Changelog
click-reviewers-tools (0.35) xenial; urgency=medium
[ Jamie Strandboge ]
* clickreviews/cr_systemd.py:
- add checks for listen-stream, socket, socket-user and socket-group
- remove vendor checks with bus-name (LP: #1510522)
* clickreviews/cr_security.py:
- make sure that the generated profile name is under the current 253
character maximum. This might have to be adjusted after the AppArmor
stacking work is completed (LP: #1499544)
- adjust for xenial snappy defaulting to using 'network-client' instead
of 'networking'
- use 'NEEDS REVIEW' instead of 'MANUAL REVIEW'
* clickreviews/cr_lint.py:
- check if package ships .click directory
- add a few more vcs files
- remove vendor-specific checks. 'vendor' is still allowed for
compatibility with older snappy versions, but no formatting checks are
performed (LP: #1510522)
- 'Maintainer' checks in the click manifest should only be done with click
packages (LP: #1510522)
- don't prompt manual review when find .excludes file
- add kernel and os as valid snap types
- remove package filename checks. They were meaningless and hard to
maintain
- sort unknown snappy yaml keys
- use 'NEEDS REVIEW' instead of 'MANUAL REVIEW'
* clickreviews/cr_common.py:
- add valid yaml keys for kernel snaps
- add a couple more mime types for detecting binaries (useful for arm
kernels)
* update data/apparmor-easyprof-ubuntu.json for 16.04 policy
* Makefile: add json syntax check
* several changes for squashfs snaps that won't have a click manifest, etc.
Importantly, this means that only package.yaml is looked at and a lot of
click specific tests can be skipped
- cr_common.py:
+ rename a few variable to not be click specific
+ add self.pkgfmt
+ adjust __init__() to conditionally use package.yaml on squashfs,
otherwise click manifest
+ make click data structure initialization conditional on if click
or not (eg, don't run hooks code on squashfs images)
- adjust clickreviews/cr_* to conditionally run certain click-only tests
on click packages
- adjust architecture checks to use self.pkg_arch and rename
control_architecture_specified_needed as architecture_specified_needed
- cr_security.py:
+ revamp to use package.yaml on non-click instead of now nonexistent
security manifest
+ update push-helper template test to not make hooks specific
+ network-client should not be allowed with push helpers either
+ conditionally look for INSTALL_DIR on 16.04 systems in security-policy
+ adjust security-override checks on 16.04 to follow 16.04 yaml
+ make click manifest checks conditional on if click
- cr_tests.py: mock _pkgfmt_type(), _pkgfmt_version() and _is_squashfs()
[ Michael Nelson ]
* add support for non-mocked tests
[ Michael Vogt ]
* add support for squashfs snaps (currently will trigger manual review)
[ Daniel Holbach ]
* Pass absolute path of click or snap file - that way it's safe even if we
chdir (LP: #1514346).
* Allow translated scope .ini fields to have 3 letters as their lang_code
identifier, ie. 'ast'. (LP: #1517017)
* Ensure "urls" is not empty (LP: #1522777)
[ James Tait ]
* Add a handful of links to askubuntu questions to explain some of the
rejection messages.
[ Alberto Mardegan ]
* Allow "accounts" hook since the 15.04.1 framework
* Online Accounts: update to latest plugin hook format (LP: #1520605)
[ Marcus Tomlinson ]
* Forbid the internal "DebugMode" scope.ini key from making its way into the
store (LP: #1511063)
-- Jamie Strandboge <email address hidden> Mon, 14 Dec 2015 16:09:52 -0600