[arch-general] PKGBUILD parser

Loui Chang louipc.ist at gmail.com
Sun May 9 12:06:34 EDT 2010

On Sun 09 May 2010 16:21 +0200, Xavier Chantry wrote:
> On Sun, May 9, 2010 at 2:44 PM, Allan McRae <allan at archlinux.org> wrote:
> > Sourcing is dangerous if the PKGBUILD is from an untrusted source.  It also
> > fails with package splitting...

> But I just had an idea now, if we're thinking about AUR use case :
> makepkg --source could generate a suitable and parsable file providing
> all information that AUR needs, and ships that next to the PKGBUILD in
> the source tarball. Does that sound crazy ?
> This would not fix the problem now, but it could fix it eventually,
> when most pkgbuilds are re-submitted. Or this parsable file could be
> generated for all pkgbuilds in a row, just for the conversion, in a
> chroot/jail on a machine not in production.

Yeah I've thought about this as well. Source packages could have a
similar format as binary packages with a .PKGINFO file to present the
metadata in an easily parsable format.

You can read some of my incomplete brainstormings here:

More information about the arch-general mailing list