See review D26350 for the patch. https://github.com/linuxwacom/libwacom/releases/tag/libwacom-1.5 https://github.com/linuxwacom/libwacom/blob/libwacom-1.5/NEWS
I've opened a PR regarding libwacom for switching to release archive, please integrate that into your patch. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=249503
(In reply to daniel.engberg.lists from comment #1) Thanks but no (outside of scope). After ports r527163 the port no longer relies on semi-manually generated files. USE_GITHUB makes it easy to apply upstream fixes (via PATCH_SITES+PATCHFILES), test development snapshots (e.g., when upstreaming) and puts *less* trust on human factor (to not screwup or introduce malware).
(In reply to Jan Beich from comment #2) What's the problem of using PATCHSITES/PATCH_FILES without USE_GITHUB ? I don't understand the comment on trust on human factor, what about trust on github not screwing the generated archives then ?
Porter's Handbook 5.4.3 wording is fine "as is". It recommends looking at upstream-prepared upload first instead of always relying on automatically generated (via USE_GITHUB). The devil is in the details. For example, upstream python-based projects often exclude tests and sometimes even license file from uploads to PyPI. So which is better depends on a particular port and maintainer's preferences. After ports r527163 there's no "better" and I'm not the maintainer here. If you like bug 249503 why not commit it *separately* from this bug. (In reply to Emmanuel Vadot from comment #3) > What's the problem of using PATCHSITES/PATCH_FILES without USE_GITHUB ? Hardcoding value for GH_ACCOUNT in PATCHSITES i.e., slightly harder to copy-paste from port to port. Bug 249503 actually hardcoded more than necessary: libwacom instead of ${PORTNAME}. > I don't understand the comment on trust on human factor GitHub archives are automatic, based on git-archive(1). In order to compromise them one has to force push or update tag(s). Changing manual releases is less noticible because those are not guaranteed to match whatever is in the repo and are not part of the distributited nature of Git. > what about trust on github not screwing the generated archives then ? I think it'd be rare due to affecting many repos. GitHub being down happens more often but using manual releases won't help avoid being affected.
A commit references this bug: Author: zeising Date: Mon Sep 28 20:15:11 UTC 2020 New revision: 550446 URL: https://svnweb.freebsd.org/changeset/ports/550446 Log: x11/libwacom: Update to 1.5 Update x11/libwacom to 1.5 [1] Switch to use release archive instead of the github generated tarball [2] Changelog: https://github.com/linuxwacom/libwacom/releases/tag/libwacom-1.5 https://github.com/linuxwacom/libwacom/blob/libwacom-1.5/NEWS PR: 249554 [1], 249503 [2] Submitted by: jbeich [1], daniel.engberg.lists@pyret.net [2] Differential Revision: https://reviews.freebsd.org/D26350 Changes: head/x11/libwacom/Makefile head/x11/libwacom/distinfo head/x11/libwacom/pkg-plist
Committed, thank you!