Issues like r2ghidra-dec/76 seem to happen all the time. Because r2pm installs packages from git master, and those packages are usually made to be compatible with the latest radare2 master, it seems that r2pm can really only be considered secure and compatible when used with radare2 from git.
As a result, those who are using the latest stable (or older) release of radare2—which I am sure is a massive portion of the userbase—are left with plenty of packages that either won't compile or could even possibly have bugs to be discovered later on. As an example, I currently can't install r2ghidra-dec under radare2 4.3.1 because a function was renamed in r2 upstream three days ago, and the r2ghidra devs responded very quickly with the refactor.
Not exactly sure what the best idea would be here. Packages often don't create tagged releases, and if they did, they might not align well with Radare2 releases. Perhaps it would be a good idea if we were to create an r2pm -ii <pkg>
command that would checkout R2PM_GIT to the date that r2 says it was built under r2 -v
. This could be implemented with git rev-list.
A caveat against the above idea is that a stable release of r2 could've definitely been built after the release date, and some changes may have happened in between. To resolve that, I imagine that we would have to use the output of r2 -qv
and some git magic to figure out the date the last commit of that tag was pushed, then checkout packages to that date. I would guess that this would work something like 99 % of the time, and would only fail if a last-minute change was pushed to the r2 repo before the tagged version and plugin creators didn't respond in time.
Anyway, it seems like a complicated mess—ideally, I think plugin creators could just make tagged releases that correspond to radare2 versions. Is that something we'd want to enforce/suggest?
Edit: the simplest solution I can think of right now, which leaves some work to the user, would just be to create a --commit=1234abcd
option on installation that could be passed to git during/after the cloning process. Users would have to figure out what commit works for their version of radare2.