Le 17/07/2023 à 20:58, Tomaz Canabrava a écrit :
So, I downloaded thunderbird (after years using gmail as my only mail client), setup my new gpg key on thunderbird, and hope that this message is digitally signed.I'm much better with bash than I am fiddling with weird programs to send e-mail :)Best, Tomaz
Hi Tomaz, Thanks for your application as a package maintainer!Forced to admit that the lack of Arch packaging experience makes it a bit hard to evaluate on that front but, as you said in your original message, I have no doubt you'll be able to handle that.
I noticed that you recently created two AUR packages [1][2] though, thanks for taking the time to do so!
If you allow me, I have a few feedback about those: --bde-tools--- Since you're using git sources, your PKGBUILD misses the `git` make dependency. - You don't need to rename the source "bde-tools" as the cloned repo is already named that way. - Speaking of sources, any reason why you `git clone` the repo against a specific tag instead of using a tag's archive? [3] Using a tag's archive would allow you to check the integrity of the downloaded sources (rather than skipping it). If you do so, I suggest using a stronger hash algorithm than md5. Using `sha256` or stronger is the standard now. You could also drop the `git` make dependency. - No need to `rm -rf ".git". As it is a hidden folder, it won't be copied by the `cp -r *` later in the PKGBUILD. - Don't forget to bump the `pkgrel` [4] when you modify the PKGBUILD in between a `pkgver` bump [5].
--bde--- The correct variable name for make dependencies is "makedepends", not "makedeps". In it's current state, the necessary make dependencies will be ignored. - Since you're using git sources, your PKGBUILD misses the `git` make dependency. - The `make` and `gcc` packages are both members of the `base-devel` metapackage [6], so they shouldn't be listed as make dependencies because the `base-devel` metapackage is assumed installed at buildtime. See the related "Note" paragraph in the PKGBUILD's Arch wiki page [7]. - Any reason why you `git clone` the repo against a specific tag instead of using a tag's archive? [8] (Same question as the package above). - You don't have to `cd` to `${srcdir}` at the beginning of the `build()` and `package()` functions. Every functions are executed within that folder already. - The package doesn't build on my side (built in a clean chroot via `pkgctl build -I ../bde-tools/bde-tools-3.117.0.0-1-any.pkg.tar.zst --repo extra`). See the build logs [9].
I would suggest to build your packages in a clean chroot [10] to test your PKGBUILDs before pushing them and prevent any common issues or missing dependencies. For what it's worth, building packages in a clean chroot is mandatory for Arch official repositories packages [11].
On another subject, I guess your involvement in open-source projects isn't questionable regarding your work in KDE. It's nice to see an "upstream" person applying to help the "downstream" side of things and that would be an undeniable plus for the KDE stack on Arch side.
Mostly out of curiosity from my side, have you contributed to any other project in any way (Arch included)?
Once again, thanks for applying and good luck for the rest of your application!
[1] https://aur.archlinux.org/packages/bde-tools [2] https://aur.archlinux.org/packages/bde[3] https://github.com/bloomberg/bde-tools/archive/refs/tags/3.117.0.0.tar.gz
[4] https://wiki.archlinux.org/title/PKGBUILD#pkgrel[5] https://aur.archlinux.org/cgit/aur.git/commit/?h=bde-tools&id=00e94574151da931419c44a1dce212f9e3342dbe
[6] https://archlinux.org/packages/core/any/base-devel/ [7] https://wiki.archlinux.org/title/PKGBUILD#makedepends[8] https://github.com/bloomberg/bde-tools/archive/refs/tags/3.117.0.0.tar.gz
[9] https://bpa.st/LEUQ[10] https://wiki.archlinux.org/title/DeveloperWiki:Building_in_a_clean_chroot [11] https://wiki.archlinux.org/title/DeveloperWiki:How_to_be_a_packager#Change_and_build
-- Regards, Robin Candau / Antiz
OpenPGP_0xFDC3040B92ACA748.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
