Never wrote RPM specs because I generally dislike RPM-based distributions (Fedora was a really bad experience when I tried it), but from a quick Google search they’re very similar.
I kinda like the format at a glance, seems pretty comparable in terms of what you put in there. Definitely less painful than debhelper.
I guess one of the advantages of PKGBUILD is that they’re essentially bash scripts that gets sourced by the tools, so they’re incredibly simple and don’t require parsing a custom format. You can:
That comes with disadvantages in that reading the PKGBUILD is inherently unsafe, and it was the cause of many concerns back in the days with tools like yaourt, which pretty much just blindly sourced it to get the variables out, which means immediate code execution just loading it from the AUR.
I think while yaourt was called out for it, there are still issues with doing it this way; it’s the reason the AUR requires a .SRCINFO file nowadays https://wiki.archlinux.org/title/.SRCINFO
I haven’t really given those a try, ArchLinux happens to have ended my distro-hopping 10ish years ago.
Started with Ubuntu 7.04, bailed when they released the first Unity, went through a few Ubuntu spins, then Debian, then Fedora 15 (that one had lots of issues, the installer repeatedly crashed on me and all, it corrupted my partition table forcing me to testdisk to recover, they didn’t have Chromium or any proprietary codecs and apps). I ended up back on Ubuntu for a bit and then took the Arch dive, and been happy ever since and never felt the desire to learn another distro if it doesn’t have significant advantages.
My next distro will probably be something like NixOS, the concept is quite appealing but my VM experiments so far haven’t convinced me to get rid of Arch just yet. Might start using it on my servers for that sweet immutability and centralized config.
That comes with disadvantages in that reading the PKGBUILD is inherently unsafe, and it was the cause of many concerns back in the days with tools like yaourt, which pretty much just blindly sourced it to get the variables out, which means immediate code execution just loading it from the AUR.
However, the AUR helpers in question, which are not official tools, were to blame. Some developers of these tools could not or did not want to solve the problem. According to https://wiki.archlinux.org/title/AUR_helpers, almost no AUR helper sources the files automatically nowadays.
I did not know you could just source a PKGBUILD. I’m certain I’ll remember this instead of the correct makepkg flag to run this ot the other stage only.
I mean it’s not going to make you a package if you just do that, the real tools do other things in-between but it shows the general simplicity Arch went with there.
Never wrote RPM specs because I generally dislike RPM-based distributions (Fedora was a really bad experience when I tried it), but from a quick Google search they’re very similar.
I kinda like the format at a glance, seems pretty comparable in terms of what you put in there. Definitely less painful than debhelper.
I guess one of the advantages of PKGBUILD is that they’re essentially bash scripts that gets sourced by the tools, so they’re incredibly simple and don’t require parsing a custom format. You can:
That comes with disadvantages in that reading the PKGBUILD is inherently unsafe, and it was the cause of many concerns back in the days with tools like yaourt, which pretty much just blindly sourced it to get the variables out, which means immediate code execution just loading it from the AUR.
I think while yaourt was called out for it, there are still issues with doing it this way; it’s the reason the AUR requires a .SRCINFO file nowadays https://wiki.archlinux.org/title/.SRCINFO
Do you also dislike openSUSE and openMandriva?
I haven’t really given those a try, ArchLinux happens to have ended my distro-hopping 10ish years ago.
Started with Ubuntu 7.04, bailed when they released the first Unity, went through a few Ubuntu spins, then Debian, then Fedora 15 (that one had lots of issues, the installer repeatedly crashed on me and all, it corrupted my partition table forcing me to testdisk to recover, they didn’t have Chromium or any proprietary codecs and apps). I ended up back on Ubuntu for a bit and then took the Arch dive, and been happy ever since and never felt the desire to learn another distro if it doesn’t have significant advantages.
My next distro will probably be something like NixOS, the concept is quite appealing but my VM experiments so far haven’t convinced me to get rid of Arch just yet. Might start using it on my servers for that sweet immutability and centralized config.
However, the AUR helpers in question, which are not official tools, were to blame. Some developers of these tools could not or did not want to solve the problem. According to https://wiki.archlinux.org/title/AUR_helpers, almost no AUR helper sources the files automatically nowadays.
I did not know you could just source a PKGBUILD. I’m certain I’ll remember this instead of the correct
makepkg
flag to run this ot the other stage only.I mean it’s not going to make you a package if you just do that, the real tools do other things in-between but it shows the general simplicity Arch went with there.