On 02/13/2011 01:05 PM, Bernhard R. Link wrote:
* Jeff Green<[email protected]> [110213 17:39]:
During the squeeze upgrade period I'd discovered an inconsistency that had
entered into my repository mirror. I suspect it happened when I did a pull for
the armel packages and didn't specify it correctly. Consequently the wrong
packages were then deemed part of the armel release. I was pretty quick in
tracking down the problem after the signs pointed to the repository, however
until that happened I was naively assuming the repository was valid.
As I see it so far, the "checks" that are provided check for internal
consistency
but not necessarily consistency with respect to an outside source. I propose a
"checkrelease" action that will provide information with respect to differences
between the local release file and the remote or master release file. Obviously
this action can possibly produce too much info and so enough controls need to be
available to customize the information provided.
I do not think I understand what this check is supposed to check at all.
Is it:
- checking all packages in a distribution have a source package in that
distribution?
i.e. what 'reprepro sourcemissing' does (introduced in 4.3.0)?
I can't find a reference to this action in the manpage.
- checking everything can be get from some other distribution/remote?
i.e. something like temporarily chaning the update/pull rule to start
with a delete rule ("-") and running checkpull/checkupdate and only
showing which packages would be deleted?
- something else?
what should it check for?
Basically it is a tool for checking that the local db/packages.db is in
synchronization with the Packages file(s) on the master repository if
exact synchronization is desired. Or how they differ if differences are
part of the local repo. (I'm assuming the Packages files are a reference
point since they are downloaded when (re)building the db/packages.db
file.) The local version of the Packages file(s) apparently are built
from the information in the db/packages.db file (and possibly other
databases). Consequently they can be compared against each other. I
think the idea is simple but useful in the context of being able to do
things independent of the master repository such as my bad pull.
Obviously if all actions are clean and safe then such a verifier is not
necessary. But I suspect that the soundness of software goes up and down
depending upon whatever feature are there and/or being added.
Is the above helpful?
-jeff
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
