Bug#829046: Status of pagure

[Sergio Durigan Junior]

On Thursday, December 28 2017, Sébastien wrote:

> Hello.
>
> Any news about this package?

Hey,

Yeah, I'm still working on packaging pagure.  I'm currently packaging
the missing Python dependencies.  Without them, there isn't much one can
do about packaging pagure itself.

As for pagure, I'm mostly happy about the state of the package.  IIRC
there were some failures happening on a specific test, and I confess I
don't know if the failure is still present or not.  I think there's
information about this on the ITP bug.

Another important thing that remains to be done is to verify all the
JavaScript dependencies and make sure that they're packaged for Debian.
I'm looking into helping with the package of node-rollup and its
dependencies, which is a necessary dependency to build one of pagure's
JS files (see the pagure/static/vendor folder upstream for a list of JS
deps).

I would welcome any help with these tasks, but please let's communicate
via this bug in order to avoid duplicating efforts.

Thanks,

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/


signature.asc
Description: PGP signature

Bug#829046: Status of pagure

[Sébastien]

Hello.

Any news about this package?


-- 
Sébastien

signature.asc
Description: This is a digitally signed message part

Bug#829046: Status of pagure

[Pirate Praveen]

On Sat, 12 Nov 2016 22:50:18 +0530 Pirate Praveen 
wrote:
> grunt is now in debian. Can you try to modify grunt so that we can use
> the packaged grunt?

grunt issue is fixed and libjs-jquery-textcomplete is now in main,
though at.js needs gulp :(



signature.asc
Description: OpenPGP digital signature

Bug#829046: Status of pagure

[Pirate Praveen]

On Fri, 21 Oct 2016 16:10:48 +0530 Pirate Praveen 
wrote:
> On Mon, 05 Sep 2016 14:45:10 -0400 Sergio Durigan Junior
>  wrote:
> > To be honest, I do not have time nor interest now to spend my energy
> > solving this JS problem.  My total focus now is getting pagure ready for
> > Debian in the best way I can.  Also, from my recent experience packaging
> > some JS libs, I fear that the building issue will not be solved in the
> > near future.
> 
> We are crowd funding to package grunt - http://igg.me/at/debian-browserify
Sergio,

grunt is now in debian. Can you try to modify grunt so that we can use
the packaged grunt? see
http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/2016-November/015240.html
for details about the problem.



signature.asc
Description: OpenPGP digital signature

Bug#829046: Status of pagure

[Pirate Praveen]

On Mon, 05 Sep 2016 14:45:10 -0400 Sergio Durigan Junior
 wrote:
> To be honest, I do not have time nor interest now to spend my energy
> solving this JS problem.  My total focus now is getting pagure ready for
> Debian in the best way I can.  Also, from my recent experience packaging
> some JS libs, I fear that the building issue will not be solved in the
> near future.

We are crowd funding to package grunt - http://igg.me/at/debian-browserify

But right now we can add them to contrib and upload pagure to contrib.
Once we complete grunt, we can move them to main.



signature.asc
Description: OpenPGP digital signature

Bug#829046: Status of pagure

[Sergio Durigan Junior]

On Sunday, September 04 2016, Ben Finney wrote:

>> To be fair, I recently packaged selectize.js (which also depends on
>> Grunt), and I spent a big time creating a replacement for it using
>> only GNU tools available on Debian, but I don't feel like doing that
>> for every other library.
>
> Please join the discussion at the ‘pkg-javascript-devel’ forum
> 
> to join forces with others in tackling this problem.

To be honest, I do not have time nor interest now to spend my energy
solving this JS problem.  My total focus now is getting pagure ready for
Debian in the best way I can.  Also, from my recent experience packaging
some JS libs, I fear that the building issue will not be solved in the
near future.

Thanks,

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/


signature.asc
Description: PGP signature

Bug#829046: Status of pagure

[Ben Finney]

On 02-Sep-2016, Sergio Durigan Junior wrote:

> The real problem with the JS libs that are missing on Debian is
> their dependency on Grunt.

This is a problem with many JavaScript packages, I agree. A related
problem is the common lack of any clear instruction for how the
package is meant to be built from its source.

> To be fair, I recently packaged selectize.js (which also depends on
> Grunt), and I spent a big time creating a replacement for it using
> only GNU tools available on Debian, but I don't feel like doing that
> for every other library.

Please join the discussion at the ‘pkg-javascript-devel’ forum

to join forces with others in tackling this problem.

-- 
 \ “Of all classes the rich are the most noticed and the least |
  `\  studied.” —John Kenneth Galbraith, _The Age of Uncertainty_, |
_o__) 1977 |
Ben Finney 


signature.asc
Description: PGP signature

Bug#829046: Status of pagure

[Sergio Durigan Junior]

On Friday, September 02 2016, Ben Finney wrote:

> On 02-Sep-2016, Sergio Durigan Junior wrote:
>> On Friday, September 02 2016, Alexander Wirt wrote:
>> 
>> > On Thu, 01 Sep 2016, Sergio Durigan Junior wrote:
>> >> Anyway, I talked to Alexandre Viau (aviau) about this and he
>> >> assured me that I could bundle the non-minified versions of JS
>> >> libraries needed by the package without problems, because
>> >> ftp-master is OK with this.
>> > Yeah, thats no problem as long as the source (non-monified) is
>> > available.
>
> I think Alexander's statement is only true for what will satisfy legal
> requirements for FTP master.
>
> For satisfying Debian Policy, though, that is not sufficient. Rather:
>
> 4.13. Convenience copies of code
>
> […]
> If the included code is already in the Debian archive in the form
> of a library, the Debian packaging should ensure that binary
> packages reference the libraries already in Debian and the
> convenience copy is not used. If the included code is not already
> in Debian, it should be packaged separately as a prerequisite if
> possible.
>
> On that basis I am requesting you to report RFPs for each of the
> bundled libraries, to package them as Policy §4.13 says.

I am filing the RFP's now.

Just to make things clear, I am totally in favour of packaging
everything we can.  To me, the "if possible" part of the paragraph you
posted is subjective and leaves things open for interpretation.

The real problem with the JS libs that are missing on Debian is their
dependency on Grunt.  To be fair, I recently packaged selectize.js
(which also depends on Grunt), and I spent a big time creating a
replacement for it using only GNU tools available on Debian, but I don't
feel like doing that for every other library.

Anyway, I just wanted to explain better why I think packaging the
missing JS libraries is going to be a huge hassle.

Thanks,

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/


signature.asc
Description: PGP signature

Bug#829046: Status of pagure

[Ben Finney]

On 02-Sep-2016, Sergio Durigan Junior wrote:
> On Friday, September 02 2016, Alexander Wirt wrote:
> 
> > On Thu, 01 Sep 2016, Sergio Durigan Junior wrote:
> >> Anyway, I talked to Alexandre Viau (aviau) about this and he
> >> assured me that I could bundle the non-minified versions of JS
> >> libraries needed by the package without problems, because
> >> ftp-master is OK with this.
> > Yeah, thats no problem as long as the source (non-monified) is
> > available.

I think Alexander's statement is only true for what will satisfy legal
requirements for FTP master.

For satisfying Debian Policy, though, that is not sufficient. Rather:

4.13. Convenience copies of code

[…]
If the included code is already in the Debian archive in the form
of a library, the Debian packaging should ensure that binary
packages reference the libraries already in Debian and the
convenience copy is not used. If the included code is not already
in Debian, it should be packaged separately as a prerequisite if
possible.

On that basis I am requesting you to report RFPs for each of the
bundled libraries, to package them as Policy §4.13 says.

