Mailinglist Archive: opensuse-packaging (97 mails)

< Previous Next >
Re: [opensuse-packaging] On how to improve Rust packaging experience for suse
  • From: Alberto Planas Dominguez <aplanas@xxxxxxx>
  • Date: Wed, 20 Nov 2019 10:48:37 +0100
  • Message-id: <11852040.SnKSH1Ja8T@lena>
On Wednesday, November 20, 2019 12:53:06 AM CET William Brown wrote:
On 20 Nov 2019, at 05:57, John Paul Adrian Glaubitz
<adrian.glaubitz@xxxxxxxx> wrote:
On 11/19/19 7:15 PM, Jan Engelhardt wrote:
An alternative would be to devote the manned resources to not grow
dependencies on large stacks. (That ship has probably sailed in terms of
firefox-in-the-distro, (...)

Unless Firefox has changed since the last time I touched the codebase, I'm
pretty sure that it has all the Rust crates vendored which it needs. So,
Firefox alone shouldn't be a problem.

I think Rust projects will always tend to vendoring, because the huge
micro-dependency style system that exists means we'll never keep up trying
to package these.

For tarballs that comes from upstream can be the case, but I am not sure that
this ideal for openSUSE.

Kanidm has ~200 crate indirect dependencies on it's own,
I can't imagine how many firefox has. It's a waste of our time to try to
package all 200 when we could be putting that time into other things

You already pointed a reason of why doing this effort makes sense: security

We have a full build system designed to track the dependencies, and build the
required subset automatically. Throwing that out of the window for a new
language is IMO wrong.

We do traditionally vendoring in Java, but an heroic effort of one developer
is changing this, reusing solutions from Fedora, RedHat or Debian, and a lot
of smart work.

This essentially means we are always at the whims of those
vendored dependencies and what they require, and that is highly likely to
be the "latest" stable compiler.

I think we should aim to:

* Have rustc/cargo move with the upstream cadence, with automation as
suggested into all SLE/LEAP/TW/Other

+1, I think that this is a good starting point.

Neal, what do you think of the idea from Ludwig of having a system rust
compiler (more stable and conservative, used to build all the openSUSE rings),
and a updated version of the compiler co-installable for developers.

* Do not attempt to package crates - only package leaves IE consuming

I do not agree here. The effort of designing scripts to update the crates,
macros that will help, supporting multiple versions of the same crate, etc is
so big compared with `cargo vendor`!

Maybe we can do something similar of what go is doing:

Maybe using only BuildRequires instead of both Requires and BuildRequires if
this is possible, and designing a similar set of macros here.

Neal, what is the plan in Fedora for this?

* Improve our rust macros and packaging guides around this topic.


As much as we want to wring our hands and slow down rust, and do things "our
way" we can't - we have to follow and adapt in this case.

So where do we start to start to achieve this?

You are making very hard questions : ))

I am personally in a phase that I try to have a view of what we want, and what
are the good decisions. Fedora and Debian communities are spending a lot of
thinking here, so before moving I want to have more information.

SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nuremberg

(HRB 36809, AG N├╝rnberg)
Managing Director: Felix Imend├Ârffer
< Previous Next >
Follow Ups