Talk:AUR helpers

From ArchWiki
Jump to navigation Jump to search

"Reference" implementation

This is an alternative to #Reliable Updater. Instead of an arbitrary set of test packages, we could write up a "specification" on what a reliable AUR helper should do. This should also be more helpful for potential AUR helper writers who otherwise have to wade through complex, fully-featured AUR helpers.

I propose a minimal reference implementation with the following points:

  • No client-side workarounds for upstream limitations. In particular, a reference implementation does not need to score full points on split packages, as makepkg --pkg was removed with pacman 5.
  • Minimal language constructs in e.g. a scripting language like dash.
  • Prefer simplicity of implementation over being fully featured. In particular, an implementation may only support git clone and not git diff.

My initial plan was to keep such an implementation in a man page aurhelper(7) (hosted as part of aurutils), but we can consider including on a sub-page of this article. It could be then linked from the comparison table. Thoughts? -- Alad (talk) 13:28, 8 March 2018 (UTC)

Generally agree with the idea, but I don't think there is a way around a set of PKGBUILDs that could be used to test helpers in a local AUR instance. F.e., I wouldn't define a "reliable" helper that doesn't handle split packages well. Since helpers are tolerated rather than supported, upstream limitations of the AUR might be temporary or permanent, meaning the limitation would actually be in the helper itself (f.e. like regex support). Also, I'd use pseudo code for such a reference as the actual implementation itself doesn't matter, unless you'd like to write a new minimalist helper. Spyhawk (talk) 15:26, 8 March 2018 (UTC)
Apart from FS#56602, I can't think of a case where upstream opposed removing limitations, even if helpers directly benefited. cf. the regex support discussed in [1] or the exit codes finally introduced in makepkg 5.1 which made automatic building significantly easier imo. To me it seems that the main reason we have these AUR limations is due to the minimal interest of helper writers in contributing upstream, and upstream itself having different priorities. Not sure why former is the case, the PHP codebase may play part in it - at least it does for me.
You can keep dash close enough to pseudo-code, I guess less so if you want a complete example rather than exemplary code blocks. For the PKGBUILD set, I use this: [2] -- Alad (talk) 18:34, 8 March 2018 (UTC)
My understanding is that changes that aren't invasive will be accepted upstream, but otherwise might be rejected (see [3]). One prominent example that comes to mind is FS#48796. It's not really relevant anymore since x86 has been officially dropped, but the solution would involve duplicating DB tables on the server, which isn't trivial to implement/migrate. Many of the feature requests involve non-trivial code change, which is the main reason nobody pushed patches; I dislike PHP but the language itself isn't too hard either. For regex, see the bottom of [4], which is the follow-up of your link above.
Your testsuite seems interesting (thanks for the link), but one advantage of having a fixed set of packages is that these packages might be updated and change, making these edge cases difficult to test. This happened quite a few times with my own list of test packages in the past and this was rather annoying. Spyhawk (talk) 20:20, 8 March 2018 (UTC)

Expand Secure criteria to include other (non-PKGBUILD) bundled files

[5], in particular [6]

The new criteria would be as follows:

  • PKGBUILD, no other files -> Partial
  • Other subset of files that includes the PKGBUILD -> Partial
  • No PKGBUILD -> No
  • All files in the git repo or tar archive -> Yes

Similar to the Diff view column. -- Alad (talk) 16:32, 4 July 2018 (UTC)

