[aur-general] Trusted user application: Drew DeVault

Eli Schwartz eschwartz at archlinux.org
Mon Feb 25 01:54:40 UTC 2019


On 2/24/19 8:40 PM, Brett Cornwall via aur-general wrote:

> Here's a PKGBUILD review:
> 
> ## In general
> * Prefer sha256sums over sha1sums and md5sums [1]
> * "$srcdir" can often be omitted as the PKGBUILD functions all begin in
> "$srcdir" already - this will make PKGBUILDs much more readable
> * MIT-licensed packages are not installing their licenses. [2]
> * i386/i686 architectures should be removed.

To be fair, the AUR covers the use case of archlinux32 users as well as
archlinuxarm (and even, I suppose, parabola and antergos). Officially
the package must be useful to the archlinux.org distribution, but is
permitted to include additional arch support at the maintainer's discretion.

It is worth noting that unsupported arches should be removed from
PKGBUILDs in the official archlinux svn tree, yes.

...

This is generally described at
https://wiki.archlinux.org/index.php/PKGBUILD#arch
With enhanced wording due to recent edits at
https://wiki.archlinux.org/index.php?title=PKGBUILD&diff=next&oldid=564920
https://wiki.archlinux.org/index.php?title=PKGBUILD&diff=564976&oldid=564975

> * update python-distribute makedeps to python-setuptools
> * source= lines should save sources to a "$pkgname-$pkgver.tar.gz" file,
> e.g.
> 
>   
> source=("$pkgname-$pkgver.tar.gz::https://github.com/KnightOS/genkfs/archive/${pkgver}.tar.gz")
> 
> 
> 
> ## knightos-sdk
> Python distutil packages should be built and packaged separately [3]:
> 
>    build() {
>        python setup.py build
>    }
> 
>    package() {
>        python setup.py install --root="$pkgdir/" --optimize=1 --skip-build
>    }
> 
> 
> ## madonctl
> * I'm never fond of overly abstracting random things in $_variables
> unless it serves a purpose. This is more style/opinion, though.

In that case I'd just use
source=("$pkgname-$pkgver.tar.gz::$url/archive/v$pkgver.tar.gz")

> 
> ## python-activipy-git
> * No need to include the GPL3 text, it's one of the included licenses in
> arch.
> * Quote your variables!
> * makedepends should include python-setuptools
> * source and url have https, so use it!
> * I'm seeing an apache license in the repo as well as gpl3
> 
> 
> ## python-flask-markdown, python-haxor
> * source has https, so use it!
> 
> 
> ## python-pystache
> * see madonctl.
> * `|| exit 1` is useless here.
> * URL should use https
> 
> 
> ## python-spam-blocklists
> * fill that depends() list, I'm sure it needs something.
> 
> 
> ## vgo-git
> What's with these custom functions? Why not just put this stuff in
> prepare() like the packaging guidelines? [4]
> 
> 
> 
> [1] https://wiki.archlinux.org/index.php/PKGBUILD#Integrity
> [2] https://wiki.archlinux.org/index.php/PKGBUILD#license
> [3]
> https://wiki.archlinux.org/index.php/Python_package_guidelines#distutils
> [4]
> https://wiki.archlinux.org/index.php/Go_package_guidelines#PKGBUILD_with_GOPATH_and_dep
> 


-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20190224/207f8d82/attachment-0001.sig>


More information about the aur-general mailing list