Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#980316: Update yarnpkg to 2.x versions using corepack repo
91 views
Skip to first unread message
Pirate Praveen
Jan 17, 2021, 12:40:04 PM1/17/21
to
Package: yarnpkg
Version: 1.22.10+~cs22.25.14-1
Severity: important
Control: block 956423 by -1
Yarn 1.x branch is not receiving any updates upstream. We somehow
managed to get it build with newer versions of build dependencies for
bullseye, but we are not able to remove dependency on request yet.
If we can package yarn 2.x branch using
https://github.com/nodejs/corepack
we can move to an upstream supported branch.
I have tried to build this manually with taking some modules from
npmjs.com
Filing this bug to keep track of this update.
New packages clipanion terser-webpack-plugin ts-loader
@zkochan/cmd-shim (if you'd like to help, feel free to file ITP and add
it as blocking this bug)
Probably embed @yarnpkg/fslib
terser need update to 4.8 and Jonas needs help
Version: 1.22.10+~cs22.25.14-1
Severity: important
Control: block 956423 by -1
Yarn 1.x branch is not receiving any updates upstream. We somehow
managed to get it build with newer versions of build dependencies for
bullseye, but we are not able to remove dependency on request yet.
If we can package yarn 2.x branch using
https://github.com/nodejs/corepack
we can move to an upstream supported branch.
I have tried to build this manually with taking some modules from
npmjs.com
Filing this bug to keep track of this update.
New packages clipanion terser-webpack-plugin ts-loader
@zkochan/cmd-shim (if you'd like to help, feel free to file ITP and add
it as blocking this bug)
Probably embed @yarnpkg/fslib
terser need update to 4.8 and Jonas needs help
Pirate Praveen
Jan 17, 2021, 2:00:03 PM1/17/21
to
clipanion needs @wessberg/rollup-plugin-ts as build dependency
Pirate Praveen
Apr 30, 2021, 10:40:03 AM4/30/21
to
On Mon, 18 Jan 2021 00:19:59 +0530 Pirate Praveen
<pra...@onenetbeyond.org> wrote:
> clipanion needs @wessberg/rollup-plugin-ts as build dependency
clipanion 3 has moved to @rollup/plugin-typescript which is already
<pra...@onenetbeyond.org> wrote:
> clipanion needs @wessberg/rollup-plugin-ts as build dependency
packaged.
https://www.npmjs.com/package/clipanion?activeTab=dependencies
Paolo Greppi
Jan 9, 2022, 4:10:04 PM1/9/22
to
I stumbled upon this thread related to packaging corepack for gentoo:
https://github.com/nodejs/corepack/issues/76
We now have node 16 in experimental, but our package does not bundle
corepack (as upstream does):
https://packages.debian.org/experimental/amd64/nodejs/filelist
I propose that we create a RFP/ITP for corepack separate from nodejs,
with Conflicts: yarnpkg
The corepack binary would install /usr/bin/yarnpkg pointing to the
corepack shims; this would allow Debian users who "use different package
manager versions across multiple projects" to happily install random
binaries downloaded from the internet if they wish.
If we agree that we (as a distribution) need specific versions of
yarnpkg (for building other stuff, we need to keep one or more yarnpkg
packages in Debian, all with Conflicts: corepack + each other.
If we really want yarnpkg 1, according to my tests, the corepack route
is useless:
docker pull node:16
docker run -it --rm node:16 bash
yarn -v # 1.22.15
# this downloads https://registry.npmjs.org/yarn/-/yarn-1.22.17.tgz
# based on the versions / 1.22.17 / dist / tarball value in:
# https://registry.yarnpkg.com/yarn/
corepack prepare ya...@1.22.17 --activate
yarn -v # 1.22.15
corepack yarn -v # 1.22.17
ls -l /root/.node/corepack
total 2
-rw-r--r-- 1 root root 63 Jan 9 18:33 lastKnownGood.json
drwxr-xr-x 1 root root 14 Jan 9 18:13 yarn
To "build" it quick and dirty we can download once and for all the same
pre-built binary that corepack would download, extract it and symlink it
to /usr/bin/yarnpkg (without shims); this package should go to contrib
since it downloads stuff from the internet during the build, but would
fix the issue of yarnpkg blocking the migration to webpack5 and removal
of node-request.
Or else keep alive the current version in main by just bundling into it
webpack4 and node-request.
If we really want a new yarnpkg3 package, corepack is also useless as it
merely installs yarnpkg 1.
