Hey, First of all I just want to say that I have 58 packages on AUR and most of the PKGBUILDs (written by me) were written before I knew some of this. I tried to update most of them but as it's a really monotonous task, I missed some things. Eli, thanks for pointing them out. Also, most of these packages were orphan and I adopted them, I did not fix some of the mistakes right away because I didn't know these were indeed mistakes. With the time I learned about them but I didn't fix some of the packages because I have a lot of them. I have been fixing them as people point it out or when the PKGBUILD needs to be manually updated. Lately I have been making an effort to fix everything but apparently it wasn't enough.
On Thu, Jul 12, 2018 at 11:04 PM, Eli Schwartz via aur-general <aur-general@archlinux.org> wrote: > It's always nice to see people eager to contribute more, good luck! Thank you! > We'll need permission from them for binary redistribution with > all-rights-reserved software... they pretty specifically only offer > single-user personal licenses to download, install, and run one copy > from them alone. Like most proprietary EULA'ed software.Sure. > antlr3: > - you updated the source to HTTPS on my advice, but forgot the url Fixed. > babl-git: > - !libtool is not needed to build, and comes as default anyway these > days > - ./autogen.sh should be moved to prepare, and moved to autoreconf -fi > if at all possible. In this case, it's a wrapper for autoreconf > already :) Fixed. > cellular-network-configs-git: > - unquoted srcdir/pkgdirThis was fixed in commit > 4a4273f72a93824a16a2c1e86308986b26d9df54[1] This was fixed by commit 4a4273f72a93824a16a2c1e86308986b26d9df54[1] which is dated to 11 days ago so I don't understand. [1] https://aur.archlinux.org/cgit/aur.git/commit/?h=cellular-network-configs-git&id=4a4273f72a93824a16a2c1e86308986b26d9df54 > cm256cc: > - are the mv commands needed or not? > - depends on boost but may only need that as makedepends, see if runtime > depends could get away with only boost-libs The package installs the 64bit libraries in 'lib64' and 32bit ones in 'lib'. I am not comfortable enough to edit the CMakeLists file but if anyone wants to submit a patch, I would be happy to accept it :) > dump1090-mutability-git: > - unquoted srcdir/pkgdir That was fixed in commit e28ca199c321913aec5295650fa34e0b3c4d81cc[2] which, again, dates to 11 days ago. > - source should clone over git+https:// for TLS certificate checking Fixed. > - install script should switch to using systemd-sysusers > - install script should not delete users on uninstall as this can be a > security risk: https://www.archlinux.org/todo/usergroup-management/ > - consider just using systemd DynamicUsers to run the service I will fix this in one of the next few days. [2] https://aur.archlinux.org/cgit/aur.git/commit/?h=dump1090-mutability-git&id=e28ca199c321913aec5295650fa34e0b3c4d81cc > evernote-sdk-python: > - patching should be done in prepare not build > - should run python setup.py build in build before running install in > package Sorry about that. Fixed. > franz: > - electron apps should use the system electron if possible > - architecture-dependent binaries should go in /usr/lib not /usr/share > - try to get desktop file into upstream project > - should not conflict the bin package -- that is the bin package's job This package is broken and needs to be fixed in the upstream repository. I haven't fixed any of this issues because that. Once we are able to properly built the project, I will fix the whole PKGBUILD. > gdc1-bin: > - sources should use HTTPS > > gdc-bin: > - unquoted srcdir/pkgdir > - sources should use HTTPS > > gdc-git: > - unquoted srcdir/pkgdir > - sources should use HTTPS > - binutils is in base-devel and should not be a makedepends Fixed. Same story, e9488cd4afbe1eb2356a2ab32d85ba5f58f41049[3] [3] https://aur.archlinux.org/cgit/aur.git/commit/?h=gdc-bin&id=e9488cd4afbe1eb2356a2ab32d85ba5f58f41049 > gegl-git: > - autogen.sh in build should be moved to autoreconf -fi in prepare Done. > gimp-git: > - url should be HTTPS > - move sed'ing of configure.ac, autogen, to prepare and use autoreconf Done. > gr-limesdr-git: > gr-limesdr: > - MIT license must be installed in package Fixed. > inspectrum: > - style: license array sticks out like a sore thumb by not being quoted > like the surrounding variables > - pkg-config is in base-devel and should not be a makedepends Fixed. > cellular-network-configs-git: > evernote-sdk-python: > gr-limesdr-git: > gr-limesdr: > limesuite: > lime-tools-git: > lms7002m-driver-git: > - style: arch array sticks out like a sore thumb by not being quoted > like the surrounding variables Already fixed that. > me-edit: > - should build from source > - don't use specific sourceforge mirror to download > - wrapper script does not need to popd right before exiting a script > - wrapper script would be better off symlinking to /usr/bin/ if possible I will fix this later. > mitmproxy-git: > - unquoted pkgdir > - MIT license must be installed in package > - should run testsuite like community package does > - should use system certifates instead of certifi, like community > package does Quotes fixed on commit b00815f18db26d304d981b420fdc28ea2a5f050f[4]. Done. [4] https://aur.archlinux.org/cgit/aur.git/commit/?h=mitmproxy-git&id=b00815f18db26d304d981b420fdc28ea2a5f050f > nodejs-nan: > - should build from source tarball instead of pulling from the server at > buildtime > - nodejs packages need to fix non-deterministic chmod 777 on > directories, see > https://wiki.archlinux.org/index.php/Node.js_package_guidelines and > https://github.com/npm/npm/issues/9359 Oh my god, this guiidelines are extremely wrong. Npm uses symlinks by default. If you follow this guidelines, "$pkgdir"/usr/lib/node_modules/module_name will be symlinked to "$srcdir"/$pkgname-$pkgver/module_name-module_version. A correct approach would be: noextract=("$pkgname-$pkgver.tar.gz") ... package() { npm install -g --user root --prefix "$pkgdir"/usr "$srcdir"/$pkgname-$pkgver.tar.gz ... } > pantheon-mail: > - stable releases do not replace bzr packages > > pulseaudio-equalizer-ladspa: > - renamed to unique sources on my advice, but dropped the .tar.gz Already fixed. > pylms7002m-git: > - unquoted srcdir Fixed in 257e2d425fdc2ae56afc24cbdb7e5aef20ed40a3[5]. > pylms8001-git: > - unquoted srcdir Fixed in 6ff1ca164626b9d76251239c63c6fba70a3fd3a8[6]. [5] https://aur.archlinux.org/cgit/aur.git/commit/?h=pylms7002m-git&id=257e2d425fdc2ae56afc24cbdb7e5aef20ed40a3 [6] https://aur.archlinux.org/cgit/aur.git/commit/?h=pylms8001-git&id=6ff1ca164626b9d76251239c63c6fba70a3fd3a8 > python2-entrypoints: > - instead of downloading setup.py from git master of some fork, use the > PyPI releases, for which flit has generated one for you. Or use flit. Done. > python2-keyrings-alt: > - wrong url Fixed. > python2-secretstorage: > - BSD license must be installed in package Fixed. > qspectrumanalyzer-git: > - uses setuptools entry points so setuptools is a runtime dependency Fixed. > qt5-quick1-git: > - should use #branch=dev for source instead of checking it out later Fixed. > qt5-quick1: > - pinned to a git tag, then immediately checks out some branch??? Sorry about that, fixed. > redmine: > - source/url should use HTTPS > - $_instdir can contain spaces (based on $pkgdir) and must be quoted Fixed. > rivalcfg: > rivalcfg-git: > - setup.py contains setuptools entry points so setuptools is a runtime > dependency > - install script should be taken care of by udev + reload hook from > systemd Fixed. > sdrangel-git: > sdrangel: > serialdv: > soapyosmo: > soapyrtlsdr: > soapysdr: > soapyuhd: > - incorrectly marked as 'any' package Fixed. > soapyosmo: > - GPLv3 license should be GPL3 Fixed. > soapyrtlsdr: > - MIT license must be installed in package Done. > soapysdr: > - Boost license is a common license in the 'licenses' package Fixed. > sparta: > - url should use HTTPS > - nmap/hydra seem to be optdepends, not makedepends Fixed. > ttf-d2coding: > - OFL is not installed in the licenses package, so must be installed in > this one > - font packages don't intrinsically depend on fontconfig, > fontconfig-using applications are among those that read font files > should not provide/conflict itself > - url is a redirect to the website's main page over HTTPS, find a better > link Fixed. > vr180-creator: > - electron app with no links to source is marked as MIT for the electron > component, source archive contains binary node modules so cannot > debundle electron without source, cannot find license for app itself Google hasn't released the source yet afaik. I will rename the package as -bin. Fixed the license issue. > writefull: > - proprietary app using electron is marked as MIT, app.asar contains > binary robotjs and spellchecker modules which can probably be rebuilt > against and use system electron package > - arch-dependent binaries should be installed to /usr/lib not /usr/share Fixed the license issue. I will rename the package as -bin as I don't whish to rebuild the modules. Thank you, Filipe Laíns
signature.asc
Description: OpenPGP digital signature