Bug#1031660: Upload of fava
On 2023/2/21 21:38, Dr. Tobias Quathamer wrote: > I think that this should be changed once bookworm is released. However, as > Blair > pointed out, there are several node-* packages needed for this, which are > currently not packaged for Debian. Not exactly, all d3 subpackages are present, we do need Svelte and maybe some CodeMirror subpackages (@codemirror/* and @lezer/highlight). There are also some fonts, but we could always change them to use those Debian have. Also @ungap/custom-elements, a Custom Elements polyfill, which might be a problem for those who use too old browsers. Those NEW packages won't make it in bookworm. On 2023/2/21 21:48, Bastian Germann wrote: > Am 21.02.23 um 14:38 schrieb Dr. Tobias Quathamer: >> However, although all sources are included in Debian, we do not use them >> currently to actually build fava from source, we're just using their >> pre-generated static files. > > ... which is a Policy violation. Not if we have also their source and can build them ourselves IIRC? -- Sdrager, Blair Noctis OpenPGP_signature Description: OpenPGP digital signature
Bug#1031660: Upload of fava
Am 21.02.23 um 14:38 schrieb Dr. Tobias Quathamer: However, although all sources are included in Debian, we do not use them currently to actually build fava from source, we're just using their pre-generated static files. ... which is a Policy violation.
Bug#1031660: Upload of fava
Am 21.02.23 um 13:19 schrieb Bastian Germann: I think, the reason is for the .egg-info not being included anymore. Tobias, you changed the watch file for subsequent uploads to come from GitHub instead of PyPI. This came into effect only with Blair's upload. I guess when we change the orig tarball to come from PyPI it will be fine. I can try it these days and I do not think reverting and +really are okay because of the CVEs. Hm, it seems that the tarball from PyPI does include the missing static files. So for the shortterm, this might be the best solution, thanks for pointing it out. However, although all sources are included in Debian, we do not use them currently to actually build fava from source, we're just using their pre-generated static files. I think that this should be changed once bookworm is released. However, as Blair pointed out, there are several node-* packages needed for this, which are currently not packaged for Debian. Bastian, are you going to upload another version with the tarball from PyPI? If not, I could probably take care of this tomorrow. Regards, Tobias OpenPGP_signature Description: OpenPGP digital signature
Bug#1031660: Upload of fava
Am 21.02.23 um 13:19 schrieb Bastian Germann: I guess when we change the orig tarball to come from PyPI it will be fine. I can try it these days Works. The problem is that the frontend content is not built from source then (not a regression from the older version). The thing uses node, so d/rules would need to build that frontend package via npm probably if we kept GitHub as source. If we switch back somebody will at least need to complete the d/copyright file for the generated sources.
Bug#1031660: Upload of fava
Am 21.02.23 um 12:30 schrieb Blair Noctis: On 2023/2/21 18:52, Dr. Tobias Quathamer wrote: Hi Travis, thanks for your bugreport, I can confirm that fava does no longer work. I'm getting the same error as you. @Blair and @Bastian: The contents of the binary package are missing quite a lot of important files, so I think the latest upload (version 1.23.1) should be reverted. My understanding is that upstream has changed the build of the program in a significant way, so that there are many changes in the Debian packaging necessary to be able to package the new version. As we're in the freeze right now, I think the only sensible way to resolve this bug is to upload the last working version of fava, using a version number of 1.23.1+really1.20.1-1. Do you agree? Regards, Tobias Agreed, I don't really have the time before next freeze stage to find a way to actually fix it (involves node-d3-* deps, removing downloads, etc). Apologies for the flawed update. I think, the reason is for the .egg-info not being included anymore. Tobias, you changed the watch file for subsequent uploads to come from GitHub instead of PyPI. This came into effect only with Blair's upload. I guess when we change the orig tarball to come from PyPI it will be fine. I can try it these days and I do not think reverting and +really are okay because of the CVEs.
Bug#1031660: Upload of fava
On 2023/2/21 18:52, Dr. Tobias Quathamer wrote: > Hi Travis, > > thanks for your bugreport, I can confirm that fava does no longer work. I'm > getting the same error as you. > > @Blair and @Bastian: The contents of the binary package are missing quite a > lot > of important files, so I think the latest upload (version 1.23.1) should be > reverted. My understanding is that upstream has changed the build of the > program > in a significant way, so that there are many changes in the Debian packaging > necessary to be able to package the new version. > > As we're in the freeze right now, I think the only sensible way to resolve > this > bug is to upload the last working version of fava, using a version number of > 1.23.1+really1.20.1-1. > > Do you agree? > > Regards, > Tobias Agreed, I don't really have the time before next freeze stage to find a way to actually fix it (involves node-d3-* deps, removing downloads, etc). Apologies for the flawed update. -- Sdrager, Blair Noctis OpenPGP_signature Description: OpenPGP digital signature
Bug#1031660: Upload of fava
Hi Travis, thanks for your bugreport, I can confirm that fava does no longer work. I'm getting the same error as you. @Blair and @Bastian: The contents of the binary package are missing quite a lot of important files, so I think the latest upload (version 1.23.1) should be reverted. My understanding is that upstream has changed the build of the program in a significant way, so that there are many changes in the Debian packaging necessary to be able to package the new version. As we're in the freeze right now, I think the only sensible way to resolve this bug is to upload the last working version of fava, using a version number of 1.23.1+really1.20.1-1. Do you agree? Regards, Tobias OpenPGP_signature Description: OpenPGP digital signature