[aur-general] TU Application - Filipe Laíns

Filipe Laíns filipe.lains at gmail.com
Fri Jul 13 14:11:44 UTC 2018


Hey,

First of all I just want to say that I have 58 packages on AUR and most
of the PKGBUILDs (written by me) were written before I knew some of
this. I tried to update most of them but as it's a really monotonous
task, I missed some things. Eli, thanks for pointing them out.
Also, most of these packages were orphan and I adopted them, I did not
fix some of the mistakes right away because I didn't know these were
indeed mistakes. With the time I learned about them but I didn't fix
some of the packages because I have a lot of them. I have been fixing
them as people point it out or when the PKGBUILD needs to be manually
updated. Lately I have been making an effort to fix everything but
apparently it wasn't enough.

On Thu, Jul 12, 2018 at 11:04 PM, Eli Schwartz via aur-general
<aur-general at archlinux.org> wrote:
> It's always nice to see people eager to contribute more, good luck!
Thank you!

> We'll need permission from them for binary redistribution with
> all-rights-reserved software... they pretty specifically only offer
> single-user personal licenses to download, install, and run one copy
> from them alone. Like most proprietary EULA'ed software.
Sure.

> antlr3:
> - you updated the source to HTTPS on my advice, but forgot the url
Fixed.

> babl-git:
> - !libtool is not needed to build, and comes as default anyway these
>   days
> - ./autogen.sh should be moved to prepare, and moved to autoreconf -fi
>   if at all possible. In this case, it's a wrapper for autoreconf
>   already :)
Fixed.

> cellular-network-configs-git:
> - unquoted srcdir/pkgdirThis was fixed in commit
4a4273f72a93824a16a2c1e86308986b26d9df54[1]
This was fixed by commit 4a4273f72a93824a16a2c1e86308986b26d9df54[1]
which is dated to 11 days ago so I don't understand.

[1]
https://aur.archlinux.org/cgit/aur.git/commit/?h=cellular-network-configs-git&id=4a4273f72a93824a16a2c1e86308986b26d9df54

> cm256cc:
> - are the mv commands needed or not?
> - depends on boost but may only need that as makedepends, see if runtime
>   depends could get away with only boost-libs
The package installs the 64bit libraries in 'lib64' and 32bit ones in
'lib'. I am not comfortable enough to edit the CMakeLists file but if
anyone wants to submit a patch, I would be happy to accept it :)

> dump1090-mutability-git:
> - unquoted srcdir/pkgdir
That was fixed in commit e28ca199c321913aec5295650fa34e0b3c4d81cc[2]
which, again, dates to 11 days ago.
> - source should clone over git+https:// for TLS certificate checking
Fixed.
> - install script should switch to using systemd-sysusers
> - install script should not delete users on uninstall as this can be a
>   security risk: https://www.archlinux.org/todo/usergroup-management/
> - consider just using systemd DynamicUsers to run the service
I will fix this in one of the next few days.

[2]
https://aur.archlinux.org/cgit/aur.git/commit/?h=dump1090-mutability-git&id=e28ca199c321913aec5295650fa34e0b3c4d81cc

> evernote-sdk-python:
> - patching should be done in prepare not build
> - should run python setup.py build in build before running install in
>   package
Sorry about that. Fixed.

> franz:
> - electron apps should use the system electron if possible
> - architecture-dependent binaries should go in /usr/lib not /usr/share
> - try to get desktop file into upstream project
> - should not conflict the bin package -- that is the bin package's job
This package is broken and needs to be fixed in the upstream repository.
I haven't fixed any of this issues because that. Once we are able to
properly built the project, I will fix the whole PKGBUILD.

> gdc1-bin:
> - sources should use HTTPS
>
> gdc-bin:
> - unquoted srcdir/pkgdir
> - sources should use HTTPS
>
> gdc-git:
> - unquoted srcdir/pkgdir
> - sources should use HTTPS
> - binutils is in base-devel and should not be a makedepends
Fixed.
Same story, e9488cd4afbe1eb2356a2ab32d85ba5f58f41049[3]

[3]
https://aur.archlinux.org/cgit/aur.git/commit/?h=gdc-bin&id=e9488cd4afbe1eb2356a2ab32d85ba5f58f41049

> gegl-git:
> - autogen.sh in build should be moved to autoreconf -fi in prepare
Done.

> gimp-git:
> - url should be HTTPS
> - move sed'ing of configure.ac, autogen, to prepare and use autoreconf
Done.

> gr-limesdr-git:
> gr-limesdr:
> - MIT license must be installed in package
Fixed.

> inspectrum:
> - style: license array sticks out like a sore thumb by not being quoted
>   like the surrounding variables
> - pkg-config is in base-devel and should not be a makedepends
Fixed.

> cellular-network-configs-git:
> evernote-sdk-python:
> gr-limesdr-git:
> gr-limesdr:
> limesuite:
> lime-tools-git:
> lms7002m-driver-git:
> - style: arch array sticks out like a sore thumb by not being quoted
>   like the surrounding variables
Already fixed that.

