[PATCH] yarnpkg

  • Done
  • quality assurance status badge
Details
5 participants
  • Kozo
  • Björn Höfling
  • Kozo via web
  • Jakub K?dzio?ka
  • Christopher Baines
Owner
unassigned
Submitted by
Kozo
Severity
normal
K
K
Kozo wrote on 26 Apr 2020 04:15
(address . guix-patches@gnu.org)
1ba1944d95080f01f02a11c2484e7cb9fa75f538.camel@runbox.com
Hello,

This is my first submission. Please let me know how I can improve for
future packages.

I followed the steps in the manual and submitted a Software Heritage
request to pull the source code.

Thank you,
Kozo
From cf6cecd960225bab04cc33041e42d4e0cf4a075c Mon Sep 17 00:00:00 2001
From: Kozodev <gitlabcanada@runbox.com>
Date: Sat, 25 Apr 2020 20:09:34 -0600
Subject: [PATCH] yarnpkg

---
yarn.scm | 47 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 47 insertions(+)
create mode 100644 yarn.scm

Toggle diff (55 lines)
diff --git a/yarn.scm b/yarn.scm
new file mode 100644
index 0000000..4a1a57b
--- /dev/null
+++ b/yarn.scm
@@ -0,0 +1,47 @@
+(define-module (yarn)
+ #:use-module (guix packages)
+ #:use-module (guix download)
+ #:use-module (guix build-system trivial)
+ #:use-module (guix licenses)
+ #:use-module (gnu packages node)
+ #:use-module (ice-9 pretty-print))
+
+(define yarn-version "1.22.4")
+
+(define-public yarn
+ (package
+ (name "yarn")
+ (version yarn-version)
+ (source (origin
+ (method url-fetch/tarbomb)
+ (uri (string-append "https://github.com/yarnpkg/yarn/releases/download/v"
+ version "/yarn-v" version ".tar.gz"))
+ (sha256
+ (base32
+ "0n7vhwjz3lyjnavcaw08cqa8gfampqsy5mm3f555cbqb26m1clxw"))))
+ (build-system trivial-build-system)
+ (outputs '("out"))
+ (inputs `(("node" ,node)))
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (let* ((out (assoc-ref %outputs "out"))
+ (bin (string-append out "/bin"))
+ (lib (string-append out "/lib"))
+ (node-modules (string-append lib "/node_modules"))
+ (yarn (string-append node-modules "/yarn"))
+ (input-dir (string-append
+ (assoc-ref %build-inputs "source") "/yarn-v" ,version)))
+ (mkdir-p yarn)
+ (mkdir-p bin)
+ (copy-recursively (string-append input-dir "/") yarn)
+ (symlink (string-append yarn "/bin/yarn") (string-append bin "/yarn"))
+ (symlink (string-append yarn "/bin/yarnpkg") (string-append bin "/yarnpkg"))
+ (delete-file (string-append yarn "/bin/yarn.cmd"))
+ (delete-file (string-append yarn "/bin/yarnpkg.cmd"))))))
+ (home-page "https://yarnpkg.com/")
+ (synopsis "Dependency management tool for JavaScript")
+ (description "Fast, reliable, and secure dependency management tool
+for JavaScript. Acts as a drop-in replacement for NodeJS's npm.")
+ (license bsd-2)))
--
2.26.2
C
C
Christopher Baines wrote on 26 Apr 2020 19:42
(name . Kozo)(address . Gitlabcanada@runbox.com)(address . 40860@debbugs.gnu.org)
878siinnxg.fsf@cbaines.net
Kozo <Gitlabcanada@runbox.com> writes:

Toggle quote (6 lines)
> This is my first submission. Please let me know how I can improve for
> future packages.
>
> I followed the steps in the manual and submitted a Software Heritage
> request to pull the source code.

Hi Kozo,

Yarn would indeed be something that would be nice to have a package for.

While I guess that this might work, I think there are issues with the
source here and the lack of dependencies that make this unsuitable for
Guix.

Toggle quote (12 lines)
> +(define-public yarn
> + (package
> + (name "yarn")
> + (version yarn-version)
> + (source (origin
> + (method url-fetch/tarbomb)
> + (uri (string-append "https://github.com/yarnpkg/yarn/releases/download/v"
> + version "/yarn-v" version ".tar.gz"))
> + (sha256
> + (base32
> + "0n7vhwjz3lyjnavcaw08cqa8gfampqsy5mm3f555cbqb26m1clxw"))))

The key thing here is source. For many reasons, the packages in Guix
represent software being built from some source material.

What's being downloaded here might look like source material, but I
doubt the ~153,409 line lib/cli.js file is really the preferred form for
editing the Yarn source code.

Toggle quote (4 lines)
> + (build-system trivial-build-system)
> + (outputs '("out"))
> + (inputs `(("node" ,node)))

Another sign that something is up is the mismatch between the inputs
here, and the dependencies in the upstream metadata [1]. Assuming the
package works, I'm guessing that there's a lot more than the source of
Yarn within the "source" of this package.


