Re: Configuring cyrus-imapd for compilation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3/13/19 11:49 AM, Jason Tibbitts wrote:
> In general I agree with you, but for a distro the issue
> generally comes down to dependencies.
>
> In Fedora, for example, we split the virus scanning portion out to a
> separate package, because otherwise cyrus-imapd ends up with a
> dependency on clamav.  We want to avoid that because not everyone
> wants to maintain a clamav installation so we put the cyr_virusscan
> binary and its manpage in a separate subpackage.

Unfortunately that's not a model that works for the Arch Linux AUR.

Basically almost anyone can put out an AUR package (this is one of the reasons nearly everything in the linux ecosystem is readily available on Arch), but such packages are required to be text files only with absolutely no exceptions allowed. Most of the heavy lifting is done by a PKGBUILD file, which is essentially a fancy shell script which relies on the makepkg utility for interpretation. The PKGBUILD orchestrates downloading, configuring, and compiling software directly from upstream sources into a binary pacman package (think of it as Gentoo, but just for extra goodies and not the base system). In cases where only binaries are available, the PKGBUILD can download binaries from the official upstream source and convert them to an Arch package. Users are encouraged to examine these PKGBUILD files in order to make sure no one is attempting to install malware on their systems, but of course most don't, and there have been a couple of cases of AUR packages which attempted to sneak malware into the AUR. It's still a pretty good bazaar with no actual examples of serious malware deployment to date. Enough people do look at the PKGBUILD files, and most convenience utilities (e.g. yay or pacaur) try and make you look at the PKGBUILD even though they're doing the work for you.

Generally this system works amazingly well, but this is an example where it breaks down. And yes, it's precisely the dependencies which are an issue. I can list the packages found here:
 https://www.cyrusimap.org/imap/developer/compiling.html
as optional dependencies, but down the road someone will attempt to use a feature and likely won't run `pacman -Qi` to remind themselves of the necessity of these optional dependencies for that feature. The alternative, requiring the installation of all possible dependencies, seems unreasonable as well.

The saving grace is perhaps that this is a package aimed at systems administrators rather than ordinary users, and as such I might be able to get away with setting up an Arch Wiki page explaining what all the optional dependencies are.

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux