[aur-general] TU application: Ivy Foster
Hi, folks,
I'm writing to apply to be a TU, and Alad Wenter has kindly agreed to be my sponsor.
I've been an Arch user for the last 10 years or so. Some of you may know me from IRC or the forums, where I use the nick escondida. Lately, I've been much less active on IRC, but have contributed a handful of patches to pacman. I also maintain [a few buildscripts][1] in the AUR.
Arch has always been a rewarding community to contribute to, and I figure that maintaining some packages and generally helping out could be a good way to contribute a bit more.
If accepted to be a TU, my plan of action is as follows: 1. Go mad with power^U 1. Bring a handful of packages into [community] (see below) 2. Help out with rebuilds and package updates where that does not involve stepping on toes 3. Continue to submit occasional patches to Arch projects 4. Help with to-do lists. Off the top of my head, taking a quick look at current to-do lists with actual outstanding items:
https://www.archlinux.org/todo/packages-with-out-of-repositories-dependencie... I'd be interested both in simply weeding out those with inappropriate deps and in bringing in deps I'd consider actually useful, such as tcllib for tcl-remind.
https://www.archlinux.org/todo/source-retirement/ https://www.archlinux.org/todo/codegooglecom-retirement/ I wouldn't mind tracking down lost sources.
Thanks for your consideration, and I'm of course happy to answer questions and address critiques.
Cheers, Ivy "escondida" Foster
# Packages
If I'm accepted, there are a handful of packages I already have in mind to bring to the repos:
- [bemenu][2] Though dmenu is already available, bemenu is a solid alternative for X, Wayland or terminals.
- [farbfeld][3] An oddball but interesting new image format
- [frotz][4] I don't know about you guys, but I think that text adventures are positively xyzzy.
- [ledger][5] This program is super useful, and I doubt I'm the only one who dreads every boost update because this takes so long to build!
- [muttprint][6] I don't always print emails, but when I do, I use muttprint.
- [opendoas][7] OpenBSD's much simpler alternative to sudo is now available for Linux.
- [physlock][8] A tty screen locker
- [sndio][9] OpenBSD's excellent and simple sound system is now available as a userspace daemon for Linux, and a surprising number of things can build against it easily.
Note that if I did bring this in, I wouldn't be including my very basic XDG basedir patch (see AUR scripts). I'm going to try and submit a better one upstream, and if that fails, then...oh, well, I guess.
- [t-prot][10] It's just a simple script, but as a mutt user, it comes very much in handy for making many emails more legible.
- [translate-shell][11] Very useful for simplifying or scripting translation tasks (not that you should be counting on google translate to handle anything longer than a few words, but still)
- [xurls][12] Saves you the trouble of parsing strings to find links
# Links
[1]: https://aur.archlinux.org/packages/?SeB=m&K=escondida [2]: https://github.com/Cloudef/bemenu [3]: https://tools.suckless.org/farbfeld/ [4]: http://frotz.sourceforge.net/ [5]: https://www.ledger-cli.org [6]: http://muttprint.sourceforge.net/ [7]: https://github.com/Duncaen/OpenDoas [8]: https://github.com/muennich/physlock [9]: http://www.sndio.org/ [10]: http://www.escape.de/~tolot/mutt/ [11]: https://www.soimort.org/translate-shell/ [12]: https://github.com/mvdan/xurls
On Fri, Jan 26, 2018 at 03:23:08PM -0600, Ivy Foster wrote:
Hi, folks,
I'm writing to apply to be a TU, and Alad Wenter has kindly agreed to be my sponsor.
I hereby confirm my sponsorship.
Note: If possible please add a short reply with a GPG signature. Thanks!
Alad
On 26 Jan 2018, at 10:31 +0100, Alad Wenter via aur-general wrote:
Note: If possible please add a short reply with a GPG signature.
My mistake! Here's my official, signed reply.
Eli Schwartz wrote:
Lukas has beaten you to it: https://packages.archlinux.org/ledger
That is excellent news!
Thanks, Ivy
On Fri, Jan 26, 2018 at 03:53:07PM -0600, Ivy Foster wrote:
On 26 Jan 2018, at 10:31 +0100, Alad Wenter via aur-general wrote:
Note: If possible please add a short reply with a GPG signature.
My mistake! Here's my official, signed reply.
The discussion period is over. Let the votes begin!
On Sat, Feb 03, 2018 at 12:12:44AM +0100, Alad Wenter via aur-general wrote:
On Fri, Jan 26, 2018 at 03:53:07PM -0600, Ivy Foster wrote:
On 26 Jan 2018, at 10:31 +0100, Alad Wenter via aur-general wrote:
Note: If possible please add a short reply with a GPG signature.
My mistake! Here's my official, signed reply.
The discussion period is over. Let the votes begin!
The voting period has ended, with the following results:
Yes: 33 No: 3 Abstain: 3 Total: 39
As such, the proposal has been accepted. Congratulations!
Alad
On 10-02-18, Alad Wenter via aur-general wrote:
On Sat, Feb 03, 2018 at 12:12:44AM +0100, Alad Wenter via aur-general wrote:
On Fri, Jan 26, 2018 at 03:53:07PM -0600, Ivy Foster wrote:
On 26 Jan 2018, at 10:31 +0100, Alad Wenter via aur-general wrote:
Note: If possible please add a short reply with a GPG signature.
My mistake! Here's my official, signed reply.
The discussion period is over. Let the votes begin!
The voting period has ended, with the following results:
Yes: 33 No: 3 Abstain: 3 Total: 39
As such, the proposal has been accepted. Congratulations!
Congrats, and welcome to the team!
Baptiste
On 10 Feb 2018, at 1:02 +0100, Alad Wenter via aur-general wrote:
the proposal has been accepted. Congratulations!
Awesome! Thanks, y'all.
Ivy
On 02/09/2018 07:02 PM, Alad Wenter via aur-general wrote:
On Sat, Feb 03, 2018 at 12:12:44AM +0100, Alad Wenter via aur-general wrote:
On Fri, Jan 26, 2018 at 03:53:07PM -0600, Ivy Foster wrote:
On 26 Jan 2018, at 10:31 +0100, Alad Wenter via aur-general wrote:
Note: If possible please add a short reply with a GPG signature.
My mistake! Here's my official, signed reply.
The discussion period is over. Let the votes begin!
The voting period has ended, with the following results:
Yes: 33 No: 3 Abstain: 3 Total: 39
As such, the proposal has been accepted. Congratulations!
Alad
Congrats, welcome to the team! :)
On 01/26/2018 04:23 PM, Ivy Foster wrote:
Hi, folks,
I'm writing to apply to be a TU, and Alad Wenter has kindly agreed to be my sponsor.
It is great to see you take the plunge, I wish you the best of luck!
Arch has always been a rewarding community to contribute to, and I figure that maintaining some packages and generally helping out could be a good way to contribute a bit more.
If accepted to be a TU, my plan of action is as follows:
Go mad with power^U
Bring a handful of packages into [community] (see below)
Help out with rebuilds and package updates where that does not involve stepping on toes
Continue to submit occasional patches to Arch projects
Help with to-do lists. Off the top of my head, taking a quick look at current to-do lists with actual outstanding items:
https://www.archlinux.org/todo/packages-with-out-of-repositories-dependencie... I'd be interested both in simply weeding out those with inappropriate deps and in bringing in deps I'd consider actually useful, such as tcllib for tcl-remind.
https://www.archlinux.org/todo/source-retirement/ https://www.archlinux.org/todo/codegooglecom-retirement/ I wouldn't mind tracking down lost sources.
Sounds like a (wo)man after my own heart! This reminds me I still have so much to do... like all that https/gpg stuff. I will welcome the help, certainly. ;)
Thanks for your consideration, and I'm of course happy to answer questions and address critiques.
We discussed this on IRC already, I'll have to check and see how you've adapted to my suggestions.
