Pkgcheck

---------------------------

- Profile data is now cached on a per repo basis in ~/.cache/pkgcore/pkgcheck
(or wherever the related XDG cache environment variables point) to speed up
singular package scans. These caches are checked and verified for staleness
on each run and are enabled by default.

To forcibly disable profile caches include ``--profile-cache n`` or similar
as arguments to ``pkgcheck scan``.

- When running against a git repo, the historical package removals and
additions are scanned from ``git log`` and used to populate virtual repos
that enable proper stable request checks and nonexistent/outdated blocker
checks. Note that initial runs where these repos are being built from scratch
can take a minute or more depending on the system; however, subsequent runs
shouldn't take much time to update the cached repos.

To disable git support entirely include ``--git-disable y`` or similar as
arguments to ``pkgcheck scan``.

- zshcomp: Add initial support for keyword, check, and reporter completion.

- Enhance support for running against unconfigured, external repos. Now
``pkgcheck scan`` should be able to handle scanning against relevant paths to
unknown repos passed to it or against a repo with no arguments passed that
the current working directory is currently within.

- BadFilename: Flag SRC_URI targets that use unspecific ${PN}.ext filenames.

- HomepageInSrcUri: Flag ${HOMEPAGE} usage in SRC_URI.

- MissingConditionalTestRestrict: Flag missing ``RESTRICT="!test? ( test )"``.

- InvalidProjectMaintainer: Flag packages specifying non-existing project as
maintainer.

- PersonMaintainerMatchesProject: Flag person-type maintainer matching existing
projects.

- NonGentooAuthorsCopyright: Flag ebuilds with copyright stating owner other
than "Gentoo Authors" in the main gentoo repo.

- AcctCheck: Add various checks for acct-* packages.

- MaintainerWithoutProxy: Flag packages with a proxyless proxy maintainer.

- StaleProxyMaintProject: Flag packages using proxy-maint maintainer without
any proxied maintainers.

- BinaryFile: Flag binary files found in the repository.

- DoublePrefixInPath: Flag ebuilds using two consecutive paths including
EPREFIX.

- PythonReport: Add various python eclasses related checks.

- ObsoleteUri: Flag obsolete URIs (github/gitlab) that should be updated.

- VisibilityReport: Split NonsolvableDeps into stable, dev, and exp results
according to the status of the profile that triggered them.

- GitCommitsCheck: Add initial check support for unpushed git commits. This
currently includes the following keywords: DirectNoMaintainer,
DroppedStableKeywords, DroppedUnstableKeywords, DirectStableKeywords, and
OutdatedCopyright.

- MissingMaintainer: Flag packages missing a maintainer (or maintainer-needed
comment) in metadata.xml.

- EqualVersions: Flag ebuilds that have semantically equal versions.

- UnnecessarySlashStrip: Flag ebuilds using a path variable that strips a
nonexistent slash (usually due to porting to EAPI 7).

- MissingSlash: Flag ebuilds using a path variable missing a trailing slash
(usually due to porting to EAPI 7).

- DeprecatedChksum: Flag distfiles using outdated checksum hashes.

- MissingRevision: Flag packages lacking a revision in =cat/pkg dependencies.

- MissingVirtualKeywords: Flag virtual packages with keywords missing from
their dependencies.

- UnsortedKeywords: Flag packages with unsorted KEYWORDS.

- OverlappingKeywords: Flag packages with overlapping arch and ~arch KEYWORDS.

- DuplicateKeywords: Flag packages with duplicate KEYWORD entries.

- InvalidKeywords: Flag packages using invalid KEYWORDS.

---------------------------

---------------------------

- Add MetadataXmlEmptyElement check for empty elements in metadata.xml files.

- Add BadProfileEntry, UnknownProfilePackages, UnknownProfilePackageUse, and
UnknownProfileUse checks that scan various files in a repo's profiles
directory looking for old packages and/or USE flags.

- Merge replay functionality into pkgcheck and split the commands into 'scan',
'replay', and 'show' subcommands with 'scan' still being the default
subcommand so previous commandline usage for running pkgcheck remains the
same for now.

- Add 'errors' and 'warnings' aliases for the -k/--keywords option, e.g. if you
only want to scan for errors use the following: pkgcheck -k errors

- Fallback to the default repo if not running with a configured repo and one
wasn't specified.

- Add PortageInternals check for ebuilds using a function or variable internal
to portage similar to repoman.

- Add HttpsAvailable check for http links that should use https similar
to repoman.

- Add DuplicateFiles check for duplicate files in FILESDIR.

- Add EmptyFile check for empty files in FILESDIR.

- Add AbsoluteSymlink check similar to repoman's.

- Add UnusedInMasterLicenses, UnusedInMasterEclasses,
UnusedInMasterGlobalFlags, and UnusedInMasterMirrors reports that check if an
overlay is using the related items from the master repo that are unused there
(meaning they could be removed from the master soon).

