gopro package check

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

gopro package check

tur-users mailing list
Hi !

I just realized my first PKGBUILD for gopro tool  which is available here
for now: https://github.com/mickro/gopro-tools-arch-package

Gopro tools are made by https://github.com/KonradIT. That gives some useful
tools for GoPro post production. And I think that can be usefull for many.

I'm asking here for a PKGBUILD review, as suggested on
https://wiki.archlinux.org/index.php/Arch_User_Repository#Submitting_packages
.

cheers,

Mickael
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gopro package check

tur-users mailing list
On 06/28/2017 05:08 PM, mickael foucaux via aur-general wrote:

> Hi !
>
> I just realized my first PKGBUILD for gopro tool  which is available here
> for now: https://github.com/mickro/gopro-tools-arch-package
>
> Gopro tools are made by https://github.com/KonradIT. That gives some useful
> tools for GoPro post production. And I think that can be usefull for many.
>
> I'm asking here for a PKGBUILD review, as suggested on
> https://wiki.archlinux.org/index.php/Arch_User_Repository#Submitting_packages
You're downloading the source directly from master, which means this
package will fail the integrity checksums as soon as there is any sort
of update.

Where do you even get a version number from? The source repository has
no tags... if it did have a tag, you could download the tagged release!
Therefore, this should be a *-git package, and you should download the
repository as a whole via git, then use the pkgver function from
https://wiki.archlinux.org/index.php/VCS_package_guidelines

$srcdir and $pkgdir are not quoted. What do you think will happen if I
try building this package from "$HOME/aur packages/gopro-tools/"?

Your PKGBUILD claims the package is licensed under the GPL3 but I cannot
find any trace of a license in the upstream repository.

--
Eli Schwartz


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gopro package check

tur-users mailing list
thanks.

The package author and I made some updates after you comments.

about checksums:
- I changed it for 'SKIP' rule

about version number:
- version tag has been added to original repository
- and the PKGBUILD grabs it

about the name:
- I added the '-git' suffix
- I updated the group name as well

about variables:
- $srcdir and $pkgdir are now embed in quoted strings

about licence:
- it has been added to the source repository

Is that good enough to fit AUR quality?

2017-06-28 23:09 GMT+01:00 Eli Schwartz via aur-general <
[hidden email]>:

> On 06/28/2017 05:08 PM, mickael foucaux via aur-general wrote:
> > Hi !
> >
> > I just realized my first PKGBUILD for gopro tool  which is available here
> > for now: https://github.com/mickro/gopro-tools-arch-package
> >
> > Gopro tools are made by https://github.com/KonradIT. That gives some
> useful
> > tools for GoPro post production. And I think that can be usefull for
> many.
> >
> > I'm asking here for a PKGBUILD review, as suggested on
> > https://wiki.archlinux.org/index.php/Arch_User_
> Repository#Submitting_packages
>
> You're downloading the source directly from master, which means this
> package will fail the integrity checksums as soon as there is any sort
> of update.
>
> Where do you even get a version number from? The source repository has
> no tags... if it did have a tag, you could download the tagged release!
> Therefore, this should be a *-git package, and you should download the
> repository as a whole via git, then use the pkgver function from
> https://wiki.archlinux.org/index.php/VCS_package_guidelines
>
> $srcdir and $pkgdir are not quoted. What do you think will happen if I
> try building this package from "$HOME/aur packages/gopro-tools/"?
>
> Your PKGBUILD claims the package is licensed under the GPL3 but I cannot
> find any trace of a license in the upstream repository.
>
> --
> Eli Schwartz
>
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gopro package check

tur-users mailing list
On 07/02/2017 09:48 AM, mickael foucaux via aur-general wrote:

> thanks.
>
> The package author and I made some updates after you comments.
>
> about checksums:
> - I changed it for 'SKIP' rule
>
> about version number:
> - version tag has been added to original repository
> - and the PKGBUILD grabs it
>
> about the name:
> - I added the '-git' suffix
> - I updated the group name as well
>
> about variables:
> - $srcdir and $pkgdir are now embed in quoted strings
>
> about licence:
> - it has been added to the source repository
>
> Is that good enough to fit AUR quality?
Looks good to me. Note that now there are tags provided by upstream
(good job on that), you could, optionally, choose to upload a non-git
package that uses:
source=("gopro-linux-$pkgver.tar.gz::$url/archive/$pkgver.tar.gz")
which is the reproducible archive created on that repository's Releases
page. As it is, though, this package is certainly sufficient to provide
a *-git package.

I'd also like to point to the pkgdesc... "Useful tool set for post
production" doesn't seem descriptive enough to me, I would probably use
something like "Tools for post production with GoPro cameras". Just from
looking at the PKGBUILD, I cannot tell what gopro is or why I might want
to use their tools.
This might not matter to people already looking for software that
relates to the gopro, but at least it could help people know when the
package is *not* for them.

--
Eli Schwartz


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: gopro package check

tur-users mailing list
thanks for the review. I'm grabbing as it your suggestion for the package
description
.

2017-07-02 16:21 GMT+01:00 Eli Schwartz via aur-general <
[hidden email]>:

> On 07/02/2017 09:48 AM, mickael foucaux via aur-general wrote:
> > thanks.
> >
> > The package author and I made some updates after you comments.
> >
> > about checksums:
> > - I changed it for 'SKIP' rule
> >
> > about version number:
> > - version tag has been added to original repository
> > - and the PKGBUILD grabs it
> >
> > about the name:
> > - I added the '-git' suffix
> > - I updated the group name as well
> >
> > about variables:
> > - $srcdir and $pkgdir are now embed in quoted strings
> >
> > about licence:
> > - it has been added to the source repository
> >
> > Is that good enough to fit AUR quality?
>
> Looks good to me. Note that now there are tags provided by upstream
> (good job on that), you could, optionally, choose to upload a non-git
> package that uses:
> source=("gopro-linux-$pkgver.tar.gz::$url/archive/$pkgver.tar.gz")
> which is the reproducible archive created on that repository's Releases
> page. As it is, though, this package is certainly sufficient to provide
> a *-git package.
>
> I'd also like to point to the pkgdesc... "Useful tool set for post
> production" doesn't seem descriptive enough to me, I would probably use
> something like "Tools for post production with GoPro cameras". Just from
> looking at the PKGBUILD, I cannot tell what gopro is or why I might want
> to use their tools.
> This might not matter to people already looking for software that
> relates to the gopro, but at least it could help people know when the
> package is *not* for them.
>
> --
> Eli Schwartz
>
>
Loading...