Skip to content

Simon Josefsson's blog

Menu

Primary menu

  • Home
  • About

Tag Archives: blurb

BLURB: Software repository metadata convention

Posted on 2013-09-24 by simon

As a maintainer of several software packages I often find myself copying text snippets from the README file into different places (savannah, github, freecode, emails, etc). Recently I had a need to generate a list of software packages that included every project’s name, brief summary, license and URL. I could have generated that list manually by copying the text from every project’s README and COPYING files. However then I would have to maintain my list manually to keep it in sync with all the projects. This easily leads to stale information, so I thought a better approach would be to put the information I needed into each projects’ source code version control system. The advantage is that the manual work to extract the information may be automated by a script, since the data is in a usable format. I’ll explain here how my solution works.

To be able to find the information using only the URL to the repository, I needed a filename convention. The filename I chose was BLURB; for the etymology, see Wikipedia’s page about Blurb. The data format in the file is similar to normal email headers.

An example illustrate the principles well. Below is the BLURB file for one of my projects.

Author: Yubico
Basename: libyubikey
Homepage: http://opensource.yubico.com/yubico-c/
License: BSD-2-Clause
Name: Yubico C low-level Library
Project: yubico-c
Summary: C library for manipulating Yubico YubiKey One-Time Passwords (OTPs)

The format is simple: UTF-8 text with each line starting with a header followed by a colon (“:”), some whitespace, and some content. If a line starts with whitespace, it is a continuation of the previous line’s content (trim leading whitespace). The following table describes the fields that I use. I may update this blog post in the future with new fields or improved explanations (for reference, current date is 2013-09-24).

Header Meaning
Project Short identifier for the project (e.g., ‘gcc’, ’emacs’)
Name Official name of the project in English
Summary Brief one-line summary of the project’s purpose in English
Author Origin of the project
Homepage URL to the project’s website
License License keyword, preferrably using one of the SPDX license identifiers
Basename The tarball basename, if different from the project name

Finally some reflection of the solution. After quick design, I thought that I couldn’t be the first one with this problem, and I tried to find other similar efforts. I haven’t been able to find any standardization effort that have the following properties:

  • Stores the information inside each upstream project’s own source code repository
  • Provides a filename convention so that it is possible to find the data with only the source code repository link
  • Encode data in a format that is easy to extract using simple command line tools
  • Not encode information about releases (i.e., what happened in a particular version)

The related efforts that I found were SPDX which at first look seemed to offer what I wanted. However on closer examination it failed to deliver on all the requirements above, and appeared to have somewhat different goals. However I found the SPDX license list useful and refer to it. Another effort is Eric S. Raymond’s freecode-submit and shipper but its primary focus is to encode information about each release. The design of the BLURB file is clearly influenced by these tools. Another influence has been Debian’s specification for machine-readable copyright information. The Free Software Foundation’s list of software projects seemed like another candidate, but it doesn’t suggest any way to store the information in the upstream project itself.

Posted in debian, programming | Tagged blurb, free software, metadata, project management, qa

Primary Sidebar Widget Area

Tags

android (7) bootstrappable (4) crypto (5) debian (44) devuan (4) ed25519 (6) fsdg (4) fsf (5) fst-01 (3) git (5) gitlab (11) gnome (5) gnu (33) gnuk (8) gnupg (17) gnutls (4) gsasl (5) guix (12) i9300 (4) ietf (10) key (4) laptop (5) lenovo (4) linux (7) neo (4) openpgp (20) openssh (5) openwrt (6) pgp (5) pureos (10) replicant (7) reproducible (8) rsa (5) ryf (4) s3 (5) sasl (8) security (19) sigstore (5) smartcard (6) smartcards (4) ssh (5) supply-chain (6) trisquel (23) ubuntu (11) yubikey (6)

