[pacman-dev] [PATCH] Added mirror support to makepkg's source array.

Martti Kühne mysatyre at gmail.com
Wed Nov 20 07:51:12 EST 2013


On Mon, Nov 18, 2013 at 3:09 AM, Allan McRae <allan at archlinux.org> wrote:
>
> What did you think about the proposal in an earlier reply to this thread:
>
> source=("mirror://_foo/blah/blah/foo.tar.gz")
> _foo=("http://foo.com/" "http://bar.com/")
>
> I think we can bet safely that "mirror://" will not become a valid
> protocol.  And we are replacing the start of the URL so just using the
> initial "/" as the delimiter is fine.
>
> Allan
>
>


Personally, I wouldn't notice that _foo part there and go WTF if the
URL isn't valid. This is as bad as the previous suggestion, where I
thought of this:

source=("http://looks.ok/good.tar.gz")
[...fast-forward to bottom of PKGBUILD]
http=("http://malware.com/evil_file.tar.gz")

whereas with the latest suggestion, one would just

source=("http://_it/looks.ok/good.tar.gz")
[...fast-forward to bottom of PKGBUILD]
_it=("http://malware.com/evil_file.tar.gz")

PKGBUILDs are supposed to be easily readable, and I don't want to have
to be sober and well-rested to read them. Although I don't really have
a better suggestion than what has been proposed, I'm pretty sure the
current suggestions would make reading PKGBIULDs harder.

Maybe a more limited and obvious approach would be this:

source=("mirrors:good.tar.gz")
mirrors=("http://looks.ok/good.tar.gz"...)

Drop (or exclusively use) the double-slash here, this is not about
URLs. Enforce or limit the token to "mirrors" - or /mirrors[0-9]*/ to
support multiple files. This would not need to break existing
PKGBUILDs as I don't think "mirrors:*" would match any source array
item in the world of PKGBUILDs, and in the case of "mirrors//" I can
even be sure.

cheers!
mar77i


More information about the pacman-dev mailing list