[opensuse-packaging] npm packaging in devel:languages:nodejs (split or integrate?)
Hi, all, As you may noticed, npm has been splitted from nodejs main package since openSUSE 13.2. If I remembered correctly, the reason of the split given was: to get the latest updated npm. But now it has been proved that the split is a total failure. It not only increased the possibility of a broken npm in openSUSE:Factory but also increased the difficulty to maintain npm. And it can not even guarantee a latest updated npm at all. Let me explain the situation now: 0. If npm is built from the nodejs package, we only need to maintain one package. If npm is splitted as it is now, we have to maintain about 40 packages and their dependencies, it is about 100+ packages as I counted. 1. nodejs-packaging is not a tool good for aggegation. eg: if you just build one package, you can check its dependencies found by nodejs-packaging through the OBS website; but if you're going to build 100 of such packages, it's very very time-consuming for you to do that one by one. And there's no way to have all the dependencies and sub-dependencies at one time, the only similar tool existed is "npm shrinkwrap", but it requires the latest npm installed first, or it can only give the all-in-one dependecy map of the old installed npm. 2. And even this tool has conflicts with nodejs-packaging. "npm install npm" will always installs a npm. But actually nodejs's dependency checking is not as strict as nodejs-packaging. so even if you update the packages based on "npm shrinkwrap" (I don't want to mention the funny stuff like you want to update npm you have to have an updated npm installed first), nodejs-packaging will still triggers a lot of conflicts. Many of them are actually not resolveable at all, eg: package A needs 0.8 version of package C, but package B needs 1.2 version of package C, package A and B are both dependencies for npm. what should be done now? As a maintainer you have to read the git commit logs of package C to see what happened between 0.8 and 1.2, to see if it is safe to bump/downgrade version for A or B. If you're lucky enough, it can be done no matter how painful it is. But if you're not so lucky, you have to provide both 0.8 and 1.2 version, that comes update-alternatives (which is questionable because in this case 0.8 and 1.2 will be installed both, what if a file from 0.8 is used with other files from 1.2? is it safe? no one knows). 3. nodejs-packaging's check result is not shown to you unless you submit all packages to openSUSE:Factory. This means npm will be always broken in devel:languages:nodejs because no one knows which package is a dependency for npm and remember not to touch it! So if you accept a single request to update a package, it is very likely that the whole npm chain breaks. Even if the results are shown to you now, you can't be sure factory maintainers accepts your requests at the same time. That means npm in Factory is very likely to break. And as we introduced staging projects, a single request accepts much faster than 100+ requests. 4. Actually the person who proposed the split never maintain npm after 2 or 3 submits. And 100+ packages really need lots of manpower. If I want to update npm today, I can finish the work a month later if I do nothing but to update nodejs-* packages once I login to OBS. While npm will see 2 or 3 releases during that time, that means we will be always late. So here's what I want to do: 1. everything stops now, all npm dependencies will be removed from Factory (writing Obsoletes will be a lot of work, see you in a month), and npm builds from nodejs main package from now on. 2. someone steps in to maintain the packages with a program. Because it's not doable for a human being as I told above. Marguerite -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Wednesday 22 July 2015 23.42:32 Marguerite Su wrote:
Hi, all,
As you may noticed, npm has been splitted from nodejs main package since openSUSE 13.2.
If I remembered correctly, the reason of the split given was: to get the latest updated npm.
But now it has been proved that the split is a total failure.
It not only increased the possibility of a broken npm in openSUSE:Factory but also increased the difficulty to maintain npm. And it can not even guarantee a latest updated npm at all.
Let me explain the situation now:
0. If npm is built from the nodejs package, we only need to maintain one package. If npm is splitted as it is now, we have to maintain about 40 packages and their dependencies, it is about 100+ packages as I counted.
1. nodejs-packaging is not a tool good for aggegation. eg: if you just build one package, you can check its dependencies found by nodejs-packaging through the OBS website; but if you're going to build 100 of such packages, it's very very time-consuming for you to do that one by one.
And there's no way to have all the dependencies and sub-dependencies at one time, the only similar tool existed is "npm shrinkwrap", but it requires the latest npm installed first, or it can only give the all-in-one dependecy map of the old installed npm.
2. And even this tool has conflicts with nodejs-packaging. "npm install npm" will always installs a npm. But actually nodejs's dependency checking is not as strict as nodejs-packaging. so even if you update the packages based on "npm shrinkwrap" (I don't want to mention the funny stuff like you want to update npm you have to have an updated npm installed first), nodejs-packaging will still triggers a lot of conflicts. Many of them are actually not resolveable at all, eg: package A needs 0.8 version of package C, but package B needs 1.2 version of package C, package A and B are both dependencies for npm. what should be done now? As a maintainer you have to read the git commit logs of package C to see what happened between 0.8 and 1.2, to see if it is safe to bump/downgrade version for A or B. If you're lucky enough, it can be done no matter how painful it is. But if you're not so lucky, you have to provide both 0.8 and 1.2 version, that comes update-alternatives (which is questionable because in this case 0.8 and 1.2 will be installed both, what if a file from 0.8 is used with other files from 1.2? is it safe? no one knows).
3. nodejs-packaging's check result is not shown to you unless you submit all packages to openSUSE:Factory. This means npm will be always broken in devel:languages:nodejs because no one knows which package is a dependency for npm and remember not to touch it! So if you accept a single request to update a package, it is very likely that the whole npm chain breaks.
Even if the results are shown to you now, you can't be sure factory maintainers accepts your requests at the same time. That means npm in Factory is very likely to break.
And as we introduced staging projects, a single request accepts much faster than 100+ requests.
4. Actually the person who proposed the split never maintain npm after 2 or 3 submits. And 100+ packages really need lots of manpower. If I want to update npm today, I can finish the work a month later if I do nothing but to update nodejs-* packages once I login to OBS. While npm will see 2 or 3 releases during that time, that means we will be always late.
So here's what I want to do:
1. everything stops now, all npm dependencies will be removed from Factory (writing Obsoletes will be a lot of work, see you in a month), and npm builds from nodejs main package from now on.
2. someone steps in to maintain the packages with a program. Because it's not doable for a human being as I told above.
Marguerite
I've tried to do some works there, and yes it is really the p-i-a situation Marguerite describe. To be able to use nodejs on openSUSE Now(tm) you finally have no other choice to rebuild nodejs with embedded npm (which is always the last version anymway ) ... -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Board, fsfe fellowship GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On 22.07.2015 17:42, Marguerite Su wrote:
4. Actually the person who proposed the split never maintain npm after 2 or 3 submits. And 100+ packages really need lots of manpower. If I
Yeah, all I can see are the symptoms of a failed experiment. So feel free to revert Greetings, Stephan -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Hi, all, Finally I achieved this: nodejs main package will build a nodejs-npm sub-package, if you just sudo zyper in nodejs, this package will be installed. And there's a separate npm package( which I finally get it working), that will require all other separate dependencies. If you want to install this version, you have to uninstall nodejs-npm first, manually. In future, I will only focus on nodejs-npm, and leave npm package for other community members, which means it will not be updated very often, and it may break. Marguerite On Fri, Jul 24, 2015 at 4:01 PM, Stephan Kulow <coolo@suse.de> wrote:
On 22.07.2015 17:42, Marguerite Su wrote:
4. Actually the person who proposed the split never maintain npm after 2 or 3 submits. And 100+ packages really need lots of manpower. If I
Yeah, all I can see are the symptoms of a failed experiment. So feel free to revert
Greetings, Stephan
-- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
participants (3)
-
Bruno Friedmann
-
Marguerite Su
-
Stephan Kulow