Add "linter" warning for common unstable fetchpatch URLs

nh2 commented 4 years ago

Doing git grep -E 'url = .*archlinux.*.patch' | grep -v 'id=' shows that many packages use unstable URLs in fetchpatch whose contents will change as the upstream changes their patches, and break builds and reproducibility then.

Example from current nixpkgs master:

``` % git grep -E 'url = .*archlinux.*.patch' | grep -v 'id=' pkgs/applications/graphics/hugin/default.nix: url = "https://git.archlinux.org/svntogit/community.git/plain/trunk/hugin-exiv2-0.27.1.patch?h=packages/hugin"; pkgs/applications/misc/abook/default.nix: url = "https://projects.archlinux.org/svntogit/packages.git/plain/trunk/gcc5.patch?h=packages/abook"; pkgs/applications/misc/qlandkartegt/default.nix: url = "https://aur.archlinux.org/cgit/aur.git/plain/fix-gps_read.patch?h=qlandkartegt"; pkgs/applications/misc/qlandkartegt/default.nix: url = "https://aur.archlinux.org/cgit/aur.git/plain/fix-incomplete-type.patch?h=qlandkartegt"; pkgs/applications/misc/qlandkartegt/default.nix: url = "https://aur.archlinux.org/cgit/aur.git/plain/fix-proj_api.patch?h=qlandkartegt"; pkgs/applications/misc/qlandkartegt/default.nix: url = "https://aur.archlinux.org/cgit/aur.git/plain/fix-qt5-build.patch?h=qlandkartegt"; pkgs/applications/misc/qlandkartegt/default.nix: url = "https://aur.archlinux.org/cgit/aur.git/plain/fix-qtgui-include.patch?h=qlandkartegt"; pkgs/applications/misc/qlandkartegt/default.nix: url = "https://aur.archlinux.org/cgit/aur.git/plain/fix-ver_str.patch?h=qlandkartegt"; pkgs/applications/misc/qlandkartegt/default.nix: url = "https://aur.archlinux.org/cgit/aur.git/plain/improve-gpx-creator.patch?h=qlandkartegt"; pkgs/applications/misc/qlandkartegt/default.nix: url = "https://aur.archlinux.org/cgit/aur.git/plain/improve-gpx-name.patch?h=qlandkartegt"; pkgs/applications/networking/browsers/firefox/common.nix: url = "https://raw.githubusercontent.com/archlinuxarm/PKGBUILDs/09c7fa0dc1d87922e3b464c0fa084df1227fca79/extra/firefox/arm.patch"; pkgs/applications/networking/browsers/firefox/common.nix: url = "https://raw.githubusercontent.com/archlinuxarm/PKGBUILDs/09c7fa0dc1d87922e3b464c0fa084df1227fca79/extra/firefox/build-arm-libopus.patch"; pkgs/applications/networking/browsers/firefox/packages.nix: url = "https://aur.archlinux.org/cgit/aur.git/plain/deny_missing_docs.patch" pkgs/applications/science/astronomy/celestia/default.nix: url = "https://projects.archlinux.org/svntogit/packages.git/plain/trunk/celestia-1.6.1-gcc46.patch?h=packages/celestia"; pkgs/applications/science/astronomy/celestia/default.nix: url = "https://projects.archlinux.org/svntogit/packages.git/plain/trunk/celestia-1.6.1-libpng15.patch?h=packages/celestia"; pkgs/applications/science/astronomy/celestia/default.nix: url = "https://projects.archlinux.org/svntogit/packages.git/plain/trunk/celestia-1.6.1-libpng16.patch?h=packages/celestia"; pkgs/applications/science/astronomy/celestia/default.nix: url = "https://projects.archlinux.org/svntogit/packages.git/plain/trunk/celestia-1.6.1-linking.patch?h=packages/celestia"; pkgs/applications/science/electronics/fritzing/default.nix: url = "https://aur.archlinux.org/cgit/aur.git/plain/0001-Squashed-commit-of-the-following.patch?h=fritzing"; pkgs/development/interpreters/hugs/default.nix: url = https://aur.archlinux.org/cgit/aur.git/plain/hsbase_inline.patch?h=hugs; pkgs/development/interpreters/lua-5/default.nix: url = "https://projects.archlinux.org/svntogit/packages.git/plain/trunk/lua-arch.patch?h=packages/lua51"; pkgs/development/interpreters/lua-5/default.nix: url = "https://projects.archlinux.org/svntogit/packages.git/plain/trunk/liblua.so.patch?h=packages/lua52"; pkgs/development/mobile/webos/novacomd.nix: url = "https://aur.archlinux.org/cgit/aur.git/plain/0001-Use-usb_bulk_-read-write-instead-of-homemade-handler.patch?h=palm-novacom-git"; pkgs/games/btanks/default.nix: url = "https://aur.archlinux.org/cgit/aur.git/plain/lua52.patch?h=btanks"; pkgs/servers/nosql/mongodb/default.nix: url = https://projects.archlinux.org/svntogit/community.git/plain/trunk/boost160.patch?h=packages/mongodb; pkgs/shells/rssh/default.nix: url = https://aur.archlinux.org/cgit/aur.git/plain/0001-fail-logging.patch?h=rssh; pkgs/shells/rssh/default.nix: url = https://aur.archlinux.org/cgit/aur.git/plain/0002-info-to-debug.patch?h=rssh; pkgs/shells/rssh/default.nix: url = https://aur.archlinux.org/cgit/aur.git/plain/0003-man-page-spelling.patch?h=rssh; pkgs/shells/rssh/default.nix: url = https://aur.archlinux.org/cgit/aur.git/plain/0004-mkchroot.patch?h=rssh; pkgs/shells/rssh/default.nix: url = https://aur.archlinux.org/cgit/aur.git/plain/0005-mkchroot-arch.patch?h=rssh; pkgs/shells/rssh/default.nix: url = https://aur.archlinux.org/cgit/aur.git/plain/0006-mkchroot-symlink.patch?h=rssh; pkgs/shells/rssh/default.nix: url = https://aur.archlinux.org/cgit/aur.git/plain/0007-destdir.patch?h=rssh; pkgs/shells/rssh/default.nix: url = https://aur.archlinux.org/cgit/aur.git/plain/0008-rsync-protocol.patch?h=rssh; pkgs/tools/networking/cadaver/default.nix: url = https://projects.archlinux.org/svntogit/community.git/plain/trunk/disable-sslv2.patch?h=packages/cadaver; pkgs/tools/typesetting/biber/default.nix: url = "https://git.archlinux.org/svntogit/community.git/plain/trunk/biber-fix-tests.patch?h=5d0fffd493550e28b2fb81ad114d62a7c9403812"; pkgs/tools/typesetting/biber/default.nix: url = "https://git.archlinux.org/svntogit/community.git/plain/trunk/biber-fix-tests-2.patch?h=5d0fffd493550e28b2fb81ad114d62a7c9403812"; ```

It would be cool to have some form of regex-list based warning shown to the user and in PRs that detects e.g. use of common locations like archlinux.org and probably Gentoo and Alpine, when they are used in fetchpatch URLs with.

stale[bot] commented 4 years ago

Thank you for your contributions. This has been automatically marked as stale because it has had no activity for 180 days. If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity. Here are suggestions that might help resolve this more quickly:

Search for maintainers and people that previously touched the related code and @ mention them in a comment.
Ask on the NixOS Discourse. 3. Ask on the #nixos channel on irc.freenode.net.

nh2 commented 4 years ago

still important to me

stale[bot] commented 3 years ago

I marked this as stale due to inactivity. → More info

nh2 commented 3 years ago

still important to me

melg8 commented 3 years ago

Important to me as well.

liff commented 3 years ago

Perhaps this issue could be “moved” to nixpkgs-hammering? I believe that is the tool that @r-rmcgibbo runs to get suggestions for PRs?

Also the debian-sources check mentioned on jtojnar/nixpkgs-hammering#1 looks kind of similar to this issue.

stale[bot] commented 2 years ago

I marked this as stale due to inactivity. → More info

NixOS / nixpkgs

Add "linter" warning for common unstable fetchpatch URLs #72294