- Add initial json reporter that outputs newline-delimited json for report
objects.

- Add BadFilename check for unspecific filenames such as ${PV}.tar.gz or
v${PV}.zip that can be found on raw github tag archive downloads.

- GPL2/BSD dual licensing was dropped to BSD as agreed by all contributors.

- Add check for REQUIRED_USE against default profile USE which flags packages
with default USE settings that don't satisfy their REQUIRED_USE for each
profile scanned.

- Add -k/--keywords option to only check for certain keywords.

- Add UnusedEclasses check.

- Drop --profiles-disable-deprecated option, deprecated profiles are skipped by
default now and can be enabled or disabled using the 'deprecated' argument to
-p/--profiles similar to the stable, dev, and exp keywords for profile
scanning.

- Add UnusedProfileDirs check that will output all profile dirs that aren't
specified as a profile in profiles.desc or aren't sourced by any as a parent.

- Add python3.6 support and drop python3.3 support.

- Add UnnecessaryManifest report for showing unnecessary manifest entries for
non-DIST targets on a repo with thin manifests enabled.

- Collapse -c/--check and -d/--disable-check into -c/--checks option using the
same extended comma toggling method used for --arches and --profiles options.

- Add support for checking REQUIRED_USE for validity.

- Drop -o/--overlayed-repo support and rely on properly configured masters.

- Add UnknownLicenses report for unknown licenses listed in license groups.

- Add support for running checks of a certain scope using -S/--scopes, e.g. to
run all repo scope checks on the gentoo repo use the following command:
pkgcheck -r gentoo -S repo

- Add UnusedMirrorsCheck to scan for unused third party mirrors.

- Add UnknownCategories report that shows categories that aren't listed in a
repo's (or its masters) categories.

- Update deprecated eclasses list.

- Drop restriction on current working directory for full repo scans. Previously
pkgcheck had to be run within a repo, now it should be able to run from
anywhere against a specified repo.

---------------------------

---------------------------

* Fix new installs using pip.

---------------------------

---------------------------

* Replace libxml2 with lxml-based validator for glep68 schema validation.

* UseAddon: Use profile-derived implicit USE flag lists instead of pre-EAPI 5
hacks. This also improves the unused global USE flag check to look for unused
USE_EXPAND flags.

* Add various repo-level sanity checks for profile and arch lists.

* Output reports for ~arch VCS ebuilds as well, previously only vcs ebuilds
with stable keywords would display warnings.

* Large reworking of profile and arch addon options. In summary, the majority
of the previous options have been replaced with -a/--arches and -p/--profiles
that accept comma separated lists of targets to enable or disable. The
keywords stable, dev, and exp that related to the sets of stable,
development, and experimental profiles from the targetted repo can also be
used as --profiles arguments.

For example, to scan all stable profiles use the following::

pkgcheck -p stable

To scan all profiles except experimental profiles (note the required use of
an equals sign when starting the argument list with a disabled target)::

pkgcheck -p=-exp

See the related man page sections for more details.

* Officially support python3 (3.3 and up).

* Add initial man page generated from argparse info.

* Migrate from optparse to argparse, usability-wise there shouldn't be any
changes.

* Drop ChangeLog file checks, the gentoo repo moved to git so ChangeLogs are
not in the repo anymore.

---------------------------

---------------------------

* Remove portdir references, if you use a custom config file you may need to
update 'portdir' references to use 'gentoo' instead or whatever your main
repo is.

---------------------------

---------------------------

* Suppress possible memory exhaustion cases for visibility checks due to
transitive use flag dependencies.

* Project, python module, and related scripts renamed from pkgcore-checks (or
in the case of the python module pkgcore_checks) to pkgcheck.

* Add --profile-disable-exp option to skip experimental profiles.

* Make the SizeViolation check test individual files in $FILESDIR, not the
entire $FILESDIR itself.

* Make UnusedLocalFlags scan metadata.xml for local use flags instead of the
deprecated repo-wide use.local.desc file.

* Stable arch related checks (e.g. UnstableOnly) now default to using only the
set of stable arches defined by profiles.desc.

* Add check for deprecated EAPIs.

* Conflicting manifests chksums scanning was added.

* Removed hardcoded manifest hashes list, use layout.conf defined list of
required hashes (didn't exist till ~5 years after the check was written).

* Update pkgcore API usage to move away from deprecated functionality.

----------------------------------
pkgcore-checks 0.4.15 (2011-10-27)
----------------------------------

* pkgcore-checks issue 2; if metadata.dtd is required but can't be fetched,
suppress metadata_xml check. If the check must be ran (thus unfetchable
metadata.dtd should be a failure), pass --metadata-dtd-required.

* pkgcore-checks now requires pkgcore 0.7.3.

* fix racey test failure in test_addons due to ProfileNode instance caching.

