Pkgcheck

---------------------------

- TreeVulnerabilitiesCheck: Restrict to checking against the gentoo repo only.

- Allow explicitly selected keywords to properly enable their related checks if
they must be explicitly enabled.

- UnusedMirrorsCheck: Ignore missing checksums for fetchables that will be
caught by other checks.

- pkgcheck replay: Add support for replaying JsonStream reporter files.

- Add initial JsonStream reporter as an alternative to the pickle reporters for
serializing and deserializing result objects.

- Add support for comparing and hashing result objects.

- Fix triggering metadata.xml maintainer checks only for packages.

---------------------------

---------------------------

- NonexistentProfilePath: Change from warning to an error.

- Fix various XML result initialization due to missing attributes.

- MissingUnpackerDepCheck: Fix matching against versioned unpacker deps.

- Rename BadProto keyword to BadProtocol.

---------------------------

---------------------------

- Profile data is now cached on a per repo basis in ~/.cache/pkgcore/pkgcheck
(or wherever the related XDG cache environment variables point) to speed up
singular package scans. These caches are checked and verified for staleness
on each run and are enabled by default.

To forcibly disable profile caches include ``--profile-cache n`` or similar
as arguments to ``pkgcheck scan``.

- When running against a git repo, the historical package removals and
additions are scanned from ``git log`` and used to populate virtual repos
that enable proper stable request checks and nonexistent/outdated blocker
checks. Note that initial runs where these repos are being built from scratch
can take a minute or more depending on the system; however, subsequent runs
shouldn't take much time to update the cached repos.

To disable git support entirely include ``--git-disable y`` or similar as
arguments to ``pkgcheck scan``.

- zshcomp: Add initial support for keyword, check, and reporter completion.

- Enhance support for running against unconfigured, external repos. Now
``pkgcheck scan`` should be able to handle scanning against relevant paths to
unknown repos passed to it or against a repo with no arguments passed that
the current working directory is currently within.

- BadFilename: Flag SRC_URI targets that use unspecific ${PN}.ext filenames.

- HomepageInSrcUri: Flag ${HOMEPAGE} usage in SRC_URI.

- MissingConditionalTestRestrict: Flag missing ``RESTRICT="!test? ( test )"``.

- InvalidProjectMaintainer: Flag packages specifying non-existing project as
maintainer.

- PersonMaintainerMatchesProject: Flag person-type maintainer matching existing
projects.

- NonGentooAuthorsCopyright: Flag ebuilds with copyright stating owner other
than "Gentoo Authors" in the main gentoo repo.

- AcctCheck: Add various checks for acct-* packages.

- MaintainerWithoutProxy: Flag packages with a proxyless proxy maintainer.

- StaleProxyMaintProject: Flag packages using proxy-maint maintainer without
any proxied maintainers.

- BinaryFile: Flag binary files found in the repository.

- DoublePrefixInPath: Flag ebuilds using two consecutive paths including
EPREFIX.

- PythonReport: Add various python eclasses related checks.

- ObsoleteUri: Flag obsolete URIs (github/gitlab) that should be updated.

- VisibilityReport: Split NonsolvableDeps into stable, dev, and exp results
according to the status of the profile that triggered them.

- GitCommitsCheck: Add initial check support for unpushed git commits. This
currently includes the following keywords: DirectNoMaintainer,
DroppedStableKeywords, DroppedUnstableKeywords, DirectStableKeywords, and
OutdatedCopyright.

- MissingMaintainer: Flag packages missing a maintainer (or maintainer-needed
comment) in metadata.xml.

- EqualVersions: Flag ebuilds that have semantically equal versions.

- UnnecessarySlashStrip: Flag ebuilds using a path variable that strips a
nonexistent slash (usually due to porting to EAPI 7).

- MissingSlash: Flag ebuilds using a path variable missing a trailing slash
(usually due to porting to EAPI 7).

- DeprecatedChksum: Flag distfiles using outdated checksum hashes.

- MissingRevision: Flag packages lacking a revision in =cat/pkg dependencies.

- MissingVirtualKeywords: Flag virtual packages with keywords missing from
their dependencies.

- UnsortedKeywords: Flag packages with unsorted KEYWORDS.

- OverlappingKeywords: Flag packages with overlapping arch and ~arch KEYWORDS.

- DuplicateKeywords: Flag packages with duplicate KEYWORD entries.

- InvalidKeywords: Flag packages using invalid KEYWORDS.

---------------------------

---------------------------

- Add MetadataXmlEmptyElement check for empty elements in metadata.xml files.

