poi-tracker
Package-of-interest tracker for Fedora, EPEL, and CentOS SIGs.
Manages TOML-based inventories of packages that an organization tracks across distributions. Supports exporting to content-resolver YAML and hs-relmon manifest formats.
Installation
Usage
Show inventory
Add / remove packages
Export to content-resolver YAML
# Export all workloads (one YAML per workload)
# Export a single workload
# Custom output path (single workload only)
Export to hs-relmon manifest
# Merge multiple inventories into one manifest
# Filter by workload
Find a package
Sync from dist-git
Create or update an inventory from packages a user or group has access to on Fedora dist-git (Pagure). Re-running merges new packages without overwriting existing entries or annotations.
# All packages for a user
# All packages for a group
# Exclude packages with only group-based access
# Only packages from specific groups
# Exclude specific groups
# Add workload tags to all imported packages
# Remove packages no longer in dist-git results
Packages where the user has both direct and group-based access are always included, regardless of group filters.
Without --prune, packages in the inventory that are no longer
in the dist-git results are listed as a warning but kept.
Import from legacy JSON
Validate
Configure (Bugzilla API key)
Prompts for a Bugzilla API key, validates it with a quick test
search, and saves it to ~/.config/poi-tracker/config.toml.
Lookup order at runtime: --api-key flag → BUGZILLA_API_KEY
env var → config file.
Generate an API key at https://bugzilla.redhat.com/userprefs.cgi?tab=apikey.
Triage update bugs
Some packages reliably need attention when a new upstream version
appears — python-django* updates almost always fix CVEs, for
instance. Mark them in the inventory with a priority field (or
a workload-level default_priority), then have poi-tracker
triage the auto-filed release-monitoring bugs by raising their
Bugzilla priority:
For each inventoried package with a resolved priority, this
queries OPEN bugs reported by upstream-release-monitoring@ fedoraproject.org (against Fedora and Fedora EPEL) and
raises any whose priority is unspecified. Bugs already
triaged by a human are left alone.
Per-package priority wins over default_priority; if a
package is in multiple workloads, the highest workload
default applies. Set priority = "unspecified" on a package
to explicitly opt out of a workload default.
Close retired packages' update bugs
When a package gets retired on a dist-git branch (a
dead.package file is committed), any open release-monitoring
bug for that branch is dead weight — there's no live spec to
update. triage-retired walks the inventory, checks dist-git
for retirement, and closes those bugs as CLOSED/CANTFIX:
The --branch flag controls which dist-git branch is checked
(default rawhide); the same branch scopes the Bugzilla
search, so an epel10 retirement closes the
Fedora EPEL/epel10 bug:
Bugs that are already CLOSED are skipped. Each closure adds a
short comment naming the package and the retired branch.
Interactive runs offer to claim ownership of each closed bug
(set assigned_to to your configured Bugzilla email). Pass
--claim to claim without prompting — under -y this is the
only way to opt in. The email is set via poi-tracker config.
Useful flags for big inventories:
--package <name>— only check this one package. Handy for testing or when re-running after fixing a single entry.--start-from <name>— resume from this package onwards in the inventory's iteration order, e.g. to continue an interrupted run.--end-with <name>— stop after this package (inclusive). Combine with--start-fromto scope to a name-range, e.g.--start-from rust-nu-cli --end-with rust-nu-utilsto test the change against everyrust-nu-*package in one shot.
Network reads (dist-git probes, Bugzilla searches) retry up to
3 times with exponential backoff, so a transient connection
hiccup against src.fedoraproject.org doesn't abort the whole
inventory.
Inventory format
[]
= "hyperscale-packages"
= "CentOS Hyperscale SIG packages"
= "centos-hyperscale"
= ["eln-extras"]
= ["poc", "reason", "team", "task"]
[]
= "hs-packages"
= "Hyperscale SIG workload"
= ["eln-extras"]
[]
= "hs-epel-packages"
= "Hyperscale EPEL workload"
[[]]
= "systemd"
= "Linux Userspace <team@example.com>"
= "Core init system"
= ["systemd-networkd"]
= ["hyperscale"]
= "upstream"
[]
= ["systemd-boot-unsigned"]
= ["systemd-boot-unsigned"]
[[]]
= "fish"
= ["fish"]
= ["hyperscale", "epel"]
= "upstream"
Fields
| Field | Level | Description |
|---|---|---|
name |
inventory/package | Name (required) |
description |
inventory | Human-readable description |
maintainer |
inventory | Maintainer (person or team) |
labels |
inventory | Default labels for content-resolver |
workloads |
inventory | Workload definitions (map) |
workloads |
package | Workload membership (list) |
private_fields |
inventory | Fields stripped on export |
poc |
package | Point of contact |
reason |
package | Reason for tracking |
team |
package | Team responsible |
task |
package | Internal task/ticket |
rpms |
package | Binary RPMs to track |
arch_rpms |
package | Architecture-specific RPMs |
track |
package | hs-relmon tracking branch |
repology_name |
package | Repology name override |
distros |
package | hs-relmon distribution list |
file_issue |
package | File GitLab issues |
priority |
package | Bugzilla priority for triage-updates (unspecified/low/medium/high/urgent) |
default_priority |
workload | Default Bugzilla priority for packages in this workload |
Each [inventory.workloads.<key>] section can override name,
description, maintainer, labels, and default_priority
for content-resolver export and triage-updates. Omitted
fields fall back to inventory-level values.
License
Licensed under either of
at your option.