Excerpts from Tomaz Canabrava's message of julho 31, 2023 4:04 pm: > Hello Robin, > > Thanks for having the time to review my pkgbuilds. > > > On Mon, 31 Jul 2023 at 19:27 Robin Candau <an...@archlinux.org> wrote: > >> Le 17/07/2023 à 20:58, Tomaz Canabrava a écrit : >> > So, I downloaded thunderbird (after years using gmail as my only mail >> > client), setup my new gpg key on thunderbird, and hope that this message >> > is digitally signed. >> > >> > I'm much better with bash than I am fiddling with weird programs to send >> > e-mail :) >> > >> > Best, >> > >> > Tomaz >> >> Hi Tomaz, >> >> Thanks for your application as a package maintainer! >> Forced to admit that the lack of Arch packaging experience makes it a >> bit hard to evaluate on that front but, as you said in your original >> message, I have no doubt you'll be able to handle that. >> >> I noticed that you recently created two AUR packages [1][2] though, >> thanks for taking the time to do so! >> If you allow me, I have a few feedback about those: >> >> --bde-tools-- >> - Since you're using git sources, your PKGBUILD misses the `git` make >> dependency. >> - You don't need to rename the source "bde-tools" as the cloned repo is >> already named that way. >> - Speaking of sources, any reason why you `git clone` the repo against a >> specific tag instead of using a tag's archive? [3] Using a tag's archive >> would allow you to check the integrity of the downloaded sources (rather >> than skipping it). If you do so, I suggest using a stronger hash >> algorithm than md5. Using `sha256` or stronger is the standard now. You >> could also drop the `git` make dependency. >> - No need to `rm -rf ".git". As it is a hidden folder, it won't be >> copied by the `cp -r *` later in the PKGBUILD. >> - Don't forget to bump the `pkgrel` [4] when you modify the PKGBUILD in >> between a `pkgver` bump [5]. >> >> --bde-- >> - The correct variable name for make dependencies is "makedepends", not >> "makedeps". In it's current state, the necessary make dependencies will >> be ignored. >> - Since you're using git sources, your PKGBUILD misses the `git` make >> dependency. >> - The `make` and `gcc` packages are both members of the `base-devel` >> metapackage [6], so they shouldn't be listed as make dependencies >> because the `base-devel` metapackage is assumed installed at buildtime. >> See the related "Note" paragraph in the PKGBUILD's Arch wiki page [7]. >> - Any reason why you `git clone` the repo against a specific tag instead >> of using a tag's archive? [8] (Same question as the package above). >> - You don't have to `cd` to `${srcdir}` at the beginning of the >> `build()` and `package()` functions. Every functions are executed within >> that folder already. >> - The package doesn't build on my side (built in a clean chroot via >> `pkgctl build -I ../bde-tools/bde-tools-3.117.0.0-1-any.pkg.tar.zst >> --repo extra`). See the build logs [9]. > > > Thanks for all of those hints, really appreciated. > > >> >> I would suggest to build your packages in a clean chroot [10] to test >> your PKGBUILDs before pushing them and prevent any common issues or >> missing dependencies. > > > Will do. > > >> For what it's worth, building packages in a clean chroot is mandatory >> for Arch official repositories packages [11]. > > > Will do. > >> >> On another subject, I guess your involvement in open-source projects >> isn't questionable regarding your work in KDE. It's nice to see an >> "upstream" person applying to help the "downstream" side of things and >> that would be an undeniable plus for the KDE stack on Arch side. >> >> Mostly out of curiosity from my side, have you contributed to any other >> project in any way (Arch included)? > > > Quite a few, besides my involvement with kde I also have: > > Imaintained subsurface for almost 5 years (www.subsurface-develop.org) > > Codevis - an application to visualize architectures of large codebases ( > https://gitlab.com/CodethinkLabs/codevis/codevis) > > Worked with drone control stations (www.qgroundcontrol.org) > > And quite a few more libraries and smaller softwares, that are not on the > kde stack. > > Best, > Tomaz > >> >> >> Once again, thanks for applying and good luck for the rest of your >> application! >> >> [1] https://aur.archlinux.org/packages/bde-tools >> [2] https://aur.archlinux.org/packages/bde >> [3] >> https://github.com/bloomberg/bde-tools/archive/refs/tags/3.117.0.0.tar.gz >> [4] https://wiki.archlinux.org/title/PKGBUILD#pkgrel >> [5] >> >> https://aur.archlinux.org/cgit/aur.git/commit/?h=bde-tools&id=00e94574151da931419c44a1dce212f9e3342dbe >> [6] https://archlinux.org/packages/core/any/base-devel/ >> [7] https://wiki.archlinux.org/title/PKGBUILD#makedepends >> [8] >> https://github.com/bloomberg/bde-tools/archive/refs/tags/3.117.0.0.tar.gz >> [9] https://bpa.st/LEUQ >> [10] >> https://wiki.archlinux.org/title/DeveloperWiki:Building_in_a_clean_chroot >> [11] >> >> https://wiki.archlinux.org/title/DeveloperWiki:How_to_be_a_packager#Change_and_build >> >> -- >> Regards, >> Robin Candau / Antiz >> >> >
Hi All, Given that this application was a different one (we're trying to get our first junior packager in), and also that the discussion was a little weird, I've waited one extra week before starting the voting. I'll create a voting on the AUR later today (provided I have rights to). Thank you everyone that chimed into this discussion, and thank you Tomaz, regardless of the outcome. I wish you luck! Regards, Giancarlo Razzolini
pgpM5oGsSANyO.pgp
Description: PGP signature