Recent Posts

  • Building Debian in a GitLab Pipeline 2025-04-30
  • GitLab Runner with Rootless Privilege-less Capability-less Podman on riscv64 2025-04-25
  • Verified Reproducible Tarballs 2025-04-17
  • On Binary Distribution Rebuilds 2025-03-31
  • Reproducible Software Releases 2025-03-24
  • OpenSSH and Git on a Post-Quantum SPHINCS+ 2024-12-23
  • Guix Container Images for GitLab CI/CD 2024-12-18
  • Towards Idempotent Rebuilds? 2024-07-10
  • Reproducible and minimal source-only tarballs 2024-04-13
  • Towards reproducible minimal source code tarballs? On *-src.tar.gz 2024-04-01
  • Apt archive mirrors in Git-LFS 2024-03-18
  • Trisquel on arm64: Ampere Altra 2024-01-10
  • Validating debian/copyright: licenserecon 2023-12-29
  • Classic McEliece goes to IETF and OpenSSH 2023-12-10
  • Trisquel on ppc64el: Talos II 2023-09-01
  • Enforcing wrap-and-sort -satb 2023-08-16
  • Coping with non-free software in Debian 2023-07-11
  • Streamlined NTRU Prime sntrup761 goes to IETF 2023-05-12
  • How To Trust A Machine 2023-04-29
  • A Security Device Threat Model: The Substitution Attack 2023-04-27
  • Sigstore for Apt Archives: apt-cosign 2023-04-20
  • More on Differential Reproducible Builds: Devuan is 46% reproducible! 2023-04-17
  • Sigstore protects Apt archives: apt-verify & apt-sigstore 2023-04-15
  • Trisquel is 42% Reproducible! 2023-04-10
  • OpenPGP master key on Nitrokey Start 2023-03-27
  • Apt Archive Transparency: debdistdiff & apt-canary 2023-02-01
  • Understanding Trisquel 2023-01-22
  • Preseeding Trisquel Virtual Machines Using “netinst” Images 2022-12-30
  • OpenPGP key on FST-01SZ 2022-12-24
  • Second impressions of Guix 1.4 2022-12-19
  • Guix 1.4 on NV41PZ 2022-12-16
  • Trisquel 11 on NV41PZ: First impressions 2022-12-10
  • How to complicate buying a laptop 2022-12-10
  • On language bindings & Relaunching Guile-GnuTLS 2022-10-14
  • Privilege separation of GSS-API credentials for Apache 2022-09-20
  • Static network config with Debian Cloud images 2022-08-22
  • Towards pluggable GSS-API modules 2022-07-14
  • What’s wrong with SCRAM? 2021-06-08
  • OpenPGP smartcard with GNOME on Debian 11 Bullseye 2021-05-01
  • Passive Icinga Checks: icinga-pusher 2019-12-16
  • OpenPGP smartcard under GNOME on Debian 10 Buster 2019-06-21
  • Offline Ed25519 OpenPGP key with subkeys on FST-01G running Gnuk 2019-03-21
  • Installing Gnuk on FST-01G running NeuG 2019-03-21
  • OpenPGP 2019 Key Transition Statement 2019-03-21
  • Planning for a new OpenPGP key 2019-03-21
  • Vikings D16 server first impressions 2017-08-03
  • OpenPGP smartcard under GNOME on Debian 9.0 Stretch 2017-06-19
  • GPS on Replicant 6 2017-03-04
  • Why I don’t Use 2048 or 4096 RSA Key Sizes 2016-11-03
  • Let’s Encrypt Clients 2015-12-17
  • Automatic Replicant Backup over USB using rsync 2015-11-28
  • Combining Dnsmasq and Unbound 2015-10-26
  • Cosmos – A Simple Configuration Management System 2015-09-24
  • SSH Host Certificates with YubiKey NEO 2015-06-16
  • Scrypt in IETF 2015-05-19
  • Certificates for XMPP/Jabber 2015-05-12
  • Laptop decision fatigue 2015-05-11
  • Laptop indecision 2015-03-25
  • EdDSA and Ed25519 goes to IETF 2015-03-04
  • Laptop Buying Advice? 2015-02-24
  • Replicant 4.2 0003 on I9300 2015-01-14
  • OpenPGP Smartcards and GNOME 2015-01-02
  • Dice Random Numbers 2014-11-12
