[Wishlist] recursive guix lint

  • Open
  • quality assurance status badge
Details
2 participants
  • Efraim Flashner
  • Ludovic Courtès
Owner
unassigned
Submitted by
Efraim Flashner
Severity
wishlist
E
E
Efraim Flashner wrote on 24 Oct 2018 14:39
(address . bug-guix@gnu.org)
20181024123915.GB1297@macbook41
We have the linter check for CVEs and updates to packages in a list, but
what about those packages they depend on? It would be great to be able
to 'guix lint --recursive foo' and get foo and also all the packages in
the different types of inputs.

--
Efraim Flashner <efraim@flashner.co.il> ????? ?????
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAlvQZ+8ACgkQQarn3Mo9
g1Hskw/8CxL3rTWupHzbpu1EUgkJLXzXCHysDLsupB8mddKGSRkiqlYJjpuT7u+q
ZIkKLAMus1gW5tEaXJbkZDCAMSjpP02PODL4aQLbAfafQNbrpARuYsI6RXuz2BEf
2hAthcQlNxiB8fNEEmrqQopyeTp8gSH6fjMTea3wuyi7YDEwAn3JXqa8YlOaJIpe
PlIp6Lp3X56PcCRt0DGe93Q1G0Ec1ouMD7SsX/gWI/xEZUd40F03zX7aYtTXjz+S
QZIjWtwssWFaEgjCl9Db4piiASY0y3GVQsOLTbDvAhp6zpqVCA+dwO5DtT9Fqyx4
AQqq/rvn3S/sHKLb1WeP4KyWB30anQn5LroUNfxSv5qxFPV2q+F3yYHaEo0QfRlE
WN6lmr8a7GrTeTCIy09zH+3SqAH+eCenTrooxw9TeaZx82BIBXPtUaC+0W3lmafV
GAhgK+WQQhNWU7llopCnr3ypCr3Fg5YPrVCmNsbS8xatauslB7HdCr0j9ep4U+He
9L9IY0nndWsQk/YPwvWGdPy1C4K+tXFbkZYXIgzdK/Ok62qu0lXROrvx7sZfC6VH
j0K9pyCubJMuZK2MgYh83MG1i6w0YzQq80Qw60QgbpVGAFqsI/cLeeO4LWGqLUYe
cSHYZVXNUHVXkvOr9Qli/+0YU1N2h0UvqW9pXiQSm3quV7ZNha4=
=CDd/
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 25 Oct 2018 15:31
(name . Efraim Flashner)(address . efraim@flashner.co.il)(address . 33137@debbugs.gnu.org)
875zxqup8r.fsf@gnu.org
Hello,

Efraim Flashner <efraim@flashner.co.il> skribis:

Toggle quote (5 lines)
> We have the linter check for CVEs and updates to packages in a list, but
> what about those packages they depend on? It would be great to be able
> to 'guix lint --recursive foo' and get foo and also all the packages in
> the different types of inputs.

On the question of CVEs, see also

Do you think --recursive would be useful for other types of linters?

Thanks,
Ludo’.
E
E
Efraim Flashner wrote on 27 Oct 2018 22:30
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 33137@debbugs.gnu.org)
20181027203013.GF1297@macbook41
On Thu, Oct 25, 2018 at 03:31:32PM +0200, Ludovic Courtès wrote:
Toggle quote (17 lines)
> Hello,
>
> Efraim Flashner <efraim@flashner.co.il> skribis:
>
> > We have the linter check for CVEs and updates to packages in a list, but
> > what about those packages they depend on? It would be great to be able
> > to 'guix lint --recursive foo' and get foo and also all the packages in
> > the different types of inputs.
>
> On the question of CVEs, see also
> <https://issues.guix.info/issue/31442>.
>
> Do you think --recursive would be useful for other types of linters?
>
> Thanks,
> Ludo’.

Checking for new versions would definately be good. It seems to me that checking
everything would make for better code overall, but the behavior I would
expect is that it would check all the linters specified in the command.

