Never wrote RPM specs because I generally dislike RPM-based distributions (Fedora was a really bad experience when I tried it), but from a quick Google search they’re very similar.
I kinda like the format at a glance, seems pretty comparable in terms of what you put in there. Definitely less painful than debhelper.
I guess one of the advantages of PKGBUILD is that they’re essentially bash scripts that gets sourced by the tools, so they’re incredibly simple and don’t require parsing a custom format. You can:
#!/bin/sh source PKGBUILD prepare build check package
That comes with disadvantages in that reading the PKGBUILD is inherently unsafe, and it was the cause of many concerns back in the days with tools like yaourt, which pretty much just blindly sourced it to get the variables out, which means immediate code execution just loading it from the AUR.
I did not know you could just source a PKGBUILD. I’m certain I’ll remember this instead of the correct
makepkg
flag to run this ot the other stage only.I mean it’s not going to make you a package if you just do that, the real tools do other things in-between but it shows the general simplicity Arch went with there.
I think while yaourt was called out for it, there are still issues with doing it this way; it’s the reason the AUR requires a .SRCINFO file nowadays https://wiki.archlinux.org/title/.SRCINFO
That comes with disadvantages in that reading the PKGBUILD is inherently unsafe, and it was the cause of many concerns back in the days with tools like yaourt, which pretty much just blindly sourced it to get the variables out, which means immediate code execution just loading it from the AUR.
However, the AUR helpers in question, which are not official tools, were to blame. Some developers of these tools could not or did not want to solve the problem. According to https://wiki.archlinux.org/title/AUR_helpers, almost no AUR helper sources the files automatically nowadays.
Do you also dislike openSUSE and openMandriva?
I haven’t really given those a try, ArchLinux happens to have ended my distro-hopping 10ish years ago.
Started with Ubuntu 7.04, bailed when they released the first Unity, went through a few Ubuntu spins, then Debian, then Fedora 15 (that one had lots of issues, the installer repeatedly crashed on me and all, it corrupted my partition table forcing me to testdisk to recover, they didn’t have Chromium or any proprietary codecs and apps). I ended up back on Ubuntu for a bit and then took the Arch dive, and been happy ever since and never felt the desire to learn another distro if it doesn’t have significant advantages.
My next distro will probably be something like NixOS, the concept is quite appealing but my VM experiments so far haven’t convinced me to get rid of Arch just yet. Might start using it on my servers for that sweet immutability and centralized config.
Haha I’m right there with you. The timeline isn’t as vast but Arch ended my distrohoppong and NixOS is the only thing really catching my eye these days.
I jumped around various Ubuntu spins, settled on Linux Mint for a while, tried out ElementaryOS for a brief moment, went back to Ubuntu spins then eventually went with Arch in 2019 and haven’t looked back.
The immutability and configuration of Nix seems so appealing but at this point I’m really comfortable with Arch and it does everything I need in a pretty sane way so idk if I’d switch anytime soon.
The immutability and configuration of Nix seems so appealing but at this point I’m really comfortable with Arch and it does everything I need in a pretty sane way so idk if I’d switch anytime soon.
Back in 2018, I had the experience of using NixOS. At that time, I noticed that the Nix language had a striking resemblance to Haskell, which stirred up feelings of anxiety within me.
I’ve either never dealt with RPM specs before or it’s been so long that I can’t remember. Therefore, I can only make a statement about PKBUILD files.
Such files are relatively easy to create and read, as they are basically shell scripts. Thus, if you use AUR, for example, you can easily check them before an installation or an update to see whether the creator has done everything correctly or whether he has changed the file with malicious intent.
For example, a typical PKBUILD file looks like this.
# Maintainer: Alad Wenter <https://github.com/AladW> # Co-Maintainer: Cedric Girard <cgirard [dot] archlinux [at] valinor [dot] fr> pkgname=aurutils pkgver=17.2 pkgrel=1 pkgdesc='helper tools for the arch user repository' url='https://github.com/AladW/aurutils' arch=('any') license=('custom:ISC') source=("$pkgname-$pkgver.tar.gz::$url/archive/refs/tags/$pkgver.tar.gz") changelog=aurutils.changelog install=aurutils.install sha256sums=('65efed873facf06ec73b012d94c110f35e45d3057eda2bc85983a3c8c6ce2c81') depends=('git' 'pacutils' 'curl' 'perl' 'perl-json-xs' 'bash') optdepends=('bash-completion: bash completion' 'zsh: zsh completion' 'devtools: aur-chroot' 'vifm: default pager' 'ninja: aur-sync ninja support' 'bat: view-delta example script' 'git-delta: view-delta example script' 'python-srcinfo: sync-rebuild example script') build() { cd "$pkgname-$pkgver" make AURUTILS_VERSION="$pkgver" } package() { cd "$pkgname-$pkgver" make PREFIX=/usr ETCDIR=/etc DESTDIR="$pkgdir" install }
Such files are relatively easy to create and read, as they are basically shell scripts.
I agree. I lean towards writing in Bash script instead of learning yet another special-purpose language. Nonetheless, the RPM spec doesn’t seem to pose any additional difficulty.
One is that it’s a shell script,
Using Bash sounds convincing to me.