[aur-general] [REVIEW REQUEST] python-viivakoodi

Quentin Bourgeois quentin at bourgeois.eu
Sun Nov 27 23:10:33 UTC 2016

On 16-11-27 11:10:51, Eli Schwartz via aur-general wrote:
> On 11/27/2016 10:30 AM, Quentin Bourgeois wrote:
> > You are right I have remove this, my first goals was to sign my
> > PKGBUILD file I don't think its possible ?
> No, although the AUR is HTTPS.
> If people clone the package instead of downloading the snapshot (several
> AUR helpers can be configured to do that), and if they obtain your
> public key, they can use git to verify signed commits. Assuming they
> know you sign your commits.
> But no AUR helper tries to check that... and how would you know which
> key to trust?
> > Inkscape (or any other tool for SVG handling) is needed if one would
> > like to see the result of generated document in SVG format. As there
> > could be a long list I am not sure if such dependencies should be put
> > into PKGBUILD, even in optdepends ?
> Looking at the project README, it just generates an SVG file (and says
> you will need a program that opens SVG, like most browsers). It doesn't
> fundamentally integrate with Inkscape, and you should not add as a
> dependency every single program capable of opening a specific filetype.
> In fact, you shouldn't even add one such program. ;)
> When it describes "Program to open SVG objects" as a requirement, they
> probably shouldn't have listed that in the code requirements, since it
> is only a *logical* requirement...
> > I add this check in case upstream change for any reason and not break
> > the build process. The warning should be enough to let me investigate.
> > I generally don't perform operation on resource that could not be
> > present, I just applied this here too.
> You should catch that when you make the package yourself before pushing
> an update to the AUR, since the install command would fail with an error
> and makepkg would abort with an error. At least, I assume you consume
> your own packages...
> As a general rule, do not clutter up the PKGBUILD with things that can
> change from version to version unless it is a VCS package and the same
> PKGBUILD applies from version to version as new commits are pulled from
> the VCS source.
> Also, don't make checks like that for things which are really quite
> unlikely to change. Why do you think they might do that???
With this, I come with a simpler PKGBUILD[0] in which I push
modifications you advised. I also removed some dependencies that are
used for code coverage and building documentation, which I do not
install for now.

Did we get to something good ?

[0] https://git.bourgeois.eu/aur_python_viivakoodi.git/tree/
-------------- next part --------------
# Maintainer: Quentin Bourgeois <quentin+archlinux at bourgeois.eu>
pkgname=("python2-$pkgbase" "python-$pkgbase")
pkgdesc='Barcode generator for Python. Fork of pyBarcode project.'

check() {
    cd "$srcdir/$pkgbase-$pkgver"
    for py_int in python3 python2; do
        msg "Testing $pkgbase-$pkgver with $py_int"
        "$py_int" ./test.py

package_python-viivakoodi() {
    optdepends+=('python-pillow: render barcodes as images')
    cd "$srcdir/$pkgbase-$pkgver"
    python setup.py install --root="$pkgdir/" --optimize=1

    install -Dm0644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
    install -Dm0644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE.launcher"

package_python2-viivakoodi() {
    optdepends+=('python2-pillow: render barcodes as images')

    cd "$srcdir/$pkgbase-$pkgver"
    python2 setup.py install --root="$pkgdir/" --optimize=1

    install -Dm0644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
    install -Dm0644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE.launcher"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20161128/7d7aa4bb/attachment-0001.asc>

More information about the aur-general mailing list