[pacman-dev] [PATCH 0/3] makepkg: Alternate implementation of VCS URLs in sources array.
allan at archlinux.org
Mon Aug 27 00:12:21 EDT 2012
On 26/08/12 03:36, Luke Shumaker wrote:
> An advantage of my design is that it does allow for integrity checks
> of VCS packages, rather than inserting 'SKIP' into the md5sums
> array. This is very important to the derivative distribution Parabola.
> (However, the 'SKIP' option is still valuable for URLs that track a
Can you explain why this is important? That would help me understand
what you are trying to achieve that can not be done with the current system.
The only reason I can see to create a tarball is to distribute the
source on its own. Using "makepkg --allsource" creates a full source
tarball including the VCS sources. If you are worried about integrity
of those VCS sources in the source tarball, adding a checksum to the
PKGBUILD does nothing as the PKGBUILD can be edited too. You are best
to use "makepkg --allsource" and PGP sign the resulting tarball.
But perhaps I entirely missed the issue...
A comment that I need to make is about the need for a separate tool to
download the vcs sources. We used to have a script called "versionpkg"
that dealt with VCS packages. That got merged into makepkg and my
recent work was to fully integrate VCS packaging into makepkg. So going
using a separate script to deal with VCS sources is really a step or two
More information about the pacman-dev