On Mon, 23 Apr 2018 02:37:54 -0400,
Andreas Grapentin wrote:
> Hi everyone,
>
> in the last few weeks / months I started running integrity checks on our
> package repositories such as:
>
> - checks whether one of our packages is behind in version number
> compared to an upstream arch package of the same name
> - checks whether we have packages that appear to not have a pkgbuild
> anymore
> - checks whether packages list unsupported arches in the arch array
> - checks whether packages in the repository are behind in version
> number when compared to the version specified in the pkgbuild (i.e.
> when the pkgbuild is updated, but the builds were not released)
>
> Note: If you are interested in having additional checks run, or have a
> cool idea how to improve any of the above, please let me know.
Each package contains a .BUILDINFO file that (among other things) has
a checksum of the PKGBUILD used to build it. (eg from zlib:
pkgbuild_sha256sum =
6242863dcad3ae2fe4b53376fb53f608eaac915ffdd2baf1c3207b54b8ec2522
It would be cool to have it check that the PKGBUILD in abslibre
actually matches the one used to build the package.
> Now the cool part: I am at the point where I can automate running these
> checks daily, creating a backlog of "repository smells" that anyone with
> a bit of time on their hands can take a look at.
>
> the link to the "backlog" (just an etherpad, in reality) is here:
> https://pad.riseup.net/p/ParabolaOutOfDate
Have you published the code anywhere?
dbscripts already includes a number of repo checks
(`cron-jobs/integrity-check`, and `db-check-*`). However, we haven't
been runing these regularly in quite a while. Any interest in
incorporating/integrating with them?
--
Happy hacking,
~ Luke Shumaker
_______________________________________________
Dev mailing list
[email protected]
https://lists.parabola.nu/mailman/listinfo/dev
