Library manager rules for library exclusion & notifications when library excluded
14 views
Skip to first unread message
Bill Perry
Aug 20, 2016, 5:02:17 PM8/20/16
to Developers
I recently updated one of my libraries (hd44780 to 0.7.0) yet the IDE is not seeing the 0.7.0 release.
I've done this a few times in the past and all was well.
The only difference this time is that the repository now includes some executable shell scripts under under the "extras" directory to assist in creating of the releases.
Perhaps the library manager script is tossing out the new library version because of this?
The library manage FAQ is not very descriptive/helpful about if this could be an issue.
It mere states that it cannot contain any .exe files (which this is not) but they are executable scripts.
Perhaps it really just checks for any executable files?
Where can I find the hourly script that runs to locate the new library releases?
Also, would it make sense to send an email to a library author or maintainer if the library manager script notices a problem and excludes a library release?
The challenge with that is the the script runs once per hour which might cause the author to receive an email every hour until it was corrected.
Also, the library repo might have non release tags that trigger an issue.
But for the cases where everything appears to be ok and the library release is being excluded for some specific reason like:
I've done this a few times in the past and all was well.
The only difference this time is that the repository now includes some executable shell scripts under under the "extras" directory to assist in creating of the releases.
Perhaps the library manager script is tossing out the new library version because of this?
The library manage FAQ is not very descriptive/helpful about if this could be an issue.
It mere states that it cannot contain any .exe files (which this is not) but they are executable scripts.
Perhaps it really just checks for any executable files?
Where can I find the hourly script that runs to locate the new library releases?
Also, would it make sense to send an email to a library author or maintainer if the library manager script notices a problem and excludes a library release?
The challenge with that is the the script runs once per hour which might cause the author to receive an email every hour until it was corrected.
Also, the library repo might have non release tags that trigger an issue.
But for the cases where everything appears to be ok and the library release is being excluded for some specific reason like:
- its version number is not semver compliant
- it contains
.exefiles - it contains a
.developmentfile - our antivirus finds infected files
It would be really nice to get an email notification of some sort indicating the issue.
I could even live with it being sent every hour as it would be a big nudge to fix it asap.
--- bill
Bill Perry
Aug 21, 2016, 1:27:13 AM8/21/16
to Developers
A small followup.
I removed my 0.7.0 tag and created a new release for 0.7.1 that has the executable scripts removed and the 0.7.1 release of hd44780 is still not showing up in the library manager so
either the library has been permanently removed from the list of known libraries or there is something not working correctly with the library manager job that looks for new library releases.
I guess I'll know on Sunday or Monday when the library manager purges out old libraries.
But I'd still like to know how the library manager job determines if a library is "bad" and what it does once it determines this.
-- bill
I removed my 0.7.0 tag and created a new release for 0.7.1 that has the executable scripts removed and the 0.7.1 release of hd44780 is still not showing up in the library manager so
either the library has been permanently removed from the list of known libraries or there is something not working correctly with the library manager job that looks for new library releases.
I guess I'll know on Sunday or Monday when the library manager purges out old libraries.
But I'd still like to know how the library manager job determines if a library is "bad" and what it does once it determines this.
-- bill
Cristian Maglie
Aug 22, 2016, 3:54:54 AM8/22/16
to devel...@arduino.cc
Hi Bill,
actually it wasn't due to your library, but on a network problem on our
server, now everything is back to normal.
> But I'd still like to know how the library manager job determines if a
> library is "bad" and what it does once it determines this.
- syntax errors on library.properties (or library.properties missing).
- presence of .exe
- presence of malware/virus (every library is scanned with an antivirus
software)
when a revision is marked as "bad" it is simply ignored. You can always
replace the "bad" release or leave it there and add another one.
C
--
Cristian Maglie <c.ma...@arduino.cc>
Bill Perry
Aug 22, 2016, 5:24:02 PM8/22/16
to Developers
On Monday, August 22, 2016 at 2:54:54 AM UTC-5, Cristian Maglie wrote:
Hi Bill,
actually it wasn't due to your library, but on a network problem on our
server, now everything is back to normal.
Sure enough. It seems to be ok now.
I have a question on the malware/virus scan.
I have some executable bash scripts that are not really part of the library but are used to patch various library files to get them ready for a release.
It would be convenient to put those scripts in the repo with the library so that they won't get lost.
Will this trip up the virus scan? Or can I go ahead an include them down under the "extras" directory without any issues.
> But I'd still like to know how the library manager job determines if a
> library is "bad" and what it does once it determines this.
The conditions for a "bad library" are:
- syntax errors on library.properties (or library.properties missing).
- presence of .exe
- presence of malware/virus (every library is scanned with an antivirus
software)
when a revision is marked as "bad" it is simply ignored. You can always
replace the "bad" release or leave it there and add another one.
C
That sounds really good.
Could the library manager job also send an email to the author/maintainer when a new library release is added or rejected (marked bad)?
That way the author/maintainer would get some sort of notification feedback that their recently released library was processed.
The script could get the email address from the .properties (assuming it can be found in .properties).
It might be particularly useful for several of the rejection cases like bad version, .exe files, malware detected, etc... especially if could communicate the reason as to the rejection in the email.
Not sure if others would think this is useful or annoying but I'd kind of like to get the feedback that the new library release was processed and was either added to the library manager or rejected along with the reason for rejection.
That said, I only want to get it once for the new release, and in the case of a rejection not each time the library manager job runs, like each hour.
--- bill
Could the library manager job also send an email to the author/maintainer when a new library release is added or rejected (marked bad)?
That way the author/maintainer would get some sort of notification feedback that their recently released library was processed.
The script could get the email address from the .properties (assuming it can be found in .properties).
It might be particularly useful for several of the rejection cases like bad version, .exe files, malware detected, etc... especially if could communicate the reason as to the rejection in the email.
Not sure if others would think this is useful or annoying but I'd kind of like to get the feedback that the new library release was processed and was either added to the library manager or rejected along with the reason for rejection.
That said, I only want to get it once for the new release, and in the case of a rejection not each time the library manager job runs, like each hour.
--- bill
Reply all
Reply to author
Forward
0 new messages