> me-edit:
> - should build from source
> - don't use specific sourceforge mirror to download
> - wrapper script does not need to popd right before exiting a script
> - wrapper script would be better off symlinking to /usr/bin/ if possible
I will fix this later.

> mitmproxy-git:
> - unquoted pkgdir
> - MIT license must be installed in package
> - should run testsuite like community package does
> - should use system certifates instead of certifi, like community
>   package does
Quotes fixed on commit b00815f18db26d304d981b420fdc28ea2a5f050f[4].
Done.

[4]
https://aur.archlinux.org/cgit/aur.git/commit/?h=mitmproxy-git&id=b00815f18db26d304d981b420fdc28ea2a5f050f

> nodejs-nan:
> - should build from source tarball instead of pulling from the server at
>   buildtime
> - nodejs packages need to fix non-deterministic chmod 777 on
>   directories, see
> https://wiki.archlinux.org/index.php/Node.js_package_guidelines and
> https://github.com/npm/npm/issues/9359
Oh my god, this guiidelines are extremely wrong. Npm uses symlinks by
default. If you follow this guidelines,
"$pkgdir"/usr/lib/node_modules/module_name will be symlinked to
"$srcdir"/$pkgname-$pkgver/module_name-module_version.

A correct approach would be:

noextract=("$pkgname-$pkgver.tar.gz")
...

package() {
  npm install -g --user root --prefix "$pkgdir"/usr
"$srcdir"/$pkgname-$pkgver.tar.gz

  ...
}

> pantheon-mail:
> - stable releases do not replace bzr packages
>
> pulseaudio-equalizer-ladspa:
> - renamed to unique sources on my advice, but dropped the .tar.gz
Already fixed.

> pylms7002m-git:
> - unquoted srcdir
Fixed in 257e2d425fdc2ae56afc24cbdb7e5aef20ed40a3[5].

> pylms8001-git:
> - unquoted srcdir
Fixed in 6ff1ca164626b9d76251239c63c6fba70a3fd3a8[6].

[5]
https://aur.archlinux.org/cgit/aur.git/commit/?h=pylms7002m-git&id=257e2d425fdc2ae56afc24cbdb7e5aef20ed40a3
[6]
https://aur.archlinux.org/cgit/aur.git/commit/?h=pylms8001-git&id=6ff1ca164626b9d76251239c63c6fba70a3fd3a8

> python2-entrypoints:
> - instead of downloading setup.py from git master of some fork, use the
>   PyPI releases, for which flit has generated one for you. Or use flit.
Done.

> python2-keyrings-alt:
> - wrong url
Fixed.

> python2-secretstorage:
> - BSD license must be installed in package
Fixed.

> qspectrumanalyzer-git:
> - uses setuptools entry points so setuptools is a runtime dependency
Fixed.

> qt5-quick1-git:
> - should use #branch=dev for source instead of checking it out later
Fixed.

> qt5-quick1:
> - pinned to a git tag, then immediately checks out some branch???
Sorry about that, fixed.

> redmine:
> - source/url should use HTTPS
> - $_instdir can contain spaces (based on $pkgdir) and must be quoted
Fixed.

> rivalcfg:
> rivalcfg-git:
> - setup.py contains setuptools entry points so setuptools is a runtime
>   dependency
> - install script should be taken care of by udev + reload hook from
>   systemd
Fixed.

> sdrangel-git:
> sdrangel:
> serialdv:
> soapyosmo:
> soapyrtlsdr:
> soapysdr:
> soapyuhd:
> - incorrectly marked as 'any' package
Fixed.

> soapyosmo:
> - GPLv3 license should be GPL3
Fixed.

> soapyrtlsdr:
> - MIT license must be installed in package
Done.

> soapysdr:
> - Boost license is a common license in the 'licenses' package
Fixed.

> sparta:
> - url should use HTTPS
> - nmap/hydra seem to be optdepends, not makedepends
Fixed.

> ttf-d2coding:
> - OFL is not installed in the licenses package, so must be installed in
>   this one
> - font packages don't intrinsically depend on fontconfig,
>   fontconfig-using applications are among those that read font files
>   should not provide/conflict itself
> - url is a redirect to the website's main page over HTTPS, find a better
>   link
Fixed.

> vr180-creator:
> - electron app with no links to source is marked as MIT for the electron
>   component, source archive contains binary node modules so cannot
>   debundle electron without source, cannot find license for app itself
Google hasn't released the source yet afaik. I will rename the package
as -bin. Fixed the license issue.

> writefull:
> - proprietary app using electron is marked as MIT, app.asar contains
>   binary robotjs and spellchecker modules which can probably be rebuilt
>   against and use system electron package
> - arch-dependent binaries should be installed to /usr/lib not /usr/share
Fixed the license issue. I will rename the package as -bin as I don't
whish to rebuild the modules.

Thank you,
Filipe Laíns

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20180713/0a640053/attachment.asc>


More information about the aur-general mailing list