[aur-dev] [PATCH/RFC 0/5] Use Git repositories to store AUR packages

Colin Woodbury colingw at gmail.com
Tue Jun 17 16:18:54 EDT 2014


Hi guys, author of Aura (a package manager / AUR helper) here.
Before this got too far along I thought I'd bring up what another AUR
helper dev, my users, and myself have been discussing over the past little
while.

We've been paying close attention to the AUR 3.x development as of late.
Version 2 of the RPC is a godsend, and the upcoming git integration sounds
great. We've discussed the following:

1. RPC V2: It is yet unenforced. It is clearly better to have all
dependency metadata available publicly, rather than rely on shoddy,
insecure Bash parsing/execution done in different ways by every AUR helper,
but the fact remains that the most popular AUR helpers don't enforce AUR 3.
Aura 2 (in development) will, with support for dep resolution of all
non-AUR 3 compliant packages dropped. We believe this is the way forward,
but we face a new problem:

2. The AUR is filled with dead packages. It could use a reboot, rejecting
all non-AUR 3 uploads. This would then ensure all packages provide full
information via the RPC, and AUR helpers can safely resolve dependencies.
The question is, how to reboot?
  a. Delete every package? Pros: All the long-orphaned packages would be
gone forever. Cons: Current ownership of packages would be lost.
  b. Flag every package out-of-date? Pros: Everyone would/should become
aware of the issue, and upload AUR 3 compliant versions of the packages
they maintain. Cons: There's nothing stopping them from just hitting the
"unflag out-of-date" button to circumvent this.
  c. Only move non-orphaned packages to the new git-based AUR? Pros: Would
clear away the cruft and leave only real packages. Cons: ?

If nothing else, (c.) might give us the greatest hope for a revitalized
AUR. The equivalent to (b.) could be accomplished if enough AUR helper
users collectively flagged non-AUR 3 compliant packages out of date.

As v2 of the RPC has been released, it would be a waste if its use wasn't
brought to the mainstream. That said, it might be difficult to do so if the
state of the AUR remains as it is.



On 17 June 2014 11:22, Lukas Fleischer <archlinux at cryptocrack.de> wrote:

> This patch series adds Git support to the AUR. The scripts are not
> thoroughly tested and there is no documentation as of now. First
> comments and reviews are welcome, though!
>
> If you want to test this, note that the scripts currently require a
> patched sshd(8) [1]. I am trying to get this upstream.
>
> [1] https://github.com/ScottDuckworth/openssh-akcenv
>
> Lukas Fleischer (5):
>   Add support for adding SSH public keys to profiles
>   Add basic Git authentication/authorization scripts
>   Add update hook template
>   Use Git repositories to store packages
>   Add public clone URLs to package details
>
>  UPGRADING                             |   10 +-
>  schema/aur-schema.sql                 |    1 +
>  scripts/git-integration/config.sample |   17 +
>  scripts/git-integration/git-auth.py   |   41 +
>  scripts/git-integration/git-serve.py  |  106 ++
>  scripts/git-integration/git-update.py |  334 ++++++
>  web/html/account.php                  |    7 +-
>  web/html/pkgsubmit.php                |  495 --------
>  web/lib/Archive/PEAR.php              | 1063 ------------------
>  web/lib/Archive/PEAR5.php             |   33 -
>  web/lib/Archive/Tar.php               | 1993
> ---------------------------------
>  web/lib/acctfuncs.inc.php             |   78 +-
>  web/lib/aurjson.class.php             |    1 -
>  web/lib/config.inc.php.proto          |    4 +-
>  web/lib/pkgbasefuncs.inc.php          |   39 -
>  web/lib/pkgbuild-parser.inc.php       |  139 ---
>  web/lib/pkgfuncs.inc.php              |  195 ----
>  web/lib/routing.inc.php               |    1 -
>  web/template/account_edit_form.php    |    5 +
>  web/template/header.php               |    1 -
>  web/template/pkg_details.php          |   10 +-
>  web/template/pkgbase_details.php      |   10 +-
>  22 files changed, 602 insertions(+), 3981 deletions(-)
>  create mode 100644 scripts/git-integration/config.sample
>  create mode 100755 scripts/git-integration/git-auth.py
>  create mode 100755 scripts/git-integration/git-serve.py
>  create mode 100755 scripts/git-integration/git-update.py
>  delete mode 100644 web/html/pkgsubmit.php
>  delete mode 100644 web/lib/Archive/PEAR.php
>  delete mode 100644 web/lib/Archive/PEAR5.php
>  delete mode 100644 web/lib/Archive/Tar.php
>  delete mode 100644 web/lib/pkgbuild-parser.inc.php
>
> --
> 2.0.0
>
>


More information about the aur-dev mailing list