On Sat, Dec 12, 2015 at 10:40 PM, Stefan Ahlers wrote: > How can I handle the lintian error message "source-is-missing"? > I'm unable to find the source code of this JavaScript files in the internet.
data/js/cryptojs**.js are already in the archive as libjs-cryptojs. data/www/js/html5shim.js isn't packaged yet, it needs to be packaged from here, unfortunately the build-dependencies for it aren't yet packaged. https://github.com/afarkas/html5shiv > Do I have to cleanup the source code and remove all windows/mac related files? It isn't nessecary to remove files related to other platforms unless they are not DFSG-free (don't have source code, non-free licenses etc). > Because of the complexity of the software and the package, I decide to ask > for a revision now. I don't intend to sponsor it, but here is my incomplete review: If I were interested in sponsoring it, these things would block my upload: I'm assuming the GMail, itunes, echonest, beats, soundcloud, spotify and maybe playdar logos are not under a free license. I would suggest removing the whole thirdparty/ directory (using Files-Excluded in debian/copyright and repacksuffix in debian/watch) and packaging each dependency separately. Same goes for the other embedded copies in these files, some of them are already packaged, others are not. This would be best done upstream but generally upstreams are hostile to removing embedded code copies so it might not be wise to ask about this. data/www/js/html5shim.js data/www/css/font-awesome.css data/www/css/bootstrap.css data/www/css/animate.css data/js/cryptojs/ data/js/cryptojs-core.js data/fonts/ https://wiki.debian.org/UscanEnhancements https://wiki.debian.org/EmbeddedCodeCopies These things would be nice to fix: debian/repack.* can be replaced with Files-Excluded in debian/copyright and repacksuffix in debian/watch. https://wiki.debian.org/UscanEnhancements Please add some upstream metadata: https://wiki.debian.org/UpstreamMetadata It would be nice to build the PNG files in data/icons from the SVG file at build time. Automated checks: lintian P: tomahawk-player source: source-contains-prebuilt-javascript-object data/js/cryptojs-core.js line length is 761 characters (>512) E: tomahawk-player source: source-is-missing data/js/cryptojs-core.js <lots more> P: tomahawk-player source: source-contains-prebuilt-windows-binary admin/win/nsi/nsis_processes/bin/Processes.dll P: tomahawk-player source: source-contains-autogenerated-visual-c++-file admin/win/nsi/nsis_processes/src/processes.rc P: tomahawk-player source: source-contains-autogenerated-visual-c++-file admin/win/nsi/nsis_processes/src/resource.h P: tomahawk-player source: source-contains-prebuilt-windows-binary admin/win/nsi/nsis_uac/Release/A/UAC.dll P: tomahawk-player source: source-contains-prebuilt-windows-binary admin/win/nsi/nsis_uac/Release/U/UAC.dll P: tomahawk-player source: debian-watch-may-check-gpg-signature check-all-the-things # bashate produces style warnings only, can be ignored $ find -type f \( -iname '*.sh' -o -iname '*.bash' \) -exec bashate --ignore E002,E003 {} + E011: Then keyword is not on same line as if or elif keyword: 'if [ -z "$1" ]' - ./admin/mac/create-dmg.sh : L16 E011: Then keyword is not on same line as if or elif keyword: 'if [ -z "$2" ]' - ./admin/mac/build-release-osx.sh : L21 E011: Then keyword is not on same