Package Details: goreleaser v0.139.0-5

Git Clone URL: https://aur.archlinux.org/goreleaser.git (read-only, click to copy)
Package Base: goreleaser
Description: Deliver Go binaries as fast and easily as possible
Upstream URL: https://goreleaser.com
Keywords: go golang releaser
Licenses: MIT
Conflicts: goreleaser-bin
Provides: goreleaser
Submitter: ldez
Maintainer: ldez
Last Packager: ldez
Votes: 6
Popularity: 1.30
First Submitted: 2019-01-06 07:11
Last Updated: 2020-07-07 07:10

Dependencies (4)

Required by (0)

Sources (1)

Pinned Comments

ldez commented on 2020-06-12 22:03

Since 2020-06-13, this package is built from the GitHub's sources tarball related to a release.

The binary version: https://aur.archlinux.org/packages/goreleaser-bin/

Latest Comments

1 2 Next › Last »

pancho commented on 2020-06-13 04:33

Regarding the availability of the checksum upstream (github), I've requested the feature via: https://support.github.com/contact/feedback

See https://stackoverflow.com/questions/29671303/where-to-get-md5-hashes-from-a-github-release

I understand that GitHub can genenerate the .tar.gz/.zips on the fly with varying compressor versions, and produce slightly different files from one call to another :-/, and thus making the checksums unreliable.

pancho commented on 2020-06-13 03:47

The checksum of the sources is not available. If I add a checksum, it will be the checksum after downloading the tarball locally, so for me, it's an unreliable checksum.

On the contrary. By registering the checksum you obtain when you download the sources, you are allowing the users to verify that the package is built against precisely the same sources. This is important, because if upstream release is altered in any way, the users (and you) need to know. It could be a case of upstream re-releasing (rare, but happens), or (even rarer) a case of hacking. Or GitHub could be misbehaving and serve an empty file. At any rate, I think we are better off with the checksum in.

If upstream provides a checksums file, it's ok, but not needed for AUR packager to add the locally generated checksums to the PKGFILE. In fact, may projects don't event provide them!

My 2¢.

ldez commented on 2020-06-13 03:27

The checksum of the sources is not available. If I add a checksum, it will be the checksum after downloading the tarball locally, so for me, it's an unreliable checksum.

pancho commented on 2020-06-13 02:36

Nice work, @ldez!

One more request: could you prime the sha256sums array with the actual checksum?

Also, please consider using the recommended build flags by the Go packaging guidelines¹.

Thanks a bunch!

¹: https://wiki.archlinux.org/index.php/Go_package_guidelines

ldez commented on 2020-06-12 22:03

Since 2020-06-13, this package is built from the GitHub's sources tarball related to a release.

The binary version: https://aur.archlinux.org/packages/goreleaser-bin/

ldez commented on 2020-06-12 16:10

I will update the package to use sources and I will create another package called goreleaser-bin.

The checksums issue is fixed.

pancho commented on 2020-06-12 16:09

I'd also suggest that you add docker as an opt dependency, since goreleaser can also build and push Docker images \o/

Thanks again.

pancho commented on 2020-06-12 16:06

BTW, I'd suggest you to rename this package to goreleaser-bin, since it is a bin-only package (so that there can be for instance a goreleaser package that builds goreleaser from the sources). See ¹,² for reference.

¹: https://wiki.archlinux.org/index.php/AUR_submission_guidelines

"Packages that use prebuilt deliverables, when the sources are available, must use the -bin suffix"

²: https://www.quora.com/What-is-the-difference-between-git-vs-bin-in-Arch-Linux-AUR#:~:text=Typically%2C%20an%20aur%20package%20ends,as%20a%20pacman%20compatible%20zip.

Thanks for the packaging!

Happy hacking,

pancho commented on 2020-06-12 15:53

Hi!

The checksums needs updating. I've put the one for Linux x86_64 on https://github.com/goreleaser/goreleaser/releases/download/v0.138.0/goreleaser_checksums.txt and that one passes.

Thanks!

greut commented on 2020-06-12 15:51

There is a checksum issue. Thanks for the maintainer work btw.