-- 
 \   “Pray, v. To ask that the laws of the universe be annulled in |
  `\ behalf of a single petitioner confessedly unworthy.” —Ambrose |
_o__)   Bierce, _The Devil's Dictionary_, 1906 |
Ben Finney 


signature.asc
Description: PGP signature

Bug#829046: Status of pagure

[Sergio Durigan Junior]

On Friday, September 02 2016, Alexander Wirt wrote:

> On Thu, 01 Sep 2016, Sergio Durigan Junior wrote:
>
>> On Thursday, September 01 2016, Alexander Wirt wrote:
>> 
>> > On Mon, 08 Aug 2016, Sergio Durigan Junior wrote:
>> >
>> > Hi,
>> > *snip*
>> >> Well, that's it.  I think I should be able to finish everything by the
>> >> end of the week, and then move to the sponsorship phase :-).
>> > Any updates on that package? 
>> 
>> Yes.
>> 
>> I spent a lot of time packaging some JavaScript dependencies, but
>> unfortunately I won't be able to package them all.  They are *really* a
>> hassle...
>> 
>> Anyway, I talked to Alexandre Viau (aviau) about this and he assured me
>> that I could bundle the non-minified versions of JS libraries needed by
>> the package without problems, because ftp-master is OK with this.
> Yeah, thats no problem as long as the source (non-monified) is available. 

There's a parallel conversation going on with Ben Finney and he wants me
to create RFP's for each missing JS lib so that we can decide which ones
are worth putting more effort to package.  We should probably coordinate
all of these conversations so that everybody is happy.

>> Having said that, I am now working on make pagure use the non-minified
>> JS libs (I've already proposed a patch upstream for this, which is being
>> discussed), and on finishing the other bits of the packaging.
> you don't have to, include the non-minified versions and minify them in the
> buildprocess and use them afterwards. 

Right, that's what I'll do, *if* upstream takes too long to release a
new version :-).  If they release a new version with my patch applied,
then I can use it.

>> As always, you can check the status of my work here:
>> 
>>   http://git.sergiodj.net/?p=debian/pagure.git;a=summary
>> 
>> I try to keep this repo relatively up-to-date.
>> 
>> So yeah, in a nutshell, here's what's missing:
>> 
>>   - Bundle the non-minified versions of the necessary JS libs (note that
>> most of the libs *are* on Debian)
>> 
>>   - Create the necessary symlinks for the libs that are already on
>> Debian
>> 
>>   - Install the conffiles, helper scripts and other stuff (see Fedora
>> package), probably on /usr/share/pagure
>> 
>>   - Write documentation about configuring pagure on Apache (at least)
>> 
>>   - Write documentation about configuring pagure with postfix (see
>> upstream docs; maybe just refer to them)
>> 
>>   - Test installation
>> 
>> Alexandre Viau told me he'd be glad to sponsor this package for me, so
>> that's it.
> Thanks for your work! I am really looking forward in testing it for alioth. 

My pleasure, I'm really looking forward to helping with alioth as well.

Thanks,

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/


signature.asc
Description: PGP signature

Bug#829046: Status of pagure

[Ben Finney]

On 01-Sep-2016, Sergio Durigan Junior wrote:
> On Thursday, September 01 2016, Ben Finney wrote:
> 
> > Can you please:
> >
> > * Open a RFP bug report for each of the JavaScript libraries that
> >   are not in Debian, that are needed for Pagure.
> >
> > * Set this bug report as blocked by all of those RFP bug reports.
> 
> I can, but then my best estimate is that pagure will not be ready
> until the freeze. Actually, it may not be ready until next year,
> because, hm, JS libraries are *really* nasty.

I hear you :-)

None the less, that's the right way to do it for third-party bundled
code: we don't bundle into the dependent source package, but rather
package them separately in Debian.

I promise to respond quickly enough to decide which ones are actually
too difficult for the Stretch freeze; but let's start by assuming each
of them can be done.

