Verify repodata integrity

[mattiaverga]

Is there a way to verify the sanity of repodata for a given repository without running dnf and see if it fails?
Bodhi (the fedora package delivery system) uses a dirty hack to verify the repodata for repositories it composes:
https://github.com/fedora-infra/bodhi/blob/481df02300f94ca72ad7ce2ce32d543211ca823d/bodhi-server/bodhi/server/util.py#L272-L390

I'd like to avoid running dnf commands in a subprocess and verify the repodata within Python. Does libdnf has an appropriate method?

[dralley]

Define "verify the sanity"? I have a tool that runs some checks, I don't know if those checks overlap with what you're looking for.

https://copr.fedorainfracloud.org/coprs/dalley/rpmrepo/
https://github.com/dralley/rpmrepo

[mattiaverga]

Basically, I'd like to replace the lines where dnf is called in a subprocess to verify if the repository is usable.

[dralley]

So.. does that just mean the metadata checksums are correct and that the data is parse-able, or that semantically there are no issues like missing dependencies? I see some stuff in there for making sure all updateinfo have IDs.

DNF generally lets a lot of problems slide without complaining, e.g. rpm-software-management/createrepo_c#325 (comment)