Hey, First of all I just want to say that I have 58 packages on AUR and most of the PKGBUILDs (written by me) were written before I knew some of this. I tried to update most of them but as it's a really monotonous task, I missed some things. Eli, thanks for pointing them out. Also, most of these packages were orphan and I adopted them, I did not fix some of the mistakes right away because I didn't know these were indeed mistakes. With the time I learned about them but I didn't fix some of the packages because I have a lot of them. I have been fixing them as people point it out or when the PKGBUILD needs to be manually updated. Lately I have been making an effort to fix everything but apparently it wasn't enough. On Thu, Jul 12, 2018 at 11:04 PM, Eli Schwartz via aur-general <aur-general@archlinux.org> wrote:
It's always nice to see people eager to contribute more, good luck! Thank you!
We'll need permission from them for binary redistribution with all-rights-reserved software... they pretty specifically only offer single-user personal licenses to download, install, and run one copy from them alone. Like most proprietary EULA'ed software. Sure.
antlr3: - you updated the source to HTTPS on my advice, but forgot the url Fixed.
babl-git: - !libtool is not needed to build, and comes as default anyway these days - ./autogen.sh should be moved to prepare, and moved to autoreconf -fi if at all possible. In this case, it's a wrapper for autoreconf already :) Fixed.
cellular-network-configs-git: - unquoted srcdir/pkgdirThis was fixed in commit 4a4273f72a93824a16a2c1e86308986b26d9df54[1] This was fixed by commit 4a4273f72a93824a16a2c1e86308986b26d9df54[1] which is dated to 11 days ago so I don't understand.
cm256cc: - are the mv commands needed or not? - depends on boost but may only need that as makedepends, see if runtime depends could get away with only boost-libs The package installs the 64bit libraries in 'lib64' and 32bit ones in 'lib'. I am not comfortable enough to edit the CMakeLists file but if anyone wants to submit a patch, I would be happy to accept it :)
dump1090-mutability-git: - unquoted srcdir/pkgdir That was fixed in commit e28ca199c321913aec5295650fa34e0b3c4d81cc[2] which, again, dates to 11 days ago. - source should clone over git+https:// for TLS certificate checking Fixed. - install script should switch to using systemd-sysusers - install script should not delete users on uninstall as this can be a security risk: https://www.archlinux.org/todo/usergroup-management/ - consider just using systemd DynamicUsers to run the service I will fix this in one of the next few days.
evernote-sdk-python: - patching should be done in prepare not build - should run python setup.py build in build before running install in package Sorry about that. Fixed.
franz: - electron apps should use the system electron if possible - architecture-dependent binaries should go in /usr/lib not /usr/share - try to get desktop file into upstream project - should not conflict the bin package -- that is the bin package's job This package is broken and needs to be fixed in the upstream repository. I haven't fixed any of this issues because that. Once we are able to properly built the project, I will fix the whole PKGBUILD.
gdc1-bin: - sources should use HTTPS
gdc-bin: - unquoted srcdir/pkgdir - sources should use HTTPS
gdc-git: - unquoted srcdir/pkgdir - sources should use HTTPS - binutils is in base-devel and should not be a makedepends Fixed. Same story, e9488cd4afbe1eb2356a2ab32d85ba5f58f41049[3]
[3] https://aur.archlinux.org/cgit/aur.git/commit/?h=gdc-bin&id=e9488cd4afbe1eb2356a2ab32d85ba5f58f41049
gegl-git: - autogen.sh in build should be moved to autoreconf -fi in prepare Done.
gimp-git: - url should be HTTPS - move sed'ing of configure.ac, autogen, to prepare and use autoreconf Done.
gr-limesdr-git: gr-limesdr: - MIT license must be installed in package Fixed.
inspectrum: - style: license array sticks out like a sore thumb by not being quoted like the surrounding variables - pkg-config is in base-devel and should not be a makedepends Fixed.
cellular-network-configs-git: evernote-sdk-python: gr-limesdr-git: gr-limesdr: limesuite: lime-tools-git: lms7002m-driver-git: - style: arch array sticks out like a sore thumb by not being quoted like the surrounding variables Already fixed that.