-- 
 \  “He who allows oppression, shares the crime.” —Erasmus Darwin, |
  `\ grandfather of Charles Darwin |
_o__)  |
Ben Finney 


signature.asc
Description: PGP signature

Bug#829046: Status of pagure

[Alexander Wirt]

On Thu, 01 Sep 2016, Sergio Durigan Junior wrote:

> On Thursday, September 01 2016, Alexander Wirt wrote:
> 
> > On Mon, 08 Aug 2016, Sergio Durigan Junior wrote:
> >
> > Hi,
> > *snip*
> >> Well, that's it.  I think I should be able to finish everything by the
> >> end of the week, and then move to the sponsorship phase :-).
> > Any updates on that package? 
> 
> Yes.
> 
> I spent a lot of time packaging some JavaScript dependencies, but
> unfortunately I won't be able to package them all.  They are *really* a
> hassle...
> 
> Anyway, I talked to Alexandre Viau (aviau) about this and he assured me
> that I could bundle the non-minified versions of JS libraries needed by
> the package without problems, because ftp-master is OK with this.
Yeah, thats no problem as long as the source (non-monified) is available. 
> 
> Having said that, I am now working on make pagure use the non-minified
> JS libs (I've already proposed a patch upstream for this, which is being
> discussed), and on finishing the other bits of the packaging.
you don't have to, include the non-minified versions and minify them in the
buildprocess and use them afterwards. 
> 
> I learned a valuable lesson: I will not say "I should be able to finish
> everything by XYZ date" anymore :-).  I can say, however, that the
> package is in a good shape and I consider it very close to being
> finished.
:)
> 
> As always, you can check the status of my work here:
> 
>   http://git.sergiodj.net/?p=debian/pagure.git;a=summary
> 
> I try to keep this repo relatively up-to-date.
> 
> So yeah, in a nutshell, here's what's missing:
> 
>   - Bundle the non-minified versions of the necessary JS libs (note that
> most of the libs *are* on Debian)
> 
>   - Create the necessary symlinks for the libs that are already on
> Debian
> 
>   - Install the conffiles, helper scripts and other stuff (see Fedora
> package), probably on /usr/share/pagure
> 
>   - Write documentation about configuring pagure on Apache (at least)
> 
>   - Write documentation about configuring pagure with postfix (see
> upstream docs; maybe just refer to them)
> 
>   - Test installation
> 
> Alexandre Viau told me he'd be glad to sponsor this package for me, so
> that's it.
Thanks for your work! I am really looking forward in testing it for alioth. 


Alex



signature.asc
Description: PGP signature

Bug#829046: Status of pagure

[Sergio Durigan Junior]

On Thursday, September 01 2016, Ben Finney wrote:

> On 01-Sep-2016, Sergio Durigan Junior wrote:
>
>> I spent a lot of time packaging some JavaScript dependencies, but
>> unfortunately I won't be able to package them all. They are *really*
>> a hassle...
>
> Can you please:
>
> * Open a RFP bug report for each of the JavaScript libraries that are
>   not in Debian, that are needed for Pagure.
>
> * Set this bug report as blocked by all of those RFP bug reports.
>
> I would like that Pagure not start in a bad way, with bundled
> third-party code, if we can avoid it. I can respond to the RFP reports
> you open.

I can, but then my best estimate is that pagure will not be ready until
the freeze.  Actually, it may not be ready until next year, because, hm,
JS libraries are *really* nasty.

Thanks,

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/


signature.asc
Description: PGP signature

Bug#829046: Status of pagure

[Ben Finney]

On 01-Sep-2016, Sergio Durigan Junior wrote:

> I spent a lot of time packaging some JavaScript dependencies, but
> unfortunately I won't be able to package them all. They are *really*
> a hassle...

Can you please:

* Open a RFP bug report for each of the JavaScript libraries that are
  not in Debian, that are needed for Pagure.

* Set this bug report as blocked by all of those RFP bug reports.

I would like that Pagure not start in a bad way, with bundled
third-party code, if we can avoid it. I can respond to the RFP reports
you open.

Thank you for the update!

