Canonical Click Reviewers tools (obsolete)

Give warning if the apparmor file does have other extension than .apparmor

Bug #1358317 reported by Zoltan Balogh on 2014-08-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Canonical Click Reviewers tools (obsolete)	Fix Released	Undecided	Jamie Strandboge

Bug Description

From the upcoming release of the Ubuntu SDK, the manifest and apparmor files are going to be moved from the Publish page to the project editing area.
To list and offer files in the editor we need defined mime types. Both the manifest and the apparmor files need to be identified and discovered by the SDK tools. For that we need standard name for both. The manifest file is the manifest.json, but the apparmor hook is set in the manifest file and so far it accepted any file name.

In the future only *.apparmaror scheme should be accepted. In order to gracefully force the existing apps to change the apparmor file name to .apparmor we need a warning from the c-r-t when the application is using other scheme.

Related branches

lp:ubuntu/utopic-proposed/click-reviewers-tools

Jamie Strandboge (jdstrand) on 2014-09-29

Changed in click-reviewers-tools:
status:	New → In Progress
assignee:	nobody → Jamie Strandboge (jdstrand)

Jamie Strandboge (jdstrand) on 2014-09-29

Changed in click-reviewers-tools:
status:	In Progress → Fix Committed

Jamie Strandboge (jdstrand) on 2014-09-29

Changed in click-reviewers-tools:
status:	Fix Committed → Fix Released

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2014-10-01:

The click-reviewers team discussed and we feel that marking this as a warning is too much. The majority of existing apps use a .json extension since that is what the SDK did and documentation recommended, and some people may choose not to use the SDK to develop click packages. The file extension doesn't actually matter-- the file just needs to be parseable json and then the security checks are run.

That said, I think the check is valid and useful for the SDK. I will be updating the click-reviewers-tools to retain the check, but mark is as 'info'. This means that the check won't block acceptance in the store, it supports existing apps and documention and supports users not using the sdk, but allows the sdk to look at the 'info' json and flag it within the sdk.

Here is example output:
$ ./bin/click-review --sdk <path/to/click>
= lint =
{
  "error": {},
  "info": {
...
    "lint_sdk_security_extension_foo": {
      "manual_review": false,
      "text": "foo.json does not end with .apparmor (ok if not using sdk)"
    },
...
  "warn": {}
}

Changed in click-reviewers-tools:
status:	Fix Released → In Progress

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2014-10-01:

Ok, 0.13 implements this as 'info' rather than 'warn', which should give the sdk what it needs to flag this issue.

Changed in click-reviewers-tools:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.