Can maintaining package dependencies in RPM be magic?

One of the biggest complaints I hear about packaging software is packaging up all the dependencies, and then being responsible for keeping them current. Obviously, this is not the only complaint.. but i’m not talking about the others at the moment.

A long time ago i had the idea for a website where you could aggregate status updates for software projects you care about, thus allowing you to go get all your updates without having to subscribe to billions of lists. I had this idea back when still installing things manually, because the package ecosystem was nowhere near as complete as it is today (in debian or fedora). Sometime after that i registered (my software update feed) with the intention of one day writing such a tool.

That was a long time ago, and obviously this kind of thing is an issue. So some really clever people (okay, at the very least more motivated) in Fedora came up with Anitya, a tool for monitoring releases. They even provide a public and freely consumable installation.

Anitya publishes events to fedmsg (fedora infratructure message bus), which can be listened to as an unauthenticated feed.

Stanislav Ochotnick√Ĺ created a small proof of concept project called fedwatch which listens to fedmsg and will pass data from it to scripts in its run directory. My idea was to take release information and pass it to jobs in jenkins that are setup to bump the relevant information in a spec file with rpmdev-bumpspec (>=1.8.5) and build the new version. In theory this would cover lots of releases with minimal overhead, allowing the outlying changes to require hands on. I’ve put some completely unfinished code here.

Published by


So I'm in my 30s. I'm a career computer geek, but of the skilled and suitably employed variety, not the variety that runs around in one of a fleet of identical vehicles to wage viral warfare. I have spent well over half my life online, and was done with most forms of social networking by the time I hit 23. For those of you that doubt it IRC, forums, and even the good old BBS's of yester-year (which I missed out on since my parents would not let me connect the modem on my commodore 64) are all social networking. We just didn't have such a fancy accepted term for it then. Through out that time I have considered starting a blog on occasion. Not because I'm all that interesting (the level varies year to year), but because I so often end up putting together pieces of technology in a way that I have a hard time finding good online resources for, and its only fair to try and give back. But alas, I tend to be a bit lazy, or busy, and never got around to it. Until now (I hope, and so far have failed). The point of this blog is to be a bit more of a collection of thoughts, helpful hints, or maybe commentary on kewl things. I'll try to leave the details of my harrowing treks down ten inch deep rapids or the details of my last family gathering out of it. For your safety and well-being as much as my own. This blog is my personal blog. The views expressed on these pages are mine alone and not those of my past, present or any future employer.