



















I would like to package https://github.com/kuznetz/cockpit-port-forward
# Maintainer: daniel.e.shub@gmail.com
pkgname=cockpit-port-forward
pkgver=1.0
pkgrel=1
pkgdesc="Provides a UI within the Cockpit web console for managing firewalld port forwarding rules"
arch=('any')
url="https://github.com/kuznetz/cockpit-port-forward"
license=('MIT')
depends=('cockpit')
makedepends=('nodejs' 'npm')
source=("https://github.com/kuznetz/${pkgname}/archive/refs/tags/v${pkgver}.zip")
sha256sums=('646bbd2d377b216e9bd129ffd074b9c7de40b9a527fa9a88c8661f44a5132da3')
build() {
cd "${pkgname}-${pkgver}"
export npm_config_cache="${srcdir}/npm-cache"
npm ci
npm run build
}
package() {
mkdir -p "${pkgdir}"/usr/share/cockpit/
cp -a "${srcdir}/${pkgname}-${pkgver}/port-forward" "${pkgdir}"/usr/share/cockpit/
}It nominally builds fine for me and work great. I have never package before, so I want to confirm the export, ci, build steps are reasonable.
My big concern is that during the build I get
76 packages are looking for funding
run `npm fund` for details
19 vulnerabilities (1 low, 11 moderate, 7 high)
To address issues that do not require attention, run:
npm audit fixAre these real issues with the upstream code, or its dependencies, that should prevent me from packaging and using it until they are fixed, or can I "safely" ignore them?
The NPM vulnerability warnings are an upstream issue rather than a PKGBUILD issue. They may originate from the application itself or any of its dependencies (or deps of deps), and are common when packaging Electron or Node.js applications.
This generally shouldn't prevent you from packaging or using the software, and it is not unusual for npm audit to report vulnerabilities even for actively maintained projects.
So I don't want to just say you can safely ignore them, but you can safely ignore them. NPM audit is very noisy, and the full dependency list can be in the thousands.
Ryzen 7 9850X3D | AMD 7800XT | KDE Plasma
Thanks. I think I am going to wait to see if there is a response from upstream. Seems like they go the package up and running, listed as an unofficial plugin for cockpit and have walked away. While useful to me, it might not be something that anybody will ever use.
PKGBUILD (cockpit-port-forward) W: Non-unique source name (v1.0.zip). Use a unique filename.You can rename the archive locally or have github rename it using:
source=("https://github.com/kuznetz/${pkgname}/archive/v${pkgver}/$pkgname-$pkgver.tar.gz")cockpit-port-forward E: Uncommon license identifiers such as 'MIT' require license files below /usr/share/licenses/cockpit-port-forward/ or switching to common license identifiers. Found 0/1 required license files.See PKGBUILD#license
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。