LinuxQuestions.org
Page 1 of 3 1 23
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Krusader slackbuild 14.2 - no source available (https://www.linuxquestions.org/questions/slackware-14/krusader-slackbuild-14-2-no-source-available-4175605867/)

Gerard Lally 05-13-2017 03:13 PM
Krusader slackbuild 14.2 - no source available
 
Been like this for a while now. Is it not possible for the maintainer to use the source available at the official krusader website instead of using some unaudited git version at his own mirror which is as often as not unavailable?

Didier Spaier 05-13-2017 03:29 PM
Having seen this I assume that Andrzej made the choice of shipping a git version as it includes commits not applied to 2.4.0-beta3 and on the another hand 2.6.0 require Qt5. Just a guess. Maybe what you could suggest if that is the case that the source file be stored elsewhere, maybe @ sbosrcarch?

Anyway I suggest that you send an email to Andrzej about the issue and post on the SBo mailing list if you don't receive an asswer within a week or two, as suggested here.

Gerard Lally 05-13-2017 03:56 PM
Thanks Didier. It's now the third or fourth day I've tried to install this through sbopkg. I shouldn't have let the red mist descend. Having said that, it doesn't reflect very well on Linux generally or Slackbuilds specifically when this kind of thing happens with a stable release. Installing from source is easy with krusader but I was trying to keep everything as close to official as possible.

bassmadrigal 05-13-2017 11:18 PM
I ran into this issue a while back and I had Andrzej send me the source. I have it on my server if you'd like to use it.

**Link removed** (please PM me if you need a copy before the update gets pushed to SBo)

The MD5 should match the krusader.info entry (f83558662166a1537aedaaa6b1e22c4d)

EDIT: If you decide to get it, let me know when you do so I can remove the link. I don't want it to eventually 404 when I pull the source from the server.

orbea 05-14-2017 09:13 AM
Someone should probably replace the link at SBo with one hosted on a server that usually doesn't go down...

Alien Bob 05-14-2017 09:43 AM
Quote:
Originally Posted by orbea (Post 5710536)
Someone should probably replace the link at SBo with one hosted on a server that usually doesn't go down...
... or provide script that creates the tarball for you. Note that there have been some relevant commits to the krusader repository since that 20150309 commit. The most recent commit "389b153" has the date "20160328".
I wrote a quick script which checks out that latest commit and creates a tarball for you. It won't matter if there will be future commits - the script will check out that exact commit for you always.
So if you want the "git_20150309_13fa966" version to match the SBo entry instead, you need to just change one line of the script: "HASH=389b153" into "HASH=13fa966"

Code:
#!/bin/sh

BRANCH=kde4
HASH=389b153
GITURI=git://anongit.kde.org/krusader.git

# Checkout the repository:
if [ -d krusader-git*${HASH} ] ; then
  cd krusader-git*${HASH}
    git checkout ${BRANCH}
    git pull origin ${BRANCH}
  cd -
else
  git clone ${GITURI} krusader-${HASH}/
fi

# Checkout the exact commit:
cd krusader-*${HASH}/
git checkout ${BRANCH}
git checkout ${HASH}

# Retrieve the date of the commit:
COMMITDATE=$(git show -s --format=%cd --date=format:%Y%m%d ${HASH})

cd -

# Rename the source directory if this is the first time we cloned it:
if [ -d krusader-${HASH} -a ! -d krusader-git_${COMMITDATE}_${HASH} ]; then
  mv krusader-${HASH} krusader-git_${COMMITDATE}_${HASH}
fi

# Create the tarball:
tar --exclude .git -Jcf krusader-git_${COMMITDATE}_${HASH}.tar.xz krusader-git_${COMMITDATE}_${HASH}

orbea 05-14-2017 10:49 AM
I have to say I rather like this, I'm going to have to start using it. :)

Code:
COMMITDATE=$(git show -s --format=%cd --date=format:%Y%m%d ${HASH})
Before in my own git slackbuilds I was using this which calls several more binaries...

