Search Criteria
Package Details: python-pykakasi 2.3.0-2
Package Actions
Git Clone URL: | https://aur.archlinux.org/python-pykakasi.git (read-only, click to copy) |
---|---|
Package Base: | python-pykakasi |
Description: | Lightweight converter from Japanese Kana-kanji sentences into Kana-Roman |
Upstream URL: | https://codeberg.org/miurahr/pykakasi |
Licenses: | GPL-3.0-or-later |
Submitter: | pekkarr |
Maintainer: | pekkarr (txtsd) |
Last Packager: | pekkarr |
Votes: | 8 |
Popularity: | 1.51 |
First Submitted: | 2023-03-15 18:02 (UTC) |
Last Updated: | 2024-09-15 17:12 (UTC) |
Dependencies (9)
- python-deprecated
- python-jaconvAUR
- git (git-gitAUR, git-glAUR) (make)
- python-build (make)
- python-installer (python-installer-gitAUR) (make)
- python-setuptools (make)
- python-setuptools-scm (make)
- python-sphinx (python-sphinx-gitAUR) (make)
- python-wheel (make)
Latest Comments
1 2 Next › Last »
pekkarr commented on 2024-09-15 17:13 (UTC)
@gesh Thanks for the report, I updated the checksums.
gesh commented on 2024-09-15 10:44 (UTC)
https://gitlab.archlinux.org/pacman/pacman/-/commit/9548d6cc765b1a8dcf933e8b1b89d0bcc3e50209 changed the checksum calculation for repos with
.gitattributes
-- the checksums need to be updated.gesh commented on 2024-06-24 21:51 (UTC)
pekkarr commented on 2024-06-24 21:06 (UTC)
@gesh Thanks for the report, I added
python-setuptools
to makedepends.Version
2.2.1
had a runtime dependency onpython-setuptools
, which was removed in2.3.0
so I removed it from depends. I didn't realize that it was also a build time dependency, because it built successfully in a clean chroot because ofpython-setuptools-scm
pulling it in.This is because of better supply chain security. Like the XZ incident has shown, very few people (if any) validate that the tarball contents actually match the contents of the git repository. By pulling the source directly from git we eliminate the need for that extra validation step.
The risk with the tarball in this specific case is admittedly quite small, because Codeberg autogenerates it from the git tag, so compromising it would require compromising the Codeberg infrastructure. However, using git sources still eliminates that small risk.
I would prefer more packages adopting git sources for these reasons, or even adding it as a recommendation to the Arch Package Guidelines, but so far most non-VCS packages are using tarballs as sources.
gesh commented on 2024-06-24 18:32 (UTC)
Any reason the
python-setuptools
dep was removed in the latest commit? I can understand and would support making it a makedep, but relying onpython-setuptools-scm
pulling it in seems wrong.Also, why is the package pulling in the entire git history of the project, instead of the source tarball at
https://codeberg.org/miurahr/pykakasi/archive/v${pkgver}.tar.gz
? Not that it matters much (the entire repo is just 28M), but it's slightly weird to see a non-VCS package using VCS makedeps.pekkarr commented on 2024-01-03 11:37 (UTC)
@RockhopperP No problem. You can also build in a clean chroot to avoid locale issues.
RockhopperP commented on 2024-01-03 08:17 (UTC)
@pekkar It seemed to be a problem with my locale. KDE doesn't properly change locale settings for an individual user. When I set everything to US, I can install. Thanks answering!
pekkarr commented on 2024-01-02 13:08 (UTC)
@RockhopperP You don't need to manually patch anything. The
prepare
function inside the PKGBUILD applies the patch, andmakepkg
runs it automatically. The package should build just fine withmakepkg -C
RockhopperP commented on 2024-01-02 12:47 (UTC)
I'm lost how do I patch it? I manually tried to replace ["setuptools>=42", "wheel", "setuptools_scm[toml]>=3.5.0", "klepto"] with ["setuptools>=42", "wheel", "setuptools_scm[toml]>=3.5.0"] but that did not do the trick.
I need this for python-spotdl. Any help would be appreciated!
scenkner commented on 2023-10-21 14:30 (UTC) (edited on 2023-10-21 14:31 (UTC) by scenkner)
@txtsd Of course, I should have tried that first.
@pekkar Thank you for dummy proofing it for us!
1 2 Next › Last »