I'm hopeful that package Yarn will become possible sometime soon, but in
my mind the path forward is to get an importer working for npm, package
the many dependencies, then attempt to package yarn.

Unfortunately I don't think there's a bug that tracks this overall issue
well, although I did find a similar bug about yarn [2]


Does that make sense?

Thanks,

Chris
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl6lyBtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE
9XeGpQ/6A9mixGXc2IobxUkE0RnjK5iQkdA4viJxOjnY8rZjvr6nhTIChOorcP8E
UYrEePzYYCi7AzIq0EED6ZQShf0auoajzkZhHdVeLsNnvl7mQ/VfQ1H3/Z/GvNy6
Ma66Dsko07DlqQzX8aCNZ7A+XVfr/yewg9NHRtSP3hRiyCfAtQT1Tt3ceViMLqny
9T1rcBZLZtHUldDOcx5t2NMC2e+jBlLj61NqWv2YfRmjI1H4/CZHPHzUBUp6Qphm
3ZQBjG3CzQPWf4etk8KIKNxAOfwxgLC8EfVYYgSV4+vQmDy5VRp8VGcH2xhw1vCo
FYDhyT29SpqBw4rQ5eT+gedyvdxK7EOPJkVvmAHXa7vFT8B1yLyBvEVvErtCohD9
yz3EXg6FSz5kAYezq4k/h155MHvQflPSidizhI4i2k90fp+3Y3hwAoTqz8EZ+D45
O3zw+9ItRafCceR6lBzG1XUD2E5MKUqKPAsJtmg68931DYQ1QNgjPBocDBgBhW3g
RltUV01kqCjYz1PVVDaoyucNDYoMXvKsYNjA8YBdkAyRcsPmtDepRv/KuVCGZfAb
LrddrgkpgUOdTSsCTTo8JqXHN8J/P3ZCvStJu+vEcJS9UK2GH9b1SQqsQHtnFaX8
7ipA7YSZpz+vzWRZckfyKKnsvkLtL9DzMk7HZ3r6Syd9V08uSC4=
=QUul
-----END PGP SIGNATURE-----

J
J
Jakub K?dzio?ka wrote on 26 Apr 2020 20:16
Re: [PATCH] yarnpkg
(name . Kozo)(address . Gitlabcanada@runbox.com)(address . guix-patches@gnu.org)
20200426181625.tagnhjfz3n7do2cb@gravity
On Sat, Apr 25, 2020 at 08:15:56PM -0600, Kozo wrote:
Toggle quote (7 lines)
> Subject: [PATCH] yarnpkg
>
> ---
> yarn.scm | 47 +++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 47 insertions(+)
> create mode 100644 yarn.scm

Please write commit logs in the ChangeLog format [0]. You can check the
commit history for examples.

Toggle quote (2 lines)
> (define-module (yarn)

Please put the file in gnu/packages/. Also, add it to the list in
gnu/local.mk.

Toggle quote (7 lines)
> #:use-module (guix packages)
> #:use-module (guix download)
> #:use-module (guix build-system trivial)
> #:use-module (guix licenses)
> #:use-module (gnu packages node)
> #:use-module (ice-9 pretty-print))

I can't see where (ice-9 pretty-print) is being used.

Toggle quote (2 lines)
> (define yarn-version "1.22.4")

What is the purpose of this single-use variable?

Toggle quote (7 lines)
> (define-public yarn
> (package
> (name "yarn")
> (version yarn-version)
> (source (origin
> (method url-fetch/tarbomb)

The file has only a single directory, so why use /tarbomb?

Toggle quote (3 lines)
> version "/yarn-v" version ".tar.gz"))

When looking through this download, it seems that the lib/cli.js file is
a preprocessed mess. Ideally, we would build the package from source.

Toggle quote (14 lines)
> (sha256
> (base32
> "0n7vhwjz3lyjnavcaw08cqa8gfampqsy5mm3f555cbqb26m1clxw"))))
> (build-system trivial-build-system)
> (outputs '("out"))
> (inputs `(("node" ,node)))
> (arguments
> `(#:modules ((guix build utils))
> #:builder (begin
> (use-modules (guix build utils))
> (let* ((out (assoc-ref %outputs "out"))
> (bin (string-append out "/bin"))
> (lib (string-append out "/lib"))

The indentation is quite confusing here, I'd suggest running
./etc/format-code.el on your file.

Toggle quote (4 lines)
> (synopsis "Dependency management tool for JavaScript")
> (description "Fast, reliable, and secure dependency management tool
> for JavaScript. Acts as a drop-in replacement for NodeJS's npm.")

I think there are a lot of buzzwords in this description: "fast,
reliable and secure" is not an objective property. Is there something
more neutral that could be said about the package?

