7.1 (1.2 KiB)
click-reviewers-tools (0.7) utopic; urgency=medium
[ Daniel Holbach ]
* clickreviews/cr_lint.py: add link to more info about "Please use newer
framework". Thanks Alan Pope.
[ Jamie Strandboge ]
* add 14.10 frameworks. Thanks Martin Albisetti for initial patch
* 13.10 frameworks should be deprecated instead of obsolete and warn when
using deprecated framework
* add click scopes checks
* special case <email address hidden>
* implement check_hooks() lint tests
* debian/control: Depends on apparmor-easyprof-ubuntu >= 1.2.2
(LP: #1324121)
-- Jamie Strandboge <email address hidden> Wed, 28 May 2014 23:48:04 +0200
Available diffs
- diff from 0.6 to 0.7 (4.1 KiB)
click-reviewers-tools (0.6) utopic; urgency=medium
[ Daniel Holbach ]
* d/control: bump apparmor-easyprof-ubuntu requirement to 1.0.44.
This should safeguard against #1292418 (test-suite failing on saucy).
* clickreviews/cr_desktop.py: check for deprecated execs, add
cordova-ubuntu-2.8 to the list. (LP: #1307533)
[ Jamie Strandboge ]
* clickreviews/cr_security.py:
- webview policy can be used by webapps
- content_exchange policy can be used by webapps (LP: #1308184)
- clickreviews/tests/test_cr_security.py: tests for above
- warn if webview not used with ubuntu-webapp template on non-13.10
frameworks
* clickreviews/cr_lint.py: obsolete ubuntu-sdk-13.10 framework
* clickreviews/cr_functional.py: warn if using UbuntuWebView 0.1
-- Jamie Strandboge <email address hidden> Mon, 28 Apr 2014 13:01:08 -0500
Available diffs
- diff from 0.5build1 to 0.6 (3.9 KiB)
| Superseded in utopic-release |
| Published in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
click-reviewers-tools (0.5build1) trusty; urgency=medium * No-change rebuild to drop Python 3.3 support. -- Matthias Klose <email address hidden> Sun, 23 Mar 2014 15:28:00 +0000
Available diffs
- diff from 0.5 to 0.5build1 (319 bytes)
click-reviewers-tools (0.5) trusty; urgency=medium [ Jamie Strandboge ] * mock self.supported_policy_versions * support multiple frameworks on system in security tests * add/update tests for multiple frameworks in security tests -- Daniel Holbach <email address hidden> Thu, 27 Feb 2014 15:30:51 +0100
Available diffs
- diff from 0.4 to 0.5 (3.9 KiB)
click-reviewers-tools (0.4) trusty; urgency=medium [ Daniel Holbach ] * Check for broken icon paths in .desktop files. (LP: #1257429) * Add initial set of askubuntu answers. * Add ubuntu-html5-app-launcher to expected_execs. [ Jamie Strandboge ] * Documented and clarified the use of the scripts. * Fix crash in __del__. (LP: #1282652) * Add webapp-container tests. * Document bzr hook to run tests. -- Daniel Holbach <email address hidden> Wed, 22 Jan 2014 17:59:26 +0100
Available diffs
- diff from 0.3 to 0.4 (6.0 KiB)
click-reviewers-tools (0.3) trusty; urgency=medium
* d/compat: bump to 9.
* d/control:
- bump Standards-Version,
- drop X-Python-Version, we have X-Python3-Version,
- programmatical -> programmatic
* d/copyright: fix license mistake (GPL-3+ vs. GPL-3)
-- Daniel Holbach <email address hidden> Wed, 22 Jan 2014 17:38:47 +0100
click-reviewers-tools (0.2) trusty; urgency=low * Initial release (LP: #1230248) -- Daniel Holbach <email address hidden> Wed, 25 Sep 2013 14:32:32 +0200
| 1 → 50 of 50 results | First • Previous • Next • Last |
