fixed some of the suggestions you had https://mystb.in/AuroraStreamAdjacent is it ok that my email is md5 hashed instead of just the email?

On Sun, Jul 2, 2023 at 6:59 PM Robin Candau <antiz@archlinux.org> wrote:
Le 02/07/2023 à 04:20, james smith a écrit :
I am trying to package this https://github.com/lemmygtk/lemoa this is my pkgbuild any tips on how to improve it before I send it to aur is appreciated

Hi James,

Quick note before reviewing your PKGBUILD:
When asking for a review, try to make your PKGBUILD publicly readable somewhere (by posting it in paste service for instance, like https://bpa.st/ or https://gist.github.com/). This is way easier to track as the discussion progresses and way more "trust worthy" than an attached file sent to a mailing list.

In it's current state, your PKGBUILD won't work and needs some modifications and improvements.
Here's what I can list after a quick review:

- The comments at the top provided by the PKGBUILD example file should be removed.

- You can remove variables/arrays that are empty/unused in your PKGBUILD (epoch, groups, checkdepends, etc...).

- Consider filling out the maintainer info at the top of the PKGBUILD. This isn't mandatory but it is recommended and appreciated.

- The pkgname you chose refers to a VCS package ("lemoa-git"). If you indeed want your package to be a VCS package (meaning that it relies on the latest upstream commit instead of a specific tag/release) then you have to adapt your PKGBUILD accordingly with a proper "pkgver()" function [1].
Otherwise, switch your "pkgname" to "lemoa" and update the rest of the PKGBUILD accordingly.

- 'GNU' isn't a valid license. The correct license for "lemoa" currently is 'GPL3' [2]. See also the license section of the PKGBUILD wiki page for more information [3].

- The 'Gtk' package listed in the "depends" array isn't a valid package. "Lemoa" seems to depends on GTK-4 [4] which can be installed via the "gtk4" package in Arch [5].

- Upstream documentation also lists "rust, cargo and pkg-config" as "Build dependencies" [4]. According to that, you should add the "cargo" package (which also provides "rust") to your "makedepends" array.
However, you don't have to explicitly list the "pkg-config" package (provided by the "pkgconf" package in Arch [6]) because it is a member of the "base-devel" meta-package [7] which is assumed installed during build-time [8].

- The "install" variable expects the name of an optional ".install" script used to perform tasks before or after the install, the upgrade and/or the removal of the package [9], it isn't meant to store a "raw" command like you did. At first glance, there's no need for an install script in your case so you can remove that variable.

- The "source" array is wrong and will fail to download the repo. It should be "git+$url" instead of "git=$url". See the VCS sources section of the wiki for more information [10]. Just for the sake of it, I'll add the usual trailing ".git" at the end, like so: source=("git+${url}.git")

-  Because the sources are not static in a VCS package, you have to explicitly skip the checksum by adding 'SKIP' to the "md5sums" array [11]. Letting it empty will not work.
On a side note, I recommend switching to a more modern and secure hash algorithm generally speaking ("sha256sums" for instance).

- You shouldn't "git clone" the repo inside the "build()" function. This is implicitly done beforehand by filling the correct/proper sources in the "source" array.

- The "ninja -C _build install" part as to be called within the "package()" function. You'll also need to setup the destination directory to "$pkgdir" which is the temporary directory where "makepkg" builds and bundles the package [12]. See the "package()" section of the Meson packaging guidelines for more information [13].

Overall, I advice you to read closely the three following Arch wiki pages which should contain most of the information you'll need to write a proper PKGBUILD for "lemoa-git":
- PKGBUILD [14]
- VCS Packaging Guidelines [15]
- Meson Packaging Guidelines [16]

I hope this helps :)
Don't hesitate to ask for details or further questions if needed!

[1] https://wiki.archlinux.org/title/VCS_package_guidelines#The_pkgver()_function
[2] https://github.com/lemmygtk/lemoa/blob/main/LICENSE
[3] https://wiki.archlinux.org/title/PKGBUILD#license
[4] https://github.com/lemmygtk/lemoa#build-dependencies
[5] https://archlinux.org/packages/extra/x86_64/gtk4/
[6] https://archlinux.org/packages/core/x86_64/pkgconf/
[7] https://archlinux.org/packages/core/any/base-devel/
[8] https://wiki.archlinux.org/title/PKGBUILD#makedepends
[9] https://wiki.archlinux.org/title/PKGBUILD#install
[10] https://wiki.archlinux.org/title/VCS_package_guidelines#VCS_sources
[11] https://wiki.archlinux.org/title/VCS_package_guidelines#Authentication_and_security
[12] https://wiki.archlinux.org/title/Creating_packages#Defining_PKGBUILD_variables
[13] https://wiki.archlinux.org/title/Meson_package_guidelines#package()
[14] https://wiki.archlinux.org/title/PKGBUILD
[15] https://wiki.archlinux.org/title/VCS_package_guidelines
[16] https://wiki.archlinux.org/title/Meson_package_guidelines

-- 
Regards,
Robin Candau / Antiz