On Nov 21, 2008, at 12:24, Eric Cronin wrote:
On Nov 20, 2008, at 7:30 PM, Ryan Schmidt wrote:
On Nov 20, 2008, at 17:38, David Evans wrote:
I'm not sure if this is what you had in mind or not, but port
ffmpeg is
an example of a port that uses svn to fetch a specific revision
from a
repository (because that's the only way they do it).
Well ffmpeg does it a bit of a weird convoluted way, because it
wants to pin down the version of an external definition in
ffmpeg's repository and they haven't done so themselves in the
repository like they should.
The simpler way to fetch source from Subversion is to just use the
keywords MacPorts gives you for that purpose. See the pure-devel
port for an example of that.
Is using svn.url + svn.tag a recommended approach now? I seem to
remember it being discouraged and that a local distfile should be
made instead, but maybe that was changed when we dropped support
for versions of OS X without a system svn client?
I don't have a problem with using svn.url and svn.tag. It's a
MacPorts feature; it's there to be used.
One problem with it is that the files are re-fetched every time you
try to install the port. This is merely an inefficiency and could be
corrected. I filed this ticket:
http://trac.macports.org/ticket/16373
I believe the other complaint about fetching from Subversion is that
we don't get to put checksums in the portfile so we don't get to
confirm that the thing the user downloaded is the same thing the port
author used. This is a valid complaint if you don't use svn.tag since
it will download from HEAD where someone may have made changes after
the port was created. However if you use svn.tag to pin down the
revision, then the only way you could get something different than
the port author did would be if the download was corrupted (can that
happen? doesn't Subversion have built-in checksum methods to handle
that?) or if the repository history was modified (which I think would
be difficult for a malicious person to pull off; it requires admin
access to the server and the ability to run svnadmin dump /
svndumptool / svnadmin load). Or it would require someone bending the
DNS entries to point to a different server...
Being able to use Subversion checkouts in MacPorts is nice. To update
pure-devel to a new version, most of the time all I have to do is
change a single line in the portfile. If I had to make distfiles
every time, it would be a lot more involved. I think for -devel ports
especially, fetching from Subversion is fine. If someone wants all
the stability / security / performance assurances of a released
version, they shouldn't be using a -devel port.
Which brings us back to MPlayer, which is not a -devel port. Well, I
don't know. I guess I've said a lot of things but not really reached
a conclusion. Maybe I'd better stop and wait for some more opinions
to pour in. :)
_______________________________________________
macports-users mailing list
[email protected]
http://lists.macosforge.org/mailman/listinfo.cgi/macports-users