But overall, quite good!
Detailed review at the end...
- [ledger][5] This program is super useful, and I doubt I'm the only one who dreads every boost update because this takes so long to build!
Lukas has beaten you to it: https://packages.archlinux.org/ledger
On 26 Jan 2018, at 4:35 -0500, Eli Schwartz via aur-general wrote:
On 01/26/2018 04:23 PM, Ivy Foster wrote:
I'm writing to apply to be a TU, and Alad Wenter has kindly agreed to be my sponsor.
It is great to see you take the plunge, I wish you the best of luck!
Thanks!
Arch has always been a rewarding community to contribute to, and I figure that maintaining some packages and generally helping out could be a good way to contribute a bit more.
If accepted to be a TU, my plan of action is as follows:
- Go mad with power^U
- Bring a handful of packages into [community] (see below)
- Help out with rebuilds and package updates where that does not involve stepping on toes
- Continue to submit occasional patches to Arch projects
- Help with to-do lists. [...]
Sounds like a (wo)man after my own heart!
Woman, and glad to hear it!
This reminds me I still have so much to do... like all that https/gpg stuff.
There's always more to do, I guess.
Thanks for your consideration, and I'm of course happy to answer questions and address critiques.
But overall, quite good!
Thanks!
- ledger This program is super useful, and I doubt I'm the only one who dreads every boost update because this takes so long to build!
Lukas has beaten you to it: https://packages.archlinux.org/ledger
I replied to this elsewhere already, but that's great news (-: . In related news, I've [poked upstream][1] to see about a new release, since there's been a year's worth of bugfixes! They're into it.
# Critiques & Responses
We discussed this on IRC already, I'll have to check and see how you've adapted to my suggestions.
I've addressed most of them; see responses inline. Of course, onlookers should judge each fix to make sure it's not a "fix" instead.
## cgo-git
2018-01-25 07:07:51 PM guys I noticed something immediately, cgo-git has a custom:cgo-git license, but it is really an ISC license. 2018-01-25 07:08:15 PM guys And it installs the whole source code in /usr/share/licenses/ instead of using sed to extract it or something. :p 2018-01-25 07:09:25 PM guys I'd just extract the first few lines using sed, until I hit the first */ and call it a day
I've changed the license to ISC and used sed to extract the license from the source. I've also [submitted a patch upstream][2] creating a separate LICENSE file.
2018-01-25 07:11:25 PM guys Also, the upstream Makefile is terrible and should use CFLAGS properly :p 2018-01-25 07:12:27 PM guys I want pull requests to fix this :p
[Pull request submitted][3].
2018-01-25 07:14:28 PM guys fist, should be upgraded to use HTTPS since their website upgrades you anyway
[Done][4].
## frotz-dumb-git / frotz-ncurses-git
2018-01-25 07:27:55 PM guys frotz-git conflicts and *replaces* frotz, which is wrong, it should provide it instead 2018-01-25 07:28:23 PM guys replaces means that if you pacman -Syu and find it in a repo, it gets synced as a replacement for what you currently have...
2018-01-25 07:29:11 PM guys I can hardly read the sed line you use in pkgver() 2018-01-25 07:29:22 PM guys sed 's,-(.*)-,.r\1.,' 2018-01-25 07:29:30 PM guys wrong place to use , as separators! 2018-01-25 07:33:03 PM guys But anyway, to modify 2.44-196-gf3ceac9 could just use the standard sed line from the wiki page 2018-01-25 07:34:05 PM escondida that one *I* can hardly read (-:
2018-01-25 07:35:48 PM guys Use of sed to modify more than three things in prepare should be strictly prohibited; use a patch file
[All fixed][5]. I still refuse to use the sed line from the wiki page, because I'm a big weirdo.
## libbulletml & rrootage
2018-01-25 07:39:48 PM guys > # upstream does not provide checksums, though Debian does for their patches 2018-01-25 07:40:04 PM guys This is not a reason to disable checks for download errors.
I've [added checksums][6], along with a note not to place too much trust in them since they're mine and not the developer's.
2018-01-25 07:41:09 PM guys Why does libbulletml.so need to modify CFLAGS CXXFLAGS :( 2018-01-25 07:41:21 PM guys And why does it overwrite LDFLAGS, instead? 2018-01-25 07:41:41 PM guys Does it derp on the LDFLAGS from makepkg.conf? 2018-01-25 07:42:17 PM guys Why does it create libbulletml.a anyway, if makepkg automatically strips staticlibs?
This library's build process is simply bizarre. I've left the build as is, since that seems to be what it takes to get it to, well, build.
2018-01-25 07:51:23 PM guys rrootage: the pkgdesc is self-referential, remove the first two words 2018-01-25 07:52:12 PM guys And it downloads from http://downloads.sourceforge.net, but that can be upgraded to https:// even if the website cannot 2018-01-25 07:53:05 PM guys Is http://ftp.de.debian.org/ really the best download url? I would assume they have something that redirects to the right country mirror
I found a better Debian download url and upgraded the Sourceforge url to https; [fixes here][7].
I've also sent an email to the mysterious Evil Mr. Henry, the porter (portreeve?) who brought it to Linux, to see whether he'd be interested in accepting the Debian patches officially, since they're required to build these days.
## lua-cosmo-git
2018-01-25 07:49:02 PM guys lua-cosmo-git: is built, in package(). 2018-01-25 07:49:27 PM guys If it cannot be built separately from the install command, build it in build() and cp -a it in package() 2018-01-25 07:50:12 PM escondida Oh, right, I meant to drop that one. Instead, I'll update it and then drop it.
To be honest, I ended up simply dropping this package. As far as I can tell, luarocks really seems to expect you to build and intall in one step. I can pick it back up again if anybody has particularly strong feelings on this point.
## netsurf et al.
2018-01-25 07:43:58 PM guys libcss-git should probably use git+https:// for TLS security purposes 2018-01-25 07:45:31 PM guys Same with the other netsurf related packages
Sadly, I got SSL errors when I tried to pull netsurf libs from https. They seem to be available only over http for now. I didn't try *all* of them, granted, but I figure what's true for the css is true for the cssander.
I need to update these in general, to tell the truth. Part of me wants to do them all as a massive split PKGBUILD, because the dependency order is fairly intricate (I have them in directories numbered in stages on my machine, but that doesn't translate well to the AUR).
## sndio-git
2018-01-25 07:56:23 PM guys Is sndio-git/0001-put-cookie-somewhere-better.patch upstreamable? 2018-01-25 07:56:32 PM guys Or have you tried and they rejected it
I haven't written the better version to submit yet; that'll probably be sometime in the next few days.
## translate-shell
2018-01-25 07:56:59 PM guys http://www.soimort.org/translate-shell/ is available over HTTPS 2018-01-25 07:57:00 PM phrik Title: Translate Shell (at www.soimort.org) 2018-01-25 07:57:09 PM guys As is the github repo via git+https:// ;)
2018-01-25 07:57:29 PM guys pkgver=v0.9.0.4.7.g1a4d83e # should have the leading v stripped
https://github.com/soimort/translate-shell/blob/develop/Makefile 2018-01-25 07:59:10 PM phrik Title: translate-shell/Makefile at develop · soimort/translate-shell · GitHub (at github.com) 2018-01-25 07:59:22 PM guys latest commit to that file says "Implement DESTDIR support" 2018-01-25 07:59:39 PM guys Complete with mkdir -p ;)
2018-01-25 08:00:44 PM guys And /usr/share/licenses/${_gitname}/LICENSE is technically quite wrong, that is not the package the license is for at all
2018-01-25 08:00:57 PM guys besides which it does not conflict/provide the non-git version
[All fixed][8].
