[Dev] automated package repository linter and backlog
lukeshu at lukeshu.com
Mon Apr 23 19:37:21 GMT 2018
On Mon, 23 Apr 2018 02:37:54 -0400,
Andreas Grapentin wrote:
> Hi everyone,
> in the last few weeks / months I started running integrity checks on our
> package repositories such as:
> - checks whether one of our packages is behind in version number
> compared to an upstream arch package of the same name
> - checks whether we have packages that appear to not have a pkgbuild
> - checks whether packages list unsupported arches in the arch array
> - checks whether packages in the repository are behind in version
> number when compared to the version specified in the pkgbuild (i.e.
> when the pkgbuild is updated, but the builds were not released)
> Note: If you are interested in having additional checks run, or have a
> cool idea how to improve any of the above, please let me know.
Each package contains a .BUILDINFO file that (among other things) has
a checksum of the PKGBUILD used to build it. (eg from zlib:
pkgbuild_sha256sum = 6242863dcad3ae2fe4b53376fb53f608eaac915ffdd2baf1c3207b54b8ec2522
It would be cool to have it check that the PKGBUILD in abslibre
actually matches the one used to build the package.
> Now the cool part: I am at the point where I can automate running these
> checks daily, creating a backlog of "repository smells" that anyone with
> a bit of time on their hands can take a look at.
> the link to the "backlog" (just an etherpad, in reality) is here:
Have you published the code anywhere?
dbscripts already includes a number of repo checks
(`cron-jobs/integrity-check`, and `db-check-*`). However, we haven't
been runing these regularly in quite a while. Any interest in
incorporating/integrating with them?
~ Luke Shumaker
More information about the Dev