[aur-general] Perl PKGBUILD review

Eli Schwartz eschwartz at archlinux.org
Sun Dec 3 18:47:51 UTC 2017


On 12/02/2017 04:02 PM, François Freitag wrote:
> Hi all,
> 
> I'm new to Perl packaging. I wrote my first PKGBUILD [1] following the
> wiki [2].
> I would be very grateful if somebody could give it a read and suggest
> improvements? namcap does not emit any warning.

Well, *if* I assume the PKGBUILD is the same one you uploaded to the
AUR, then there are a few odd things about it.

You do not need to obfuscate your email address, alternatively you
already have older versions that are quite discoverable and contain the
unobfuscated version. That being said, you used the single most common
"obfuscation", which AFAIK all spambot scrapers know how to interpret.

Versioned per dependencies are wrong, we only use versioned dependencies
in exceptional cases e.g. gcc and gcc-libs are tightly bound to
identical $pkgver-$pkgrel releases.

You moved some environment variables from build and package, where they
will be run, to prepare, where they may very well not be run. Consider
what happens when you use makepkg --nobuild && makepkg --noextract. Then
consider than some popular AUR helpers do this automatically, ensuring
many users will be affected by this.
Please revert that change back to the working version. Do not depend on
variables set in one function to be available in other functions.

Why did you remove the check() function? Does it not work anymore?

You do not meed to remove perllocal.pod and .packlist, as that is
already done by the default purge option in makepkg.conf -- admittedly
it can be removed from the PKGBUILD since the defaults should work.

...

Basically, you updated the pkgver and broke a few things.

Note that one actual issue which existed beforehand and which you did
*not* fix, is that the source array will download v${pkgver}.tar.gz
which clashes with many other packages if you use a shared $SRCDEST. So
you should switch that to use:
source=("${pkgname}-${pkgver}.tar.gz::${url}/archive/v${pkgver}.tar.gz")

Thereby giving the download filename a unique name specific to this
package. I use ${url} by habit, you don't have to though.

-- 
Eli Schwartz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20171203/cc53a4be/attachment.asc>


More information about the aur-general mailing list