--
Efraim Flashner <efraim@flashner.co.il> ????? ?????
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAlvUytQACgkQQarn3Mo9
g1EwHw//Y+ze/ZOy/x2v1rx25KzM66Xby7O0YCw2bOr13jSdjPjlz1Y947ovAM0W
TaCO7hzdlt7kTmcwrdfQFbLNo8jL17bQ7c+Y9S42Fe73+XXzELKScynAXiYaCyzn
DLQXUDoA8WpTm3Df2DXdfe0FqYPn3CLs6CE5zW2lHz0YunBX6EGiBTXoY/E1uQY4
I+fiGFSqiOJK299HNlYhgiMZJ6ax1PTP62W4XHZNaBt1aDZlWKNfrd2tX1gqdiRA
0W6S+YSQYk0SlRB5i3yCxciThszTy9B+OhL0MXWaHn31TWflREoWvxmbC3XgnAq3
Kxu8vw4eFC8CXZODfMTMLUTMDBjkYUJgi0M9jkFv0eOpQK0Alz0LauFayaDrKINv
43/CfTDoa7fP4LoavG6HptoZHN89YlrW1eTB9I1kno4Vzaw3fABjSCW6lXocClI1
Ack4Hbfq7cf84dah8Z3dWPVS/qsQXFby8hY+zLQY1a7Yipvw1Whg/aRdewZaF7S0
O7IZ48ULmufXXVwhEexrjLLPI1AciYAO4wB0cmFZEwDWR/DH/znbhJXW+o6L1qN5
aRMrjwHIT8k68wlW8TP1esp//TExMKBPWbkvlXpNj5drZbcv1rNK2Vlnnz5YHfJS
oN6yr1AdbFc1ll813oIhlW3OCRcNKKHyHOqiSAjBx1lPrGySf94=
=IZES
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 28 Oct 2018 23:29
(name . Efraim Flashner)(address . efraim@flashner.co.il)(address . 33137@debbugs.gnu.org)
878t2h66yf.fsf@gnu.org
Efraim Flashner <efraim@flashner.co.il> skribis:

Toggle quote (20 lines)
> On Thu, Oct 25, 2018 at 03:31:32PM +0200, Ludovic Courtès wrote:
>> Hello,
>>
>> Efraim Flashner <efraim@flashner.co.il> skribis:
>>
>> > We have the linter check for CVEs and updates to packages in a list, but
>> > what about those packages they depend on? It would be great to be able
>> > to 'guix lint --recursive foo' and get foo and also all the packages in
>> > the different types of inputs.
>>
>> On the question of CVEs, see also
>> <https://issues.guix.info/issue/31442>.
>>
>> Do you think --recursive would be useful for other types of linters?
>>
>> Thanks,
>> Ludo’.
>
> Checking for new versions would definately be good.

But that’s what ‘guix refresh’ does, right?

Toggle quote (4 lines)
> It seems to me that checking everything would make for better code
> overall, but the behavior I would expect is that it would check all
> the linters specified in the command.

If you run ‘guix lint’ without any arguments, all the packages are
checked. Is this what you meant?

Thanks,
Ludo’.
E
E
Efraim Flashner wrote on 30 Oct 2018 08:35
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 33137@debbugs.gnu.org)
20181030073529.GI1297@macbook41
On Sun, Oct 28, 2018 at 11:29:28PM +0100, Ludovic Courtès wrote:
Toggle quote (25 lines)
> Efraim Flashner <efraim@flashner.co.il> skribis:
>
> > On Thu, Oct 25, 2018 at 03:31:32PM +0200, Ludovic Courtès wrote:
> >> Hello,
> >>
> >> Efraim Flashner <efraim@flashner.co.il> skribis:
> >>
> >> > We have the linter check for CVEs and updates to packages in a list, but
> >> > what about those packages they depend on? It would be great to be able
> >> > to 'guix lint --recursive foo' and get foo and also all the packages in
> >> > the different types of inputs.
> >>
> >> On the question of CVEs, see also
> >> <https://issues.guix.info/issue/31442>.
> >>
> >> Do you think --recursive would be useful for other types of linters?
> >>
> >> Thanks,
> >> Ludo’.
> >
> > Checking for new versions would definately be good.
>
> But that’s what ‘guix refresh’ does, right?
>

I assume you mean 'guix lint -c refresh'. 'guix lint -c refresh foo' is
nice, but we don't have anything that could take the place of 'guix lint
-c refresh --recursive foo'

I just saw again 'guix refresh', 'guix refresh --recursive -m
my-manifest.scm' would be great.

Toggle quote (7 lines)
> > It seems to me that checking everything would make for better code
> > overall, but the behavior I would expect is that it would check all
> > the linters specified in the command.
>
> If you run ‘guix lint’ without any arguments, all the packages are
> checked. Is this what you meant?

I meant more like "hey, khard can be upgraded to 0.12.2, after I've
checked the upgrade with 'guix lint khard', now I'd like to check the rest
of the dependency tree with 'guix lint --recursive khard' to see if
anything else can be upgraded or has any linter errors."

Toggle quote (4 lines)
>
> Thanks,
> Ludo’.

