
Henne Vogelsang wrote:
On 29.09.20 17:59, Ludwig Nussel wrote:
I'm trying to build a package from source that uses npm modules. Doing so involves more than one thousand(!) upstream tarballs. In the hope to make that more manageable I wrote a PoC script¹ to produuce a file includable from the spec and to also download the tarballs.
I have the feeling you are reinventing the vendoring NPM provides. [...] People before you have gone through this :-)
I'd wish so. Cockpit is not a nodejs module though and does not ship nodejs stuff. Nodejs is only used for building. So while Fedora has some nice nodejs policies there in theory, in practice they just ship the prebuilt files that some external github CI produces. The goal here is to actually rebuild from source in OBS, including the full chain of npm modules. Just including the node_modules directory as source would be a cheap and dirty hack. It does not tell where the various things in there come from. Ie violates the pristine sources concept. And worst of all it may contain binaries. Not just ones that were actually built on the packager's machine (bad enough) but ones that were just randomly downloaded when you called "npm rebuild". So you thought it would rebuild from source but it didn't. IOW the node_modules directory cannot be bundled as source.
That one contains code that could be potentially be reused to avoid "npm install" indeed. I'll take a look into that, thanks! cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.com/ SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer HRB 36809 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org