The upstream recommended way of installing yarnpkg 3 (get yarn 1 with
corepack then yarn init -2 (sic!)) just downloads the current pre-built
binary (ATM
https://repo.yarnpkg.com/3.1.1/packages/yarnpkg-cli/bin/yarn.js, 2199165
bytes) to .yarn/releases/yarn-3.1.1.cjs.
AFAICT this does not integrate with the shared package manager versions
stored in ~/.node/corepack.
One way to "build" yarnpkg3 quick and dirty is to download once and for
all the same pre-built binary that yarn init -2 would download, and
symlink it to /usr/bin/yarnpkg (without shims).
Or if we want it in main we should replicate the way upstream builds
this yarn.js binary.
Sorry for the long message, this is a mess!
Paolo
https://github.com/nodejs/corepack/issues/76
We now have node 16 in experimental, but our package does not bundle
corepack (as upstream does):
https://packages.debian.org/experimental/amd64/nodejs/filelist
I propose that we create a RFP/ITP for corepack separate from nodejs,
with Conflicts: yarnpkg
The corepack binary would install /usr/bin/yarnpkg pointing to the
corepack shims; this would allow Debian users who "use different package
manager versions across multiple projects" to happily install random
binaries downloaded from the internet if they wish.
If we agree that we (as a distribution) need specific versions of
yarnpkg (for building other stuff, we need to keep one or more yarnpkg
packages in Debian, all with Conflicts: corepack + each other.
If we really want yarnpkg 1, according to my tests, the corepack route
is useless:
docker pull node:16
docker run -it --rm node:16 bash
yarn -v # 1.22.15
# this downloads https://registry.npmjs.org/yarn/-/yarn-1.22.17.tgz
# based on the versions / 1.22.17 / dist / tarball value in:
# https://registry.yarnpkg.com/yarn/
corepack prepare ya...@1.22.17 --activate
yarn -v # 1.22.15
corepack yarn -v # 1.22.17
ls -l /root/.node/corepack
total 2
-rw-r--r-- 1 root root 63 Jan 9 18:33 lastKnownGood.json
drwxr-xr-x 1 root root 14 Jan 9 18:13 yarn
To "build" it quick and dirty we can download once and for all the same
pre-built binary that corepack would download, extract it and symlink it
to /usr/bin/yarnpkg (without shims); this package should go to contrib
since it downloads stuff from the internet during the build, but would
fix the issue of yarnpkg blocking the migration to webpack5 and removal
of node-request.
Or else keep alive the current version in main by just bundling into it
webpack4 and node-request.
If we really want a new yarnpkg3 package, corepack is also useless as it
merely installs yarnpkg 1.
The upstream recommended way of installing yarnpkg 3 (get yarn 1 with
corepack then yarn init -2 (sic!)) just downloads the current pre-built
binary (ATM
https://repo.yarnpkg.com/3.1.1/packages/yarnpkg-cli/bin/yarn.js, 2199165
bytes) to .yarn/releases/yarn-3.1.1.cjs.
AFAICT this does not integrate with the shared package manager versions
stored in ~/.node/corepack.
One way to "build" yarnpkg3 quick and dirty is to download once and for
all the same pre-built binary that yarn init -2 would download, and
symlink it to /usr/bin/yarnpkg (without shims).
Or if we want it in main we should replicate the way upstream builds
this yarn.js binary.
Sorry for the long message, this is a mess!
Paolo
Jérémy Lal
Feb 3, 2022, 5:50:04 PM2/3/22
to
Package: yarnpkg
Version: 1.22.10+~cs22.25.14-5
Followup-For: Bug #980316
Hi,
i just realized that corepack was indeed not installed
by nodejs source package.
There is a reason for that: unfortunately corepack source is
not bundled into nodejs source tarball.
The distributed files are the compiled ones, and instead of
complicating things i'm just going to dfsg-exclude corepack
from nodejs source tarball.
