renovate
renovate copied to clipboard
renovatebot
Arch Linux `PKGBUILD` support
What would you like Renovate to be able to do?
Arch Linux packages are built from PKGBUILD^1 files. A PKGBUILD is a shell script containing the build information required by Arch Linux packages. It contains the source^2 and pkgver^3.
Renovate should be able to extract the source and version, and open PRs for updates.
This will benefit maintainers of the Arch User Repository^4 (AUR), which hosts unofficial user-produced content, as well as potentially supporting Arch Linux Trusted Users^5, who provide official Arch Linux packages, in the future. Currently, official Arch Linux packages are stored in SVN^6. However, there is ongoing work to migrate packages to a self-hosted GitLab server^7. Arch Linux currently uses Renovate on their server^8
If you have any ideas on how this should be implemented, please tell us here.
Alongside the PKGBUILD, Arch Linux packages also have a .SRCINFO^9 package. This is a static file of package metadata, so that tools may retrieve a package's metadata without parsing the PKGBUILD directly.
Using the .SRCINFO to extract a package's source (often GitHub) and updating both PKGBUILD and .SRCINFO when opening PRs will be required.
Is this a feature you are interested in implementing yourself?
Yes
Hi there,
You're requesting support for a new package manager. We need to know some basic information about this package manager first. Please copy/paste the new package manager questionnaire, and fill it out in full.
Once the questionnaire is filled out we will evaluate if adding support for this manager is something we want to do.
Good luck,
The Renovate team
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
New package manager questionnaire
Did you read our documentation on adding a package manager?
- [x] I've read the adding a package manager documentation.
Basics
Name of package manager
One of:
-
arch-linux -
pkgbuild -
makepkg
What language does this support?
Arch Linux PKGBUILDs
How popular is this package manager?
Arch Linux (and distributions built on it like Manjaro and SteamOS) is one of the more popular Linux distributions.
A quick search shows >800k PKGBUILDs on GitHub alone
Does this language have other (competing?) package managers?
- [ ] Yes (give names)
- [x] No
Package File Detection
What type of package files and names does it use?
PKGBUILD and .SRCINFO
What fileMatch pattern(s) should be used?
(^|/)\.SRCINFO
Is it likely that many users would need to extend this pattern for custom file names?
- [ ] Yes
- [x] No
Is the fileMatch pattern likely to get many "false hits" for files that have nothing to do with package management?
No
Parsing and Extraction
Can package files have "local" links to each other that need to be resolved?
PKGBUILD and .SRCINFO must stay in sync
Is there a reason why package files need to be parsed together (in serial) instead of independently?
What format/syntax is the package file in?
- [ ] JSON
- [ ] TOML
- [ ] YAML
- [x] Custom (explain below)
See .SRCINFO on the Arch Linux wiki
How do you suggest parsing the file?
- [ ] Off the shelf parser
- [ ] Using regex
- [x] Custom-parsed line by line
- [ ] Other
Does the package file structure distinguish between different "types" of dependencies? e.g. production dependencies, development dependencies, etc?
- [ ] Yes, production and development dependencies
- [x] No, all dependencies are treated the same
List all the sources/syntaxes of dependencies that can be extracted
Describe which types of dependencies above are supported and which will be implemented in future
Versioning
What versioning scheme does the package file(s) use?
Mostly semver, or loose semver
Does this versioning scheme support range constraints, e.g. ^1.0.0 or 1.x?
- [ ] Supports range constraints (e.g
^1.0.0or1.x) - [x] No
Is this package manager used for applications, libraries, or both? If both, is there a way to tell which is which?
- [x] Applications
- [ ] Libraries
- [ ] Both (explain how to tell which is which)
If ranges are supported, are there any cases when Renovate should pin ranges to exact versions if rangeStrategy=auto?
Lookup
Is a new datasource required? Provide details
- [ ] Yes, provide details.
- [x] No.
Will users need the capability to specify a custom host/registry to look up? Can it be found within the package files, or within other files inside the repository, or would it require Renovate configuration?
No
Do the package files have any "constraints" on the parent language (e.g. supports only v3.x of Python) or platform (Linux, Windows, etc.) that should be used in the lookup procedure?
No
Will users need the ability to configure language or other constraints using Renovate config?
No
Artifacts
Are lock files or checksum files used? Are they mandatory?
.SRCINFO and PKGBUILD must be kept in sync. Checksums are required to be updated as well.
If so, what tool and exact commands should be used if updating one or more package versions in a dependency file?
updpkgsums^1 can be used to update checksums. It's available in the pacman-contrib^2 package or as a standalone shell script^3.
If applicable, describe how the tool maintains a cache and if it can be controlled via CLI or environment variables? Do you recommend the cache be kept or disabled/ignored?
If applicable, what command should be used to generate a lock file from scratch if you already have a package file? This will be used for "lock file maintenance"
Other
Is there anything else to know about this package manager?
Do we need full packman or is the updpkgsums.sh script enough to update checksums?
We need makepkg and updpkgsums, but it looks like both of those are shell scripts. The shell scripts should be enough.