  • The Case for Short OpenPGP Key Validity Periods 2014-08-26
  • Wifi on S3 with Replicant 2014-08-10
  • Replicant 4.2 0002 and NFC on I9300 2014-08-05
  • Offline GnuPG Master Key and Subkeys on YubiKey NEO Smartcard 2014-06-23
  • OpenPGP Key Transition Statement 2014-06-23
  • Creating a small JPEG photo for your OpenPGP key 2014-06-19
  • Replicant 4.2 on Samsung S3 2014-02-27
  • Necrotizing Fasciitis 2014-01-05
  • Replicant 4.0 on Samsung Galaxy S III 2013-11-11
  • BLURB: Software repository metadata convention 2013-09-24
  • Portable Symmetric Key Container (PSKC) Library 2012-10-11
  • Using OATH Toolkit with Dropbox 2012-08-27
  • Small syslog server 2011-12-12
  • Unattended SSH with Smartcard 2011-10-11
  • OpenWRT with Huawei E367 and TP-Link TL-WR1043ND 2011-05-22
  • Introducing the OATH Toolkit 2011-01-20
  • On Password Hashing and RFC 6070 2011-01-07
  • GNU SASL with SCRAM-SHA-1-PLUS 2010-11-17
  • Debian on Lenovo X201 2010-10-25
  • GS2-KRB5 using GNU SASL and MIT Kerberos for Windows 2010-09-27
  • Bridging SASL and GSS-API: GS2 2010-07-13
  • OpenWRT 10.03 “Backfire” 2010-05-03
  • GS2-KRB5 in GNU SASL 1.5.0 2010-03-31
  • Fellowship interview 2010-01-08
  • Nordic Free Software Award 2009 2009-11-15
  • Storing OpenPGP keys in the DNS 2009-10-29
  • Thread Safe Functions 2009-06-23
  • CACert and GnuTLS 2009-04-16
  • OpenWRT 8.09 plus Huawei E220 2009-03-05
  • Redmine on Debian Lenny Using Lighttpd 2008-10-17
  • FSCONS / Nordic Free Software Award Nomination 2008-10-14
  • Cyclomatic Code Complexity 2008-10-07
  • My blog uses Yubikey authentication 2008-06-30
  • Home Wireless Network 2008-05-08
  • Real-world Performance Tuning with Callgrind 2008-02-27
  • IDNA flaws with regard to U+2024 2008-01-14
  • PAM module for Yubico 2008-01-14
  • Response to GnuTLS in Exim Debate 2007-11-09
  • FSCONS 2007-10-23
  • On TLS-AUTHZ 2007-10-18
  • Home Audio Server 2007-09-25
  • GnuTLS v2.0 2007-09-05
  • Building GnuTLS and GNU SASL without running ./configure 2007-08-21
  • 1 TeraByte 2007-08-14
  • OpenMoko first impressions 2007-08-02
  • OpenMoko Neo1973 order confirmed 2007-07-22
  • Linksys WRT54G3G + Huawei E600 + OpenWRT Kamikaze = Internet at summer house 2007-07-22
  • Neo1973 / OpenMoko ordered 2007-07-15
  • GNU General Public License version 3 2007-06-29
  • Porting to uClinux 2007-06-07
  • Libidn now uses Git 2007-05-31
  • Free-ietf-review 2007-05-30
  • Youbico 2007-05-24
  • Hacking Jobo device 2007-04-27
  • First TLS v1.2 HTTPS browser in the world? 2007-04-19
  • Buggy IMAP authentication on Nokia 6233 2007-04-17
  • Jobo Giga Vu Pro Evolution 80GB 2007-04-14
  • TLS-AUTHZ Patent Concerns 2007-04-11
  • Boycott scan.coverity.com! 2007-04-02
  • EnigForm – HTML/HTTP forms with OpenPGP 2007-04-01
  • Password-based Authentication Protocol 2007-03-29
  • New SASL GS2 document published 2007-03-29
  • Libntlm 0.3.13 2007-03-27
  • Debian etch on Dell Precision M65 2007-03-24
  • Announcing krb5dissect 2007-03-14
  • gitco 2007-03-14
  • LibIDN 0.6.11 2007-03-13
  • Cypak LoginKey 2006-10-18
  • Base encoding 2006-10-17
  • Update of Kerberos V5 over TLS draft 2006-10-03
  • Kerberos 5 Credential Cache file format 2006-09-20
  • RSS Feed
  • Email
  • Github
Copyright © 2025 Simon Josefsson's blog. All Rights Reserved.
Theme: Catch Box by Catch Themes
Scroll Up