# Concluding thoughts
Who's next? Bring it on!
iff
# Links
[1]: https://github.com/ledger/ledger/issues/523 [2]: https://github.com/kieselsteini/cgo/pull/10 [3]: https://github.com/kieselsteini/cgo/pull/9 [4]: https://aur.archlinux.org/cgit/aur.git/log/?h=fist [5]: https://aur.archlinux.org/cgit/aur.git/log/?h=frotz-git [6]: https://aur.archlinux.org/cgit/aur.git/log/?h=libbulletml [7]: https://aur.archlinux.org/cgit/aur.git/log/?h=rrootage [8]: https://aur.archlinux.org/cgit/aur.git/log/?h=translate-shell-git
Hey,
Quoting Ivy Foster (2018-01-26 22:23:08)
Hi, folks,
I'm writing to apply to be a TU, and Alad Wenter has kindly agreed to be my sponsor.
Don't really have anything to say other than "Awesome!"
On 1/26/18 4:23 PM, Ivy Foster wrote:
Hi, folks,
Hi!
I'm writing to apply to be a TU, and Alad Wenter has kindly agreed to be my sponsor.
I've been an Arch user for the last 10 years or so. Some of you may
know me from IRC or the forums, where I use the nick escondida. Lately, I've been much less active on IRC, but have contributed a handful of patches to pacman. I also maintain [a few buildscripts][1] in the AUR.
Arch has always been a rewarding community to contribute to, and I figure that maintaining some packages and generally helping out could be a good way to contribute a bit more.
If accepted to be a TU, my plan of action is as follows:
Go mad with power^U
Bring a handful of packages into [community] (see below)
Help out with rebuilds and package updates where that does not involve stepping on toes
Continue to submit occasional patches to Arch projects
Help with to-do lists. Off the top of my head, taking a quick look at current to-do lists with actual outstanding items:
https://www.archlinux.org/todo/packages-with-out-of-repositories-dependencie... I'd be interested both in simply weeding out those with inappropriate deps and in bringing in deps I'd consider actually useful, such as tcllib for tcl-remind.
https://www.archlinux.org/todo/source-retirement/ https://www.archlinux.org/todo/codegooglecom-retirement/ I wouldn't mind tracking down lost sources.
Yesss!
Thanks for your consideration, and I'm of course happy to answer questions and address critiques.
Cheers, Ivy "escondida" Foster
# Packages
If I'm accepted, there are a handful of packages I already have in mind to bring to the repos:
[bemenu][2] Though dmenu is already available, bemenu is a solid alternative for X, Wayland or terminals.
[farbfeld][3] An oddball but interesting new image format
[frotz][4] I don't know about you guys, but I think that text adventures are positively xyzzy.
[ledger][5] This program is super useful, and I doubt I'm the only one who dreads every boost update because this takes so long to build!
[muttprint][6] I don't always print emails, but when I do, I use muttprint.
[opendoas][7] OpenBSD's much simpler alternative to sudo is now available for Linux.
[physlock][8] A tty screen locker
[sndio][9] OpenBSD's excellent and simple sound system is now available as a userspace daemon for Linux, and a surprising number of things can build against it easily.
Note that if I did bring this in, I wouldn't be including my very basic XDG basedir patch (see AUR scripts). I'm going to try and submit a better one upstream, and if that fails, then...oh, well, I guess.
[t-prot][10] It's just a simple script, but as a mutt user, it comes very much in handy for making many emails more legible.
[translate-shell][11] Very useful for simplifying or scripting translation tasks (not that you should be counting on google translate to handle anything longer than a few words, but still)
[xurls][12] Saves you the trouble of parsing strings to find links
# Links
Awesome! Well, best of luck, I think you'll make a great addition :)
Regards,
Andrew
Thank you Ivy for this excellent list of applications, one of the best I've seen in a while! :)
On 27 Jan 2018, at 9:39 +0100, Pierre Neidhardt, Andrew Crerar, and Johannes Löthberg wrote:
[some very nice things]
Thanks!
