Re: [aur-general] TU application: hashworks
Hi Jelle, > * filebin - the package is not -git but does pull from git master, > ideally it would use #commit= and maybe verify the commit if it's > signed. I've switched to `#tag=${pkgver}?signed` and `validpgpkeys`. Much better than a checkout in `prepare()`, thanks! > * srrdb-terminal-client is not reproducible at least not as you embed > the build date. Ah, correct. I've altered the date command to use `$SOURCE_DATE_EPOCH`, good to know that exists. > You can check if your package is reproducible by using `makerepropkg`. I'll have to implement that in my pipeline, but that is something for the weekend. Best Regards hashworks -- hashworks Webhttps://hashworks.net Public Key 0x4FE7F4FEAC8EBE67 pgp2Qcw7DsoEL.pgp Description: OpenPGP digital signature
Re: [aur-general] TU application: hashworks
On 08/06/2020 15:08, hashworks via aur-general wrote: > Hello everyone, > > My name is Justin Kromlinger aka hashworks and I'm applying as a > Trusted User with the sponsorship of Thore Bödecker aka foxxx0 and > Christian Rebischke aka shibumi who recently reviewed my AUR packages > [1] – thanks for that! Some may know me from freenode#archlinux.de, > where I'm lingering since a few years. I am and will be reachable there > anytime. > > I was born in Germany in 1994. My oldest Arch installation dates back > to the month of July in 2015, at least according to my pacman logs. > Just a year later I successfully qualified as an IT specialist in > application development, together with a (soon to be expired) LPIC-1 > certificate. Last year I got my bachelor's degree in informatics in > Leipzig (come visit me at the C3!), where I currently study for a > master's degree. So you could say Arch Linux accompanied my whole > education! > > I started my first job at a small web agency as a Developer, but I > slowly but surely turned into their System Administrator. At my current > job for a larger IT company my external e-mail signature states I'm a > "DevOps Engineer" – and while that term is by all means not fully > defined, it kinda describes what I do. I create and maintain pipelines > (mainly GitLabCI), design deployment processes and try to make our > Docker Images a bit saner every day. And since I was able to enforce > using Arch Linux on my work ThinkPad the distribution keeps on > supporting my life, so I might try to give a little back! While I try > to do some FOSS development in Go or – more recently – Rust now and > then [2], my free time mostly flows into the maintenance of software > and infrastructure for friends and family – and I have to admit that > BASH remains my most fluent language. > > Regarding my own packages I would like to move filebin and pam-ihosts > since I use those on my servers. srrdb-terminal-client is also > something I regularly use that I would like to move. Additionally I > would like to ask to take over kiwix-desktop of which I maintain the > dependency chain (kiwix-lib, libzim and mustache) – and while I'm at it > the whole stack (mainly kiwix-tools). Other small packages that would > suite Community are mdcat and insect if the current maintainers agree. > i3blocks-contrib is another possible candidate, but I would need to > request new and frequent releases for that. Out of the orphaned > packages the only one I could reasonably maintain is hddtemp (since I > still use it). I quickly looked at your packages and found a few issues: * filebin - the package is not -git but does pull from git master, ideally it would use #commit= and maybe verify the commit if it's signed. source=("git+https://github.com/Bluewind/filebin.git"; * srrdb-terminal-client is not reproducible at least not as you embed the build date. https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=srrdb-terminal-client#n26 This can be fixed with using SOURCE_DATE_EPOCH as for example is applied here: https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/prometheus-blackbox-exporter#n33 You can check if your package is reproducible by using `makerepropkg`. Greetings, Jelle van der Waa signature.asc Description: OpenPGP digital signature
Re: [aur-general] TU application: hashworks
Hi Jonas, > I have had a quick look over your AUR packages and found some issues Thanks, fixed! > zimwriterfs: [...] the upstream repository has recently been > archived in favour of "zim-tools". Good catch! I've created a new AUR package for "zim-tools". However, the current release does not yet include zimwriterfs, so I'll wait with the `replaces` tag until the next version. > I like the sound of that! Out of curiosity, do you trigger builds for > every upstream commit of VCS packages, or is it linked to committing > new revisions of a PKGBUILD file? GitLab allows to create webhooks that trigger builds for a specific ref. Additionally one can provide variables in the request that appear in the pipeline. Currently I'm using IFTTT to trigger a webhook whenever a new GitHub release of a package is available (ATOM feed) – I'm planing to replace that in the near future so I don't depend on a third party service. Additionally some pipelines trigger other pipelines when a rebuild (pkgrel increase) is required. Naturally new commits to the repositories (as in, changes to the PKGBUILD files) trigger the pipelines as well. Best Regards hashworks pgp0KDpjwlP6f.pgp Description: OpenPGP digital signature
Re: [aur-general] TU application: hashworks
Hi hashworks, On 2020-06-08 15:08, hashworks via aur-general wrote: > My name is Justin Kromlinger aka hashworks and I'm applying as a > Trusted User with the sponsorship of Thore Bödecker aka foxxx0 and > Christian Rebischke aka shibumi who recently reviewed my AUR packages > [1] – thanks for that! Some may know me from freenode#archlinux.de, > where I'm lingering since a few years. I am and will be reachable there > anytime. I have had a quick look over your AUR packages and found some issues: brickstrap-git: should provide and conflict on "brickstrap" (even though there is currently no such AUR package, it would be easy to create one at any time given upstream has stable releases). certbot-dns-hetzner-git: remove the leading "v" in pkgver, see [1]. dns-zone-blacklist-git: missing provides and conflicts on "dns-zone-blacklist". goaccess-git: remove the leading "v" in pkgver, use 'make DESTDIR="$pkgdir" install' instead of 'prefix="$pkgdir/usr" sysconfdir="$pkgdir/etc"'. i3blocks-contrib: remove the useless provides and conflicts entries for itself. mustache: since this package only installs an architecture-independent header file, it should be arch=('any'). pam-ihosts: remove the makedepends on "gcc" and "binutils" since they are in base-devel [2]. pam-ihosts-git: remove the makedepends on base-devel packages, arch should be "x86_64" instead of "any" (like pam-ihosts). prismatik-bin: the package currently conflicts on "prismatik-psieg", which prismatik-sieg-git doesn't even provide. Just let prismatik-bin conflict on prismatik instead (like you already do for prismatik-psieg-git). zimwriterfs: arch should be "x86_64" instead of "any", also the upstream repository has recently been archived in favour of "zim-tools". > For most of my packages I use a personal GitLab instance to verify the > builds with a pipeline [3] and since a while the process of new > releases is automated. I like the sound of that! Out of curiosity, do you trigger builds for every upstream commit of VCS packages, or is it linked to committing new revisions of a PKGBUILD file? Best of luck with your application! Jonas [1] https://wiki.archlinux.org/index.php/VCS_package_guidelines#Git [2] https://wiki.archlinux.org/index.php/PKGBUILD#makedepends signature.asc Description: OpenPGP digital signature
Re: [aur-general] TU application: hashworks
On Mon, Jun 08, 2020 at 03:08:04PM +0200, Discussion about the Arch User Repository (AUR) wrote: > Hello everyone, > > My name is Justin Kromlinger aka hashworks and I'm applying as a > Trusted User with the sponsorship of Thore Bödecker aka foxxx0 and > Christian Rebischke aka shibumi who recently reviewed my AUR packages > [1] – thanks for that! Some may know me from freenode#archlinux.de, > where I'm lingering since a few years. I am and will be reachable there > anytime. > [...] I confirm my sponsorship, may the discussion period begin. shibumi signature.asc Description: PGP signature
Re: [aur-general] TU application: hashworks
Hey o/ On 08.06.20 15:08, hashworks via aur-general wrote: > My name is Justin Kromlinger aka hashworks and I'm applying as a > Trusted User with the sponsorship of Thore Bödecker aka foxxx0 and > Christian Rebischke aka shibumi who recently reviewed my AUR packages > [1] – thanks for that! I am confirming my sponsorship. Cheers -- Thore "foxxx0" Bödecker GPG ID: 0xEB763B4E9DB887A6 GPG FP: 051E AD6A 6155 389D 69DA 02E5 EB76 3B4E 9DB8 87A6 signature.asc Description: PGP signature
[aur-general] TU application: hashworks
Hello everyone, My name is Justin Kromlinger aka hashworks and I'm applying as a Trusted User with the sponsorship of Thore Bödecker aka foxxx0 and Christian Rebischke aka shibumi who recently reviewed my AUR packages [1] – thanks for that! Some may know me from freenode#archlinux.de, where I'm lingering since a few years. I am and will be reachable there anytime. I was born in Germany in 1994. My oldest Arch installation dates back to the month of July in 2015, at least according to my pacman logs. Just a year later I successfully qualified as an IT specialist in application development, together with a (soon to be expired) LPIC-1 certificate. Last year I got my bachelor's degree in informatics in Leipzig (come visit me at the C3!), where I currently study for a master's degree. So you could say Arch Linux accompanied my whole education! I started my first job at a small web agency as a Developer, but I slowly but surely turned into their System Administrator. At my current job for a larger IT company my external e-mail signature states I'm a "DevOps Engineer" – and while that term is by all means not fully defined, it kinda describes what I do. I create and maintain pipelines (mainly GitLabCI), design deployment processes and try to make our Docker Images a bit saner every day. And since I was able to enforce using Arch Linux on my work ThinkPad the distribution keeps on supporting my life, so I might try to give a little back! While I try to do some FOSS development in Go or – more recently – Rust now and then [2], my free time mostly flows into the maintenance of software and infrastructure for friends and family – and I have to admit that BASH remains my most fluent language. Regarding my own packages I would like to move filebin and pam-ihosts since I use those on my servers. srrdb-terminal-client is also something I regularly use that I would like to move. Additionally I would like to ask to take over kiwix-desktop of which I maintain the dependency chain (kiwix-lib, libzim and mustache) – and while I'm at it the whole stack (mainly kiwix-tools). Other small packages that would suite Community are mdcat and insect if the current maintainers agree. i3blocks-contrib is another possible candidate, but I would need to request new and frequent releases for that. Out of the orphaned packages the only one I could reasonably maintain is hddtemp (since I still use it). For most of my packages I use a personal GitLab instance to verify the builds with a pipeline [3] and since a while the process of new releases is automated. If possible I would like to support Arch in that direction, things that come to my mind are reproducible builds and CI/CD for repo packages, migration from SVN to Git might be a larger topic I could help with. Since I have an interest in keeping our GitLab packages stable and up-to-date I would like to co-maintain that if anatolik agrees. Since the question comes up frequently in TU applications: I mainly use a Telegram RSS bot [4] to monitor releases and urlwatch for stuff without RSS feeds. Best Regards hashworks [1] https://aur.archlinux.org/packages/?K=hashworks&SeB=m [2] https://github.com/hashworks [3] https://git.hashworks.net/aur-packages [4] https://github.com/iovxw/rssbot/blob/2.x/README.en.md pgpNBMNDnO_JS.pgp Description: OpenPGP digital signature