[aur-general] Review and a bit of other help request

Sebastian Lau lauseb644 at gmail.com
Fri Mar 17 16:38:55 UTC 2017


On 17.03.2017 14:48, Konstantin Gizdov wrote:
> Hi all,
>
> So I have now for quite a while been the maintainer for the following:
>
> root
> root-extra
> pythia8
> xrootd-abi0 (this exists as a work around for other maintainer not updating
> package)
> unuran
> root5 (legacy and poorly supported for GCC 5+, need help here especially)
>
> and just adopted pythia.
>
> I've actually put quite a bit of work in some of them. With the latest
> changes upstream here and there, I am planning to re-optimize the builds,
> but I wanted to first ask for some input from this list and gather some
> suggestions.
>
> My main focus is making CERN's ROOT and it's relevant
> dependencies/extensions work on Arch. I started and mainly concentrate on
> root and root-extra. Pythia, XRootD, Unuran are such extensions which were
> not available or broken in Arch. So I had to make 'pythia8' and
> 'xrootd-abi0' as workarounds. I have now finally been able to adopt
> 'pythia' and plan on making a major re-write and optimization. I still have
> to keep 'xrootd-abi0' as the current maintainer does not really update or
> fix his package when new versions/problems arise. I do not plan on making
> an orphan request, as I do not want to cause trouble for people.
>
> However, I do wish to make the current environment as good as possible for
> the people that actually use it and would welcome any input from you.
> Thanks in advance.
>
> Apart from that I wanted to understand better if and how package signing
> works with AUR. I tried the wiki and a bit of Google, but so far it seems
> package signing is only for official repos/trusted users. I did not want to
> try it out myself before getting some advice as I was afraid messing up
> will prevent people from installing them.
>
> Regards,
> Konstantin
Hello Constantin,

a few things on package signing and repositories:

- for AUR there is no need to sign your PKGBUILDs as your identity is
verified when you push to git with your ssh key.

- If you want to pre-compile the created packages and host them
somewhere, you have the possibility of using `makepkg --sign` which will
use the gpg-key that you configured in your `/etc/makepkg.conf`. For
creating repositories you should use `man repo-add` (have a look at the
example, it is like `repo-add $REPONAME.db.tar.xz *.pkg.tar.xz` in your
repo's directory.

Regards,
Sebastian


More information about the aur-general mailing list