[aur-general] Fwd: please add -depth 1 to makepkg git clone
Tai-Lin Chu
tailinchu at gmail.com
Sat Apr 6 14:10:52 EDT 2013
>Doesn't matter. cp does nothing with checksums, whereas git will
preserve every byte, and it literally can't go bad (or if it does on the
extremely off chance, it will simply stop the build). Maybe rsync, you
say? That still isn't cryptographically secure. Using git, you can
guarantee that the files you are building from are exactly the same as
anyone else, which is what we want with makepkg.
cp and git clone are exactly the same. see cp source code, and if the
file is corrupted, then you have even bigger problems.
In general very not likely. (i mean if this happen, 1. kernel has
problem 2. your disk goes bad)
stackoverflow confirmed the result.
http://stackoverflow.com/questions/852561/is-it-safe-to-use-a-copied-git-repo
>There's minimal point to this. As I've said numerous times, it does not
allow you to clone the shallow bare repo, which is what makepkg gets
when it fetches git sources.
aren't we talking about cp....?
>If they're all doing it at the same time, cloning fresh repositories,
then yes. that may be an issue on some large projects with very terrible
servers. Also, if you're worried about server load, mirror the
repository yourself so people can gake the load off of the host server.
This is the joy of a DVCS.
I dont have a server, and this is not practical. certainly using git
pkgbuild with shallow clone is far easier than what you mentioned.
On Sat, Apr 6, 2013 at 10:08 AM, William Giokas <1007380 at gmail.com> wrote:
> On Sat, Apr 06, 2013 at 12:25:37AM -0700, Tai-Lin Chu wrote:
>> >This is dumb because using cp is not enough, you should be using git clone
>> >because it is git and straight from git, if you goal is to just use the
>> >newest you are doing it wrong go write you own pkgbuild.
>>
>> What is not enough? cp has option to reserve everything.
>
> Doesn't matter. cp does nothing with checksums, whereas git will
> preserve every byte, and it literally can't go bad (or if it does on the
> extremely off chance, it will simply stop the build). Maybe rsync, you
> say? That still isn't cryptographically secure. Using git, you can
> guarantee that the files you are building from are exactly the same as
> anyone else, which is what we want with makepkg.
>
>>
>> >The only reason to use git packages is if you are deving upstream and want
>> >to actively test development of upstream packages... Or if up stream is
>> >dumb enough to never tag stable releases. Fortunately there are very few
>> >of the latter, so to support the majority of of users we clone the whole
>> >thing.
>>
>> Please read document for depth=1 and shallow clone. When we create a
>> package, we only need the snapshot at that time; we rarely revert any
>> commit. After we do shallow clone, we can still pull, and remake
>> package. I really dont understand your reason for " to support the
>> majority of of users we clone the whole thing" because shallow clone
>> is sufficient.
>
> There's minimal point to this. As I've said numerous times, it does not
> allow you to clone the shallow bare repo, which is what makepkg gets
> when it fetches git sources.
>
>>
>> >I truly do not understand why this conversation exists. We discussed this
>> >months ago. The conclusion was that you really shouldn't be using these
>> >packages unless you are following upstream...
>> yes, i agree with you. But as a person who commits patches and needs
>> to test, I think using --depth 1 makes initial cloning faster and
>> decreases the load of remote git server.
>
> Someone submitting patches and testing should simply link to their
> development repo in their SRCDEST, seeing as you already have the repo.
>
>> Think about this 100 people
>> clones vlc.git with shadow (around 600mb) vs without shadow (around
>> 10000mb)... its not just about whether you care it or not; please
>> preserve resources of other projects.
>>
>
> If they're all doing it at the same time, cloning fresh repositories,
> then yes. that may be an issue on some large projects with very terrible
> servers. Also, if you're worried about server load, mirror the
> repository yourself so people can gake the load off of the host server.
> This is the joy of a DVCS.
>
> Once again, you can continue to use the worthless biolerplate code from
> the old vcs PKGBUILDs, but this is pretty much worthless to be honest,
> and will only fly in the face of readability.
>
> Thank you,
> --
> William Giokas | KaiSforza
> GnuPG Key: 0x73CD09CF
> Fingerprint: F73F 50EF BBE2 9846 8306 E6B8 6902 06D8 73CD 09CF
More information about the aur-general
mailing list