[aur-general] gopro package check
Hi ! I just realized my first PKGBUILD for gopro tool which is available here for now: https://github.com/mickro/gopro-tools-arch-package Gopro tools are made by https://github.com/KonradIT. That gives some useful tools for GoPro post production. And I think that can be usefull for many. I'm asking here for a PKGBUILD review, as suggested on https://wiki.archlinux.org/index.php/Arch_User_Repository#Submitting_package... . cheers, Mickael
On 06/28/2017 05:08 PM, mickael foucaux via aur-general wrote:
Hi !
I just realized my first PKGBUILD for gopro tool which is available here for now: https://github.com/mickro/gopro-tools-arch-package
Gopro tools are made by https://github.com/KonradIT. That gives some useful tools for GoPro post production. And I think that can be usefull for many.
I'm asking here for a PKGBUILD review, as suggested on https://wiki.archlinux.org/index.php/Arch_User_Repository#Submitting_package...
You're downloading the source directly from master, which means this package will fail the integrity checksums as soon as there is any sort of update. Where do you even get a version number from? The source repository has no tags... if it did have a tag, you could download the tagged release! Therefore, this should be a *-git package, and you should download the repository as a whole via git, then use the pkgver function from https://wiki.archlinux.org/index.php/VCS_package_guidelines $srcdir and $pkgdir are not quoted. What do you think will happen if I try building this package from "$HOME/aur packages/gopro-tools/"? Your PKGBUILD claims the package is licensed under the GPL3 but I cannot find any trace of a license in the upstream repository. -- Eli Schwartz
thanks. The package author and I made some updates after you comments. about checksums: - I changed it for 'SKIP' rule about version number: - version tag has been added to original repository - and the PKGBUILD grabs it about the name: - I added the '-git' suffix - I updated the group name as well about variables: - $srcdir and $pkgdir are now embed in quoted strings about licence: - it has been added to the source repository Is that good enough to fit AUR quality? 2017-06-28 23:09 GMT+01:00 Eli Schwartz via aur-general < aur-general@archlinux.org>:
On 06/28/2017 05:08 PM, mickael foucaux via aur-general wrote:
Hi !
I just realized my first PKGBUILD for gopro tool which is available here for now: https://github.com/mickro/gopro-tools-arch-package
Gopro tools are made by https://github.com/KonradIT. That gives some useful tools for GoPro post production. And I think that can be usefull for many.
I'm asking here for a PKGBUILD review, as suggested on https://wiki.archlinux.org/index.php/Arch_User_ Repository#Submitting_packages
You're downloading the source directly from master, which means this package will fail the integrity checksums as soon as there is any sort of update.
Where do you even get a version number from? The source repository has no tags... if it did have a tag, you could download the tagged release! Therefore, this should be a *-git package, and you should download the repository as a whole via git, then use the pkgver function from https://wiki.archlinux.org/index.php/VCS_package_guidelines
$srcdir and $pkgdir are not quoted. What do you think will happen if I try building this package from "$HOME/aur packages/gopro-tools/"?
Your PKGBUILD claims the package is licensed under the GPL3 but I cannot find any trace of a license in the upstream repository.
-- Eli Schwartz
On 07/02/2017 09:48 AM, mickael foucaux via aur-general wrote:
thanks.
The package author and I made some updates after you comments.
about checksums: - I changed it for 'SKIP' rule
about version number: - version tag has been added to original repository - and the PKGBUILD grabs it
about the name: - I added the '-git' suffix - I updated the group name as well
about variables: - $srcdir and $pkgdir are now embed in quoted strings
about licence: - it has been added to the source repository
Is that good enough to fit AUR quality?
Looks good to me. Note that now there are tags provided by upstream (good job on that), you could, optionally, choose to upload a non-git package that uses: source=("gopro-linux-$pkgver.tar.gz::$url/archive/$pkgver.tar.gz") which is the reproducible archive created on that repository's Releases page. As it is, though, this package is certainly sufficient to provide a *-git package. I'd also like to point to the pkgdesc... "Useful tool set for post production" doesn't seem descriptive enough to me, I would probably use something like "Tools for post production with GoPro cameras". Just from looking at the PKGBUILD, I cannot tell what gopro is or why I might want to use their tools. This might not matter to people already looking for software that relates to the gopro, but at least it could help people know when the package is *not* for them. -- Eli Schwartz
thanks for the review. I'm grabbing as it your suggestion for the package description . 2017-07-02 16:21 GMT+01:00 Eli Schwartz via aur-general < aur-general@archlinux.org>:
On 07/02/2017 09:48 AM, mickael foucaux via aur-general wrote:
thanks.
The package author and I made some updates after you comments.
about checksums: - I changed it for 'SKIP' rule
about version number: - version tag has been added to original repository - and the PKGBUILD grabs it
about the name: - I added the '-git' suffix - I updated the group name as well
about variables: - $srcdir and $pkgdir are now embed in quoted strings
about licence: - it has been added to the source repository
Is that good enough to fit AUR quality?
Looks good to me. Note that now there are tags provided by upstream (good job on that), you could, optionally, choose to upload a non-git package that uses: source=("gopro-linux-$pkgver.tar.gz::$url/archive/$pkgver.tar.gz") which is the reproducible archive created on that repository's Releases page. As it is, though, this package is certainly sufficient to provide a *-git package.
I'd also like to point to the pkgdesc... "Useful tool set for post production" doesn't seem descriptive enough to me, I would probably use something like "Tools for post production with GoPro cameras". Just from looking at the PKGBUILD, I cannot tell what gopro is or why I might want to use their tools. This might not matter to people already looking for software that relates to the gopro, but at least it could help people know when the package is *not* for them.
-- Eli Schwartz
participants (2)
-
Eli Schwartz
-
mickael foucaux