• Max-P@lemmy.max-p.me
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 year ago

    Never wrote RPM specs because I generally dislike RPM-based distributions (Fedora was a really bad experience when I tried it), but from a quick Google search they’re very similar.

    I kinda like the format at a glance, seems pretty comparable in terms of what you put in there. Definitely less painful than debhelper.

    I guess one of the advantages of PKGBUILD is that they’re essentially bash scripts that gets sourced by the tools, so they’re incredibly simple and don’t require parsing a custom format. You can:

    #!/bin/sh
    source PKGBUILD
    prepare
    build
    check
    package
    

    That comes with disadvantages in that reading the PKGBUILD is inherently unsafe, and it was the cause of many concerns back in the days with tools like yaourt, which pretty much just blindly sourced it to get the variables out, which means immediate code execution just loading it from the AUR.

      • Max-P@lemmy.max-p.me
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I haven’t really given those a try, ArchLinux happens to have ended my distro-hopping 10ish years ago.

        Started with Ubuntu 7.04, bailed when they released the first Unity, went through a few Ubuntu spins, then Debian, then Fedora 15 (that one had lots of issues, the installer repeatedly crashed on me and all, it corrupted my partition table forcing me to testdisk to recover, they didn’t have Chromium or any proprietary codecs and apps). I ended up back on Ubuntu for a bit and then took the Arch dive, and been happy ever since and never felt the desire to learn another distro if it doesn’t have significant advantages.

        My next distro will probably be something like NixOS, the concept is quite appealing but my VM experiments so far haven’t convinced me to get rid of Arch just yet. Might start using it on my servers for that sweet immutability and centralized config.

        • jaykstah@waveform.social
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Haha I’m right there with you. The timeline isn’t as vast but Arch ended my distrohoppong and NixOS is the only thing really catching my eye these days.

          I jumped around various Ubuntu spins, settled on Linux Mint for a while, tried out ElementaryOS for a brief moment, went back to Ubuntu spins then eventually went with Arch in 2019 and haven’t looked back.

          The immutability and configuration of Nix seems so appealing but at this point I’m really comfortable with Arch and it does everything I need in a pretty sane way so idk if I’d switch anytime soon.

          • veer66@lemmy.oneOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            The immutability and configuration of Nix seems so appealing but at this point I’m really comfortable with Arch and it does everything I need in a pretty sane way so idk if I’d switch anytime soon.

            Back in 2018, I had the experience of using NixOS. At that time, I noticed that the Nix language had a striking resemblance to Haskell, which stirred up feelings of anxiety within me.

    • Fryboyter@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      That comes with disadvantages in that reading the PKGBUILD is inherently unsafe, and it was the cause of many concerns back in the days with tools like yaourt, which pretty much just blindly sourced it to get the variables out, which means immediate code execution just loading it from the AUR.

      However, the AUR helpers in question, which are not official tools, were to blame. Some developers of these tools could not or did not want to solve the problem. According to https://wiki.archlinux.org/title/AUR_helpers, almost no AUR helper sources the files automatically nowadays.

    • exu@feditown.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I did not know you could just source a PKGBUILD. I’m certain I’ll remember this instead of the correct makepkg flag to run this ot the other stage only.

      • Max-P@lemmy.max-p.me
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I mean it’s not going to make you a package if you just do that, the real tools do other things in-between but it shows the general simplicity Arch went with there.

  • Fryboyter@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I’ve either never dealt with RPM specs before or it’s been so long that I can’t remember. Therefore, I can only make a statement about PKBUILD files.

    Such files are relatively easy to create and read, as they are basically shell scripts. Thus, if you use AUR, for example, you can easily check them before an installation or an update to see whether the creator has done everything correctly or whether he has changed the file with malicious intent.

    For example, a typical PKBUILD file looks like this.

    # Maintainer: Alad Wenter <https://github.com/AladW>
    # Co-Maintainer: Cedric Girard <cgirard [dot] archlinux [at] valinor [dot] fr>
    pkgname=aurutils
    pkgver=17.2
    pkgrel=1
    pkgdesc='helper tools for the arch user repository'
    url='https://github.com/AladW/aurutils'
    arch=('any')
    license=('custom:ISC')
    source=("$pkgname-$pkgver.tar.gz::$url/archive/refs/tags/$pkgver.tar.gz")
    changelog=aurutils.changelog
    install=aurutils.install
    sha256sums=('65efed873facf06ec73b012d94c110f35e45d3057eda2bc85983a3c8c6ce2c81')
    depends=('git' 'pacutils' 'curl' 'perl' 'perl-json-xs' 'bash')
    optdepends=('bash-completion: bash completion'
                'zsh: zsh completion'
                'devtools: aur-chroot'
                'vifm: default pager'
                'ninja: aur-sync ninja support'
                'bat: view-delta example script'
                'git-delta: view-delta example script'
                'python-srcinfo: sync-rebuild example script')
    
    build() {
        cd "$pkgname-$pkgver"
        make AURUTILS_VERSION="$pkgver"
    }
    
    package() {
        cd "$pkgname-$pkgver"
        make PREFIX=/usr ETCDIR=/etc DESTDIR="$pkgdir" install
    }
    
    • veer66@lemmy.oneOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Such files are relatively easy to create and read, as they are basically shell scripts.

      I agree. I lean towards writing in Bash script instead of learning yet another special-purpose language. Nonetheless, the RPM spec doesn’t seem to pose any additional difficulty.

  • @hachyderm.io
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    @veer66
    One is that it’s a shell script, so it feels like there’s less to learn. The accuracy of that can be debated.

    I’ve not packaged RPMs in a fair while, so I can’t make a more thorough comparison.
    @linux

    • veer66@lemmy.oneOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      One is that it’s a shell script,

      Using Bash sounds convincing to me.