-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[8.0.0] Provide a release tarball with pre-generated npm stuff #1261
Comments
Personally I don't think including the created build files or including all the npm dependencies in the tarball is a good idea. But I am open for suggestions and a PR. |
After executing It seems sharing that with us will be enough to compile "gsa" for source-based distribution with a little cmake hack. Thanks. |
I really would like to know how this is solved by other projects. |
i tried to do that while creating packages for fedora. nb.: the packages are not yet finished (the upgrade-path of the packages is still missing), but they seem to work for me. |
@tgurr @cheese1 Off-topic and just a FYI that there is some discussion on a consistent naming of the packages across all distributions ongoing on greenbone/gvm-libs#197 e.g. openvas-gsa is most likely even more confusing and there should only an openvas-scanner package now that the project name is "Greenbone Vulnerability Management (GVM)". |
Thanks
I was in the middle of collecting infos how to change names of packages in
fedora.
Yours
Josef
-------------------------
VON: cfi-gb <notifications@github.com>
GESENDET: Samstag, 20. April 2019 16:35
AN: gsa@noreply.github.com
CC: cheese1; Mention
BETREFF: Re: [greenbone/gsa] [8.0.0] Provide a release tarball with
pre-generated npm stuff (#1261)
@tgurr[1] @cheese1[2] Off-topic and just a FYI that there is some
discussion on a consistent naming of the packages across all
distributions ongoing on greenbone/gvm-libs#197[3]
e.g. openvas-gsa is most likely even more confusing and there should
only an openvas-scanner package now that the project name is "Greenbone
Vulnerability Management (GVM)".
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub[4], or mute the
thread[5].
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/greenbone/gsa","title":"greenbone/gsa","subtitle":"GitHub
repository","main_image_url":"https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open
in
GitHub","url":"https://github.com/greenbone/gsa"}},"updates":{"snippets":[{"icon":"PERSON","message":"@cfi-gb
in #1261: @tgurr @cheese1 Off-topic and just a FYI that there is some
discussion on a consistent naming of the packages across all distributions
ongoing on https://github.com/greenbone/gvm-libs/issues/197\r\n\r\ne.g.
openvas-gsa is most likely even more confusing and there should only an
openvas-scanner package now that the project name is \"Greenbone
Vulnerability Management (GVM)\"."}],"action":{"name":"View
Issue","url":"#1261 (comment)"}}}
[ { "@context": "http://schema.org", "@type": "EmailMessage",
"potentialAction": { "@type": "ViewAction", "target":
"#1261 (comment)",
"url":
"#1261 (comment)",
"name": "View Issue" }, "description": "View this Issue on GitHub",
"publisher": { "@type": "Organization", "name": "GitHub", "url":
"https://github.com" } }
]
|
Does anybody know how this issue is solved by others? I am not sure if yarn creates a reproducible node_modules directory and if it is worth to put it into a tar.gz. |
Again I really would like to fix this issue for a 8.0.1 release but I rely on downstream for a sufficient approach. Packaging my node_modules directory doesn't seem right for me. |
There are two solutions. 1-) For 8.0.1 maybe you could consider to release offline tarball too with pre-generated node_modules in gsa folder. You can find patches below for this setup.
I confirm that this setup works for compiling gsa for source based distros if we have pre-generated node modules in gsa directory. 2-) If you looking for other solution.The only way is sharing the all node_modules links that gsa needs to compile.In package.json there are ~40 node dependency but it seems they have also other dependencies too.I see them in yarn.lock file.This is the hard way for both of us. greenbone-security-assistant-8.0.0-react-env.patch
greenbone-security-assistant-8.0.0-yarn-install.patch
|
ping for issue @bjoernricks --> I have just checked repology.org and after 3 months only alpine linux bumped new gvm-libs and all other new gvm components.I believe that if you fix this npm/yarn issue maintainers will be able to bump new gvm-libs & components to linux repositories. Hasan. |
Sorry I can't spent much time on this issue at the moment. My role at Greenbone changed a lot in the past months. @hsntgm if I understand you correctly it would be enough to release the node_modules directory as a tarball too? Otherwise I am depending on downstream to provide a PR. |
Congrats. for new role @bjoernricks Thanks. |
@hsntgm thanks! I've uploaded https://github.com/greenbone/gsa/releases/download/v8.0.0/gsa-node-modules-8.0.0.tar.gz Please check if that file fits for you or something is still missing. |
Thank you @bjoernricks This issue is solved. I successfully compiled gsa on Gentoo with gsa-node-modules-8.0.0.tar.gz greenbone-security-assistant-8.0.0-react-env.patch Other source-based distro maintainers could get the necessarry patches from my gvm-10 repo --> After greenbone release gsa-8.0.1 (there are lots of bug fixing) i will push gvm to main gentoo tree. |
I'll try to get a new release for all GVM components next week. So I am closing this issue for now. Feel free to reopen if something is still missing. |
Error 404, also couldn't find the files in question when looking at your available GitHub repositories. @bjoernricks First thanks for taking care of providing a tarball with the pre-generated files! However I don't really consider this fixed as long as it doesn't work out of the box, meaning having to apply downstream patches/workarounds. You could start to provide a release tarball containing everything required (source & pre-generated files). The default for release(d) versions should be to pick up the pre-generated files automatically if available and for scm/development builds rebuilding them if there are no pre-generated files available or maybe add a CMake option to force rebuilding them for better control. |
@bjoernricks it seems you have updated node modules, e.g. core-js is now at version 3.2.1 which was 2.6.5 for old gsa 8.0.0. I didn't check all of them but i get lots of missing node modules errors while compiling gsa 9.0.0 wtih previous node-modules that you uploaded.
Could you provide node-modules tarball for 9.0.0 ? |
@bjoernricks |
While trying to update our distribution packages I've come across the issue that gsa tries to download npm stuff during compile time which is quite unfortunate for us as a source-based distribution. Other projects using npm e.g. https://github.com/cockpit-project/cockpit and https://pypi.org/project/Mopidy-Iris/ come with precompiled npm stuff, it would be great if you could provide a complete release tarball as well.
The text was updated successfully, but these errors were encountered: