Excerpts from Tomaz Canabrava's message of julho 31, 2023 4:04 pm:
> Hello Robin,
>
> Thanks for having the time to review my pkgbuilds.
>
>
> On Mon, 31 Jul 2023 at 19:27 Robin Candau <an...@archlinux.org> wrote:
>
>> Le 17/07/2023 à 20:58, Tomaz Canabrava a écrit :
>> > So, I downloaded thunderbird (after years using gmail as my only mail
>> > client), setup my new gpg key on thunderbird, and hope that this message
>> > is digitally signed.
>> >
>> > I'm much better with bash than I am fiddling with weird programs to send
>> > e-mail :)
>> >
>> > Best,
>> >
>> > Tomaz
>>
>> Hi Tomaz,
>>
>> Thanks for your application as a package maintainer!
>> Forced to admit that the lack of Arch packaging experience makes it a
>> bit hard to evaluate on that front but, as you said in your original
>> message, I have no doubt you'll be able to handle that.
>>
>> I noticed that you recently created two AUR packages [1][2] though,
>> thanks for taking the time to do so!
>> If you allow me, I have a few feedback about those:
>>
>> --bde-tools--
>> - Since you're using git sources, your PKGBUILD misses the `git` make
>> dependency.
>> - You don't need to rename the source "bde-tools" as the cloned repo is
>> already named that way.
>> - Speaking of sources, any reason why you `git clone` the repo against a
>> specific tag instead of using a tag's archive? [3] Using a tag's archive
>> would allow you to check the integrity of the downloaded sources (rather
>> than skipping it). If you do so, I suggest using a stronger hash
>> algorithm than md5. Using `sha256` or stronger is the standard now. You
>> could also drop the `git` make dependency.
>> - No need to `rm -rf ".git". As it is a hidden folder, it won't be
>> copied by the `cp -r *` later in the PKGBUILD.
>> - Don't forget to bump the `pkgrel` [4] when you modify the PKGBUILD in
>> between a `pkgver` bump [5].
>>
>> --bde--
>> - The correct variable name for make dependencies is "makedepends", not
>> "makedeps". In it's current state, the necessary make dependencies will
>> be ignored.
>> - Since you're using git sources, your PKGBUILD misses the `git` make
>> dependency.
>> - The `make` and `gcc` packages are both members of the `base-devel`
>> metapackage [6], so they shouldn't be listed as make dependencies
>> because the `base-devel` metapackage is assumed installed at buildtime.
>> See the related "Note" paragraph in the PKGBUILD's Arch wiki page [7].
>> - Any reason why you `git clone` the repo against a specific tag instead
>> of using a tag's archive? [8] (Same question as the package above).
>> - You don't have to `cd` to `${srcdir}` at the beginning of the
>> `build()` and `package()` functions. Every functions are executed within
>> that folder already.
>> - The package doesn't build on my side (built in a clean chroot via
>> `pkgctl build -I ../bde-tools/bde-tools-3.117.0.0-1-any.pkg.tar.zst
>> --repo extra`). See the build logs [9].
>
>
> Thanks for all of those hints, really appreciated.
>
>
>>
>> I would suggest to build your packages in a clean chroot [10] to test
>> your PKGBUILDs before pushing them and prevent any common issues or
>> missing dependencies.
>
>
> Will do.
>
>
>> For what it's worth, building packages in a clean chroot is mandatory
>> for Arch official repositories packages [11].
>
>
> Will do.
>
>>
>> On another subject, I guess your involvement in open-source projects
>> isn't questionable regarding your work in KDE. It's nice to see an
>> "upstream" person applying to help the "downstream" side of things and
>> that would be an undeniable plus for the KDE stack on Arch side.
>>
>> Mostly out of curiosity from my side, have you contributed to any other
>> project in any way (Arch included)?
>
>
> Quite a few, besides my involvement with kde I also have:
>
> Imaintained subsurface for almost 5 years (www.subsurface-develop.org)
>
> Codevis - an application to visualize architectures of large codebases (
> https://gitlab.com/CodethinkLabs/codevis/codevis)
>
> Worked with drone control stations (www.qgroundcontrol.org)
>
> And quite a few more libraries and smaller softwares, that are not on the
> kde stack.
>
> Best,
> Tomaz
>
>>
>>
>> Once again, thanks for applying and good luck for the rest of your
>> application!
>>
>> [1] https://aur.archlinux.org/packages/bde-tools
>> [2] https://aur.archlinux.org/packages/bde
>> [3]
>> https://github.com/bloomberg/bde-tools/archive/refs/tags/3.117.0.0.tar.gz
>> [4] https://wiki.archlinux.org/title/PKGBUILD#pkgrel
>> [5]
>>
>> https://aur.archlinux.org/cgit/aur.git/commit/?h=bde-tools&id=00e94574151da931419c44a1dce212f9e3342dbe
>> [6] https://archlinux.org/packages/core/any/base-devel/
>> [7] https://wiki.archlinux.org/title/PKGBUILD#makedepends
>> [8]
>> https://github.com/bloomberg/bde-tools/archive/refs/tags/3.117.0.0.tar.gz
>> [9] https://bpa.st/LEUQ
>> [10]
>> https://wiki.archlinux.org/title/DeveloperWiki:Building_in_a_clean_chroot
>> [11]
>>
>> https://wiki.archlinux.org/title/DeveloperWiki:How_to_be_a_packager#Change_and_build
>>
>> --
>> Regards,
>> Robin Candau / Antiz
>>
>>
> Hi All, Given that this application was a different one (we're trying to get our first junior packager in), and also that the discussion was a little weird, I've waited one extra week before starting the voting. I'll create a voting on the AUR later today (provided I have rights to). Thank you everyone that chimed into this discussion, and thank you Tomaz, regardless of the outcome. I wish you luck! Regards, Giancarlo Razzolini
pgpM5oGsSANyO.pgp
Description: PGP signature
