PKGBUILD review: lmstudio-appimage

myyc · 2023-11-22 11:40:25

i mostly used a template. i'm not sure about licences since it's a pre-release and the code isn't available. the homepage is: https://lmstudio.ai

_pkgname=lmstudio

pkgname="${_pkgname}"-appimage
pkgver="0.2.8.beta.v1"
pkgrel=1
pkgdesc="Discover, download, and run local LLMs"
arch=('x86_64')
url="https://lmstudio.ai/"
license=('custom:Unlicense')
depends=('zlib' 'hicolor-icon-theme')
options=(!strip)
_appimage="${pkgname}-${pkgver}.AppImage"
source_x86_64=("${_appimage}::https://s3.amazonaws.com/releases.lmstudio.ai/prerelease/LM+Studio-${pkgver/\.beta\./-beta-}.AppImage")
noextract=("${_appimage}")
sha256sums_x86_64=('1dad46f58acbac704f607a2a3a8321a95afff40b544082c2bb1769d3b91679b9')
appname="lm-studio"

prepare() {
    chmod +x "${_appimage}"
    ./"${_appimage}" --appimage-extract
}

build() {
    # Adjust .desktop so it will work outside of AppImage container
    sed -i -E "s|Exec=AppRun|Exec=env DESKTOPINTEGRATION=false /usr/bin/${appname}|"\
        "squashfs-root/${appname}.desktop"
    # Fix permissions; .AppImage permissions are 700 for all directories
    chmod -R a-x+rX squashfs-root/usr
}

package() {
    # AppImage
    install -Dm755 "${srcdir}/${_appimage}" "${pkgdir}/opt/${pkgname}/${pkgname}.AppImage"
    install -Dm644 "${srcdir}/squashfs-root/LICENSE" "${pkgdir}/opt/${pkgname}/LICENSE"

    # Desktop file
    install -Dm644 "${srcdir}/squashfs-root/${appname}.desktop"\
            "${pkgdir}/usr/share/applications/${appname}.desktop"

    # Icon images
    install -dm755 "${pkgdir}/usr/share/"
    cp -a "${srcdir}/squashfs-root/usr/share/icons" "${pkgdir}/usr/share/"

    # Symlink executable
    install -dm755 "${pkgdir}/usr/bin"
    ln -s "/opt/${pkgname}/${pkgname}.AppImage" "${pkgdir}/usr/bin/${appname}"

    # Symlink license
    install -dm755 "${pkgdir}/usr/share/licenses/${pkgname}/"
    ln -s "/opt/$pkgname/LICENSE" "$pkgdir/usr/share/licenses/$pkgname"
}

ectospasm · 2023-11-24 05:43:47

This PKGBUILD looks OK to me, you'd need the Maintainer comment at the top. But the terms of use (license) are concerning. I am not a lawyer/attorney (IANAL), but the license specifically prohibits redistribution, and I do not know if this PKGBUILD violates that. I'd read through the non-free applications package guidelines, and ask yourself the questions asking you to not package non-free software like this.

For your own purposes, it's fine to develop and use a PKGBUILD like this. But I wouldn't submit it to the AUR, unless you get specific written permission to add it.

myyc · 2023-11-28 15:30:23

thanks for the review. i submitted it anyway (it helps their own community after all as their discord is littered with "where is the linux version" requests). if they get annoyed about it i'll just take it down.

Scimmia · 2023-11-28 15:44:37

ectospasm wrote:

I am not a lawyer/attorney (IANAL), but the license specifically prohibits redistribution, and I do not know if this PKGBUILD violates that.

The only thing that's being distributed here is the PKGBUILD, there is no redistribution of upstream code or binaries. This is one of the major reasons that things stay in the AUR instead of going into the repos.

ectospasm · 2023-11-29 04:29:05

Scimmia wrote:

The only thing that's being distributed here is the PKGBUILD, there is no redistribution of upstream code or binaries. This is one of the major reasons that things stay in the AUR instead of going into the repos.

That actually makes sense, but the maintainer still does so at their own risk, and at the Arch community's risk. We may legally be in the right since the only code being distributed is the PKGBUILD, but having to defend oneself if upstream wants to take legal action anyway is not a position I'd want to be in. Sadly, justice goes to the side that has the most resources (time and money) in many cases. This is why custom licenses and proprietary software packages in general suck.

Most likely Arch would get a cease and desist letter, and we'd just remove the package from the AUR. But software copyright attorneys representing upstream could still decide to take further action for any number of reasons such as Arch took too long to remove the PKGBUILD (which is actually something outside the PKGBUILD maintainer's control), an Arch volunteer made an inappropriate comment towards upstream, or simply just to make an example of the Arch community, etc.

I see that the AUR is stated to be user defined content, but the community should probably add to the disclaimer that Arch is not responsible for packages submitted to the AUR. Lawyers like this stuff to be explicit, leaving no room for interpretation.

I'd feel much better about this if a specific court case could be cited that said what this PKGBUILD does is permissible under upstream's license. Something a good copyright attorney can do, but I doubt Arch has any on retainer that could officially give us this counsel. It gets complicated because the Arch community is international, and upstream could submit the suit in any jurisdiction they find favorable.

Again, I am not a lawyer so this isn't legal counsel, but I'd hate for something like this to drag down this community of volunteers. And since we don't have deep pockets, upstream may not decide to take any action. But it's a risk either way. And Arch losing such a suit sets a very bad precedent.

Last edited by ectospasm (2023-11-29 04:31:44)

V1del · 2023-11-29 12:09:59

There's the red warning on the wiki page: https://wiki.archlinux.org/title/Arch_User_Repository and the bold line on the AUR home: https://aur.archlinux.org/

AUR home wrote:

DISCLAIMER: AUR packages are user produced content. Any use of the provided files is at your own risk.

don't really see how you'd want to make this more explicit. And FWIW this would be a first, popular things that also aren't redistributable are spotify and discord (which attaches a "official notice" email as the exemption clause for the fact it's in the repos now) have been in the AUR for years without any legal action from what I've seen.

Lone_Wolf · 2023-11-29 12:15:27

As far as I know there never has been a court case about AUR in any jurisdiction .

myyc · 2023-11-29 14:00:11

V1del wrote:

There's the red warning on the wiki page: https://wiki.archlinux.org/title/Arch_User_Repository and the bold line on the AUR home: https://aur.archlinux.org/
AUR home wrote:
DISCLAIMER: AUR packages are user produced content. Any use of the provided files is at your own risk.
don't really see how you'd want to make this more explicit. And FWIW this would be a first, popular things that also aren't redistributable are spotify and discord (which attaches a "official notice" email as the exemption clause for the fact it's in the repos now) have been in the AUR for years without any legal action from what I've seen.

that's precisely why i'm not too worried. companies don't really bother with this sort of stuff, and either way, if they send a request, we can take it down, i don't think it's a big deal.

ectospasm · 2023-11-30 01:15:14

Points well taken, I'm probably overthinking this. But I don't see that the existing AUR disclaimer indemnifies the Arch community if an entity really wanted to take action, since it doesn't explicitly state that the Arch community is not responsible for AUR content (it's implied, sure, but I'm not sure if that's good enough).

The way the disclaimer reads to me now is that if an Arch user installs any AUR packages, the risk of security or performance issues is on the user, not the community. But if a copyright holder decides to take action, more than a cease and desist letter, I don't think the disclaimer as it stands is enough to protect the wider Arch community from liability. And I have no idea what those consequences would be.

I don't know much about Discord, and how they earn revenue. But Spotify is a subscription service, they earn revenue through subscription fees, or advertising (or however they monetize non-paying customers, I'm sure they aren't really providing the service for free beyond a trial period). I could imagine them not caring or even encouraging their software be available on as many platforms as possible; as long as they don't have to lift a finger supporting those extra platforms. Just adds to their revenue stream, and I can't think they'd want to cut that off even in a minor way.

But this discussion has ventured far off topic, and it really is my fault. I'm not sure where the best place to discuss this would be. Probably the Arch Discussion section of this forum since it's no longer a technical issue.

Arch Linux

#1 2023-11-22 11:40:25

PKGBUILD review: lmstudio-appimage

#2 2023-11-24 05:43:47

Re: PKGBUILD review: lmstudio-appimage

#3 2023-11-28 15:30:23

Re: PKGBUILD review: lmstudio-appimage

#4 2023-11-28 15:44:37

Re: PKGBUILD review: lmstudio-appimage

#5 2023-11-29 04:29:05

Re: PKGBUILD review: lmstudio-appimage

#6 2023-11-29 12:09:59

Re: PKGBUILD review: lmstudio-appimage

#7 2023-11-29 12:15:27

Re: PKGBUILD review: lmstudio-appimage

#8 2023-11-29 14:00:11

Re: PKGBUILD review: lmstudio-appimage

#9 2023-11-30 01:15:14

Re: PKGBUILD review: lmstudio-appimage

Board footer