[aur-general] TU Application: Alad Wenter

alad at mailbox.org alad at mailbox.org
Sun Sep 10 20:08:38 UTC 2017

On Sun, Sep 10, 2017 at 04:55:16PM +0000, Eli Schwartz wrote:
> On 09/10/2017 09:16 AM, Alad Wenter via aur-general wrote:
> > Hello everyone,
> > 
> > My name is Alad Wenter, and I would like to apply for a position as Trusted User. I’m a student in Germany, majoring in Mathematics with a focus on Algebraic Topology. Many thanks to Johannes Löthberg who is sponsoring my TU application.
> Somme comments on your AUR packages:
> aurutils/aurutils-git:
> - uses the ISC ("custom:ISC") license, which is not a common license
>   (`pacman -Ql licenses`)and must therefore be installed separately.
> - Thanks you kindly for upgrading the security of the *sums you SKIP
>   from md5 to sha256 :p :p
Fixed the license array. The license was already installed by the

> bash-devel-git:
> - You do not follow our repo bash package in defining, as per FS#50567,
> - Apparently this doesn't work with the system readline or something???
> - system.bashrc is out of sync with the core/bash package
> - Do you even pacman hooks? Get rid of bash.install

> cottage:
> - source tarball violates shared SRCDEST, v$pkgver.tar.gz clashes with
>   other packages that have the same version.

> cottage-git:
> - Has an abomination of a pkgver(), you know how to do this properly -_-
>   and upstream even has tags!!!
> - clones #branch=master which is the default
> - unconditionally defines options=('debug'), which is meant to be a
>   makepkg.conf choice and uses a separate build target which just
>   appends to CFLAGS the same way our DEBUG_CFLAGS do.
> - again consider asking upstream to support DESTDIR.
Fixed. I agree about DESTDIR and filed a pull request upstream.


> datamash-git:
> - pkgver() doesn't strip "v" from the start
> - source is cloned over git://git.sv.gnu.org which redirects to
>   git.savannah.gnu.org, also please clone over https:// as this verifies
>   the server in addition to just encrypting the transport
> - It seems bizarre that this makedepends on rsync and wget, the latter
>   especially seems like some part of the build process attempts to
>   download itself... I think it wants to bootstrap updated translations
>   but this should still be done via source=().
> - Do you even pacman hooks? Get rid of datamash.install
Fixed. The rsync usage for translation files seems hard-coded in the
bootstrap script, so this is something to mention to upstream.

> dpkg:
> - git source at pinned commit should not re-clone itself to a new
>   $pkgname-$pkgver every time you bump the pkgver
> - autoreconf should be done in prepare()
> - explicitly override options=(emptydirs) rather than depending on the
>   user's choices in makepkg.conf

> howm-x11:
> - source tarball violates shared SRCDEST, v$pkgver.tar.gz clashes with
>   other packages that have the same version.
> - Makefile has install target.
> - Those find commands are awkward, `mkdir -p ... && cp -a ...` is not a
>   sin so please use it.
> - So much whitespace separating variables...
> - That install script depresses me, shouldn't users be expected to
>   determine for themselves how to use this?
Fixed. The Makefile missed the -D argument to install, so I've filed a
pull request upstream.


> howm-x11-git:
> - Basically just the same things mentioned for howm-x11 or cottage-git.
Fixed apart from the Makefile, which actually does not include the
correct install target for debug builds...


> jshon-git:
> - pkgver should use tags via `git describe --tags`

> kkrieger:
> - Downloads an unversioned kkrieger-beta.zip -- I understand this is
>   web.archive.org that will never be updated but it is still painful. :D
> - kkrieger.jpg is a 404 not found, also you never even try to do
>   anything with it...

> lightspark-git:
> - Do you even pacman hooks? Get rid of lightspark-git.install
> - Depends on desktop-file-utils, not needed because of hooks, and curl,
>   arguably not needed as it's a dependency of pacman among other things.

> mc-git:
> - autogen should really be done in prepare()

> nvtv:
> - Empty variables should be deleted.
> - md5sums at the bottom of the PKGBUILD are weird, move this up with the
>   other variables, like source=()
> - You really need quilt for this?
> - make prefix="$pkgdir/usr" install seems like it should be ./configure
>   --prefix=/usr && make DESTDIR since this is after all autotools and if
>   there is one decent thing about autotools it is the fact that DESTDIR
>   can be essentially guaranteed to exist...
Fixed, though for now still using quilt. Since it's a debian patch
package, using quilt seemed the correct tool and didn't require me to
use an own ad-hoc method.

> repoctl-git:
> - pkgver() does not strip leading "v"
> - Why does this depend on xz, which is a dependency of lots of core
>   things e.g. libarchive, and unlikely to be explicitly needed vs. the
>   many other compression formats makepkg/repo-add supports?
> - Why !strip, does this package actually break if you try stripping it?
There's several upstream files that depend explicitely on xz:


It's however true that the dependency is already provided by pacman, so
I've removed it. Also removed !strip and fixed pkgver.

> thunar-git:
> - autogen should be done in prepare()

> vim-bracketed-paste:
> - The source is a github master.zip, I'm not even sure how to properly
>   express my disappointment. It should be a -git package since there are
>   no releases.
Fixed to use pkgver. I've however requested to delete the package, due to
related commits vim upstream and frequent issues with tmux.

> xss:
> - So much whitespace in the variables...
> - Unversioned source xss-master.tar.gz
> - None of it works because the upstream website is dead, everything
>   redirects to https://sites.google.com/view/woozle/
> - Author still exists at https://github.com/nealey, project has moved to
>   https://github.com/9wm/xss (he is a member of that org)
Fixed. Regarding the source, I've asked for a relase upstream:


Some improvements regarding the Makefile should also be made.
> > I have opened a repository with modifications from the original AUR packages to better suit them as candidates for [community]. [8]
> > 
> > [8] https://github.com/AladW/community
> physlock:
> - source tarball violates shared SRCDEST, v$pkgver.tar.gz clashes with
>   other packages that have the same version.

> polkit-explorer:
> - Since I see you already filed one pull request upstream for PEP 394,
>   why not also contribute a decent setup.py and that desktop file...
> - uses the ISC ("custom:ISC") license, which is not a common license
>   (`pacman -Ql licenses`)and must therefore be installed separately.
Fixed the license array; the license file itself was already installed
to /usr/share/licenses/polkit-explorer. I agree on contributing a setup.py.

> python-i3-py:
> - It is probably not important to point out in the description which
>   programming language it uses, especially when the pkgname already
>   includes that info.
> - git source at pinned commit should not re-clone itself to a new
>   $pkgname-$pkgver every time you bump the pkgver
> - Python packages which are intended to install a command-line tool
>   rather than a library should not be prefixed with python- and do not
>   need to be installed for both Python 3 and Python 2.
Fixed the description and the git source. Regarding the command-line
tool, the package is meant as a library, but the repository ships some
examples which can be used as command-line tools. I've moved them to a
separate "-examples" split package.

> qpdfview:
> - Does this really need desktop-file-utils and hicolor-icon-theme or was
>   this a remnant of some pre-hooks install script?q

> -- 
> Eli Schwartz

Thank you very much for your elaborate review!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20170910/438f3c7e/attachment.asc>

More information about the aur-general mailing list