Package Details: rua 0.13.10-1

Git Clone URL: https://aur.archlinux.org/rua.git (read-only)
Package Base: rua
Description: secure AUR helper written in Rust
Upstream URL: https://github.com/vn971/rua
Keywords: aur rust
Licenses: GPL3
Submitter: vasya
Maintainer: vasya
Last Packager: vasya
Votes: 3
Popularity: 0.575621
First Submitted: 2018-10-29 14:26
Last Updated: 2019-06-16 10:27

Latest Comments

1 2 Next › Last »

vasya commented on 2018-10-31 00:11

I've removed all rustup invocations from the PKGBUILD. Something worth considering though is that ~/.cargo (and possibly ~/.rustup) are shared with normal $HOME anyway. I guess that's a common property of all AUR packages using cargo though.

vasya commented on 2018-10-30 23:23

@eschwartz, to address a very specific comment:

only if you're using your own unsupported helper

Said problem appears whenever rustup is used. If you haven't used it before (for this unix user), this is what you'll get.

Regarding $HOME. Would using cargo itself be safe? It does fetch dependencies and store them in ~/.cargo too... I'd really want a way around this myself...

vasya commented on 2018-10-30 23:17

@Morganamilo > Why not just depend on rust? -- That would be ideal. Unfortunately, however, the "rustup" and "rust" packages are in conflict. If the user already uses "rustup", they will have to uninstall it.

coderobe commented on 2018-10-30 23:17

Eli already echoed what i told you on IRC earlier, but for some reason you've only removed parts of it. Could you please get rid of the rest as well? Your package is not special, and this dance is not required - not to mention that your implementation of said hack isn't particularly good either. Seeing your complete lack of understanding on irc regarding this, consider this a warning...

eschwartz commented on 2018-10-30 23:11

puts on Trusted User hat

Suddenly using rustup and installing a toolchain to the user's $HOME is not okay, moreso when the need for doing so is only if you're using your own unsupported helper which breaks this.

If users use rustup, that's their problem, and I guess they shouldn't use toolchains that install themselves to $HOME in order to build packages. This very program was supposedly supposed to prevent issues like this -- it's ironic that the only way to build this PKGBUILD in a sane manner, is to use the program you haven't built yet to do it!

vasya commented on 2018-10-30 19:18

Morganamilo: I guess it's kinda controversal then. From my point of view, requiring anything at all from $HOME when building packages is not nice. Had this story with some PKGBUILDs before, was never happy when such constraint breaks. Especially because I build packages from a separate user. Let's leave it as-is then, for now.

Morganamilo commented on 2018-10-30 18:54

I'll say that AUR helpers are not supported.

If this package fails to build because of a specific helper then it should be on the helper to make it work, not the pkgbuild. (even if this pkgbuild is for that helper).

But that's just what I think. If you do care about having a good pkgbuild you should probably ask on the forums/mailing list/irc to see what they come up with.

vasya commented on 2018-10-30 18:10

Morganamilo: another thing about rustup and RUA. The latter currently isolates your $HOME directory, unless you whitelist some paths in ~/.config/rua/wrap_args.sh. So if you e.g. build RUA inside stock RUA, the PKGBUILD script will have empty $HOME and will not be able to work without a rustup command. I understand that it soulds like unneeded complexity, but naturally, I do want this PKGBUILD to be buildable in a clean environment.

Put it another way. If the environment is shared and properly configured, then these configuration lines will never be "hit". Thoughts?

Morganamilo commented on 2018-10-30 16:39

If a user decides to use rustup it should be their responsibility to manage it. I think it's a bad idea for a pkgbuild to start installing something.

To rephrase what I said. Why not just depend on there already being a valid rust environment already set up like other packages do?

vasya commented on 2018-10-30 16:19

Morganamilo: the package does in fact depend on cargo, which is provided by both rust and rustup. So if you have rust installed, everything will work just fine for you.

If, however, you decide to go with rustup, you NEED to also download&install the stable version using rustup itself. This is a rustup limitation, not mine.

EDIT: in other words, users that decide to use rustup cannot just install it via pacman and be ready to build.:( The missing steps are ensured by this PKGBUILD.