- Add BadProfileEntry, UnknownProfilePackages, UnknownProfilePackageUse, and
UnknownProfileUse checks that scan various files in a repo's profiles
directory looking for old packages and/or USE flags.

- Merge replay functionality into pkgcheck and split the commands into 'scan',
'replay', and 'show' subcommands with 'scan' still being the default
subcommand so previous commandline usage for running pkgcheck remains the
same for now.

- Add 'errors' and 'warnings' aliases for the -k/--keywords option, e.g. if you
only want to scan for errors use the following: pkgcheck -k errors

- Fallback to the default repo if not running with a configured repo and one
wasn't specified.

- Add PortageInternals check for ebuilds using a function or variable internal
to portage similar to repoman.

- Add HttpsAvailable check for http links that should use https similar
to repoman.

- Add DuplicateFiles check for duplicate files in FILESDIR.

- Add EmptyFile check for empty files in FILESDIR.

- Add AbsoluteSymlink check similar to repoman's.

- Add UnusedInMasterLicenses, UnusedInMasterEclasses,
UnusedInMasterGlobalFlags, and UnusedInMasterMirrors reports that check if an
overlay is using the related items from the master repo that are unused there
(meaning they could be removed from the master soon).

- Add initial json reporter that outputs newline-delimited json for report
objects.

- Add BadFilename check for unspecific filenames such as ${PV}.tar.gz or
v${PV}.zip that can be found on raw github tag archive downloads.

- GPL2/BSD dual licensing was dropped to BSD as agreed by all contributors.

- Add check for REQUIRED_USE against default profile USE which flags packages
with default USE settings that don't satisfy their REQUIRED_USE for each
profile scanned.

- Add -k/--keywords option to only check for certain keywords.

- Add UnusedEclasses check.

- Drop --profiles-disable-deprecated option, deprecated profiles are skipped by
default now and can be enabled or disabled using the 'deprecated' argument to
-p/--profiles similar to the stable, dev, and exp keywords for profile
scanning.

- Add UnusedProfileDirs check that will output all profile dirs that aren't
specified as a profile in profiles.desc or aren't sourced by any as a parent.

- Add python3.6 support and drop python3.3 support.

- Add UnnecessaryManifest report for showing unnecessary manifest entries for
non-DIST targets on a repo with thin manifests enabled.

- Collapse -c/--check and -d/--disable-check into -c/--checks option using the
same extended comma toggling method used for --arches and --profiles options.

- Add support for checking REQUIRED_USE for validity.

- Drop -o/--overlayed-repo support and rely on properly configured masters.

- Add UnknownLicenses report for unknown licenses listed in license groups.

- Add support for running checks of a certain scope using -S/--scopes, e.g. to
run all repo scope checks on the gentoo repo use the following command:
pkgcheck -r gentoo -S repo

- Add UnusedMirrorsCheck to scan for unused third party mirrors.

- Add UnknownCategories report that shows categories that aren't listed in a
repo's (or its masters) categories.

- Update deprecated eclasses list.

- Drop restriction on current working directory for full repo scans. Previously
pkgcheck had to be run within a repo, now it should be able to run from
anywhere against a specified repo.

---------------------------

---------------------------

* Fix new installs using pip.

---------------------------

---------------------------

* Replace libxml2 with lxml-based validator for glep68 schema validation.

* UseAddon: Use profile-derived implicit USE flag lists instead of pre-EAPI 5
hacks. This also improves the unused global USE flag check to look for unused
USE_EXPAND flags.

* Add various repo-level sanity checks for profile and arch lists.

* Output reports for ~arch VCS ebuilds as well, previously only vcs ebuilds
with stable keywords would display warnings.

* Large reworking of profile and arch addon options. In summary, the majority
of the previous options have been replaced with -a/--arches and -p/--profiles
that accept comma separated lists of targets to enable or disable. The
keywords stable, dev, and exp that related to the sets of stable,
development, and experimental profiles from the targetted repo can also be
used as --profiles arguments.

For example, to scan all stable profiles use the following::

pkgcheck -p stable

To scan all profiles except experimental profiles (note the required use of
an equals sign when starting the argument list with a disabled target)::

pkgcheck -p=-exp

See the related man page sections for more details.

* Officially support python3 (3.3 and up).

* Add initial man page generated from argparse info.

* Migrate from optparse to argparse, usability-wise there shouldn't be any
changes.

* Drop ChangeLog file checks, the gentoo repo moved to git so ChangeLogs are
not in the repo anymore.

---------------------------