Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#68898 - [vagrant] bundled gems aren't pinned

Attached to Project: Community Packages
Opened by kpcyrd (kpcyrd) - Tuesday, 08 December 2020, 16:52 GMT
Last edited by Jonathan Steel (jsteel) - Sunday, 31 January 2021, 21:23 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Jonathan Steel (jsteel)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

It seems vagrant dependencies are not pinned and selected at build time:

https://reproducible.archlinux.org/api/v0/builds/9538/diffoscope

(see eg. listen-3.3.1 vs listen-3.3.3)

Additional info:
* package version(s): 2.2.14-1
This task depends upon

Closed by  Jonathan Steel (jsteel)
Sunday, 31 January 2021, 21:23 GMT
Reason for closing:  Won't implement
Additional comments about closing:  If there is ever any requirement for reproducible builds I'll likely drop this to the AUR and maintain it there.
Comment by Eli Schwartz (eschwartz) - Tuesday, 08 December 2020, 17:04 GMT
  • Field changed: Summary ([vagrant] dependencies aren't pinned → [vagrant] bundled gems aren't pinned)
"Dependencies" can mean very different things in the context of a package manager. Retitling.
Comment by Jonathan Steel (jsteel) - Tuesday, 08 December 2020, 19:18 GMT
Are you suggesting we edit the vagrant.gemspec to set specific versions? I'm not overly fond of that idea. My preference would be to use the vanilla upstream file here, unless of course upstream make the change. Maybe I'm being ignorant here, but I don't remember being told to work towards making all packages reproducible, so let me know if I've missed something eg a proposed item for the todo list.
Comment by Morten Linderud (Foxboron) - Tuesday, 08 December 2020, 19:26 GMT
>Maybe I'm being ignorant here, but I don't remember being told to work towards making all packages reproducible, so let me know if I've missed something eg a proposed item for the todo list.

We haven't gotten that far yet. We are actively patching packages up for reproducability where they are actionable, which is the case here.
Comment by Eli Schwartz (eschwartz) - Tuesday, 08 December 2020, 19:28 GMT
Is it possible to just make it use the system gems instead of bundling them?
Comment by Jonathan Steel (jsteel) - Tuesday, 08 December 2020, 19:30 GMT
This is a nasty package, if it works, I'm happy.
Comment by Morten Linderud (Foxboron) - Tuesday, 08 December 2020, 19:37 GMT
For reference, I submitted patches so we can remove `go get`, but not a lot of movement....

https://github.com/hashicorp/vagrant-installers/pull/161
Comment by Jonathan Steel (jsteel) - Tuesday, 08 December 2020, 19:49 GMT
Cool, yes I've never liked that. I tried to work with upstream to improve the build and packaging process but they seem uninterested. They ended up making their own PKGBUILD and building Arch packages themselves, completely missing the point.

I remember spending time in the past trying to get this to use system libraries but failed. If this package causes any problems (eg being on a todo list) I'd suggest dropping it to the AUR, unless someone wants to take over.
Comment by Morten Linderud (Foxboron) - Wednesday, 09 December 2020, 08:22 GMT
It's not on any todo list so we can have it open and see if there is any solutions that comes up :)
Comment by Jonathan Steel (jsteel) - Wednesday, 09 December 2020, 08:52 GMT
I'm inclined to close as "won't implement", if there is no rule for packages needing to be reproducible. But if someone wants to take this work on then please take this bug report.

Loading...