--
Efraim Flashner <efraim@flashner.co.il> ????? ?????
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAlvYCb0ACgkQQarn3Mo9
g1FyeBAAjtNjer2zTl9KqD1tGByV+eDMeC+bpIX9qZ9mDERTJ6P4Fv+STc3PHhC6
2QLymnojsG34lo1Bp7tkev5lTfz2Tu+OWb6MsqT/bzEe1LHesTH2xZNACUYjOmeG
D1MWWiZDBc/235w6PLnxL3dBJpMUlcJD8DWCDJ77sMow8XJ6lLfehD185+YUTz2x
OlJ2ZSHMOtxHJfSq+Wm4R9at+yFKT285JBTD3l+jQuARKAnElnksHo0UT3jDuccm
ceL5d3iMFnKqvHeEy25cve487Hb6KDTAEKlBMhIzpGqWHKy2xp9nAseJjM7EV4WH
s2tTtufOvXbAmaCRC1yjYct30a85CiZdjCEKHm56tu2wN2sK+Ce9YpybaCFlIYsO
s90q1lKpgCozrRXhyzfvftSZN08vOIh9j7zGEMmcDHPtsZ2LXn8cFv0/Ktj1OX83
hTdZ3+kOz/dTbjT24svN46yK5DABJSJihilhivCuyerdPhs2XpxB3JNLlp92h9ok
w6fiJJkrZMauZLDrwziR3E+NwgSaopTaJ6OqXb6yKEodV2Ta+EOuMDq2LsFier3H
Kej1BHGVOVzlBCv+Iy1htFsroBchr3rhlUVFbkBAc1V9tov54xc84YqnBBniPT/N
j+hjKl68JoqfYN2UbSXNQk+mwiSBnewx4BvxIDcKt/V4bpSKGaA=
=w+i0
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 30 Oct 2018 19:13
(name . Efraim Flashner)(address . efraim@flashner.co.il)(address . 33137@debbugs.gnu.org)
87sh0nz4ir.fsf@gnu.org
Hello,

Efraim Flashner <efraim@flashner.co.il> skribis:

Toggle quote (5 lines)
> I meant more like "hey, khard can be upgraded to 0.12.2, after I've
> checked the upgrade with 'guix lint khard', now I'd like to check the rest
> of the dependency tree with 'guix lint --recursive khard' to see if
> anything else can be upgraded or has any linter errors."

Oh I see. So to me this would be a ‘guix refresh’ feature rather than
‘guix lint’, but I agree it would be nice (and not too hard to
implement.)

Thanks,
Ludo.’
E
E
Efraim Flashner wrote on 31 Oct 2018 10:57
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 33137@debbugs.gnu.org)
20181031095738.GJ1297@macbook41
On Tue, Oct 30, 2018 at 07:13:48PM +0100, Ludovic Courtès wrote:
Toggle quote (13 lines)
> Hello,
>
> Efraim Flashner <efraim@flashner.co.il> skribis:
>
> > I meant more like "hey, khard can be upgraded to 0.12.2, after I've
> > checked the upgrade with 'guix lint khard', now I'd like to check the rest
> > of the dependency tree with 'guix lint --recursive khard' to see if
> > anything else can be upgraded or has any linter errors."
>
> Oh I see. So to me this would be a ‘guix refresh’ feature rather than
> ‘guix lint’, but I agree it would be nice (and not too hard to
> implement.)
>
I think ultimately implementing it in both would be good, but even just
having it for refresh would go a long way to shedding light on some of
our libraries that aren't updates as often as they might be. Especially
with the scripting langaguages.

--
Efraim Flashner <efraim@flashner.co.il> ????? ?????
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAlvZfI0ACgkQQarn3Mo9
g1FRdw/+Je7TecE4GmGrOFiRk4Nt2jI2BLb97gnlHsfbYfuIb1LwuXMHoNLYjuUd
cXjedBpBEP//7dXKM7CaJPZpYGSxTgCRnlLwW/LsxwCUHAF5pkXrAo++Rv4VsWfs
np/JYZcPJXRZPOyFkEqRgCNztOogb8Y1l//CG1ElWJjfJFQGhNHKIXNgPQ86PcFu
pqz4ZyYpp/bTS2bdpVw8n5M88R8/l0N2QP/dRIGsbgyJe+Scn55zuMe/A/amj5J1
LcsoC5dB+mbtVHhgGbtYU9mQoU2lOZZ0MyNxF87KP+fBpiIv8YHCDOJ7PDvDGpVY
uHetFHe1iF+TYu/ObMBCjt0gd6jXec+2fufbIKbRSc5o7ckqcRqzDqWjs70w3jOS
VLSthfeMkVebK9MuIhlZcOtukp/y483Kbr5sdOCojV3PJBel6t9ds6Z+3fi5Hnnv
HQ5p164q5HNmWM4YvvXT9BkgCotSK4z1dNyeJNDOqsPKzM+cVz4gesQW2MjuHD5L
EWqTpeX6eVChgPRcivV59HYylRZwNEVlsP4jIg57Yq5VOzzbZGzWVWfyJun3minW
TFgk2npsNYc6qQ48sV/TFKk6zYdO8xFt4lOnIiJoDvfycq2WJxIY1Br/TU3fwAW4
cmPXxsex5/kuFTwtAPEFY/DYtdalpe6dIX54NsfaxbMoUwR+9Bw=
=h3mx
-----END PGP SIGNATURE-----


?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 33137@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 33137
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch