> The guarantee I was trying to make is that the sources in the source
> tarball match what is used to build the package, and can be used to
> build the package. Many packages from AUR do something silly like
>
> pkgver() { date +'%Y%m%d'; }
>
> With that, it isn't possible to re-build the same package version,
> even though you have the sourceball. The pkgver() function should
> always generate the same version from the same sources; if the version
> doesn't change, then it doesn't try to edit the PKGBUILD. So this is
> trying to enforce that it doesn't change *again* after the sourceball
> is created.Your solution to the problem is not a solution. Now you have a package with dynamically updated contents, where the pkgver does not match. The package is still totally unreproducible, but for bonus points it is also lying, because a writable PKGBUILD is needed in order for it to figure out its own internal truth. Any AUR package that uses `date +'%Y%m%d'` should be deleted with extreme prejudice, or forcibly orphaned and hostilely taken over by a well-behaved package maintainer. You have my blessing as an AUR administrator to pursue that course of action. I strongly encourage making a Parabola project policy that official Parabola packages are not permitted to use `date +'%Y%m%d'`. > The issue is that apparently `makepkg --allsource` doesn't run > `pkgver()`. IMO, the correct fix is to modify `download_sources()` to > do something to make sure that `pkgver()` gets run. Until that is > patched, it could be worked around by running `makepkg -o` before > runnig libremakepkg (that's not a bad idea anyway--you should glance > over the changes for a VCS package before updating it :) ) That is correct -- allsource is meant to download sources, not check them out, run the prepare function, and then calculate versions base on that. In Arch Linux, the package gets built first, then the source-package is created after. > As for linux-libre modifying the install script in `$startdir`; it > should be doing that in `$srcdir`; and I don't have a big problem with > saying "fix the PKGBUILD" in that case. I suggest you try setting install="$srcdir"/foo.install and see what happens. There is a parabola bug report about the rw startdir, and it's been discussed there why that suggestion won't work. -- Eli Schwartz Bug Wrangler and Trusted User
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
