Software Repository Reports - 2024-06
The reports are listed in approximate order of priority. Such as, bundles must not have missing legal files, and all
bundles need to be signed (with few exceptions), and all bundles must use 4 part version numbers. The remaining reports
are important, and ideally would be "clean", but normally would not prevent the release, or inclusion in the common
repository. Except where noted, the checks are done directly are jars in the main common repository directories. That
is, it does not check the "trusted repositories" we point to via composite indirection. See the Reports FAQ for more information about
the code that generates the reports.
Remember, these automated reports test a minimal view of the repository. For example, a bundle may have an about.html
file, so is not listed in "missing files" report, but that does not mean the content of the about.html file is correct.
In other words, Committers and Project Leads are still responsible for correctness -- these reports are more focused on
obvious incorrectness, usually things that happen by small oversights, and which are often hard to "spot" until too
late. Note too that many of the "errors" these reports list, can be caught at development time, in Eclipse IDE, by
proper setting of PDE compiler settings.
Also, remember, especially since these reports are "new" in this context, the reports may contain out-right errors
and will certainly need improvement over time. Contributions welcome. Please open a bug in cross-project component if
you see problems or have new contributions.
-
Bundles missing required files
- This report lists bundles and features that are missing important, required files. It looks directly at jars in
the common repository. (Currently, does not check those "trusted repositories" we point to via composite
indirection). Missing legal files are usually considered a "stop ship" issue, since Eclipse is well known for its IP
quality.
-
Unsigned bundles and features
- This report lists bundles and features that are that are not signed. Pretty serious issue, though there are a
few exceptions. (well, only one code exception is known ... see below).
-
Jars that fail to verify (if any)
- This report lists jar files that fail "jarsigner -verify" in a serious way (more than simply "not signed", but more likely "not valid" or "tampered with". Indicates a project build issue. Re-processing or re-signing jars?
-
Bundle versions compared to reference repository
- Similar to the "Feature versions" report, this report scans the repo, looking for "non-groups" (bundles) and tabulates the comparison to reference repository.
The comparisons to pay most attention to are those that "decrease" from last release, to the current release. Note: this report does not correctly handle cases where
there are more than one version of a bundle in the repo. Sometimes those are not valid to have anyway, but sometimes it is valid, and this report does not
have enough logic to know what to do with those that occur with same ID, but multiple versions. You can usually just ignore those comparisons in this report.
-
Bundles and Features not using 4 part versions
- To have p2 update correctly and OSGi to resolve bundles as expected, it is essential that bundles and features
use the required 4 part versioning rules. Every build.
-
Consistent, current licenses (SUA) in features
- Check to make sure features use the current, correct license. The report also lists features in repository with
no license (SUA) in the content metadata. This report uses the repository's content metadata, instead of the jar
files themselves, in contrast to the "missing files" report, above. Both are important to be correct, as different
parts of Eclipse code use one or the other to present information to the user depending on the task.
-
Use and Distribution of Bundle-RequiredExecutionEnvironment
- Interesting report showing what BREEs are in use, and which bundles are missing it. All bundles with Java code
should have one, but it is not required in resource-only bundles.
-
Feature names report
- Check this report for features using incorrect names or incorrect localization settings. While we can not
automatically know what the correct name of a bundle is, we can be sure it does not start with '%', and is not
"Feature-Name" or "feature", etc. This test is ran against the content metadata of the repository.
-
Bundle names report
- Check this report for bundles using incorrect names or incorrect localization settings. While we can not
automatically know what the correct name of a bundle is, we can be sure it does not start with '%', and is not
"Bundle-Name" or "plugin-name", etc. This test is ran against the content metadata of the repository.
-
Provider name report
- Check for bundles using incorrect provider names (Bundle-Vendor directive) or incorrect localization settings.
The best form of provider name is "Eclipse <project name>". Some projects have chosen a slightly different
form, and can not automate every name check, but, again, we know it should not start with '%', not be
"provider-name" nor be empty (null). This test is ran against the content metadata of the repository.
-
Feature Copyrights
- List copyrights used by Features.
-
Feature Descriptions
- List descriptions used by Features.
-
List of non-unique versions
- List those bundles (technically, IUs) for which there are multiple versions. It is often quite normal for there
to be multiple versions (e.g. when differ by major or minor versions), but sometimes looking at the multiple version
report can spot unexpected cases where there are multiple versions. Even if so, it will usually not cause problems,
but can at least be inefficient use of space (e.g. if differ only by qualifier).
-
Version Qualifier Patterns
- This is an exploratory report of the the types or patterns of version qualifiers by bundles and features in the
repository. Longer term, this report can be improved to spot typos and also find bundles or features in the
repository that do not use 4 part versioning. (A report, above, also detects lack of 4 part versioning, but is based
on jars, found in common directory, rather than all of content metadata in repository.)
-
Use of Eclipse-SourceReferences
-
List those bundles which are, and which are not, using the Eclipse-SourceReferences
directive and the value of that directive. This directive (and report) is useful for some projects to help their
community find their source code directly from their repository (to help make providing patches easier), but is not
useful or appropriate for all projects. Use the directive, and the report, however your project deems appropriate
and useful.
-
Feature Directory Lengths
- This is an exploratory report of the length of feature directories length, if feature was installed, (not
including the .../eclipse/features part of name). Its purpose it to alert the interested of exceptionally long
feature names, which might cause some issues on some operating systems. This report is exploratory, since it is
unclear what, if any, should be considered the maximum length, which depends on many factors. But ... if you are
creating new features, it'd be best not to exceed the typical sizes.
-
Signing test report (info)
-
Signed bundles exceptions
- Just to document it, there are a few known cases of jars in the repository that are not or should not be
signed.
-
Correctly signed bundles
- Again, just documentation of jars we found correctly signed.