-- 
 \“The restriction of knowledge to an elite group destroys the |
  `\   spirit of society and leads to its intellectual |
_o__)impoverishment.” —Albert Einstein |
Ben Finney 


signature.asc
Description: PGP signature

Bug#829046: Status of pagure

[Sergio Durigan Junior]

On Thursday, September 01 2016, Alexander Wirt wrote:

> On Mon, 08 Aug 2016, Sergio Durigan Junior wrote:
>
> Hi,
> *snip*
>> Well, that's it.  I think I should be able to finish everything by the
>> end of the week, and then move to the sponsorship phase :-).
> Any updates on that package? 

Yes.

I spent a lot of time packaging some JavaScript dependencies, but
unfortunately I won't be able to package them all.  They are *really* a
hassle...

Anyway, I talked to Alexandre Viau (aviau) about this and he assured me
that I could bundle the non-minified versions of JS libraries needed by
the package without problems, because ftp-master is OK with this.

Having said that, I am now working on make pagure use the non-minified
JS libs (I've already proposed a patch upstream for this, which is being
discussed), and on finishing the other bits of the packaging.

I learned a valuable lesson: I will not say "I should be able to finish
everything by XYZ date" anymore :-).  I can say, however, that the
package is in a good shape and I consider it very close to being
finished.

As always, you can check the status of my work here:

  http://git.sergiodj.net/?p=debian/pagure.git;a=summary

I try to keep this repo relatively up-to-date.

So yeah, in a nutshell, here's what's missing:

  - Bundle the non-minified versions of the necessary JS libs (note that
most of the libs *are* on Debian)

  - Create the necessary symlinks for the libs that are already on
Debian

  - Install the conffiles, helper scripts and other stuff (see Fedora
package), probably on /usr/share/pagure

  - Write documentation about configuring pagure on Apache (at least)

  - Write documentation about configuring pagure with postfix (see
upstream docs; maybe just refer to them)

  - Test installation

Alexandre Viau told me he'd be glad to sponsor this package for me, so
that's it.

Thanks,

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/


signature.asc
Description: PGP signature

Bug#829046: Status of pagure

[Alexander Wirt]

On Mon, 08 Aug 2016, Sergio Durigan Junior wrote:

Hi,
*snip*
> Well, that's it.  I think I should be able to finish everything by the
> end of the week, and then move to the sponsorship phase :-).
Any updates on that package? 

Alex 



signature.asc
Description: PGP signature

Bug#829046: Status of pagure

[Sergio Durigan Junior]

On Sunday, August 07 2016, Ben Finney wrote:

> On 29-Jul-2016, Sergio Durigan Junior wrote:
>
>> Thanks for the help! I'll send you an e-mail as soon as I set up a
>> repository.
>
> I would also like to be able to contribute to maintenance of Pagure in
> Debian.
>
> Can you post an update to this bug report for how volunteers can help:
> repository (at Alioth?), discussion mailing list, etc.

OK, so here's a more detailed update.

I've advanced quite a bit in the packaging, but there are still some
things to do.

I'm using a temporary repository to push what I've done so far; it's
good because I can overwrite history if needed.  The URL is:

  

Eventually I'll move everything to collab-maint/pagure, which should be
the official repository anyway.

All the Python dependencies have finally been packaged, which is good
because I can fully build the package now.  However, there are still
some JavaScript libraries that are (a) not being shipped on Debian, and
(b) bundled in their minified version inside pagure.  This is bad, so my
next task is to package those libraries for Debian.  You can take a look
at them by going to the pagure/static directory on the source tree.

I decided to follow what Fedora does and split the package into several
subpackages.  The first one, pagure, should contain the core
functionality and work out-of-the-box.  Then, the user will also have
the possibility to install:

 - pagure-milters, which takes care of allowing users to comment on
   tickets/pull-requests by e-mail (instead of going to the web
   interface).  This package in specific also has a "problem": it
   depends on postfix to work properly, which is not good because Debian
   ships exim4 as the default MTA.  I've also been investigating how to
   use milters with exim4, and I *may* have a solution.

