Enhance Makefile with improved portability and dependency handling

[jcrussell]

I wanted to try out forge but had issues with the Makefile -- my version of awk doesn't have -i inplace and I didn't have all the dependencies installed. I've been playing with Claude so I asked it to fix it -- this worked for me and all the changes are sane. I also had it simplify metadata.js so that it defines a static list.

---

Adds shell configuration for consistent behavior across distributions, implements conditional compilation based on available tools (xgettext, msgfmt), improves metadata generation, adds dependency checking, and enhances user feedback during the build process.

🤖 Generated with Claude Code

[Copilot]

Pull request overview

This pull request aims to enhance the Makefile with improved portability and dependency handling to address issues where certain tools (like awk -i inplace, xgettext, msgfmt) may not be available. The changes introduce conditional compilation, dependency checking, and improved user feedback during the build process.

Key changes include:

• Added shell configuration and tool detection for conditional builds
• Refactored metadata generation to avoid awk -i inplace
• Implemented conditional compilation for translation tools (xgettext, msgfmt)
• Added new check-deps target for dependency verification
• Enhanced enable target with better user feedback

Comments suppressed due to low confidence (1)

Makefile:71

• The ./po/%.mo rule at line 71 uses msgfmt to compile .po files to .mo files, but this rule will fail when msgfmt is not available. The conditional compilation logic for compilemsgs (lines 93-102) won't prevent this rule from being invoked if the prerequisite .mo files are needed. When HAS_MSGFMT is "no", the pattern rule should be disabled or modified to prevent build failures.

./po/%.mo: ./po/%.po
	msgfmt -c $< -o $@

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The clean target now attempts to remove "$(UUID).zip" without checking if it exists first. While the -f flag prevents errors if the file doesn't exist, combining multiple rm operations on one line means if the first file removal has any unexpected issues, the entire command could fail. The old version had explicit error handling with || echo "Nothing to delete". Consider whether silent failure with -f is the desired behavior or if explicit feedback is preferred.

Suggested change

	rm -f lib/prefs/metadata.js "$(UUID).zip"
	@if [ -e "lib/prefs/metadata.js" ]; then rm -f "lib/prefs/metadata.js"; else echo "lib/prefs/metadata.js: Nothing to delete"; fi
	@if [ -e "$(UUID).zip" ]; then rm -f "$(UUID).zip"; else echo "$(UUID).zip: Nothing to delete"; fi

[Copilot]

The metadata generation has been simplified from generating a complex object with deduplication logic to a simple array of strings. However, looking at how developers is used in lib/prefs/settings.js (line 31), it's passed directly to Adw.AboutWindow which expects an array of strings in the format "Name ". The new format should work, but the old format appeared to deduplicate by email and handle multiple commits per developer. Verify that the new format produces the expected output and properly handles edge cases like developers with multiple email addresses or special characters in names.

[Copilot]

The for msg in $(MSGSRC) loop inside compilemsgs similarly expands .po filenames directly into the shell without quoting, so a malicious .po file name containing shell metacharacters can terminate the list and inject arbitrary commands (e.g., ;curl ...|sh) when make compilemsgs or dependent targets are run. This creates a code execution vector for anyone building the project from a repository or translation source that can supply arbitrary file names under po/. To close this, treat msg as data rather than shell syntax by ensuring filenames are properly quoted/escaped in the loop and when passed to msgmerge.