On 11/28/2016 06:20 AM, Levente Polyak wrote:
linux-mptcp - you should use git+https:// instead of plain git:// even through the CA world is a bit wonky it still authenticates the server and at the very bare minimum adds confidentiality.
Now that you mention it, this does seem rather obvious... maybe I should switch my own AUR packages to do this. It is just as fast, so there is no real downside. Now I'm glad I read these threads!
- #tag= should never be used for git packages, instead store the commit hash for the tag and always use the #tag= prefix.
Typo?
A named tag does not mean much and you won't even notice when upstream changes such. This is especially bad when using plain git:// :-)
Well, I should hope upstream doesn't re-release their tags... if so, you might have other problems. Anyway, I would instead suggest that there is no need to pull the source code for stable releases via git (which for long-lived projects like the Linux kernel means a *lot* of history to download). I can barely understand that, in the case of e.g. systemd which uses git to backport commits. Although really, github allows you to download a commit as a patch file... I usually only see that in repo PKGBUILDs. I guess since the devs are usually the only ones building the package, and the dev keeps the clone around, it "doesn't matter" that hypothetical others would have to clone all that history? But from the repo PKGBUILDs I have seen, it seems to me as though there is no policy whatsoever... some devs do like you suggest, other devs are more than happy to use "#tag=$pkgver".
udrawgraph - just a bit of style, but we have arch specific depends like depends_x86_64 which looks better :P
That isn't "style", that is something that *must* be done, for practical purposes. makepkg --printsrcinfo relies on arch-dependent variables that are *always* there, in order to actually print truthful values. Also, arch-dependent sources done properly will allow updpkgsums to properly update, rather than merging the local *sums_$CARCH into the main checksums array. All that matters a lot in the AUR, which depends on .SRCINFO, even if it doesn't matter so much in the repos which depend on the metadata in a built package.
net-tools-mptcp - #branch= should never be used for non VCS git packages, instead store the commit hash for the tag and always use the #tag= prefix. A named branch does not mean much and you won't even notice when upstream changes or adds commits to such.
It has a pkgver() function which generates a VCS-style pkgver, and draws from a #branch= so actually it is a VCS git package. The problem is that it doesn't say so in the pkgname. :p -- Eli Schwartz