-- System Information:
Debian Release: bookworm/sid
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'unstable'), (101, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.15.0-3-amd64 (SMP w/4 CPU threads)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages yarnpkg depends on:
ii ca-certificates 20211016
ii node-asap 2.0.6+~2.0.0-1
ii node-babel7-runtime 7.16.12+~cs214.260.189-2
ii node-bytes 3.1.0-2
ii node-camelcase 6.3.0-1
ii node-chalk 4.1.2-1
ii node-chownr 2.0.0-1
ii node-ci-info 3.2.0+~cs4.2.0-4
ii node-cli-table 0.3.11+~cs0.13.3-1
ii node-commander 6.2.1-2
ii node-death 1.1.0-2
ii node-debug 4.3.2+~cs4.1.7-1
ii node-deep-equal 2.0.5+~cs32.11.68-2
ii node-detect-indent 6.0.0-2
ii node-duplexify 4.1.2-1
ii node-emoji 1.10.0+~1.8.1-1
ii node-fast-levenshtein 2.0.6+ds-3
ii node-glob 7.1.7+~cs7.5.19-2
ii node-imports-loader 0.8.0-5
ii node-ini 2.0.1-1
ii node-inquirer 8.2.0+~cs26.5.5-1
ii node-invariant 2.2.4-1
ii node-is-builtin-module 3.1.0-1
ii node-js-yaml 4.1.0+dfsg+~4.0.5-6
ii node-loud-rejection 2.2.0-2
ii node-micromatch 4.0.4+~4.0.2-1
ii node-minimatch 3.0.4+~3.0.5-1
ii node-mkdirp 1.0.4+~1.0.2-1
ii node-object-path 0.11.8+~0.11.1-1
ii node-path-root 0.1.1-2
ii node-prepend-http 3.0.1-2
ii node-proper-lockfile 4.1.2-1
ii node-puka 1.0.1+dfsg-2
ii node-pump 3.0.0-5
ii node-pumpify 2.0.1-2
ii node-read 1.0.7-3
ii node-request 2.88.1-5
ii node-request-capture-har 1.2.2-2
ii node-resolve 1.20.0+~cs5.27.9-1
ii node-rimraf 3.0.2-1
ii node-semver 7.3.5+~7.3.8-1
ii node-sort-keys 4.0.0-1
ii node-ssri 8.0.1-2
ii node-strict-uri-encode 2.0.0+~2.0.0-1
ii node-strip-ansi 6.0.1-1
ii node-strip-bom 4.0.0-2
ii node-tar-stream 2.2.0+~cs3.2.2-1
ii node-through2 4.0.2-2
ii node-uuid 8.3.2+~8.3.3-1
ii node-validate-npm-package-license 3.0.4-2
ii node-yn 4.0.0-2
ii nodejs 12.22.9~dfsg-1
yarnpkg recommends no packages.
yarnpkg suggests no packages.
-- no debconf information
Version: 1.22.10+~cs22.25.14-5
Followup-For: Bug #980316
Hi,
i just realized that corepack was indeed not installed
by nodejs source package.
There is a reason for that: unfortunately corepack source is
not bundled into nodejs source tarball.
The distributed files are the compiled ones, and instead of
complicating things i'm just going to dfsg-exclude corepack
from nodejs source tarball.
-- System Information:
Debian Release: bookworm/sid
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'unstable'), (101, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.15.0-3-amd64 (SMP w/4 CPU threads)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages yarnpkg depends on:
ii ca-certificates 20211016
ii node-asap 2.0.6+~2.0.0-1
ii node-babel7-runtime 7.16.12+~cs214.260.189-2
ii node-bytes 3.1.0-2
ii node-camelcase 6.3.0-1
ii node-chalk 4.1.2-1
ii node-chownr 2.0.0-1
ii node-ci-info 3.2.0+~cs4.2.0-4
ii node-cli-table 0.3.11+~cs0.13.3-1
ii node-commander 6.2.1-2
ii node-death 1.1.0-2
ii node-debug 4.3.2+~cs4.1.7-1
ii node-deep-equal 2.0.5+~cs32.11.68-2
ii node-detect-indent 6.0.0-2
ii node-duplexify 4.1.2-1
ii node-emoji 1.10.0+~1.8.1-1
ii node-fast-levenshtein 2.0.6+ds-3
ii node-glob 7.1.7+~cs7.5.19-2
ii node-imports-loader 0.8.0-5
ii node-ini 2.0.1-1
ii node-inquirer 8.2.0+~cs26.5.5-1
ii node-invariant 2.2.4-1
ii node-is-builtin-module 3.1.0-1
ii node-js-yaml 4.1.0+dfsg+~4.0.5-6
ii node-loud-rejection 2.2.0-2
ii node-micromatch 4.0.4+~4.0.2-1
ii node-minimatch 3.0.4+~3.0.5-1
ii node-mkdirp 1.0.4+~1.0.2-1
ii node-object-path 0.11.8+~0.11.1-1
ii node-path-root 0.1.1-2
ii node-prepend-http 3.0.1-2
ii node-proper-lockfile 4.1.2-1
ii node-puka 1.0.1+dfsg-2
ii node-pump 3.0.0-5
ii node-pumpify 2.0.1-2
ii node-read 1.0.7-3
ii node-request 2.88.1-5
ii node-request-capture-har 1.2.2-2
ii node-resolve 1.20.0+~cs5.27.9-1
ii node-rimraf 3.0.2-1
ii node-semver 7.3.5+~7.3.8-1
ii node-sort-keys 4.0.0-1
ii node-ssri 8.0.1-2
ii node-strict-uri-encode 2.0.0+~2.0.0-1
ii node-strip-ansi 6.0.1-1
ii node-strip-bom 4.0.0-2
ii node-tar-stream 2.2.0+~cs3.2.2-1
ii node-through2 4.0.2-2
ii node-uuid 8.3.2+~8.3.3-1
ii node-validate-npm-package-license 3.0.4-2
ii node-yn 4.0.0-2
ii nodejs 12.22.9~dfsg-1
yarnpkg recommends no packages.