 - pagure-ev-server, which allows live refreshing of a page when someone
   is viewing it.

 - pagure-webhook-server, which sends notifications to third-party
   services (like fedmsg) using POST http reqs.

There's also the pagure-doc package.

I ran the full testsuite and found a few errors on Debian.  I'm in
constant communication with upstream, so they are aware and I should
send some patches in the next days.

I still have this TODO list:

 - Package missing JS libraries

 - Send patch upstream to use python-bcrypt instead of py-bcrypt to hash
   passwords

 - Take care of d/copyright

 - Correctly fill d/pagure-doc.doc-base

 - Review the *.init scripts and make sure they work

 - Review the *.postinst scripts and make sure they work

 - Write *.postrm scripts

 - Decide whether to run pagure-milters as user/group postfix.  Maybe
   decide that based on what the user is using as MTA, and change it
   accordingly on pagure-milters.postinst.  Same applies for
   pagure-milters.tmpfile.

 - Maybe include more systemd security features on *.service files.

 - Fix some lintian warnings/errors that I've seen

Well, that's it.  I think I should be able to finish everything by the
end of the week, and then move to the sponsorship phase :-).

Cheers,

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/


signature.asc
Description: PGP signature

Bug#829046: Status of pagure

[Sergio Durigan Junior]

On Sunday, August 07 2016, Ben Finney wrote:

> On 29-Jul-2016, Sergio Durigan Junior wrote:
>
>> Thanks for the help! I'll send you an e-mail as soon as I set up a
>> repository.
>
> I would also like to be able to contribute to maintenance of Pagure in
> Debian.
>
> Can you post an update to this bug report for how volunteers can help:
> repository (at Alioth?), discussion mailing list, etc.

Thanks for wanting to contribute.

Yesterday I've created a repository at alioth (collab-maint/pagure), but
it's still empty.  I should push my changes later today.

As for a mailing list, I haven't created anything.  So far, we're using
this bug to coordinate the collaboration.  But I can request the
creation of a group on alioth when the package is accepted.

I'll let you know when I push the code today.

Thanks,

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/


signature.asc
Description: PGP signature

Bug#829046: Status of pagure

[Ben Finney]

On 29-Jul-2016, Sergio Durigan Junior wrote:

> Thanks for the help! I'll send you an e-mail as soon as I set up a
> repository.

I would also like to be able to contribute to maintenance of Pagure in
Debian.

Can you post an update to this bug report for how volunteers can help:
repository (at Alioth?), discussion mailing list, etc.

-- 
 \   “First things first, but not necessarily in that order.” —The |
  `\  Doctor, _Doctor Who_ |
_o__)  |
Ben Finney 


signature.asc
Description: PGP signature

Bug#829046: Status of pagure

[Sergio Durigan Junior]

On Friday, July 29 2016, Alexandre Viau wrote:

> Hello,

Hi there,

> What is the status of Pagure packaging, and how can I help?

I'm packaging it.  I'll be unavailable during this weekend, but I intend
to get back to work on Tuesday.

> Do you have a repository where you have started to work on the packaging?

Not yet; everything is on my machine.  But I will create a temporary
repository for packaging; then I can let you know.

> Did you compile a list of dependencies, especially unavailable
> dependencies? If yes, can you post it here so that we can start filing ITPs?

I already filed ITPs and took care of all dependencies listed on the
requirements.txt file, so we should be good on that.

> I intend to contribute to this.

Thanks for the help!  I'll send you an e-mail as soon as I set up a
repository.

Cheers,

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/


signature.asc
Description: PGP signature

Bug#829046: Status of pagure

[Alexandre Viau]

Hello,

What is the status of Pagure packaging, and how can I help?

Do you have a repository where you have started to work on the packaging?

Did you compile a list of dependencies, especially unavailable
dependencies? If yes, can you post it here so that we can start filing ITPs?

I intend to contribute to this.

Cheers,

-- 
Alexandre Viau
av...@debian.org



signature.asc
Description: OpenPGP digital signature