It's quite common for Gentoo developers to mistakenly use = instead of ~ operator for dependencies. As a result, things fall apart when people revbump the dependencies, e.g. due to dependency change. To reduce the fallout, I think we could warn people about suspicious dependencies. That is, repoman could issue a warning about dependencies like: =dev-foo/bar-1.2.3 That is: 1. using = operator, 2. not using * wildcard, 3. not specifying any revision. To workaround the warning for valid dependencies on -r0, the ebuilds could specify =foo-1.2.3-r0 (yes, it's valid).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=1bc4cd48c85b1a367f3f5adf07428e1e638d5e60 commit 1bc4cd48c85b1a367f3f5adf07428e1e638d5e60 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2018-03-03 21:29:11 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-07-14 08:43:13 +0000 repoman: Warn on = dependencies without * or revision Warn if the '=' package dependency operator is used along with pure version with no revision specified. This means to catch a common mistake of developers copying '=' from upstream dependency specification while '~' operator would be more appropriate. This causes unintended depgraph breakage when the dependencies are revbumped e.g. due to dependency changes, or prevents people from upgrading. The developers are given two suggestions: either to use '~' if any revision is acceptable, or to explicitly specify '-r0' when they really do accept -r0 only. Bug: https://bugs.gentoo.org/649482 Reviewed-by: Zac Medico <zmedico@gentoo.org> repoman/cnf/qa_data/qa_data.yaml | 1 + repoman/cnf/repository/qa_data.yaml | 1 + repoman/pym/repoman/modules/scan/depend/_depend_checks.py | 9 +++++++++ 3 files changed, 11 insertions(+)
repoman support has been removed per bug 835013. Please file a new bug (or, I suppose, reopen this one) if you feel this check is still applicable to pkgcheck and doesn't already exist.
pkgcheck has MissingPackageRevision.