good idea, you also mentioned this for aurman a few months ago, see: https://github.com/polygamma/aurman/issues/25#issuecomment-371971155 really a good idea to implement it in a way, so that changes of all known files are being shown Polygamma (talk) 17:07, 4 July 2018 (UTC)
"All files in the git repo or tar archive -> Yes" What exactly do you mean by all files? Build files often contain non text files such as images. Git diff is smart enough to hide these but then you could consider that partial because not all files are covered.
In my opinion all a helper has to do to be secure it pause and allow the user to read the build files. The helper does not even need to offer to open them for you that's the user's responsibility. Anything more than that is nice to have but not strictly needed. Morganamilo (talk) 20:25, 4 July 2018 (UTC)
If this qualifies as "nice to have", there has to be an explicit warning that a green entry in the "Secure" column does not cover other files, files which may cause more harm than the PKGBUILD itself (such as .install files or exectuables called from the PKGBUILD). In either case it's misleading, since you either give the impression that viewing PKGBUILDs alone is sufficient (with the current criteria), or include a warning that diminguishes the value of the criteria in the first place.
Latter is similar to "Native pacman", in that you have a warning at the article top warning against any sort of pacman wrapping, and criteria in the table that ignore this warning, or even reward behavior which goes against it. -- Alad (talk) 17:07, 8 July 2018 (UTC)
That's a fair point, what about changing the name to "show files before sourcing" or something? Seems more accurate. Then it would make sense that not showing .install files to be partial. The only problem I see that it's not as hard hitting as "secure". Morganamilo (talk) 20:11, 8 July 2018 (UTC)
It cuts both ways: it's an effective deterrent against broken helpers, but it also gives the impression that using a "Secure" helper makes usage of the AUR safe, which it definitely doesn't. I'm not sure on what different name to use, though. -- Alad (talk) 17:25, 14 July 2018 (UTC)
I guess "File view" could work. -- Alad (talk) 17:44, 14 July 2018 (UTC)
The column name was updated to "File review". Are there remaining helpers that only display the PKGBUILD? (trizenAUR springs to mind) -- Alad (talk) 15:30, 23 August 2018 (UTC)

Native pacman revisited

As a follow-up to #Expand_Secure_criteria_to_include_other_.28non-PKGBUILD.29_bundled_files, the way "Native pacman" is used is misleading, since it depicts wrapping pacman as a generally positive thing. This contradicts the warning bundled with the criteria, as well that using the same syntax for official and user-submitted packages blurs the lines between packages that are supported, and packages that might arbitrary broken things; latter requiring careful attention before installation.

I see some alternatives:

  • Remove the column and move any entries that go against it to "problematic". The description of AUR_helpers#Discontinued_or_problematic would be adapted accordingly.
  • Keep the column but remove Green/Grey colors, potentially renaming both the column and its entries.

There's benefits in both approaches but implementing the first is less effort. -- Alad (talk) 17:21, 14 July 2018 (UTC) -- Alad (talk) 17:21, 14 July 2018 (UTC)

I think the second approach is best since it offers more information/overview over the first. I propose the following changes:
  • Native pacman -> Pacman wrapping (restore the original column name)
  • Yes [Green] -> Literal [Grey]
  • N/A [Grey] -> None [Grey]
  • Partial [Yellow] -> Modified [Yellow]
  • No [Red] -> Faulty [Red]
-- The color change would basically reflect the old "Syntax" column, which deliberately had no colors. See [7]. Alad (talk) 22:46, 21 July 2018 (UTC)
Works for me. I'm guessing the criteria will remain the same? Morganamilo (talk) 23:16, 21 July 2018 (UTC)
Yeah, unless someone brings new arguments to the table. I'll probably make some minor changes to fit the new wording. -- Alad (talk) 23:19, 21 July 2018 (UTC)
Actually, thinking about it how about faulty -> harmful? To me faulty kind of implies it's bugged out. While -Udd and such are usually purposely implemented. Morganamilo (talk) 23:25, 21 July 2018 (UTC)
I'm not sure, since a red entry on clean build/secure is just as harmful. I guess the latter are not done "on purpose" but due to negligence, unlike -Udd and friends as you mentioned.
Another point is whether to leave the column in place, or move it back to the end like the previous "Syntax" column. -- Alad (talk) 16:46, 23 July 2018 (UTC)
I'd argue clean build is not harmful. There is no real harm to a failed build, just inconvenience. Insecure is harmful but I believe 'insecure' reflects that.
I don't see a need to move the column as it still may contain red and yellow so it's not too out of place in between all the colored fields. Then again I have no complains against moving it either really.
Morganamilo (talk) 17:11, 23 July 2018 (UTC)
I experimented a bit with User:Svito/Deleteme, I like proposal with some changes:
  • Rename criteria to Pacman wrapper - for consistency with Reliable parser and Reliable solver
  • Yes - no color, table is colorful enough as it is, other columns being colorful already indicates they are different in nature so change to Literal is not requried
  • N/A - no color, create Template:-, use em dash to make it instantly distinguishable from Yes and other entries
  • Modified - yellow
  • Harmful - red, this column is otherwise colorless so having extra emphasis would not hurt, other columns have color to compliment yes/no
  • ✓ move column to the left of Secure instead to preserve 3 major criteria group as well as have colorful grouping
  • ✓ use Template:C for centered entries instead of longer string
-- Svito (talk) 09:57, 24 July 2018 (UTC), updated 10:00, 26 July 2018 (UTC)
I agree with all these changes apart that I'm not sure yet on the "Harmful" wording and that the emdash is a bit too long for my taste. -- Alad (talk) 10:22, 24 July 2018 (UTC)
[8] looks like a good approach since it immediately tells what's wrong instead of throwing fancy terms around -- Alad (talk) 17:07, 24 July 2018 (UTC)
edit: I think yaourt did some more things besides splitting -Syu, like manual database manipulation (!), but I'd need to check this again -- Alad (talk) 17:08, 24 July 2018 (UTC)
Yep: [9] It writes back the local pacman db with some mangled version. If you want crazy, look no further than yaourt. -- Alad (talk) 00:29, 26 July 2018 (UTC)
Thanks for doing research on this as I had trouble with reading yaourt source myself. I have merged major discussed changes to the table but did not change column names. -- Svito (talk) 09:33, 26 July 2018 (UTC)
Nice work. I ran out of tacos so here's a fancy hat instead.
I agree Pacman wrapper is a better name so I'll probably change it in the next few days unless there's objections. -- Alad (talk) 10:30, 26 July 2018 (UTC)
Now that it's called "Pacman Wrapper" it makes sense to have "No" instead of the dash don't you think? Morganamilo (talk) 17:55, 28 July 2018 (UTC)
It is not necessary feature but "nice to have" for a helper so I do not think change is needed here. -- Svito (talk) 18:02, 28 July 2018 (UTC)
I agree but isn't that the reason it's not colored? My intention was to have it as "No" but keep it grey. Morganamilo (talk) 18:07, 28 July 2018 (UTC)
It is same way as for Batch interaction and Shell completion, we don't use Yes/No there because there are multiple options, but with neutral dash for No. Whole point of this change is to have helpers that act as pacman wrapper clearly seen and those who do not not discriminated with No which is used in table to note lack of features or broken features. -- Svito (talk) 18:14, 28 July 2018 (UTC)
There's a slight discrepancy though, in that - is used when "is feature X well-implemented" does not apply due to not having feature X in the first place. "Pacman wrapper" on the contrary says "Does it have feature X?"; compare how neither Batch interaction nor Shell completion have Yes as entries, but shells and numbers, respectively.
Not sure on the best solution, in the shell completion sense you could change the column to command wrapper, but since there's no other relevant commands but pacman(8) to wrap that makes no sense either. -- Alad (talk) 14:22, 4 August 2018 (UTC)
I agree, hope Special:Diff/534929/next makes it more clear and avoids it looking like another Yes/No question. -- Svito (talk) 21:13, 18 August 2018 (UTC)
Not sure that's the best way to put it, since the only compliant pacman wrapper is one that doesn't wrap pacman at all, by the warning in the criteria. Perhaps we should choose a different approach entirely, and add some general column that warns on potential harmful behavior. This would be comparable to the "Notes" column in the GUI section. -- Alad (talk) 16:21, 19 August 2018 (UTC)

on the evils of yaourt

Can we try to be at least slightly fair when making fun of yaourt? Any user using the option "--backup: Backup or restore alpm local database. See Backup Options." is definitively requesting to write back a new alpm database, which is a far cry from your accusation which implies it just does so with the drop of a hat, moreover your implication that it does so with a "mangled" version which is simply entirely untrue (as this is no more or less mangled than any other old version). I cannot really imagine why I'd want to restore an old alpm database rather than fix the new, without throwing up my hands in despair and reverting to a complete backup of /, but that's just arguing that the option is useless, not that it's a dangerous, crazy way to implement the dubious functionality in the first place.

I get that it's fun to mock yaourt, but I'm perpetually shocked that even most competent people rarely manage to mock yaourt in a competent manner. There's definitely what to be mocked about yaourt, how about you mock that instead?

-- Eschwartz (talk) 03:17, 29 July 2018 (UTC)

Split pacman wrappers

Please review this proposal, compiled from #Native pacman revisited discussion and User:Svito/AUR helpers contributions:

  • split #Active section/table into #AUR only and #Pacman wrappers
  • order sections by increase of functionality: #Search and download only -> #AUR only -> #Pacman wrappers
  • move pacman criteria inside the #Pacman wrappers section
  • move helpers from #Discontinued and problematic into above tables, add (discontinued) next to package name and color name cell grey
As there is a difference between what subset of features abandoned helpers implement I think it is more appropriate to put them into comparison to other helpers implementing similar functionality and share warning notes in case of pacman wrappers that do not apply to other helpers.

-- created 02:08, 23 August 2018 (UTC), last edited -- Svito (talk) 19:47, 23 August 2018 (UTC)

On the separate points:
  • I'd wait for more opinions on [10], or reword it to be less pedantic/more formal. There's also exception cases like naamanAUR, which uses pacman syntax for operations restricted to AUR, or even yaourtAUR which flashes a big warning whenever you try to install an AUR package.
  • The criteria and "bad wrap" column might also need some adaptations to the new structure. I'd consider dropping the criteria entirely and leaving the warning in place, because helpers like pikaurAUR have shown that trying to be exhaustive is bound to failure.
Essentially I'd go with the approach in AUR_helpers#Graphical: known derivations result in a helper getting a red entry, period. The previous criteria could be kept as "guidelines" and moved to the talk page, as they might be still useful to helper authors. -- Alad (talk) 15:23, 23 August 2018 (UTC)
-- Alad (talk) 15:25, 23 August 2018 (UTC)
I drop warning suggestion entirely for now and back to single line warning about potential to break the system. -- Svito (talk) 19:47, 23 August 2018 (UTC)
Sounds good. I would like to keep a reminder that these tools may, at any point, add unsafe flags or break the system in other ways, though. After all these are third-party tools not audited by any arch or pacman developers, yet meant to replace pacman(8) in one way or another. -- Alad (talk) 07:22, 24 August 2018 (UTC)

add back aurman

Special:Diff/536043/next, github comment: I am sorry to hear unfortunate news that Polygamma was overwhelmed by diverse user feedback and felt the need to discontinue the project. Despite author request we should probably not remove it completely from wiki but make it visible in discontinued section. As author deserves his peace, readers also deserve to know what happened to the project and I don't think that having it clear aurman is discontinued on the wiki would direct more hate towards the author and his project (at least I hope there are no such people willing to resort to that kind of waste of time). -- Svito (talk) 17:47, 21 August 2018 (UTC)

aurman is not discontinued or problematic. I'll still be developing it, but only for myself, which means that it has no place in the aur wiki. Polygamma (talk) 17:55, 21 August 2018 (UTC)
Essentially, that issues have been disabled, and aurman will be developed according to Polygamma's whim. It will continue to work, and see whatever improvements Polygamma decides to implement himself, but no more customer user support will be provided. ;)
Of course, anyone with an idea for implementation, who is willing to put in the time to code it themself and submit a pull request, will be evaluated on merit -- and such contributions are likely to be significant higher quality than the norm.
-- Eschwartz (talk) 21:13, 21 August 2018 (UTC)
Understandable. What about displaying it like on User:Svito/AUR helpers#Pacman wrappers, at the bottom of the table, colored gray and "Not for public use" in Notes column? It is not like new readers will pick helper from the bottom of the table and will be complaining about it. But returning readers will not be confused by their favourite helper not being there. I think more readers should know that aurman is not developed for people who need any kind of support. -- Svito (talk) 21:43, 21 August 2018 (UTC)
I guess I am fine with the grey entry at the bottom. Closed development sounds fine, too. Polygamma (talk) 22:57, 21 August 2018 (UTC)
Cool, thank you for your time and effort! -- Svito (talk) 23:02, 21 August 2018 (UTC)

customizepkg/ programmatic package customisation

I wish to have added a column displaying if the AUR helper supports customizepkg or another/ an own way of programmatically changing packages before installation. This functionality should include that when doing an upgrade, and it is detected that the build should be modified with regard to the official package, the package should instead be built from source. Should apply to official Arch Linux packages and AUR packages and optionally also other (unofficial) repositories schould be supported.

(My use of customizepkg is with the flavour customizepkg-scripting, and I use it to build packages with own options, or with own patches to upstream surces, and I use it integrated into a system upgrade ("-Su"), it will show which packages are upgraded but have a customizepkg hook and instead of downloading the binary, it will be a customised built from source with the newest version)

yaourt does this but has some bugs, yaourtix fixes some of those bugs (but still depends on outdated yaourt).

Dreieck (talk) 10:10, 23 August 2018 (UTC)

This is not a basic feature, but a specificity, much like building in chroots or using local repos. As such a separate column is not warranted. However, this functionality is already fulfilled by git(1) (Git clone column): local changes can be kept with git-commit(1) and are applied through git-rebase(1).
The same applies to git helpers for the official repositories, like asp, which are outside the scope of this article. -- Alad (talk) 15:09, 23 August 2018 (UTC)

proper batch interaction 2 and 3

Is there even a way to implement this feature correctly?

I do not know much so correct me if I'm wrong but the proper way to do 2 and 3 for something like wrapper repopkg aurpkg seemingly is:

  1. copy sync db and perform sync on copied db, avoiding possible partial upgrades in the system
  2. find repopkg and aurpkg using copied sync db and AUR backend respectively
  3. [user] package confirmation
  4. get all AUR package files of aurpkg and its AUR deps
  5. [user] batch inspection
  6. loop: if new AUR deps introduced get package files for those too and do another batch inspection
  7. calculate solutions
  8. [user] batch queue updates and resolutions
  9. sync sync db with its copy and perform system upgrade
  10. perform other package operations in resolved order
  11. build and install AUR packages in resolved order

-- Svito (talk) 13:50, 26 August 2018 (UTC)

For 2/ the biggest pitfall to avoid is to calculate the solution for AUR deps on the basis of completely updated repo packages, not on the basis of the currently installed packages (f.e., the way it is done in yaourt can lead to some issues. From what I've seen, all of the other helpers (aurman, pikaur, yay) have some issues in their latest iterations with 2/, though aurman does better than the rest). -- Spyhawk (talk) 14:27, 26 August 2018 (UTC)
I agree. Maybe it is not clear but I assumed points 1-8 have to be done with up-to-date copy of sync db, not sync db and not local db(both of which remain unchanged up to point 9). You can even do regular -Syu at point 9 and after it completes compare if by few minutes program and user were involved with 1-8 your copy of sync db was outdated, calculate solutions again and if they are different just bail out or ask user to confirm resolution operations again. -- Svito (talk) 16:08, 26 August 2018 (UTC)