Hi, On Wed, Jan 10, 2024 at 03:06:05PM +0800, Otto Kekäläinen wrote: > Package: git-buildpackage > Severity: wishlist > > Hi! > > I frequently find myself doing manual work comparing if my local git > repository contents and tags are correct and in sync with the git > remotes and the Debian and Ubuntu archives. > > I am worried about mistakes such as: > > - A maintainer tagged and uploaded but forgot to push it to remote git > repositories > > - Maintainer git tagged a version that failed to upload, and then > forgot to delete and re-tag after fix and new upload attempt, or I did > locally fix the tag to point to correct contents put forgot to force > push updated tag to git remotes > > - Somebody else than the regular maintainer uploaded but didn't push > to git and git repository content is behind Debian/Ubuntu apt > repositories > > - Somebody (e.g. Ubuntu sponsor) modified the package before upload, > and git repository diverges from apt repository > > > To automatically detect (and perhaps even fix) these situations I > propose git-buildpackage adds a feature 'gbp sync' which would roughly > have this logic: > > 1. Traverse past 8 or so debian/changelog entries, extract > Debian/Ubuntu release name and version and check if equivalent git > tags exist locally. > > 2. Compare to remotes and warn if any tags are missing locally, or > remotes have more tags than local, or tags point to different commits. > > 3. Check from equivalent apt repositories (including -security, > -updates, -proposed-updates) what versions they have and warn if apt > repositories have releases missing from the debian/changelog, or if > past local changelog entries seems to never have reached any apt > repository.
…skipping binNMUs ? > 4. While doing the above, also download the . dsc files to a local > temporary directory. Using the checksums in the .dsc files verify that > the apt repository .debian.tar checksum matches what the locally > tagged git commit debian/ contents would produce. This verifies the > uploaded version actually is the same as in the gbp tag. > > 5. If everything matches, emit a success message. If not, tell users > what is out of sync and ask the user (maintainer) to manually fix and > validate fixes by rerunning 'gbp sync'. I agree that this sort of validation/fix would make sense. Somewhat related is /usr/share/doc/git-buildpackage/examples/gbp-upload which helps to ensure that tags end up in the blessed repo when doing an upload. Cheers, -- Guido > > > This could also be a separate tool, but since git-buildpackage has > such an extensive test suite and mature code base, and the tool would > operate off the semantics of gbp.conf seems this could be an useful > extension to git-buildpackage. > > - Otto >
