[pacman-dev] icadyptes makepkg changes

Teran McKinney sega01 at go-beyond.org
Tue Jan 20 13:53:33 EST 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

I was subscribed to the pacman-dev list on my old email account, but
just moved it over. I noticed the thread about Icadyptes' makepkg
changes and got Allan's message.

I would be happy to see some of Icadyptes' makepkg changes make it into
the mainline makepkg, but I doubt all of them will (on top of that,
some of my code is quite hackish). Some features are implemented
nicely, though others are definitely a work in progress. Most
changes were applied to the 3.2.1 makepkg, and I have not updated it
for split package support and some of the other changes. I will list
the changes I can remember by order of how useful I think they would be
to the mainline makepkg.

Most useful:
runtimedeps=(): I added a runtimedeps=() option for dependencies that
are needed at runtime and not for building. This would be useful for
scripts that only need a `make install DESTDIR="$pkgdir"` on the
building side. I've used it a few times already, but it is not the most
common case.
Not setting arch=() implies arch=('any'): After a couple months of
development, some benchmarks, and finding that AMD K6-2s lack the CMOV
instruction, I moved Icadyptes to i486/generic. It is frustrating
(though scriptable) to change all buildscripts from arch=('i686'
'x86_64) to arch=('i486' 'x86_64), but I did not care for the setup
from the begining. Rarely is a source tarball only buildable on one x86
subset, and I don't like having to write arch=('any') in each
buildscript, so I made arch=('any') the default if no arch line was
set. I think that this could be expanded a bit with negation flags for
archs, ie arch=('!i486' 'i686'). Or perhaps arch=('i586+'), but that is
getting a little complex and overdone in my opinion.

Potentially useful:
Replacing checksums inside the PKGBUILD with SHA256SUMs in a CHECKSUMS
file: Originally, I kept the {md5,sha1}sums=() lines in buildscripts,
but couldn't be bothered to update them if the source files were
updated. This needs a lot of work, but I
simplified the code gutting the PKGBUILD-internal checksums and
replaced it with a seperate CHECKSUMS file containing SHA256SUMs of
$source=() and $install. One can simply run `makepkg -g` to regenerate
the checksums now, which is quite nice. Other scripts would have to be
updated to copy CHECKSUMS over, but I have had no issues with it after
some minor tweaking here.
$SRCDEST using SHA256SUMs as the filenames: This needs work too, but if
you are using a shared source directory makepkg will download the
source files, verify them against CHECKSUMS, and move them to $SRCDEST.
Using $SRCDEST with the normal filenames is problematic due to filename
collision with other packages, so this is an (IMO) elegant and safe
solution.
I used SHA256 because MD5 is very insecure, SHA1 is potentially
vulnerable, and it isn't as overkill (though some would say SHA256 is
excessive) as SHA512. While an attacker could do a number of attacks to
give the user faulty build scripts, at least this part of the system is
secure. Of course, any checksum algorithim can be used.

Doubt you would want these:
Removal of OS X hacks: I can mostly understand using alternative
utilities so that *BSDs can use makepkg, but I have no idea of why you
care about Mac OS X enough to implement slower and more bloated
workarounds to things like getopt. In my opinion, you have to draw the
line somewhere. I personally think that makepkg and Pacman should be
solely for Arch, but that is just my two cents.
Removal of OpenSSL dependencies: I don't care for OpenSSL and try to
replace it with GnuTLS where I can, so I reverted back to using the
*sum utilities. GnuTLS is lighter, easier to build, and doesn't have
the advertising license clause that OpenSSL does. Of course, the *sum
utilities are from GNU coreutils, not GnuTLS.
Moving to GNU tar from bsdtar so that libarchive can eventually be
removed entirely as a package. Although libarchive looks fairly nice, so
I should do some more research on this.

Pacman changes:
Pacman is currently pretty vanilla in Icadyptes, but I apply the
reverted patch for internal file:// handling, statically link it
against libarchive, use curl (you may want to look at my
{pacman,makepkg}.conf as they pass a couple more flags),
and generally have fairly light configure options (disabling NLS,
etc.). I also use .ipkg for the package extension, but I don't think
any of this is very usable by the mainstream Pacman :-).

Thanks for the interest in my makepkg modifications. Let me know if you
have any comments, ideas, or suggestions.

Cheers,
Teran (sega01)

On Tue, 20 Jan 2009 14:58:50 +0000
"Teran McKinney" <sega01 at gmail.com> wrote:

> Forwarded conversation
> Subject: [pacman-dev] icadyptes makepkg changes
> ------------------------
> 
> From: Allan McRae <allan at archlinux.org>
> Date: Tue, Jan 20, 2009 at 12:20
> To: Discussion list for pacman development <pacman-dev at archlinux.org>
> 
> 
> Hi,
> 
> This is a reminder for myself and a FYI for anyone else that is
> interested.  There is a new Arch fork called Icadyptes
> (http://icadyptes.org/) which does some changes to makepkg and to a
> lesser extend pacman (see http://icadyptes.org/index.php?q=node/2).
> Their git repo is here:
> http://gitweb.icadyptes.org/?p=icadyptes-core/.git;a=tree;f=base/pacman;hb=HEAD
> 
> Maybe there is something useful there that would worth merging.
> Adding something like "runtimedeps" has been previously suggested but
> from memory the patch never got updated for inclusion.  Other makepkg
> changes listed will probably never make it here...
> Anyway, I will give the Icadyptes dev a ping to suggest that any
> changes could/should be CCed here so we can decide whether to include
> them.
> 
> Allan
> 
> 
> _______________________________________________
> pacman-dev mailing list
> pacman-dev at archlinux.org
> http://www.archlinux.org/mailman/listinfo/pacman-dev
> 
> ----------
> From: Dan McGee <dpmcgee at gmail.com>
> Date: Tue, Jan 20, 2009 at 13:48
> To: Discussion list for pacman development <pacman-dev at archlinux.org>
> 
> 
> Their changes do sound interesting. Please do send them an email.
> 
> -Dan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)

iF4EAREIAAYFAkl2HbQACgkQPsLC06eiyfF1CwD/dl9UgD7VK+5NDnNzSJhFL+kZ
u50RnWVRx1ZxikzBVXsBAK6vh2PpdWva05+0cZL563DtWP/q+SXMLiECQCl0WsnM
=4/Q8
-----END PGP SIGNATURE-----

More information about the pacman-dev mailing list