Support for RPM spec files #847
Comments
|
Totally up for this! Can you add some links to docs and example files, so this is easier to pick up whenever I can prioritise it? 🙂 |
|
@greysteil Here you go: What is most important here is to parse spec file. Based on "main" Here how typical RPM source looks like before it will be compiled to its binary form: |
|
@greysteil Parsing A great parser supporting a reasonable amount of rpm spec version could be found here => https://github.com/bkircher/python-rpm-spec |
feelepxyz
added
T: feature-request
Nah. Grab the /^source[0-9]*:/i lines . This tells you the upstream source project, and usually its version. Also, build-donkey hosts with the RPM toolset installed - so, every RPM-based host out there - can perform a quick spectool is a python tool at pagure.io/spectool . I'm thinking it's got parsing magic that can be ported in if shelling out is too dumb too often. TL;DR - sources we'd care about are plainly available in the spec-file to any buildbox/ci-donkey with basic tools installed, so dependabot checking upstream versions - by version - is completely possible. Don't discount this task -- it's not gonna be easy, but it's not as hard as we fear it's going to be. |
|
The idea is not to parse src.rpm files, but to parse .spec files that are available as plain text in github repo. Take into account this https://github.com/OpenMandrivaAssociation/libtiff/ |
Hi,
i think it will be a great feature if dependabot could support RPM's spec file.
There are a lot of projects and organizations that keep RPM sources on github, and they can easily benefit from dependabot
Parsing spec file's entries
Name:'Version:'
'Patch*:'
'BuildRequires:'
for name's version, patches (official CVE), versioned buildrequires.
The text was updated successfully, but these errors were encountered: