On 05/23/2013 06:09 PM, John.Florian@xxxxxxxx wrote:
> From: pknirsch@xxxxxxxxxx > On 05/23/2013 04:47 PM, Paul Flo Williams wrote: > > John.Florian@xxxxxxxx wrote: > >>> From: Rahul Sundaram <metherid@xxxxxxxxx> > >>> What I would like to see is > >>> solid git integration. Git has become the standard distributed vcs > >>> and github and google code etc have stopped hosting tarballs and/or > >>> discouraging it and GNOME is planning to do that as well. If Source > >>> URL could point directly to a git url with a hash or git tag, we > >>> would benefit. > >> > >> Amen to that! I roll my own rpms daily from locally developed sources > >> where we have no policy of pushing tarballs. From everything I've ever > >> been able to figure out, it's necessary for me to make temporary tarballs > >> just to feed rpmbuild. It always seems such a huge waste of time, > >> especially for very large packages. > > > > RPM would still be making tarballs behind the scenes, even with better > > integration with git, wouldn't it? -- you still need the ability to make > > SRPMs. > > > > But rpm could just do a git-tar-tree behind the scenes, which sounds > easy enough. Exactly. And even though I have to give rpmbuild a tarball, I don't believe it ever reuses it "as is". My understanding is that the content gets extracted, processed and tarballed again.
I dont know what gave you such an idea, rpm certainly does nothing of the sort. The tarball is obviously extracted for building, but what ends up in the src.rpm is the original tarball and the patches defined in the spec - this is the "pristine sources" principle:
http://rpm.org/max-rpm-snapshot/ch-rpm-philosophy.html#S1-RPM-PHILOSOPHY-PRISTINE-SOURCES
I'd like to see it behave more the way I expected it to when I naively first started rolling my own packages. Specifically, it would be nice if the %Source URI was processed intelligently to automatically retrieve the content via HTTP, FTP, GIT, FILE or whatever (within reason) happens to be specified there.
Rpm >= 4.10 can automatically download remote sources and patches over http and ftp, but since there's (currently) no way to verify downloaded content the feature is disabled by default as its quite a security risk to download arbitrary content from the internet without checking checksums at least.
- Panu -
-- John Florian
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
