Hi Daniel, Node.js in Fedora generally suffers from lack of community/interest in this particular combination. Aside from sporadic drive-by contribution, AFAIK I'm the only one somewhat invested/paid for caring for it. As a consequence, there's currently *no good way* to package Node.js stuff. The bundling exception and `nodejs-packaging-bundler` script are stop-gap solutions to allow us to package at least something. Basically any improvements and patches welcome, let me know! "Daniel P. Berrangé" <berrange@xxxxxxxxxx> writes: > Since maintainers run 'nodejs-packaging-bundler' on their local dev > machine, we're running compilation on this dev machine, with whatever > toolchain is present. The maintainer then uploads this to the lookaside > cache. > > This is obviously not good, as any compilation tasks must take place > inside koji with known toolchains used. Should, but as stated above, hands are generally thrown in the air when Node is concerned. I recently also ran into an issue when a dependency (esbuild) pulls an optional dependency based on the current architecture. As a consequence, now the package that uses it can only be built on x86_64 builder, since my laptop is x86_64. :-( I'm not even sure what can be done about that. > I'm wondering how to deal with this ? > > A first step would be patching nodejs-packaging-bundler script to > look for any .a, .o and .node files, and exclude them from the > tarball. > > The spec would then have to manually run 'node-gyp' to re-create > the .node files. That is probably sufficient to avoid this particular > problem. If you manage to get this working, patches welcome. > More generally though I'm concerned that using 'npm install' in the > 'nodejs-packaging-bundler' tool to create deps bundles is a flawed > conceptual approach. > > The result of 'npm install' is not a pristine source tree, it is > something that is derived from the source tree in some manner. > > Even if no native toolchain is used, IIUC, the package.json file > can request execution of arbirary scripts which get triggered by > 'npm install'. We surely want all this to be run in a known > environment, not the maintainer's local machine ? > > I would think for bundling nodejs deps, we want to be downloading > all the pristine tarballs for each package, and then run 'npm install' > against this set of tarballs during %build ? As far as I know, there is no easy way to get the pristine source tarballs easily. The npmjs.io registry does not contain the source tarballs, but whatever distribution files (built, preprocessed, minified, …) the author decided to upload. Also keep in mind that the Koji machines have no internet access during build, so downloading anything is generally out of the picture. Not sure if you proposed to do that in the first place, but worth mentioning in any case. --- If you decide to push on and try to tackle any issues with Node, I'll be more than happy to work with you on improvements. Just be aware that this might be a very Sisyphean effort. Best regards! -- Jan Staněk Software Engineer, Red Hat jstanek@xxxxxxxxxx irc: jstanek
Attachment:
signature.asc
Description: PGP signature
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
