Re: [packages/firefox] - bump libicu-devel to 63.1; builds fine with nodejs 10 even with no read access to resolv.conf
On 03/06/2019 20:58, Jan Rękorajski wrote: > On Mon, 03 Jun 2019, arekm wrote: > >> commit 28dc894f0a27bdc080bbfc821d2841760a70927b >> Author: Arkadiusz Miśkiewicz >> Date: Mon Jun 3 15:09:13 2019 +0200 >> >> - bump libicu-devel to 63.1; builds fine with nodejs 10 even with no >> read access to resolv.conf >> >> firefox.spec | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> --- >> diff --git a/firefox.spec b/firefox.spec >> index de14e08..c60c946 100644 >> --- a/firefox.spec >> +++ b/firefox.spec >> @@ -293,7 +293,7 @@ BuildRequires: libatomic-devel >> BuildRequires: libevent-devel >= 1.4.7 >> # standalone libffi 3.0.9 or gcc's from 4.5(?)+ >> BuildRequires: libffi-devel >= 6:3.0.9 >> -%{?with_system_icu:BuildRequires: libicu-devel >= 59.1} >> +%{?with_system_icu:BuildRequires: libicu-devel >= 63.1} >> # requires libjpeg-turbo implementing at least libjpeg 6b API >> BuildRequires: libjpeg-devel >= 6b >> BuildRequires: libjpeg-turbo-devel >> > > No, it does not: > > http://buildlogs.pld-linux.org//index.php?dist=th=x86_64=0=firefox=05da2df8-250e-48ea-b5a4-93a6dbdf387f=tail > builders don't have nodejs 10, it's only in our git (and in .test-builds) -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) ___ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
Re: [packages/firefox] - bump libicu-devel to 63.1; builds fine with nodejs 10 even with no read access to resolv.conf
On Mon, 03 Jun 2019, arekm wrote: > commit 28dc894f0a27bdc080bbfc821d2841760a70927b > Author: Arkadiusz Miśkiewicz > Date: Mon Jun 3 15:09:13 2019 +0200 > > - bump libicu-devel to 63.1; builds fine with nodejs 10 even with no read > access to resolv.conf > > firefox.spec | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > --- > diff --git a/firefox.spec b/firefox.spec > index de14e08..c60c946 100644 > --- a/firefox.spec > +++ b/firefox.spec > @@ -293,7 +293,7 @@ BuildRequires:libatomic-devel > BuildRequires: libevent-devel >= 1.4.7 > # standalone libffi 3.0.9 or gcc's from 4.5(?)+ > BuildRequires: libffi-devel >= 6:3.0.9 > -%{?with_system_icu:BuildRequires:libicu-devel >= 59.1} > +%{?with_system_icu:BuildRequires:libicu-devel >= 63.1} > # requires libjpeg-turbo implementing at least libjpeg 6b API > BuildRequires: libjpeg-devel >= 6b > BuildRequires: libjpeg-turbo-devel > No, it does not: http://buildlogs.pld-linux.org//index.php?dist=th=x86_64=0=firefox=05da2df8-250e-48ea-b5a4-93a6dbdf387f=tail -- Jan Rękorajski| PLD/Linux SysAdm | bagginspld-linux.org | http://www.pld-linux.org/ ___ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
Re: firefox and builders...
On Mon, Jun 03, 2019 at 08:19:42AM +0200, Jacek Konieczny wrote: > On 03/06/2019 07.25, Jan Rękorajski wrote> > > I don't believe it's nodejs problem, I think it's builder > > security/networking problem. > But the security/networking restrictions are there for a reason. If we > allow build process to download anything it wants, then we could skip > shipping source packages at all. It's about reproducibility as well. > Yes it sucks in today's world, especially when trying to build something > like Node or Java crap. Proper source packages are harder and harder to > find, even for C code (e.g. when code is available only on github and > includes submodules)… We tend to fix tags at least, submodules is a major hassle indeed... > Maybe we should rethink our policy…, but just removing the restrictions > because one package stopped to build doesn't seem a right way to do it. ALT is building its repos without network access, maybe some patches or approaches will be reuseful to you too. In particular, fx67 has just landed: https://packages.altlinux.org/en/sisyphus/srpms/firefox I'm not into nodejs but it's sort of there too: https://packages.altlinux.org/en/sisyphus/srpms/node https://packages.altlinux.org/en/search?query=nodejs -- WBR, Michael Shigorin / http://altlinux.org -- http://opennet.ru / http://anna-news.info ___ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
Re: firefox and builders...
That nodejs in firefox is not downloading anything AFAIK, it's just convoluted build process that needs nodejs started and it cannot start without dns :/ I don't remember how we run builds, but maybe if we point resolv.conf at 127.0.0.1 it will be enough for it. On Mon, Jun 3, 2019 at 8:19 AM Jacek Konieczny wrote: > On 03/06/2019 07.25, Jan Rękorajski wrote> > > I don't believe it's nodejs problem, I think it's builder > > security/networking problem. > But the security/networking restrictions are there for a reason. If we > allow build process to download anything it wants, then we could skip > shipping source packages at all. > > Yes it sucks in today's world, especially when trying to build something > like Node or Java crap. Proper source packages are harder and harder to > find, even for C code (e.g. when code is available only on github and > includes submodules)… > > Maybe we should rethink our policy…, but just removing the restrictions > because one package stopped to build doesn't seem a right way to do it. > > Jacek > ___ > pld-devel-en mailing list > pld-devel-en@lists.pld-linux.org > http://lists.pld-linux.org/mailman/listinfo/pld-devel-en > -- Jan Rękorajski | SysAdm | PLD/Linux | http://www.pld-linux.org/ bagginspld-linux.org ___ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
Re: firefox and builders...
On 03/06/2019 07.25, Jan Rękorajski wrote> > I don't believe it's nodejs problem, I think it's builder > security/networking problem. But the security/networking restrictions are there for a reason. If we allow build process to download anything it wants, then we could skip shipping source packages at all. Yes it sucks in today's world, especially when trying to build something like Node or Java crap. Proper source packages are harder and harder to find, even for C code (e.g. when code is available only on github and includes submodules)… Maybe we should rethink our policy…, but just removing the restrictions because one package stopped to build doesn't seem a right way to do it. Jacek ___ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en