line as if or elif keyword: ' if [ -f ~/sign_step.sh ];' - ./admin/mac/build-release-osx.sh : L50 E011: Then keyword is not on same line as if or elif keyword: 'if [ -e "$schema" -a -n "$name" ]' - ./src/libtomahawk/database/gen_schema.h.sh : L9 4 bashate error(s) found # Check with upstream where the Inkscape SVG source files are. $ find -type f \( -iname '*.png' -o -iname '*.gif' -o -iname '*.jpg' -o -iname '*.jpeg' \) -exec grep -iF inkscape {} + Binary file ./src/libtomahawk/accounts/configstorage/telepathy/kde.png matches $ find -type f -iname '*.sh' -exec checkbashisms {} + could not find any possible bashisms in bash script ./admin/gen_resources.sh could not find any possible bashisms in bash script ./admin/win/update-vlc.sh could not find any possible bashisms in bash script ./src/libtomahawk/database/gen_schema.h.sh $ cme check dpkg ... Warning in 'copyright Format' value 'http://anonscm.debian.org/viewvc/dep/web/deps/dep5.mdwn?view=markup&pathrev=174': Format does not match the recommended URL for DEP-5 $ codespell --quiet-level=3 ./admin/win/nsi/nsis_uac/RunAs.cpp:268: dont ==> don't ./admin/win/nsi/nsis_uac/UAC_Uninstaller.nsi:46: aswell ==> as well ./admin/win/nsi/nsis_processes/readme.txt:109: powerfull ==> powerful ./admin/win/nsi/nsis_processes/src/processes.txt:109: powerfull ==> powerful ... ./data/js/tomahawk.js:305: occured ==> occurred ./CMakeModules/FindLibAttica.cmake:42: everytime ==> every time ./thirdparty/qt-certificate-addon/src/certificate/certificaterequestbuilder.cpp:116: reqest ==> request ./thirdparty/libportfwd/src/portfwd.cpp:151: adress ==> address ./thirdparty/libportfwd/third-party/miniupnpc-1.6/miniupnpc.c:508: reponse ==> response ./thirdparty/libportfwd/third-party/miniupnpc-1.6/minisoap.c:58: dont ==> don't ./thirdparty/libportfwd/third-party/miniupnpc-1.6/Changelog.txt:366: accomodate ==> accommodate ./thirdparty/kdsingleapplicationguard/kdsingleapplicationguard.cpp:290: emmited ==> emitted ./thirdparty/qxt/qxtweb-standalone/web/qxthttpsessionmanager.cpp:156: neccessarily ==> necessarily ./thirdparty/qxt/qxtweb-standalone/web/qxthtmltemplate.cpp:58: becouse ==> because $ cppcheck -j1 --quiet -f . > /dev/null [src/libtomahawk/DropJob.cpp:266] -> [src/libtomahawk/DropJob.cpp:268]: (error) Iterator 'it' used after element has been erased. [thirdparty/libportfwd/third-party/miniupnpc-1.6/miniwget.c:92]: (error) Common realloc mistake: 'header_buf' nulled but not freed upon failure [thirdparty/libportfwd/third-party/miniupnpc-1.6/miniwget.c:232]: (error) Common realloc mistake: 'content_buf' nulled but not freed upon failure [thirdparty/libportfwd/third-party/miniupnpc-1.6/miniwget.c:256]: (error) Common realloc mistake: 'content_buf' nulled but not freed upon failure [thirdparty/libportfwd/third-party/miniupnpc-1.6/wingenminiupnpcstrings.c:62]: (error) Resource leak: fin [thirdparty/qxt/qxtweb-standalone/core/qxtboundfunction.h:129]: (error) Null pointer dereference $ find \( -name .git -o -name .svn -o -name .bzr -o -name CVS -o -name .hg -o -name _darcs -o -name _FOSSIL_ -o -name .sgdrawer \) -prune -o -empty -print ./thirdparty/libcrashreporter-qt $ fdupes -q -r . | grep -vE '/(\.