[aur-general] TU Application - Filipe Laíns

Eli Schwartz eschwartz at archlinux.org
Thu Jul 12 22:04:29 UTC 2018 

On 07/12/2018 01:47 PM, Filipe Laíns via aur-general wrote:
> Hello,
> 
> My name is Filipe Laíns.
> You might also know me by my alias, FFY00.
> 
> I am applying to be a Trusted User with Dan Printzell's (Wild) sponsorship.

It's always nice to see people eager to contribute more, good luck!

> 	(synology-cloud-station-drive)
> This is a drive client for Synology devices[6].

We'll need permission from them for binary redistribution with
all-rights-reserved software... they pretty specifically only offer
single-user personal licenses to download, install, and run one copy
from them alone. Like most proprietary EULA'ed software.

...

On to the ztrawhcse review!

I gave Filipe some advice over IRC prior to his application. As a
result, many packages had their srcdir/pkgdir quoting fixed, or renamed
sources to cooperate with shared $SRCDEST, or fixed style nits with
inconsistently quoted variables

As of the last time I checked, although some packages may be fixed
already, the following issues were discovered...

antlr3:
- you updated the source to HTTPS on my advice, but forgot the url

babl-git:
- !libtool is not needed to build, and comes as default anyway these
  days
- ./autogen.sh should be moved to prepare, and moved to autoreconf -fi
  if at all possible. In this case, it's a wrapper for autoreconf
  already :)

cellular-network-configs-git:
- unquoted srcdir/pkgdir

cm256cc:
- are the mv commands needed or not?
- depends on boost but may only need that as makedepends, see if runtime
  depends could get away with only boost-libs

dump1090-mutability-git:
- unquoted srcdir/pkgdir
- source should clone over git+https:// for TLS certificate checking
- install script should switch to using systemd-sysusers
- install script should not delete users on uninstall as this can be a
  security risk: https://www.archlinux.org/todo/usergroup-management/
- consider just using systemd DynamicUsers to run the service

evernote-sdk-python:
- patching should be done in prepare not build
- should run python setup.py build in build before running install in
  package

franz:
- electron apps should use the system electron if possible
- architecture-dependent binaries should go in /usr/lib not /usr/share
- try to get desktop file into upstream project
- should not conflict the bin package -- that is the bin package's job

gdc1-bin:
- sources should use HTTPS

gdc-bin:
- unquoted srcdir/pkgdir
- sources should use HTTPS

gdc-git:
- unquoted srcdir/pkgdir
- sources should use HTTPS
- binutils is in base-devel and should not be a makedepends

gegl-git:
- autogen.sh in build should be moved to autoreconf -fi in prepare

gimp-git:
- url should be HTTPS
- move sed'ing of configure.ac, autogen, to prepare and use autoreconf

gr-limesdr-git:
gr-limesdr:
- MIT license must be installed in package

inspectrum:
- style: license array sticks out like a sore thumb by not being quoted
  like the surrounding variables
- pkg-config is in base-devel and should not be a makedepends

cellular-network-configs-git:
evernote-sdk-python:
gr-limesdr-git:
gr-limesdr:
limesuite:
lime-tools-git:
lms7002m-driver-git:
- style: arch array sticks out like a sore thumb by not being quoted
  like the surrounding variables

me-edit:
- should build from source
- don't use specific sourceforge mirror to download
- wrapper script does not need to popd right before exiting a script
- wrapper script would be better off symlinking to /usr/bin/ if possible

mitmproxy-git:
- unquoted pkgdir
- MIT license must be installed in package
- should run testsuite like community package does
- should use system certifates instead of certifi, like community
  package does

nodejs-nan:
- should build from source tarball instead of pulling from the server at
  buildtime
- nodejs packages need to fix non-deterministic chmod 777 on
  directories, see
https://wiki.archlinux.org/index.php/Node.js_package_guidelines and
https://github.com/npm/npm/issues/9359

pantheon-mail:
- stable releases do not replace bzr packages

pulseaudio-equalizer-ladspa:
- renamed to unique sources on my advice, but dropped the .tar.gz

pylms7002m-git:
- unquoted srcdir

pylms8001-git:
- unquoted srcdir

python2-entrypoints:
- instead of downloading setup.py from git master of some fork, use the
  PyPI releases, for which flit has generated one for you. Or use flit.

python2-keyrings-alt:
- wrong url

python2-secretstorage:
- BSD license must be installed in package

qspectrumanalyzer-git:
- uses setuptools entry points so setuptools is a runtime dependency

qt5-quick1-git:
- should use #branch=dev for source instead of checking it out later

qt5-quick1:
- pinned to a git tag, then immediately checks out some branch???

redmine:
- source/url should use HTTPS
- $_instdir can contain spaces (based on $pkgdir) and must be quoted


rivalcfg:
rivalcfg-git:
- setup.py contains setuptools entry points so setuptools is a runtime
  dependency
- install script should be taken care of by udev + reload hook from
  systemd

sdrangel-git:
sdrangel:
serialdv:
soapyosmo:
soapyrtlsdr:
soapysdr:
soapyuhd:
- incorrectly marked as 'any' package

soapyosmo:
- GPLv3 license should be GPL3

soapyrtlsdr:
- MIT license must be installed in package

soapysdr:
- Boost license is a common license in the 'licenses' package

sparta:
- url should use HTTPS
- nmap/hydra seem to be optdepends, not makedepends

ttf-d2coding:
- OFL is not installed in the licenses package, so must be installed in
  this one
- font packages don't intrinsically depend on fontconfig,
  fontconfig-using applications are among those that read font files
  should not provide/conflict itself
- url is a redirect to the website's main page over HTTPS, find a better
  link

vr180-creator:
- electron app with no links to source is marked as MIT for the electron
  component, source archive contains binary node modules so cannot
  debundle electron without source, cannot find license for app itself

writefull:
- proprietary app using electron is marked as MIT, app.asar contains
  binary robotjs and spellchecker modules which can probably be rebuilt
  against and use system electron package
- arch-dependent binaries should be installed to /usr/lib not /usr/share



-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20180712/4a9d9a20/attachment-0001.asc>

More information about the aur-general mailing list