yarnpkg suggests no packages.
-- no debconf information
Pirate Praveen
Mar 20, 2023, 11:50:04 AM3/20/23
to
On Thu, 16 Mar 2023 10:23:53 +0100 Israel Galadima
<izzyga...@gmail.com> wrote:
> Hi,
>
> Michael and I have done some packaging work for corepack.
> Of note, we have updated clipanion and packaged some dependencies of
> proxy-agent.
>
> Although, some of our work is awaiting uploads because of the freeze.
>
> Regards.
We tried to update yarnpkg as part of an outreachy project (in two
rounds), but we could not complete it in time for bookworm. As shared
by Israel, we made some good progress and we hope to be able to do it
in trixie. I request bookworm-ignore tags for these bugs (as such there
is no immediate breakage, just unmaintained upstreams for these
packages). Hopefully we can handle any security updates ourselves.
Additionally, even though yarnpkg itself is old, the presence of the
package makes it easy to obtain a newer yarnpkg. In gitlab, I already
use the packaged yarnpkg command to install a newer yarnpkg[1]. It is
also very common in nodejs world to use specific version of yarnpkg for
each project, these are typically installed in .yarn directory for each
project.
yarnpkg: 980316,958686, 1002902, 980316
node-har-validator: 1024575
node-request: 956423
node-request-capture-har: 1002901
[1]
https://salsa.debian.org/ruby-team/gitlab/-/blob/master/debian/rake-tasks.sh#L44
runuser -u ${gitlab_user} -- sh -c 'yarnpkg set version berry'
<izzyga...@gmail.com> wrote:
> Hi,
>
> Michael and I have done some packaging work for corepack.
> Of note, we have updated clipanion and packaged some dependencies of
> proxy-agent.
>
> Although, some of our work is awaiting uploads because of the freeze.
>
> Regards.
We tried to update yarnpkg as part of an outreachy project (in two
rounds), but we could not complete it in time for bookworm. As shared
by Israel, we made some good progress and we hope to be able to do it
in trixie. I request bookworm-ignore tags for these bugs (as such there
is no immediate breakage, just unmaintained upstreams for these
packages). Hopefully we can handle any security updates ourselves.
Additionally, even though yarnpkg itself is old, the presence of the
package makes it easy to obtain a newer yarnpkg. In gitlab, I already
use the packaged yarnpkg command to install a newer yarnpkg[1]. It is
also very common in nodejs world to use specific version of yarnpkg for
each project, these are typically installed in .yarn directory for each
project.
yarnpkg: 980316,958686, 1002902, 980316
node-har-validator: 1024575
node-request: 956423
node-request-capture-har: 1002901
[1]
https://salsa.debian.org/ruby-team/gitlab/-/blob/master/debian/rake-tasks.sh#L44
runuser -u ${gitlab_user} -- sh -c 'yarnpkg set version berry'
Israel Galadima
Sep 23, 2023, 7:10:05 AM9/23/23
to
Hi,
node-corepack is now in the NEW queue.
It installs only /usr/bin/corepack to prevent it from conflicting
with /usr/bin/yarnpkg, /usr/bin/npm. So the package managers
are accessible through corepack yarn, corepack npm and
corepack pnpm commands.
It installs only /usr/bin/corepack to prevent it from conflicting
with /usr/bin/yarnpkg, /usr/bin/npm. So the package managers
are accessible through corepack yarn, corepack npm and
corepack pnpm commands.
Thanks.
0 new messages