source audit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Since folks are checking over their packages for the correct license
tags and rebuilding for various other reasons, I thought I would add
another one to the mix. ;) 

I wrote up a quick and dirty script to check the sources that are in
the cvs look aside cache against the upstream source of the package as
pulled from the URI(s) in the Sources line(s). 

Of course this has a number of limitations: 

- Only Sources lines with full URI's can be checked. 
- I'm not currently checking Patches with full URI's, but I can add
that if there is interest. 

You can find the results file at: 

http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck.out

And also attached to this mail. 

Lines in the output are of three forms: 

- BADURL:base-file-name:$PACKAGENAME

This means that the URI provided in the Source(s) line didn't result in
a download of the source. This could be any of: URL changed, version
changed and URL wasn't updated, Site is down, Site is gone, etc. 
Also there are a number of packages with incorrect sourceforge links. 
(BTW, there are still some packages with ftp://people.redhat.com/
URLs). 

- BADSOURCE:$SOURCENAME:$PACKAGENAME

This means that the source was downloaded ok from the upstream site,
but doesn't match the md5sum given in the sources file. 
This could be due to needing to strip out content that fedora cannot
ship (but in that case you shouldn't have the full URI in the Source
line). Or upstream following poor release practices and updating
without changing their release.

- BAD_CVS_SOURCE:$SOURCENAME:$PACKAGENAME

This means that the file was downloaded from the URI given, and the
md5sum did not match the file thats present in CVS (not the lookaside).
This might be due to timestamps, or any of the above reasons. 

Needless to say, I think all of these cases should be fixed. 

Does anyone find this useful? Should I run it on a periodic basis? 
Shall I file bugs or spam owners after some period of time?

Comments, bugs, suggestions? 

kevin

Attachment: sourcecheck.out
Description: Binary data

Attachment: signature.asc
Description: PGP signature

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux