You are not logged in.

#1 2023-05-06 09:20:48

dreieck
Member
Registered: 2012-10-08
Posts: 56

PKGBUILD: Is source download in build() into $HOME/... OK?

Ahoj,

I see that a lot of packages in the AUR, that use rust (`cargo`) or `go` or `npm`, download

  • dependencies e.g. via `cargo` or `go` during `build()` and

  • into some subdirectory of the build user's home directory (e.g. `~/.cargo/`).

I want to ask if this is OK?

As I understand it, `build()` and `package()` should be able to run without internet access if possible, and so it would be good to move the downloads which cannot be put into the `source` array into `prepare()`.
This is practise I do.

I want to ask if this is desired? If so, I might upgrade the Go, Node.js and Rust packages guidelines in the Arch Wiki.

Also, is it OK that the stuff is downloaded into some subdirectory of the build user's home directory? As I understand it, package build should be self-contained within `$srcdir` and `$pkgdir` and must not do anything outside those directories. Does it also apply here? With rust packages, this can e.g. be enforced by setting `$CARGO_HOME` to `$srcdir/cargo` in the `PKGBUILD`.

Is this desired? If so, I might upgrade the Node.js and Rust packaging guidelines in the Arch Wiki. With Go packages, I am not sure yet how to achieve this completely; I had some package where I played with `$GOPATH` and it resulted in some dependencies going to the set location, and some still going to `~/.go`. I would need advice in this case.

In the Node.js package guidelines, there is already something saying to download to a subfolder of `$srcdir` to not clutter `$HOME`.

Regards!

Last edited by dreieck (2023-05-06 09:25:01)

Offline

#2 2023-05-06 11:25:32

Lone_Wolf
Forum Moderator
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 12,191

Re: PKGBUILD: Is source download in build() into $HOME/... OK?

and so it would be good to move the downloads which cannot be put into the `source` array into `prepare()`.

The rust package guidelines already achive that by using cargo --frozen in build() and check()  (package()  doesn't seem to use cargo) .

Also, is it OK that the stuff is downloaded into some subdirectory of the build user's home directory? As I understand it, package build should be self-contained within `$srcdir` and `$pkgdir` and must not do anything outside those directories.

Many users (including me) set SRCDEST in makepkg.conf to store downloaded sources somewhere in their $HOME to avoid re-downloading sources every time you build a package.
The commands from devtools that build in a clean chroot do use that env var and others from that same makepkg.conf section .

[EDIT]
Or do you mean that there is code inside PKGBUILDS that explicitly stores stuff under $HOME ?
[end-of-edit]


I have very little experience with node & go (and do my best to keep it that way) so can't comment on them.

Last edited by Lone_Wolf (2023-05-06 11:36:48)


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#3 2023-05-06 12:31:30

dreieck
Member
Registered: 2012-10-08
Posts: 56

Re: PKGBUILD: Is source download in build() into $HOME/... OK?

Lone_Wolf wrote:

Or do you mean that there is code inside PKGBUILDS that explicitly stores stuff under $HOME ?

Yes, this is what I mean. cargo, go and npm all download stuff on their own and if not instructed specifically (they do not know about `$SRCDEST`, tool-specific options/ environment variables must be used), they download their stuff into some directory under `$HOME`, outside `$srcdir`.

Last edited by dreieck (2023-05-06 13:49:49)

Offline

#4 2023-05-06 12:40:27

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,758
Website

Re: PKGBUILD: Is source download in build() into $HOME/... OK?

I've seen this several times when I attempted to build an AUR package to help someone on these forums and running makepkg resulted in the PKGBUILD littering garbage all over my home directory.  That is absolutely unacceptable.

I have hoped that this was a result of just incompetent use of the cargo / go / whatever by those specific PKGBUILD authors and not a limitation of those tools themselves.  But in any case, yes, build() and package() should be able to run with no network access (anything requiring network access should be either pushed into the source array, or if necessary handled in the prepare() function); and a PKGBUILD should absolutely not save anything outside of srcdir or pkgdir.

If the current packaging guidlines for cargo/go/whatever violate these requirements, they should be fixed.  If you know how to fix them to acheive these goals, please do so.

Last edited by Trilby (2023-05-06 12:40:59)


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#5 2023-05-06 13:24:51

3beb6e7c46a615a
Member
Registered: 2021-03-27
Posts: 165

Re: PKGBUILD: Is source download in build() into $HOME/... OK?

Is that an official stance, Trilby?  Can't say anything about Go or NPM, but I just checked a few Rust packages in community, and I found none which overrides "CARGO_HOME", and only a single one which runs "cargo fetch" in prepare().  Does anyone even care?  I thought the general expectation was to build in chroot anyway?

I've also not found any documentation about "build()" and "package()" being expected to run without network access.  It's neither documented in PKGBUILD(5) nor in the Arch package guidelines as far as I can see.

Offline

#6 2023-06-01 03:10:33

Kindred
Member
From: Australia
Registered: 2006-03-25
Posts: 27

Re: PKGBUILD: Is source download in build() into $HOME/... OK?

So far I've not had any issues with using 'export GOPATH="$srcdir/gopath"' in PKGBUILDs, and haven't had anything end up in ~/go. I came here to ask if this is good or bad practice and I'm still unsure?

The one time I asked a maintainer if they'd consider adding this in their PKGBUILD they told me they like having the cache created in ~/go and that the wiki says nothing about it, and so they're not changing it. Subsequently I set GOPATH as an env var myself to /tmp and that's worked since.. I really disliked ~/go turning up now and again.

Last edited by Kindred (2023-06-01 03:12:28)

Offline

#7 2023-06-01 08:26:26

Lone_Wolf
Forum Moderator
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 12,191

Re: PKGBUILD: Is source download in build() into $HOME/... OK?

The talk page for go package guidelines does have a (short) discussion from 2019 about this.

The caching issue could be solved by using export GOPATH=$SRCDEST so go and makepkg use the same location for caching sources .
Maybe add something to that discussion ?

Last edited by Lone_Wolf (2023-06-01 08:26:56)


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

Board footer

Powered by FluxBB