On Thu, Aug 27, 2020 at 3:11 PM Troy Dawson <tdawson(a)redhat.com> wrote:
On Thu, Jul 30, 2020 at 1:15 PM Troy Dawson <tdawson(a)redhat.com> wrote:
>
> On Wed, Jul 22, 2020 at 6:31 AM Ben Rosser <rosser.bjr(a)gmail.com> wrote:
> >
> > On Tue, Jul 21, 2020 at 10:56 AM Tom Hughes via nodejs
> > <nodejs(a)lists.fedoraproject.org> wrote:
> > >
> > > On 21/07/2020 15:39, Troy Dawson wrote:
> > >
> > > > Problem2: Many of the bundled libraries are archful, meaning they
need
> > > > to be compiled. What if an essential nodejs library was originally
a
> > > > noarch?
> > > > Solution2: All bundled nodejs library packages will be treached as
> > > > archful, meaning they will need to be built on each supported arch.
> > >
> > > I think "many" is stretching things.
> > >
> > > There were never more than about a dozen or so archful modules in
> > > Fedora and most of them were not widely used.
> > >
> > > I suspect that archful modules are probably best kept packaged as
> > > they are now mostly just because trying to build them as part of
> > > a large bundled tree is going to be incredibly painful.
> >
> > I think this makes sense as well. Essentially, we should just say that
> > archful nodejs modules are "essential" (in the words of the
proposal)
> > and therefore need to be packaged and shipped separately.
> >
> > I think a "npm2rpm" script would have to do a couple things-- does
> > this sound about right?
> >
> > a) recursively parse package.json to get a list of all dependencies
> > and tarballs, and use this to write out a list of Sources.
> > b) for each package, also look at package.json to see what files need
> > to be installed, and write out instructions for the %install section.
> > c) generate a "License" field for the package and also install all
the
> > relevant licenses in %license.
> >
> > There should probably be a way to specify that a given dependency is
> > not being bundled too, to stop the parser from descending into that
> > dependency tree. I imagine that (at least during the transition to
> > this and maybe afterwards, in the case of archful or essential
> > modules) it would be very useful to have packages with a mixture of
> > bundled and unbundled dependencies.
> >
> > Ben Rosser
> >
>
> Hi Ben,
> Sorry it's taken so long for me to properly reply to this.
> I'm going to refer to your last paragraph (having a mixed bundled and
> unbundled) as (d)
>
> For section (a) and (b), would you rather write our own script, or use
> npm or yarn ?
>
> In my mind I was thinking of doing something like "npm install" then
> using the resulting node_modules directory.
> Turn that into one tarball.
>
> It sounds like you would like a seperate source for each package, at
> least for the top level package.
> I can see some pro's and con's for both.
>
> Single Tarball - Good Things:
> - Don't have to write a new script for downloading.
> - Everything in one place.
> - It's laid out how npm would lay it out.
> Single Tarball - Bad Things:
> - Harder to do mixed bundles (d)
> - Have to redo the entire tarball for any update to any part of it.
>
> Multi Sources - Good Things:
> - Have everything parsed and labeled at creation time.
> - Easier to do "this is only for build/test" and remove them for runtime.
> - Easier to do mixed bundles (d)
> Multi Sources - Bad Things:
> - Have to create our own script (?)
> - Complicated "Sources" section in spec file (100's to 1000)
>
> I'm going to research this some more. But if you already have some
> idea's, I'd love to hear them.
>
> Troy
I've got a package that won't install anymore, and finally got some
time, so I've been taking a swipe at a bundling script, see how it
goes.
This isn't a complete npm2rpm. I already have a spec for this rpm.
But here is what I currently have
PACKAGE="node-static"
VERSION="$(npm view ${PACKAGE} version)"
TMP_DIR=$(mktemp -d -t ci-XXXXXXXXXX)
mkdir ${TMP_DIR}
pushd ${TMP_DIR}
npm pack ${PACKAGE}
tar xfz *.tgz
cd package
npm install --no-optional --only=prod
# FIND SOMEWHERE TO PUT LICENSES
# FOR NOW JUST PRINT THEM OUT
find . -name "package.json" -exec jq .license {} \; | sort -u
mv node_modules/ node_modules_prod
npm install --no-optional --only=dev
mv node_modules/ node_modules_dev
tar cfz ../${PACKAGE}-${VERSION}-nm-prod.tgz node_modules_prod
tar cfz ../${PACKAGE}-${VERSION}-nm-dev.tgz node_modules_dev
cd ..
cp ${PACKAGE}-${VERSION}* $HOME/rpmbuild/SOURCES
popd
rm -rf ${TMP_DIR}
This is a completely noarch package.
What I have in my %install section is this.
%install
mkdir -p %{buildroot}%{nodejs_sitelib}/%{npm_name}
cp -pr benchmark bin examples lib package.json test
%{buildroot}%{nodejs_sitelib}/%{npm_name}
# Setup Binaries
mkdir %{buildroot}%{_bindir}
ln -s %{nodejs_sitelib}/%{npm_name}/bin/cli.js %{buildroot}%{_bindir}/static
# Setup node modules
cd %{buildroot}%{nodejs_sitelib}/%{npm_name}
tar xfz %{SOURCE1}
mkdir -p node_modules
cd node_modules
ln -s ../node_modules_prod/* .
ln -s ../node_modules_prod/.bin .
This builds just fine, which is great, except for one thing.
The current rpm macros file that is figuring out the bundled
dependencies, is only looking to see if something is a link or not.
If it's a link, it thinks it isn't a dependency.
Why do I have links to this node_modules_prod directory?
That allows updates for non-bundled rpm's that have a node_modules directory.
For dnf, if a directory was a link, and you try to replace it with a
regular directory, it's not happy and fails. But if it's a link and
you replace it with another link to someplace else, everyone is happy.
Anyway, this is working fine, but the provides script needs a bit of
tweaking to handle the links.
Troy
Nevermind. It works much better if I build it on Rawhide
(nodejs-packaging-23) instead of RHEL8 (nodejs-packaging-17)
Thank you to those who helped offline.
Troy