fedora-rpmdevtools (was RE: spectool-1.0.2)

[Erik LaBianca]

> >
> > fedora-installkey (install a key from keyserver into the fedora rpm
> > keyring)
> 
> This would be a really good idea!  Have you manage to be able to
script
> the removal of all signatures from that key though, so you can export
a
> keyfile that wont cause rpm to be b0rked?

I have signature removal scripted. However it isn't working. Removing
all uid's and all signatures doesn't seem to work correctly, and I
haven't been able to strip a key by hand successfully, so I'm stuck. I'd
appreciate some help :)

> 
> > fedora-qastart (download srpms+md5sums from bugzilla, verify them,
> > verify sources using spectool, output prelimary qa checklist)
> > fedora-qatemplate (create a qa template to paste fedora-qatest input
> > into, gpg sign it, maybe submit it to bugzilla eventually too)
> >
> 
> This would be tough, because there is currently no one standard way of
> putting it into bugzilla.  Some people use the URL field, while others
> post a link to it in the comments, while others (unhappily) never
update
> that link with package updates and I have to go fishing for it...


I'm somewhat successfully downloading stuff from bugzilla. I just
download the bugzilla page source, and look for "http://.*\.src\.rpm"
and "http://$1.*md5.*". For the stuff I've tried, it works well. This
way it only catches clickable links. If we want it to catch url field
entries as well, it wouldn't be a difficult change.

I'm sure there are some entries that will confuse it, but they could be
coded around.

I'd say we should just make a format that we expect .src.rpm and md5sum
announcements in, and ask people to conform to that. I think quick and
effective QA will be sufficient incentive.

The stuff I have is available at http://www.ilsw.com/~erik/ if anyone is
interested.

--erik