Bug#759403: lintian: Please publish machine-readable report for all packages

To: intrigeri@debian.org, 759403@bugs.debian.org
Subject: Bug#759403: lintian: Please publish machine-readable report for all packages
From: Niels Thykier <niels@thykier.net>
Date: Wed, 27 Aug 2014 07:06:11 +0200
Message-id: <[🔎] 53FD6743.5070402@thykier.net>
Reply-to: Niels Thykier <niels@thykier.net>, 759403@bugs.debian.org
In-reply-to: <[🔎] 85r402wz1z.fsf@boum.org>
References: <[🔎] 85r402wz1z.fsf@boum.org>

On 2014-08-27 02:34, intrigeri@debian.org wrote:
> Package: lintian
> Version: 2.5.25
> Severity: wishlist
> 
> Hi,
> 

Hi,

> on the pkg-perl team, we would like to track the hardening status of
> our packages (same goes in Tails, to track the hardening status of the
> packages we ship).
> 
> The easiest way for us would possibly be to retrieve data about all
> packages from lintian.d.o, filter on the maintainer field, and build
> statistics and graphs from that.
> 

Thanks for looking into this

> I've had a look at the html_reports script, which seems to be the best
> place to generate the file I'd like to see on lintian.d.o. Much alike
> it generates qa-list.txt already, something like packages-binary.yml
> could be created there. Its format could be something like a list of:
> 
> - $BINARY_PKG_NAME:
>   maintainer: ...
>   version: ...
>   source: ...
>   tags:
>     - $TAG_NAME:
>       severity: ...
>       certainty: ...
> 
> Of course, for consistency, generating packages-source.yml would be
> good too, although I don't need that right now.
> 

I am personally considering whether we should have it in one file.
Maybe something like:

  "$SOURCE/$VERSION":
    maintainer: ...
    ...
    binaries:
    - "$BINARY1/$VERSION1/$ARCH"
      tags:
      - $TAG_NAME:
        ...
      - $TAG_NAME:
        ...
      ...
   - tags:
     - $TAG_NAME:
       ...
   - udebs:
     - "$UDEB1/$VERSION1/$ARCH":
        tags:
        - $TAG_NAME:
          ...
        - $TAG_NAME:
          ...
        ...

Note that $SOURCE/$VERSION should be enough to uniquely identify a
source.  For binaries/udeb we also need the architecture.

> I've given it a try, but was quickly discouraged by the need for
> a local lab (and mirror?), which I have no experience with.
> 

Actually, for html_reports, you don't need a full mirror (harness is an
entirely different beast). You just need a timestamp in the "trace"
file, a la:

  $ cat <mirror>/project/trace/ftp-master.debian.org
  Sat, 29 Dec 2012 21:19:12 +0000

And then a static laboratory (which lintian can generate with -S).  The
lab can be empty.  In this case, the maintainer value and a few other
things will be incorrect in the generated HTML - but that is very likely
irrelevant for your test.

> I'd welcome any hint and guidance regarding the relevance of the
> general idea, the rough design outlined above, and locally testing an
> implementation I could come up with.
> 
> Cheers,
> --
> intrigeri
> 
> 

To setup a test for html_reports, you need something to the extend of:

 $ lintian -S $LAB
 $ lintian --lab $LAB <*.deb *.changes *.dsc> | tee -a $TEST_LOG
 ... create "config" with $MIRROR and $LAB ...
 $ path/to/lintian/reporting/html_reports $TEST_LOG
 $ rm -r www.new

~Niels

Reply to:

References:
- Bug#759403: lintian: Please publish machine-readable report for all packages
  - From: intrigeri@debian.org

Prev by Date: Build failed in Jenkins: lintian-tests_sid #163
Next by Date: Bug#729593: (no subject)
Previous by thread: Bug#759403: lintian: Please publish machine-readable report for all packages
Next by thread: Bug#729593: (no subject)
Index(es):
- Date
- Thread