From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 1C28D1384B4 for ; Mon, 7 Dec 2015 18:50:04 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 70F3E21C0A5; Mon, 7 Dec 2015 18:49:49 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 860D921C05F for ; Mon, 7 Dec 2015 18:49:48 +0000 (UTC) Received: from [192.168.1.100] (c-98-218-46-55.hsd1.md.comcast.net [98.218.46.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mjo) by smtp.gentoo.org (Postfix) with ESMTPSA id 497F6340A08 for ; Mon, 7 Dec 2015 18:49:46 +0000 (UTC) Subject: Re: [gentoo-dev] Re: [gentoo-commits] repo/gentoo:master commit in: app-emulation/runc/ To: gentoo-dev@lists.gentoo.org References: <1449465322.37c1ec7ef31a51206421f03a2df489ec7d7ca244.cardoe@gentoo> From: Michael Orlitzky X-Enigmail-Draft-Status: N1110 Message-ID: <5665D4C7.6000904@gentoo.org> Date: Mon, 7 Dec 2015 13:49:43 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: 4c663cd0-f787-4b84-ada9-03ea9ec1729a X-Archives-Hash: 16e31545ee0cdf3abc2db5063470f38f On 12/07/2015 01:26 PM, Matt Turner wrote: >> >> I fixed it now. > > This is happening with some frequency. Could we install a server-side > git hook that prevents pushes if an ebuild is added without a Manifest > change? It wouldn't have to verify anything more than that to catch > nearly all of these problems. > The last time this happened I had the same idea and sat down to write one. The pre-push hook would do something like, * Get a list of cat/pkg affected by the push * Compare that list to profiles/categories to see which ones are packages (and should thus have manifests) * Verify the integrity of the files in each affected package by using something like `repoman manifest-check` I gave up when I realized that this final step requires network access. The missing manifest updates are for the distfiles, not the ebuilds. But you could probably still fake it. For example, if any ebuild files are added/removed, you expect Manifest to change.