Thanks,
Jakub K?dzio?ka

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEE5Xa/ss9usT31cTO54xWnWEYTFWQFAl6lz/UACgkQ4xWnWEYT
FWSYcQ/5AVO/ZT5wVNER0Um86OHo3J1GGrwJxmE87Zhpl+iiSWK4uwaTiXjamVq9
De4oa4b2KVy0GFH35dW5DMoVyBFaxSOzoPXeVB0QTUgZCPwfS2YerPsp2mWE25yo
i4PLojbnjQmxLTICLDfCCOLlrRuULQ+0OtlHtFxWlZa2WhTF20RW6kaFVjFzIH84
X95hKEx2LGwz9LW8cbJlhPg6LIytIOBVqIFS+lBJwrFnDux2KGUfeae/PbowLTMA
XAxRagg1onyjnABY/Kf09HvfNYtdJ+3rafU33xFLWa/wbg/8THN5HDX0zCbXDjt5
Wr8h641NNzP5pUMUvmEFxx7cxRF65pMMg+GPIHG6pdrfX0RaKJIVYv36QpdDKxq0
ciSTw3nEvAzfUbFaPcuptaO/ldK48CZAa9g1EwiZXwpKmg0+gjUNkNHOAws+oyMl
FGVNR/rnOKLz3xDroQdbQe1RmEDyH3CM0OrLKYAkL2ucQE+uXOPTmFc5MuCJ2fl0
U/YB9KyHKoA8fKXUSetXhL5IPF/OYo4134LYl7dmmNqi4F8reJafpYDN2ffIdpxs
llIhmUtULBlpYb2sx99W3I51NxvScTM3uD8S8xVODROXk4XGa+YvudTqc17FryxD
ipyUXEY728M+CVC/JPKGvDtZkk6xmwKVR/YoByUSRs6FyYYPeJo=
=gVN/
-----END PGP SIGNATURE-----


K
K
Kozo wrote on 27 Apr 2020 16:10
[PATCH] Yarnpkg
(address . 40860@debbugs.gnu.org)
c3fc7c23eb03835639f263be0fa2c4edb56010a1.camel@runbox.com
Thank you for the feedback, Christopher and Jakub.

After going over what you said, this package is beyond my current
experience. It would make sense to start getting all the dependencies
in one at a time and return to this one later.

Please go ahead and close this request as I work on the building
blocks.

Thanks,
Kozo
B
B
Björn Höfling wrote on 27 Apr 2020 20:28
(name . Kozo)(address . Gitlabcanada@runbox.com)(address . 40860-done@debbugs.gnu.org)
20200427202835.2caee370@alma-ubu
On Mon, 27 Apr 2020 08:10:28 -0600
Kozo <Gitlabcanada@runbox.com> wrote:

Toggle quote (9 lines)
> Thank you for the feedback, Christopher and Jakub.
>
> After going over what you said, this package is beyond my current
> experience. It would make sense to start getting all the dependencies
> in one at a time and return to this one later.
>
> Please go ahead and close this request as I work on the building
> blocks.

Hi Kozo,

you can close issues by appending "-done" to the bug-number as I did.

node/npm is terribly hard because of its "dependency hell".

Jelle Licht worked on an npm-importer. AFAIK it is not yet part of
Guix. Here is a reference on it I found:


Björn
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQQiGUP0np8nb5SZM4K/KGy2WT5f/QUCXqckUwAKCRC/KGy2WT5f
/Xl2AJwI5hSIoR7kaYHbkeW60KoKQgpXvgCeJeLT0qw54/Fg3oUw9i/90jIRy9s=
=bw1+
-----END PGP SIGNATURE-----


Closed
K
K
Kozo via web wrote on 4 May 2020 21:28
(no subject)
(address . 40860@debbugs.gnu.org)
7fbdd51d8ac0.6b24ee6c792f93b@guile.gnu.org
Greetings,

Thank you for your feedback. This package is too complex for my current experience level.

The current plan of action will be to start getting all the dependencies added in and then come back to this overall package.

Please close this request and we'll re-visit it in the future.

Thank you,
Kozo
B
B
Björn Höfling wrote on 5 May 2020 09:08
(name . Kozo via web)(address . issues.guix.gnu.org@elephly.net)(address . 40860-done@debbugs.gnu.org)
20200505090816.1164bae3@alma-ubu
On Mon, 4 May 2020 21:28:54 +0200
Kozo via web <issues.guix.gnu.org@elephly.net> wrote:

Toggle quote (10 lines)
> Greetings,
>
> Thank you for your feedback. This package is too complex for my
> current experience level.
>
> The current plan of action will be to start getting all the
> dependencies added in and then come back to this overall package.
>
> Please close this request and we'll re-visit it in the future.

Closed with adding "-done" to the bug-number.

Thanks for giving it a try and see you around with smaller packages
first.

Björn
-----BEGIN PGP SIGNATURE-----

iF0EAREKAB0WIQQiGUP0np8nb5SZM4K/KGy2WT5f/QUCXrEQ4AAKCRC/KGy2WT5f
/YBuAJ9+zrEwuneFwVy2WmqW1WrORXsddgCeLul5Av9JHty0cDYCB44+ti169ls=
=srmI
-----END PGP SIGNATURE-----


Closed
?