You are not logged in.

#351 2020-10-29 14:30:13

fosskers
Member
Registered: 2012-02-21
Posts: 162
Website

Re: Aura - 3.2.2 - The Secure, Multilingual Package Manager - *New Book!*

I'd say it's the whole package. I just finished a little proof-of-concept yesterday that indicates to me that such a port would allow Aura to become what I always wanted it to be (and also fix some of its current issues "for free").


Author of Aura

Offline

#352 2020-10-30 00:27:07

eschwartz
Trusted User/Bug Wrangler
Registered: 2014-08-08
Posts: 3,768

Re: Aura - 3.2.2 - The Secure, Multilingual Package Manager - *New Book!*

"Access to libalpm" -- nothing ever stopped you from creating a haskell binding to libalpm, just saying. If this was a dealbreaker, you could have fixed it. The real story here is that there is *convenient* access to libalpm, if someone else wrote the bindings for you.

"Builds on more platforms/architectures" -- rust is less portable than C++, which is less portable than C. You're still leaving platforms/architectures on the table. That being said, I'm surprised haskell wouldn't work on ARM. yikes And I guess the only thing which matters at the moment is x86_64, i686 (archlinux32), and arm (ALARM).

"Must write a bash parser to replace the language-bash Haskell library." -- no one cares and you should not be doing this anyway. But you never listen.


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#353 2020-10-30 00:42:17

fosskers
Member
Registered: 2012-02-21
Posts: 162
Website

Re: Aura - 3.2.2 - The Secure, Multilingual Package Manager - *New Book!*

I have tried to write the bindings before, but found it quite difficult to establish a good workflow. In the end it wasn't necessary for most of what Aura does, but the story is different if the bindings are already there. In this case, you're right, they are there, so I can build upon them. It would be a similar story were Aura written in Python or Go (or C for that matter).

It's not that Haskell doesn't work on arm - it's that tooling can be an issue, and cross-compilation with Haskell is still no-man's land. I suppose the point about available architectures in general doesn't need to be so high on the list, since you're correct that Arch targets only those specific architectures anyway.

Regarding Bash, Aura doesn't source PKGBUILDs (the old, evil thing), nor does it parse them anymore for dependency information (this was changed years ago). Some tools use `shellcheck` to scan for Bash inconsistencies, but Aura does this manually and in doing so covers more cases. That's what the parsing is for.


Author of Aura

Offline

#354 2020-10-30 00:58:00

eschwartz
Trusted User/Bug Wrangler
Registered: 2014-08-08
Posts: 3,768

Re: Aura - 3.2.2 - The Secure, Multilingual Package Manager - *New Book!*

Running shellcheck on a PKGBUILD doesn't discover security issues, nor does running aura's homegrown analyzer. This was discussed at https://wiki.archlinux.org/index.php?ti … did=625152 and the wiki maintainer ruling is, you will not be permitted to use the wiki to advertise aura as security software.

Please understand that nothing you say can convince me. It's not like I don't *know* what you're using a bash parser for, you don't need to describe the functionality to me.

...

Really, this just makes it easier to rewrite it in rust, you know. tongue


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#355 2020-10-30 02:12:58

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 17,516

Re: Aura - 3.2.2 - The Secure, Multilingual Package Manager - *New Book!*

I thought the "clap" warranted metallic Mercury, not oxidizing Iron
tongue


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#356 2020-10-30 02:42:04

fosskers
Member
Registered: 2012-02-21
Posts: 162
Website

Re: Aura - 3.2.2 - The Secure, Multilingual Package Manager - *New Book!*

Thanks for the clarification eschwartz. Note that it's always been Aura's recommendation for users to verify PKGBUILD contents themselves. The bash analysis is a complement to human eyeballs, and it does indeed catch many suspicious things in real PKGBUILDs. Is it perfect? No of course not, but I believe it's better there than not.


Author of Aura

Offline

Board footer

Powered by FluxBB