me-edit: - should build from source - don't use specific sourceforge mirror to download - wrapper script does not need to popd right before exiting a script - wrapper script would be better off symlinking to /usr/bin/ if possible I will fix this later.
mitmproxy-git: - unquoted pkgdir - MIT license must be installed in package - should run testsuite like community package does - should use system certifates instead of certifi, like community package does Quotes fixed on commit b00815f18db26d304d981b420fdc28ea2a5f050f[4]. Done.
nodejs-nan: - should build from source tarball instead of pulling from the server at buildtime - nodejs packages need to fix non-deterministic chmod 777 on directories, see https://wiki.archlinux.org/index.php/Node.js_package_guidelines and https://github.com/npm/npm/issues/9359 Oh my god, this guiidelines are extremely wrong. Npm uses symlinks by default. If you follow this guidelines, "$pkgdir"/usr/lib/node_modules/module_name will be symlinked to "$srcdir"/$pkgname-$pkgver/module_name-module_version.
A correct approach would be: noextract=("$pkgname-$pkgver.tar.gz") ... package() { npm install -g --user root --prefix "$pkgdir"/usr "$srcdir"/$pkgname-$pkgver.tar.gz ... }
pantheon-mail: - stable releases do not replace bzr packages
pulseaudio-equalizer-ladspa: - renamed to unique sources on my advice, but dropped the .tar.gz Already fixed.
pylms7002m-git: - unquoted srcdir Fixed in 257e2d425fdc2ae56afc24cbdb7e5aef20ed40a3[5].
pylms8001-git: - unquoted srcdir Fixed in 6ff1ca164626b9d76251239c63c6fba70a3fd3a8[6].
[5] https://aur.archlinux.org/cgit/aur.git/commit/?h=pylms7002m-git&id=257e2d425fdc2ae56afc24cbdb7e5aef20ed40a3 [6] https://aur.archlinux.org/cgit/aur.git/commit/?h=pylms8001-git&id=6ff1ca164626b9d76251239c63c6fba70a3fd3a8
python2-entrypoints: - instead of downloading setup.py from git master of some fork, use the PyPI releases, for which flit has generated one for you. Or use flit. Done.
python2-keyrings-alt: - wrong url Fixed.
python2-secretstorage: - BSD license must be installed in package Fixed.
qspectrumanalyzer-git: - uses setuptools entry points so setuptools is a runtime dependency Fixed.
qt5-quick1-git: - should use #branch=dev for source instead of checking it out later Fixed.
qt5-quick1: - pinned to a git tag, then immediately checks out some branch??? Sorry about that, fixed.
redmine: - source/url should use HTTPS - $_instdir can contain spaces (based on $pkgdir) and must be quoted Fixed.
rivalcfg: rivalcfg-git: - setup.py contains setuptools entry points so setuptools is a runtime dependency - install script should be taken care of by udev + reload hook from systemd Fixed.
sdrangel-git: sdrangel: serialdv: soapyosmo: soapyrtlsdr: soapysdr: soapyuhd: - incorrectly marked as 'any' package Fixed.
soapyosmo: - GPLv3 license should be GPL3 Fixed.
soapyrtlsdr: - MIT license must be installed in package Done.
soapysdr: - Boost license is a common license in the 'licenses' package Fixed.
sparta: - url should use HTTPS - nmap/hydra seem to be optdepends, not makedepends Fixed.
ttf-d2coding: - OFL is not installed in the licenses package, so must be installed in this one - font packages don't intrinsically depend on fontconfig, fontconfig-using applications are among those that read font files should not provide/conflict itself - url is a redirect to the website's main page over HTTPS, find a better link Fixed.
vr180-creator: - electron app with no links to source is marked as MIT for the electron component, source archive contains binary node modules so cannot debundle electron without source, cannot find license for app itself Google hasn't released the source yet afaik. I will rename the package as -bin. Fixed the license issue.
writefull: - proprietary app using electron is marked as MIT, app.asar contains binary robotjs and spellchecker modules which can probably be rebuilt against and use system electron package - arch-dependent binaries should be installed to /usr/lib not /usr/share Fixed the license issue. I will rename the package as -bin as I don't whish to rebuild the modules.
Thank you, Filipe Laíns