Code:
DATE="$(date -d "$(git log | awk '/Date:/ {print $4 " " $3 " " $6}' | head -1)" +%Y.%m.%d)"

bassmadrigal 05-14-2017 11:45 AM
Quote:
Originally Posted by Alien Bob (Post 5710547)
... or provide script that creates the tarball for you. Note that there have been some relevant commits to the krusader repository since that 20150309 commit. The most recent commit "389b153" has the date "20160328".
The only issue I see is that SBo doesn't allow scripts to download sources. But you could set the download link to be the archive of that commit, so that it will always download the source from github.

Code:
https://github.com/KDE/krusader/archive/389b153/krusader-389b153dab661dfc93423ce64d36bfee7843d33c.tar.gz
I reworked the script and .info to use that, and the diff is below.

Code:
diff --git a/system/krusader/krusader.SlackBuild b/system/krusader/krusader.SlackBuild
index e6a3913..4b597bb 100644
--- a/system/krusader/krusader.SlackBuild
+++ b/system/krusader/krusader.SlackBuild
@@ -26,7 +26,8 @@
 #  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 PRGNAM=krusader
-VERSION=${VERSION:-git_20150309_13fa966}
+VERSION=${VERSION:-389b153}
+SRCVER=${SRCVER:-389b153dab661dfc93423ce64d36bfee7843d33c}
 BUILD=${BUILD:-1}
 TAG=${TAG:-_SBo}

@@ -62,9 +63,9 @@ set -e
 rm -rf $PKG
 mkdir -p $TMP $PKG $OUTPUT
 cd $TMP
-rm -rf $PRGNAM-$VERSION
-tar xvf $CWD/$PRGNAM-$VERSION.tar.xz
-cd $PRGNAM-$VERSION
+rm -rf $PRGNAM-$SRCVER
+tar xvf $CWD/$PRGNAM-$SRCVER.tar.gz
+cd $PRGNAM-$SRCVER
 chown -R root:root .
 find -L . \
  \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
diff --git a/system/krusader/krusader.info b/system/krusader/krusader.info
index 7c6aa9c..8422545 100644
--- a/system/krusader/krusader.info
+++ b/system/krusader/krusader.info
@@ -1,8 +1,8 @@
 PRGNAM="krusader"
-VERSION="git_20150309_13fa966"
+VERSION="389b153"
 HOMEPAGE="https://krusader.org/"
-DOWNLOAD="http://mirror.telszewski.net/source/krusader/krusader-git_20150309_13fa966.tar.xz"
-MD5SUM="f83558662166a1537aedaaa6b1e22c4d"
+DOWNLOAD="https://github.com/KDE/krusader/archive/389b153/krusader-389b153dab661dfc93423ce64d36bfee7843d33c.tar.gz"
+MD5SUM="f0a98626e73e560a5338a2871bddf935"
 DOWNLOAD_x86_64=""
 MD5SUM_x86_64=""
 REQUIRES=""

atelszewski 05-14-2017 01:01 PM
Hi,

Long story short, I'm out of time till the end of May.

My server had a disk failure, it'll be fixed next month.
That's the reason the source is not available.

The reason I chose to host the source myself is to shorten the version string (i.e. not using the full git hash).

The reason I chose that particular commit is that it has some more or less useful changes after the 2.4.0-beta and it is the last commit that still compiles on KDE4.

P.S.
Jeremy Hansen emailed me with some hints on how I can solve the situation and not host the source on my server.
I can't believe I haven't figured it out before ;-)
Thanks Jeremy :-)

--
Best regards,
Andrzej Telszewski

Gerard Lally 05-14-2017 01:21 PM
Quote:
Originally Posted by bassmadrigal (Post 5710371)
I ran into this issue a while back and I had Andrzej send me the source. I have it on my server if you'd like to use it.
Thanks for your kind offer. The problem really is that this situation reflects badly on Slackbuilds for a stable release. No offence, but the problem is not resolved by yet another private individual temporarily stepping in with his own private server. I had a similar situation with the Xen slackbuild last year. It takes quite a leap of faith to trust a Level 1 hypervisor hosted on a private server when the source is already available at the official Xen download site. Trust should not be taken for granted, especially given that Slackbuilds - built and installed as root - do not honour the principle of least privilege.