* fix exception in pkg directory checks for when files directory
doesn't exist.

* cleanup of deprecated api usage.

----------------------------------
pkgcore-checks 0.4.14 (2011-04-24)
----------------------------------

* Updated compatibility w/ recent snakeoil/pkgcore changes.

* deprecated eclasses list was updated.

* LICENSE checks for virtual/* are now suppressed.

----------------------------------
pkgcore-checks 0.4.13 (2010-01-08)
----------------------------------

* fix to use dep scanning in visibility where it was missing use deps that
can never be satisfied for a specific profile due to use masking/forcing.

* more visibility optimizations; Grand total in combination w/ optimziations
leveled in snakeoil/pkgcore since pkgcore-checks 0.4.12 released, 58%
faster now.

* ignore unstated 'prefix' flag in conditionals- much like bootstrap, its'
the latest unstated.

* added a null reporter for performance testing.

----------------------------------
pkgcore-checks 0.4.12 (2009-12-27)
----------------------------------

* corner case import error in metadata_xml scan for py3k is now fixed; if
you saw urllib.urlopen complaints, this is fixed.

* >snakeoil-0.3.4 is now required for sdist generation.

* visibility scans now use 22% less memory (around 130MB on python2.6 x86_64)
and is about 3% faster.

----------------------------------
pkgcore-checks 0.4.11 (2009-12-20)
----------------------------------

* minor speedup in visibility scans- about 3% faster now.

* fix a traceback in deprecated from when portage writes the ebuild cache out
w/out any _eclasses_ entry.

* fix a rare traceback in visibility scans where a virtual metapkg has zero
matches.

----------------------------------
pkgcore-checks 0.4.10 (2009-12-14)
----------------------------------

* fix a bug where use deps on metapkgs was invalidly being flagged.

---------------------------------
pkgcore-checks 0.4.9 (2009-11-26)
---------------------------------

* fix a bug in test running- bzr_verinfo isn't generated for pkgcore-checks
in sdist (no need), yet build_py was trying to regenerate it. Basically
broke installation on machines that lacked bzr.

---------------------------------
pkgcore-checks 0.4.8 (2009-11-26)
---------------------------------

* experimental py3k support.

* test runner improvements via depending on snakeoil.distutils_extensions.

---------------------------------
pkgcore-checks 0.4.7 (2009-10-26)
---------------------------------

* fix invalid flagging of use deps on PyQt4 for ia64; basically PyQt4[webkit]
is valid due to a pkg level masked use reversal... the checking code however
wasn't doing incremental expansion itself.. Same could occur for forced use.

---------------------------------
pkgcore-checks 0.4.6 (2009-10-22)
---------------------------------

* fix a bug in tristate use evaluation of potential USE combinations.
Roughly, if a flag is masked *and* forced, the result is it's masked.

* compatibility fixes for pkgcore 0.5; 0.5 isn't required, but advised.

---------------------------------
pkgcore-checks 0.4.5 (2008-11-07)
---------------------------------

* verify whether or not a requested use state is actually viable when profile
masking/forcing is taken into account.

---------------------------------
pkgcore-checks 0.4.4 (2008-10-21)
---------------------------------

* EAPI2 support for checking use/transitive use deps.

* ticket 216; basically portage doesn't always write out _eclasses_ entries
in the cache- if they're empty, it won't. pkgcore-checks visibility vcs
eclass tests assumed otherwise- this is now fixed.

* pcheck now only outputs the number of tests it's running if --debug is
enabled.

---------------------------------
pkgcore-checks 0.4.3 (2008-03-18)
---------------------------------

* ticket 8; false positive unused global USE flags due to not stripping '+-'
from iuse defaults.

* ticket 7: tune down metadata xml checks verbosity.

* dropped ModularXPortingReport; no longer needed.

----------------------------------
pkgcore-checks 0.4.2 (2007-12-15)
----------------------------------

* minor release to be EAPI=1 compatible wrt IUSE defaults

----------------------------------
pkgcore-checks 0.4.1 (2007-07-16)
----------------------------------

* fixed ticket 90; NonExistantDeps occasionally wouldn't report later versions
of an offender.

* --disable-arches option; way to specifically disable an arch (blacklisting)
instead of having to specify all arches.

-------------------------------
pkgcore-checks 0.4 (2007-06-06)
-------------------------------

* update to use snakeoil api.

* Add check to metadata_check.DependencyReport for self-blocking atoms; for
example, if dev-util/diffball RDEPEND has !dev-util/diffball.

* ticket 82; Fix BadProto result object so it has proper threshold.

* Fix class serialization bug in RestrictsReport.

* profile loadup optimization; pkgcore weakly caches the intermediate nodes,
pcheck's profile loadup however specifically released the profiles every
looping; now it temporarily holds onto it, thus allowing the caching to kick
in. Among other things, cuts file reads down from 1800 to around around 146.

--------------------