[pacman-dev] [PATCH 0/3] makepkg: Alternate implementation of VCS URLs in sources array.

Allan McRae allan at archlinux.org
Mon Aug 27 00:12:21 EDT 2012

On 26/08/12 03:36, Luke Shumaker wrote:
> An advantage of my design is that it does allow for integrity checks
> of VCS packages, rather than inserting 'SKIP' into the md5sums
> array. This is very important to the derivative distribution Parabola.
> (However, the 'SKIP' option is still valuable for URLs that track a
> branch)

Can you explain why this is important?  That would help me understand
what you are trying to achieve that can not be done with the current system.

The only reason I can see to create a tarball is to distribute the
source on its own.   Using "makepkg --allsource" creates a full source
tarball including the VCS sources.  If you are worried about integrity
of those VCS sources in the source tarball, adding a checksum to the
PKGBUILD does nothing as the PKGBUILD can be edited too.  You are best
to use "makepkg --allsource" and PGP sign the resulting tarball.

But perhaps I entirely missed the issue...

A comment that I need to make is about the need for a separate tool to
download the vcs sources.   We used to have a script called "versionpkg"
that dealt with VCS packages.  That got merged into makepkg and my
recent work was to fully integrate VCS packaging into makepkg.  So going
using a separate script to deal with VCS sources is really a step or two


More information about the pacman-dev mailing list