(git|svn|bzr|hg|sgdrawer)|_(darcs|FOSSIL_)|CVS)(/|$)' | cat -s ./data/images/list-add.svg ./data/images/add.svg ./data/images/spotify-logo.svg ./data/images/spotify-sourceicon.svg ./data/images/collection.svg ./data/images/music-settings.svg ./admin/mac/sparkle_pub.pem ./data/misc/tomahawk_pubkey.pem $ grep -Er '/(home|srv|opt)(\W|$)' . ./data/js/tomahawk.js: return "/home/tomahawk/resolver.js"; ./TomahawkCPack.cmake:# CPACK_INSTALL_CMAKE_PROJECTS List of four values: Build directory, Project Name, Project Component, Directory in the package /home/andy/vtk/CMake-bin;CMake;ALL;/ ./TomahawkCPack.cmake:SET( CPACK_RESOURCE_FILE_LICENSE "${CMAKE_SOURCE_DIR}/LICENSE.txt" ) # License file for the project, used by the STGZ, NSIS, and PackageMaker generators. /home/andy/vtk/CMake/Copyright.txt ./TomahawkCPack.cmake:# CPACK_RESOURCE_FILE_README ReadMe file for the project, used by PackageMaker generator. /home/andy/vtk/CMake/Templates/CPack.GenericDescription.txt ./TomahawkCPack.cmake:# CPACK_RESOURCE_FILE_WELCOME Welcome file for the project, used by PackageMaker generator. /home/andy/vtk/CMake/Templates/CPack.GenericWelcome.txt ./src/accounts/xmpp/sip/AvatarManager.cpp: // 00:14:48 [0]: ASSERT: "!this->avatar( iq.from().bare() ).isNull()" in file /home/muesli/Sources/tomahawk/master/src/accounts/xmpp/sip/AvatarManager.cpp, line 138 $ flawfinder -Q -c . <lots> $ find -type f \( -iname '*.ttf' -o -iname '*.otf' -o -iname '*.sfd' -o -iname '*.pfa' -o -iname '*.pfb' -o -iname '*.bdf' -o -iname '*.pk' -o -iname '*.ttc' -o -iname '*.pcf' \) -exec fontlint {} \; <lots> $ find -type f \( -iname '*.ttf' -o -iname '*.otf' \) -exec ftvalid {} \; [ftvalid:ot] validation targets: GDEF:GPOS:GSUB ------------------------------------------------------------------- [ftvalid:ot] layout tables are invalid. [ftvalid:ot] set FT2_DEBUG environment variable to [ftvalid:ot] know the validation detail. [ftvalid:ot] validation targets: GDEF:GPOS:GSUB ------------------------------------------------------------------- <more> $ find -type d \( -iname .git -o -iname .svn -o -iname .bzr -o -iname CVS -o -iname .hg -o -iname _darcs -o -iname _FOSSIL_ -o -iname .sgdrawer \) -prune -o -type f ! \( -iname '*.blend' -o -iname '*.icns' -o -iname '*.bmp' -o -iname '*.ico' -o -iname '*.png' -o -iname '*.gif' -o -iname '*.jpg' -o -iname '*.jpeg' -o -iname '*.tga' -o -iname '*.xcf' -o -iname '*.mo' -o -iname '*.gmo' -o -iname '*.gz' -o -iname '*.bz2' -o -iname '*.xz' -o -iname '*.lz' -o -iname '*.zip' -o -iname '*.tar' -o -iname '*.deb' -o -iname '*.pdf' -o -iname '*.odt' -o -iname '*.docx' -o -iname '*.doc' -o -iname '*.torrent' -o -iname '*.pyc' -o -iname '*.pyo' -o -iname '*.o' -o -iname '*.so' -o -iname '*.so.*' -o -iname '*.debug' -o -iname '*.wav' -o -iname '*.ogg' -o -iname '*.oga' -o -iname '*.ogv' -o -iname '*.mid' -o -iname '*.ttf' -o -iname '*.otf' -o -iname '*.fon' -o -iname '*.pgp' -o -iname '*.gpg' \) -exec isutf8 {} + ./admin/win/nsi/nsis_uac/uac.cpp: line 10, char 1, byte offset 1: invalid UTF-8 code ./admin/win/nsi/nsis_processes/readme.txt: line 9, char 1, byte offset 12: invalid UTF-8 code ./admin/win/nsi/nsis_processes/bin/Processes.dll: line 1, char 1, byte offset 3: invalid UTF-8 code ./admin/win/nsi/nsis_processes/src/processes.txt: line 9, char 1, byte offset 12: invalid UTF-8 code ./admin/win/nsi/nsis_processes/src/processes.ncb: line 2, char 1, byte offset 19: invalid UTF-8 code ./src/libtomahawk/utils/GroovesharkParser.cpp: line 4, char 1, byte offset 39: invalid UTF-8 code $ licensecheck --recursive --copyright . | grep -F 'GENERATED FILE' ./admin/win/nsi/nsis_uac/resource.h: *No copyright* GENERATED FILE ./admin/win/nsi/nsis_uac/UAC_Uninstaller.nsi: *No copyright* GENERATED FILE ./admin/win/nsi/nsis_uac/resource.rc: *No copyright* GENERATED FILE ./admin/win/nsi/nsis_processes/src/resource.h: *No copyright* GENERATED FILE ./admin/win/nsi/nsis_processes/src/processes.vcproj: *No copyright* GENERATED FILE ./admin/win/nsi/nsis_processes/src/processes.rc: *No copyright* GENERATED FILE ./TomahawkCPack.cmake: *No copyright* GENERATED FILE ./src/libtomahawk/database/Schema.sql.h: *No copyright* GENERATED FILE ./src/libtomahawk/database/gen_schema.h.sh: *No copyright* GENERATED FILE ./CPackOptions.cmake.in: *No copyright* GENERATED FILE $ licensecheck --recursive --copyright . | grep -F 'with incorrect FSF address' ./thirdparty/libqnetwm/libqnetwm/netwm.cpp: GPL (v3 or later) (with incorrect FSF address) ./thirdparty/libqnetwm/libqnetwm/netwm.h: GPL (v3 or later) (with incorrect FSF address) $ pep8 --ignore W191 . <lots> $ pyflakes . ./admin/mac/macdeploy.py:272: redefinition of unused 'commands' from line 21 ./admin/mac/macdeploy.py:333: undefined name 'CouldNotFindFrameworkError' $ pyflakes3 . ./admin/mac/macdeploy.py:267:32: invalid syntax print 'Usage: %s <bundle.app>' % sys.argv[0] $ grep --recursive --perl-regexp --null-data --files-with-matches '(?s)-----BEGIN RSA PRIVATE KEY-----.*-----END RSA PRIVATE KEY-----' . ./thirdparty/qt-certificate-addon/tests/auto/certificaterequestbuilder/keys/leaf.key $ find -type f -iname '*.sh' -exec sh -n {} \; ./admin/mac/build-release-osx.sh: 12: ./admin/mac/build-release-osx.sh: Syntax error: "}" unexpected $ find -type f \( -iname '*.sh' -o -iname '*.bash' -o -iname '*.zsh' \) -exec shellcheck {} + <lots> $ find -type d \( -iname .bzr -o -iname .git -o -iname .hg -o -iname .svn -o -iname CVS -o -iname RCS -o -iname SCCS -o -iname _MTN -o -iname _darcs -o -iname .pc -o -iname .cabal-sandbox -o -iname .cdv -o -iname .metadata -o -iname CMakeFiles -o -iname _build -o -iname _sgbak -o -iname autom4te.cache -o -iname blib -o -iname cover_db -o -iname node_modules -o -iname '~.dep' -o -iname '~.dot' -o -iname '~.nib' -o -iname '~.plst' \) -prune -o -type f ! \( -iname '*.bak' -o -iname '*.swp' -o -iname '#.*' -o -iname '#*#' -o -iname 'core.*' -o -iname '*~' -o -iname '*.gif' -o -iname '*.jpg' -o -iname '*.jpeg' -o -iname '*.png' -o -iname '*.min.js' -o -iname '*.js.map' -o -iname '*.js.min' -o -iname '*.min.css' -o -iname '*.css.map' -o -iname '*.css.min' \) -exec spellintian --picky {} + ./admin/win/nsi/nsis_uac/RunAs.cpp: dont -> don't ./admin/win/nsi/nsis_processes/readme.txt: powerfull -> powerful ./admin/win/nsi/nsis_processes/src/processes.txt: powerfull -> powerful ./ChangeLog: api -> API ./ChangeLog: GTK -> GTK+ ./ChangeLog: Gstreamer -> GStreamer <more> $ suspicious-source ./admin/mac/DS_Store.in ./admin/win/nsi/nsis_uac/Release/A/UAC.dll ./admin/win/nsi/nsis_uac/Release/U/UAC.dll ./admin/win/nsi/nsis_processes/bin/Processes.dll ./admin/win/nsi/nsis_processes/src/processes.ncb # Possibly a tempfile vulnerability $ grep -r '/tmp/' . ./src/tests/TestResult.h: r = Tomahawk::Result::get( "/tmp/test.mp3", Tomahawk::track_ptr() ); ./src/tests/TestResult.h: r = Tomahawk::Result::get( "/tmp/test.mp3", t ); -- bye, pabs https://wiki.debian.org/PaulWise
