utkarsh2102
Debian Developer
➣ 20 y/o undergraduate student.
➣ Debian Developer (since Dec'19).
➣ Open-source contributor.
➣ GSoC'19 & '20 with Debian.
➣ Writing CVE patches for Debian (E)LTS!
➣ utkarsh2102 across the web.
The main goal of this project is to provide a tool to automatically detect those issues and report them upstream.
During the maintenance of the Ruby packages in Debian, several issues in upstream codebases have been identified that make it difficult to build a Debian package out of Ruby gems.
The Ruby Together logo is licensed under MIT License.
This project is being mentored by
David Rodríguez (@deivid-rodriguez)
Antonio Terceiro (@terceiro)
For the problem being faced, the best solution is to write a linter in the Ruby language.
To write a linter (for any language), the first thing would be to create an Abstract Syntax Tree.
Thankfully, there exists such a thing already, called RuboCop, a Ruby static code analyzer and formatter.
class GemspecGit < Cop
def_node_search :xstr, <<~PATTERN
(block
(send
(const
(const {cbase nil?} :Gem) :Specification) :new)
(args
(arg _)) `$(xstr (str start_with('git'))))
PATTERN
The usage of `git ls-files` in the `gemspec` file can be determined by the following AST:
STEP 1:
def investigate(processed_source)
xstr(processed_source.ast).each do |node|
add_offense(
processed_source.ast,
location: node.loc.expression,
message: MSG
)
end
end
The next thing is to process the AST formed against the source code to match problematic lines:
STEP 2:
RSpec.describe RuboCop::Cop::Packaging::GemspecGit do
subject(:cop) { described_class.new(config) }
let(:config) { RuboCop::Config.new }
let(:message) { RuboCop::Cop::Packaging::GemspecGit::MSG }
it 'registers an offense when using `git` for :files=' do
expect_offense(<<~RUBY)
Gem::Specification.new do |spec|
spec.files = `git ls-files`.split("\\n")
^^^^^^^^^^^^^^ #{message}
end
RUBY
end
end
Write tests \o/
STEP 3:
Now, the tool is ready to be deployed, let's use this in other projects:
(this correctly determies the usage of `git ls-files` in the `gemspec` file)
➣ Daily logs are available at gsocwithutkarsh2102.tk.
➣ 5 descriptive blogs have been written, available at
https://utkarsh2102.com.
➣ 2 cops have been written and
released. The latest version is
v0.2.0.
➣ 3rd cop is almost ready..
➣ The code is documented.
➣ 3 releases have been made at rubygems.org & Debian.
➣ Being used by 16 other libraries/applications.
+ 2 projects hosted on GitLab.
➣ packaging-style-guide is on its way.. :)
And more to come... \o/
➣ Maintaining packages for Ruby, Go, Perl, Python, and JS team.
➣ FTP Trainee => reviewing the ever-long NEW queue.
➣ Mailing list moderator.
➣ Bursary team, DebConf.
➣ Content team, DebConf.
➣ Helping security team with providing security patches.
➣ Debian (E)LTS security uploads to Stretch and Jessie.
➣ Organizing MiniDebConfs + orga for DebConf23.
➣ Mentoring newcomers + sponsoring a bunch of uploads.
With my DD hat on, I work(ed) on many more things besides GSoC.
@utkarsh2102
<utkarsh@debian.org>