-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, I was subscribed to the pacman-dev list on my old email account, but just moved it over. I noticed the thread about Icadyptes' makepkg changes and got Allan's message. I would be happy to see some of Icadyptes' makepkg changes make it into the mainline makepkg, but I doubt all of them will (on top of that, some of my code is quite hackish). Some features are implemented nicely, though others are definitely a work in progress. Most changes were applied to the 3.2.1 makepkg, and I have not updated it for split package support and some of the other changes. I will list the changes I can remember by order of how useful I think they would be to the mainline makepkg. Most useful: runtimedeps=(): I added a runtimedeps=() option for dependencies that are needed at runtime and not for building. This would be useful for scripts that only need a `make install DESTDIR="$pkgdir"` on the building side. I've used it a few times already, but it is not the most common case. Not setting arch=() implies arch=('any'): After a couple months of development, some benchmarks, and finding that AMD K6-2s lack the CMOV instruction, I moved Icadyptes to i486/generic. It is frustrating (though scriptable) to change all buildscripts from arch=('i686' 'x86_64) to arch=('i486' 'x86_64), but I did not care for the setup from the begining. Rarely is a source tarball only buildable on one x86 subset, and I don't like having to write arch=('any') in each buildscript, so I made arch=('any') the default if no arch line was set. I think that this could be expanded a bit with negation flags for archs, ie arch=('!i486' 'i686'). Or perhaps arch=('i586+'), but that is getting a little complex and overdone in my opinion. Potentially useful: Replacing checksums inside the PKGBUILD with SHA256SUMs in a CHECKSUMS file: Originally, I kept the {md5,sha1}sums=() lines in buildscripts, but couldn't be bothered to update them if the source files were updated. This needs a lot of work, but I simplified the code gutting the PKGBUILD-internal checksums and replaced it with a seperate CHECKSUMS file containing SHA256SUMs of $source=() and $install. One can simply run `makepkg -g` to regenerate the checksums now, which is quite nice. Other scripts would have to be updated to copy CHECKSUMS over, but I have had no issues with it after some minor tweaking here. $SRCDEST using SHA256SUMs as the filenames: This needs work too, but if you are using a shared source directory makepkg will download the source files, verify them against CHECKSUMS, and move them to $SRCDEST. Using $SRCDEST with the normal filenames is problematic due to filename collision with other packages, so this is an (IMO) elegant and safe solution. I used SHA256 because MD5 is very insecure, SHA1 is potentially vulnerable, and it isn't as overkill (though some would say SHA256 is excessive) as SHA512. While an attacker could do a number of attacks to give the user faulty build scripts, at least this part of the system is secure. Of course, any checksum algorithim can be used. Doubt you would want these: Removal of OS X hacks: I can mostly understand using alternative utilities so that *BSDs can use makepkg, but I have no idea of why you care about Mac OS X enough to implement slower and more bloated workarounds to things like getopt. In my opinion, you have to draw the line somewhere. I personally think that makepkg and Pacman should be solely for Arch, but that is just my two cents. Removal of OpenSSL dependencies: I don't care for OpenSSL and try to replace it with GnuTLS where I can, so I reverted back to using the *sum utilities. GnuTLS is lighter, easier to build, and doesn't have the advertising license clause that OpenSSL does. Of course, the *sum utilities are from GNU coreutils, not GnuTLS. Moving to GNU tar from bsdtar so that libarchive can eventually be removed entirely as a package. Although libarchive looks fairly nice, so I should do some more research on this. Pacman changes: Pacman is currently pretty vanilla in Icadyptes, but I apply the reverted patch for internal file:// handling, statically link it against libarchive, use curl (you may want to look at my {pacman,makepkg}.conf as they pass a couple more flags), and generally have fairly light configure options (disabling NLS, etc.). I also use .ipkg for the package extension, but I don't think any of this is very usable by the mainstream Pacman :-). Thanks for the interest in my makepkg modifications. Let me know if you have any comments, ideas, or suggestions. Cheers, Teran (sega01) On Tue, 20 Jan 2009 14:58:50 +0000 "Teran McKinney" <sega01@gmail.com> wrote:
Forwarded conversation Subject: [pacman-dev] icadyptes makepkg changes ------------------------
From: Allan McRae <allan@archlinux.org> Date: Tue, Jan 20, 2009 at 12:20 To: Discussion list for pacman development <pacman-dev@archlinux.org>
Hi,
This is a reminder for myself and a FYI for anyone else that is interested. There is a new Arch fork called Icadyptes (http://icadyptes.org/) which does some changes to makepkg and to a lesser extend pacman (see http://icadyptes.org/index.php?q=node/2). Their git repo is here: http://gitweb.icadyptes.org/?p=icadyptes-core/.git;a=tree;f=base/pacman;hb=H...
Maybe there is something useful there that would worth merging. Adding something like "runtimedeps" has been previously suggested but from memory the patch never got updated for inclusion. Other makepkg changes listed will probably never make it here... Anyway, I will give the Icadyptes dev a ping to suggest that any changes could/should be CCed here so we can decide whether to include them.
Allan
_______________________________________________ pacman-dev mailing list pacman-dev@archlinux.org http://www.archlinux.org/mailman/listinfo/pacman-dev
---------- From: Dan McGee <dpmcgee@gmail.com> Date: Tue, Jan 20, 2009 at 13:48 To: Discussion list for pacman development <pacman-dev@archlinux.org>
Their changes do sound interesting. Please do send them an email.
-Dan -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (GNU/Linux)
iF4EAREIAAYFAkl2HbQACgkQPsLC06eiyfF1CwD/dl9UgD7VK+5NDnNzSJhFL+kZ u50RnWVRx1ZxikzBVXsBAK6vh2PpdWva05+0cZL563DtWP/q+SXMLiECQCl0WsnM =4/Q8 -----END PGP SIGNATURE-----