On Fri, Jan 26, 2018 at 03:23:08PM -0600, Ivy Foster wrote:
# Packages [..]
Hello Ivy, Do you plan to adopt some orphans as well?
chris
On 27 Jan 2018, at 10:40 +0100, Christian Rebischke via aur-general wrote:
On Fri, Jan 26, 2018 at 03:23:08PM -0600, Ivy Foster wrote: Hello Ivy, Do you plan to adopt some orphans as well?
Definitely!
Quickly scanning through the list, a few stand out to me...though they generally don't look as though they need updates right away.
- bmake - cd-discid (if I were to crab this one, I'd probably also take cddb_get, even though I've had little luck with cddb results) - ispell - libcdaudio - unicode-character-database
Beyond that, I'd say "sure, if it looks interesting or necessary" and "I can at least update and then re-orphan this thing I don't use".
iff
Hey, good luck and such
Just noticed there are packages that don't properly LDFLAGS resulting in binaries without full RELRO. Its good to always checksec the binaries once creating or adopting a new package and see if everything was setup properly to respect hardening and other flags like generic archs. namcap will have such feature soonish
Everything else i had on my list was already mentioned by Eli.
libbulletml: - whats up with LDFLAGS from makepkg.conf? like -znow? if there are options that don't work its better to remove them from makepkg.conf LDFLAGS but always use the variable
cgo-git: - does not respect LDFLAGS leading to a binary without full relro
cheers, Levente
On 28 Jan 2018, at 9:33 +0100, Levente Polyak via aur-general wrote:
Hey, good luck and such
Thanks!
Just noticed [some interesting points]
I'll have some time free tomorrow to get you a proper answer and/or fix; for now, I'm just letting you know I got your email!
Thanks, Ivy
On January 30, 2018 11:37:42 PM GMT+01:00, Ivy Foster iff@escondida.tk wrote:
I'll have some time free tomorrow to get you a proper answer and/or fix; for now, I'm just letting you know I got your email!
Hey, any news from respecting LDFLAGS and if needed just purge parts of it? I'm specially interested in seeing full relro.
Cheers, Levente
On 01 Feb 2018, at 8:29 +0100, Levente Polyak via aur-general wrote:
On January 30, 2018 11:37:42 PM GMT+01:00, Ivy Foster iff@escondida.tk wrote:
I'll have some time free tomorrow to get you a proper answer and/or fix; for now, I'm just letting you know I got your email!
Hey, any news from respecting LDFLAGS and if needed just purge parts of it? I'm specially interested in seeing full relro.
Hey, Levente. Sorry for the delay!
For cgo, since upstream pulled in the patches I submitted, LDFLAGS are properly picked up and we have full relro.
libbulletml was a bit tougher. I wound up throwing out Debian's patches to upstream's Makefile and just rewriting the Makefile from scratch. Hopefully either Debian or the dev will be interested in accepting the new Makefile; until word comes back, it's [in the AUR git repo][1]. This also grants full relro.
I've yet to run checksec on my other packages, but intend to do so. I'm not sure yet what to do about some of its feedback, notably thinking that some binaries aren't ELF files (so no PIE feedback given) or the number of unfortified...things.
Thanks again for your feedback!
Ivy
[1]: https://aur.archlinux.org/cgit/aur.git/tree/?h=libbulletml
On February 2, 2018 12:40:57 AM GMT+01:00, Ivy Foster iff@escondida.tk wrote:
For cgo, since upstream pulled in the patches I submitted, LDFLAGS are properly picked up and we have full relro.
libbulletml was a bit tougher. I wound up throwing out Debian's patches to upstream's Makefile and just rewriting the Makefile from scratch. Hopefully either Debian or the dev will be interested in accepting the new Makefile; until word comes back, it's [in the AUR git repo][1]. This also grants full relro.
Awesome, thanks for upstreaming the problems :)
participants (9)
-
Alad Wenter
-
Andrew Crerar
-
Baptiste Jonglez
-
Christian Rebischke
-
Eli Schwartz
-
Ivy Foster
-
Johannes Löthberg
-
Levente Polyak
-
Pierre Neidhardt