[aur-dev] PKGBUILD parsing on the AUR

Xyne xyne at archlinux.ca
Sun Aug 2 12:43:53 EDT 2009 

> As I worked on most of the parsing code at the moment: we don't have
> any "if-then-else" statements. AUR can (currently) handle only static
> assignments and bash arrays (or how are they called) and evals.
> 
> This is because we don't evaluate the "bash" part of the script just
> the variable assignments. Would be nice to have a whole bash
> interpreter or similar, but I don't have an idea how to get that done
> securely at the moment.... Any suggestions?
> E.g. that example on the top would not get through...
> 
> As for the linked feature request: the "depends" should be
> straightforward (I didn't look into it much, yet, but we should have
> all the required data). The "makedepends" is not stored for the web
> interface, so should be added there first. Would be quite valuable, I
> think... Even optdepends could be useful if we would add it one day,
> the only problem is, that it does not seem to have a standard format
> across packages.
> 
> So, on a related note, making such upgrades: patches for the pages
> (php or html...) are straightforward. How does someone send a patch
> which would need a change in the SQL database in the back?
> 
> Cheers,
>     Greg

Thanks for the replies, Greg.

I suspected that it was scraping the PKGBUILDs due to discrepancies
reported on the bug tracker (valid PKGBUILDs not being properly parsed
on the AUR, etc).

There is no fully functional solution to extracting data from bash
PKGBUILDs. Sourcing it exposes you to malicious code and implementing a
full interpreter would do the same (as it would have to handle command
outputs, which in turn means running commands). Anything less will not
be able to fully parse all valid PKGBUILDs. That's why I've been
playing around with the idea of a non-bash PKGBUILD [1]. The AUR would
definitely benefit from this as would any application which interacts
with it. It would be nice to accurately resolve dependency trees using
only the JSON-RPC interface, for example.

Where can I view the code for the web pages?


[1] http://xyne.archlinux.ca/ideas/pkgmeta

More information about the aur-dev mailing list