[aur-dev] Using git as a backend for the AUR

William Giokas 1007380 at gmail.com
Sun Mar 17 13:57:52 EDT 2013


On Sun, Mar 17, 2013 at 01:40:46PM -0400, Daniel Wallace wrote:
> On Sun, Mar 17, 2013 at 12:33:41PM -0500, William Giokas wrote:
> > On Sun, Mar 17, 2013 at 01:14:01PM -0400, Daniel Wallace wrote:
> > > On Sun, Mar 17, 2013 at 12:43:01PM +0100, Jelle van der Waa wrote:
> > > > The AUR currently has ~ 41076 packages, which would bring us to an equal
> > > > amount of git repo's. This doesn't seem very efficient to me.
> > > > 
> > > > With svn you can put it all in one repo and checkout a single package
> > > > without checking out the whole repo, which is how
> > > > [core],[extra],[community] work.
> > > > 
> > > > I know Exherbo uses Git for their repo's but they seem to split it up
> > > > into categories [1].
> > > > 
> > > > Git seems to have sparse checkout for this in 1.7, but I don't know how
> > > > it works [2]
> > > 
> > > git clone --single-branch git://projects.archlinux.org/svntogit/packages.git -b packages/linux
> > > 
> > > ... then make one for community.git :)
> > > 
> > > and inside, you can do stuff like...
> > > 
> > > git fetch origin packages/bash
> > > git checkout -b packages/bash FETCH_HEAD
> > > 
> > > and checkout the other branches
> > 
> > But this does make it so that either no one has push access, or only a
> > very small subset of people have push access for security reasons. The
> > whole point of the multiple repos is to allow people full control over
> > the whole repo with git, and not have to rely on the `makepkg -S` bits.
> > While great for spectating, it's pretty bad for a bunch of people that
> > can just simply sign up as contributors. Also, you know what would
> > happen if we just gave everyone push access.
> 
> Why are people going to be able to actually git push, why not use
> something like burp, where you run makepkg -S and upload that with a
> commit message, and the backend takes care of unwrapping and committing
> it.

It would make things easier on the packager, imho. So long as the
.gitignore is all correctly set up and everything, then you're simply
relying on git. It would also allow ssh key authentication if set up
right, for added security when uploading. I just think it would be
better to at least allow pushing via git. And it also shouldn't be an
issue to actually have that many git repos, and the structure would
remain the same (bu/burp) to keep things somewhat cleaner.

Thanks,
-- 
William Giokas | KaiSforza
GnuPG Key: 0x73CD09CF
Fingerprint: F73F 50EF BBE2 9846 8306  E6B8 6902 06D8 73CD 09CF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/aur-dev/attachments/20130317/eb1f15b1/attachment-0001.asc>


More information about the aur-dev mailing list