On 16-11-27 11:10:51, Eli Schwartz via aur-general wrote: > On 11/27/2016 10:30 AM, Quentin Bourgeois wrote: > > You are right I have remove this, my first goals was to sign my > > PKGBUILD file I don't think its possible ? > > No, although the AUR is HTTPS. > > If people clone the package instead of downloading the snapshot (several > AUR helpers can be configured to do that), and if they obtain your > public key, they can use git to verify signed commits. Assuming they > know you sign your commits. > But no AUR helper tries to check that... and how would you know which > key to trust? > > > Inkscape (or any other tool for SVG handling) is needed if one would > > like to see the result of generated document in SVG format. As there > > could be a long list I am not sure if such dependencies should be put > > into PKGBUILD, even in optdepends ? > > Looking at the project README, it just generates an SVG file (and says > you will need a program that opens SVG, like most browsers). It doesn't > fundamentally integrate with Inkscape, and you should not add as a > dependency every single program capable of opening a specific filetype. > In fact, you shouldn't even add one such program. ;) > > When it describes "Program to open SVG objects" as a requirement, they > probably shouldn't have listed that in the code requirements, since it > is only a *logical* requirement... > > > I add this check in case upstream change for any reason and not break > > the build process. The warning should be enough to let me investigate. > > I generally don't perform operation on resource that could not be > > present, I just applied this here too. > > You should catch that when you make the package yourself before pushing > an update to the AUR, since the install command would fail with an error > and makepkg would abort with an error. At least, I assume you consume > your own packages... > > As a general rule, do not clutter up the PKGBUILD with things that can > change from version to version unless it is a VCS package and the same > PKGBUILD applies from version to version as new commits are pulled from > the VCS source. > Also, don't make checks like that for things which are really quite > unlikely to change. Why do you think they might do that??? With this, I come with a simpler PKGBUILD[0] in which I push modifications you advised. I also removed some dependencies that are used for code coverage and building documentation, which I do not install for now.
Did we get to something good ? [0] https://git.bourgeois.eu/aur_python_viivakoodi.git/tree/
# Maintainer: Quentin Bourgeois <quentin+archli...@bourgeois.eu> pkgbase=viivakoodi pkgname=("python2-$pkgbase" "python-$pkgbase") pkgver=0.8.0 pkgrel=1 pkgdesc='Barcode generator for Python. Fork of pyBarcode project.' arch=('any') url="https://github.com/kxepal/$pkgbase" license=('MIT') makedepends+=('python-setuptools' 'python2-setuptools') source=("$pkgbase-$pkgver.tar.gz::https://github.com/kxepal/$pkgbase/archive/$pkgver.tar.gz") sha256sums=('e1a17dc24975d5242202cfbb7534d69dd14eeb26bdf8a10f056c7b04904fef1e') check() { cd "$srcdir/$pkgbase-$pkgver" for py_int in python3 python2; do msg "Testing $pkgbase-$pkgver with $py_int" "$py_int" ./test.py done } package_python-viivakoodi() { depends+=('python') provides+=('python2-viivakoodi') optdepends+=('python-pillow: render barcodes as images') checkdepends+=('python-pytest' 'python-mock' 'python-tox') cd "$srcdir/$pkgbase-$pkgver" python setup.py install --root="$pkgdir/" --optimize=1 install -Dm0644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE" install -Dm0644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE.launcher" } package_python2-viivakoodi() { depends+=('python2') provides+=('python2-viivakoodi') optdepends+=('python2-pillow: render barcodes as images') checkdepends+=('python2-pytest' 'python2-mock' 'python2-tox') cd "$srcdir/$pkgbase-$pkgver" python2 setup.py install --root="$pkgdir/" --optimize=1 install -Dm0644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE" install -Dm0644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE.launcher" }
signature.asc
Description: PGP signature