Source0 for nodejs modules
by Piotr Popieluch
The the Node.js guidelines say about Source0 [1]:
"The canonical method for shipping most node modules is tarballs from
the npm registry"
and
"This method [PP: tarbals from npm] should be preferred to using
checkouts from git or automatically generated tarballs from GitHub."
But I think that in following cases it would be better to use sources
from the upstream project:
1) When the license is not included in NPM but is in upstream project.
o Because we are not supposed to ship the license separate from the
sources.
2) When the tests are not included.
o In this case we need to download the sources from NPM and from
upstream project, which seems redundant and a waste of work.
3) When NPM content is generated and source files are not in NPM.
o This would mean to download sources from NPM and upstream project,
delete the NPM sources in prep and generate the files again.
Are there good reason to enforce the use of NPM sources which I am
missing? What is your opinion?
I would like to suggest to ad those three exceptions to the guidelines.
Piotr
[1]:
https://fedoraproject.org/wiki/Packaging:Node.js?rd=Node.js/Packagers#Usi...
4 years, 12 months
Plans for Node.js in Fedora 29+
by Stephen Gallagher
So, as of Fedora 28, we now have Node.js as module streams (which means
that as of Fedora 28 GA, users will be able to pick which of 6.x, 8.x or
9.x they want to have on their system). However, we're *also* shipping an
8.x version in the traditional repository which is somewhat superfluous.
My proposal is that in Fedora 29, we will retire Node.js from the standard
RPM repositories and have it available only as module streams. We'll pick
the latest upstream LTS release available at the time of GA as the default
stream for each Fedora release. We will then commit to carrying any other
upstream LTS releases and possibly the latest development release as
non-default streams.
A module default stream will behave the same as the traditional repo in
most respects (if a user just does `dnf install npm` or `dnf install
nodejs`, they will get an RPM without any extra effort). The main
difference is that the user must have the module repositories enabled on
their system. The plan, however, is for this to be enabled for all of
Fedora starting with F29 GA (and I'll be sending out a formal Change
Proposal for this later this week for FESCo to review).
My goal here is for Fedora to be an ideal place for Node.js developers to
work by providing them their full set of options for Node.js runtimes.
To answer some likely questions ahead of time:
Q: "How do we handle nodejs-* packages in the traditional repo?"
A: If it's going to stay in the traditional repository, then it must work
with whichever LTS release of Node.js is selected to be the default stream
for that Fedora release. For example, if 10.x becomes the default stream in
Fedora 29, then we can only ship nodejs-* packages in the traditional repo
that can run atop Node.js 10. Any package that must run on an older version
will need to be made into a module stream that depends on that older
version.
Q: "If we need to carry a nodejs-* package that requires a non-default
Node.js, where do we put it?"
A: It will depend on the package. If it's included because it's part of an
application that is being packaged, it makes the most sense to create a
module for that application and pull its dependencies into it. If it's a
very low-level, commonly-used Node package (e.g. nodejs-gyp or
nodejs-semver), it may be appropriate for us to add it to the 'nodejs'
module if they need a compatible stream.
5 years, 6 months