[Dev] automated package repository linter and backlog

Luke Shumaker lukeshu at lukeshu.com
Mon Apr 23 19:37:21 GMT 2018

On Mon, 23 Apr 2018 02:37:54 -0400,
Andreas Grapentin wrote:
> Hi everyone,
> in the last few weeks / months I started running integrity checks on our
> package repositories such as:
>  - checks whether one of our packages is behind in version number
>    compared to an upstream arch package of the same name
>  - checks whether we have packages that appear to not have a pkgbuild
>    anymore
>  - checks whether packages list unsupported arches in the arch array
>  - checks whether packages in the repository are behind in version
>    number when compared to the version specified in the pkgbuild (i.e.
>    when the pkgbuild is updated, but the builds were not released)
> Note: If you are interested in having additional checks run, or have a
> cool idea how to improve any of the above, please let me know.

Each package contains a .BUILDINFO file that (among other things) has
a checksum of the PKGBUILD used to build it.  (eg from zlib:

	pkgbuild_sha256sum = 6242863dcad3ae2fe4b53376fb53f608eaac915ffdd2baf1c3207b54b8ec2522

It would be cool to have it check that the PKGBUILD in abslibre
actually matches the one used to build the package.

> Now the cool part: I am at the point where I can automate running these
> checks daily, creating a backlog of "repository smells" that anyone with
> a bit of time on their hands can take a look at.
> the link to the "backlog" (just an etherpad, in reality) is here:
> https://pad.riseup.net/p/ParabolaOutOfDate

Have you published the code anywhere?

dbscripts already includes a number of repo checks
(`cron-jobs/integrity-check`, and `db-check-*`).  However, we haven't
been runing these regularly in quite a while.  Any interest in
incorporating/integrating with them?

Happy hacking,
~ Luke Shumaker

More information about the Dev mailing list