Gerard Lally 05-14-2017 01:23 PM
Quote:
Originally Posted by Alien Bob (Post 5710547)
I wrote a quick script which checks out that latest commit and creates a tarball for you. It won't matter if there will be future commits - the script will check out that exact commit for you always.
Thank you Eric.

atelszewski 05-14-2017 02:07 PM
Hi,

I've just sent SlackBuild update, so that the source is downloaded from github.

--
Best regards,
Andrzej Telszewski

55020 05-14-2017 03:01 PM
Quote:
Originally Posted by Gerard Lally (Post 5710623)
The problem really is that this situation reflects badly on Slackbuilds for a stable release. No offence, but the problem is not resolved by yet another private individual temporarily stepping in with his own private server.
This is complaint 1 of 3 :)

It may not be much consolation, because it's another instance of the "private individual + private server" design pattern, but pretty much every SlackBuild's source tarball is mirrored at sbosrcarch, http://slackware.uk/sbosrcarch/ which is a heroic co-production between Urchlay and Tadgy. Taking this to the next level, some of the more popular build tools are sbosrcarch-aware and will automatically substitute a download from sbosrcarch if the canonical download is found to be unavailable.

I see no way that SlackBuilds.org could do a better job than sbosrcarch. We could, however, and probably should, update the FAQ etc to mention sbosrcarch. Meanwhile, please accept this post as an interim update.

Quote:
Originally Posted by Gerard Lally (Post 5710623)
It takes quite a leap of faith to trust a Level 1 hypervisor hosted on a private server when the source is already available at the official Xen download site. Trust should not be taken for granted.
This is complaint 2 of 3 :)

It may not be much consolation, but in this scenario, you are Emperor Nero, and me and Willy are your food tasters. If a maintainer wants to poison you, then me or Willy will get poisoned first when we review the submission. We don't want to get poisoned, so mirrors and repacks and self hosted tarballs are a last resort -- we always prefer to download from the canonical provenance.

There are also some cases where the SlackBuild is for software written by the actual maintainer. This is the ultimate instance of the self-hosted tarball. There is no way of banning self-hosted tarballs without banning software creators from supporting Slackware by providing SBo SlackBuilds.

Quote:
Originally Posted by Gerard Lally (Post 5710623)
especially given that Slackbuilds - built and installed as root - do not honour the principle of least privilege
This is complaint 3 of 3 ;)

First, not being root will help to protect you from erroneous software, but it won't protect you from malicious software. The files I truly care about on my boxes are not those in /usr/lib64 or /etc, but those in /home/d.

Second, there is at least one build tool that supports non-root building and packaging. All the SlackBuilds I review are built this way and test-installed to see what happens.

Thanks for raising these valid concerns, it's not often that we have the chance to explain the background ideas (and limitations) of our trust model.

Gerard Lally 05-14-2017 03:23 PM
Quote:
Originally Posted by 55020 (Post 5710636)
It may not be much consolation, but in this scenario, you are Emperor Nero
That'll do Me. Thanks!

Didier Spaier 05-14-2017 03:24 PM
Quote:
Originally Posted by 55020 (Post 5710636)
Second, there is at least one build tool that supports non-root building and packaging.
fakeroot is my friend. Not because I don't trust other people's work, rather as a protection against my own stupidity (I have messed up perms in big sub-trees more than once building my own packages).


All times are GMT -5. The time now is 11:13 AM.
Page 1 of 3 1 23
Show 50 post(s) from this thread on one page