Bug 1763931 - Review Request: apt - Debian's commandline package manager
Summary: Review Request: apt - Debian's commandline package manager
Keywords:
Status: CLOSED DUPLICATE of bug 1764813
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Nobody's working on this, feel free to take it
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-10-22 01:53 UTC by Sergio Basto
Modified: 2019-11-06 04:16 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-10-22 20:49:19 UTC
Type: Bug


Attachments (Terms of Use)

Description Sergio Basto 2019-10-22 01:53:16 UTC
Spec URL: https://sergiomb.fedorapeople.org/apt-debian/apt.spec
SRPM URL: https://sergiomb.fedorapeople.org/apt-debian/apt-1.4.8-2.fc31.src.rpm
Description:
This package provides commandline tools for searching and managing as well
as querying information about packages as a low-level access to all features
of the libapt-pkg library.
These include:
* apt-get for retrieval of packages and information about them
from authenticated sources and for installation, upgrade and
removal of packages together with their dependencies
* apt-cache for querying available information about installed
as well as installable packages
* apt-cdrom to use removable media as a source for packages
* apt-config as an interface to the configuration settings
* apt-key as an interface to manage authentication keys

Fas account: sergiomb

apt had some drastic changes, I could pack 1.4.x, which I tested and is working well, search and download packages. I tried pack 1.8.x but the results still not working correctly, so for now I propose 1.4.x

Comment 1 Neal Gompa 2019-10-22 14:36:16 UTC
I'm in the process of preparing APT 1.9.x to be packaged, so I'd rather close this and open the review when I'm ready.

I last tracked on APT 1.7.x with apt-dpkg: https://build.opensuse.org/package/view_file/home:Pharaoh_Atem:APT/apt-dpkg/apt-dpkg.spec?expand=1

I'm working on APT 1.9.x update now.

Comment 2 Sergio Basto 2019-10-22 16:44:44 UTC
Neal, I wasn't aware of your package . 
I see that 1.7.x change to ninja builds ...

Comment 3 Neal Gompa 2019-10-22 20:49:19 UTC
Let's close this for now, I'll have the review up by the end of the week, hopefully.

Comment 4 Sergio Basto 2019-10-22 21:10:38 UTC
I checked yours apt.spec and pkgconfig(gnutls) >= 3.4 is a problem for epel 7 so I'd like import my package first to have apt in epel7 .

Comment 6 Neal Gompa 2019-10-22 21:28:25 UTC
(In reply to Sergio Monteiro Basto from comment #4)
> I checked yours apt.spec and pkgconfig(gnutls) >= 3.4 is a problem for epel
> 7 so I'd like import my package first to have apt in epel7 .

The CMakeLists does not define a specific minimum version, so I can downgrade it once I test it myself.

Comment 10 Neal Gompa 2019-10-23 13:26:53 UTC
(In reply to Sergio Monteiro Basto from comment #7)
> nope, [1] doesn't build and not forcing  >= 3.4.6 [2] also doesn't build 
> 

I'm aware. I intend to fix the code to work with GnuTLS 3.3.x unless EPEL 7 gets a newer one backported.

EPEL 6 already has GnuTLS 3.5.x as gnutls30. EL8 already has 3.6.x. So I'm not that concerned.

Comment 11 Sergio Basto 2019-10-23 16:57:23 UTC
Spec URL: https://sergiomb.fedorapeople.org/apt-debian/apt.spec
SRPM URL: https://sergiomb.fedorapeople.org/apt-debian/apt-1.8.4-1.fc30.src.rpm

Update to 1.8.4 with some syncing from  https://build.opensuse.org/package/view_file/home:Pharaoh_Atem:APT/apt-dpkg/apt-dpkg.spec?expand=1 , hopefully package aren't much different, please note I don't want test latest version of debian tools , usually we use version of Debian stable . 

User Ctria [1] reported (2 years ago) I've actually used this pbuilder suite to build Debian *deb from a Centos VPS. 
My goal is have way to build , convert , download etc deb packages and apt is useful to list and download packages from debian repos . 

Best regards,

[1]
https://copr.fedorainfracloud.org/coprs/ctria/pbuilder/monitor/

Comment 12 Neal Gompa 2019-10-23 17:57:33 UTC
(In reply to Sergio Monteiro Basto from comment #11)
> Spec URL: https://sergiomb.fedorapeople.org/apt-debian/apt.spec
> SRPM URL:
> https://sergiomb.fedorapeople.org/apt-debian/apt-1.8.4-1.fc30.src.rpm
> 
> Update to 1.8.4 with some syncing from 
> https://build.opensuse.org/package/view_file/home:Pharaoh_Atem:APT/apt-dpkg/
> apt-dpkg.spec?expand=1 , hopefully package aren't much different, please
> note I don't want test latest version of debian tools , usually we use
> version of Debian stable . 
> 

Sorry, there is no way this is acceptable, as this configures apt as a package manager with default ubuntu sources and removes the necessary libification package splitting.

It violates our packaging policies and enables potentially system-damaging behavior.

Honestly, I don't particularly want to ship intentionally old versions of APT, because it makes it difficult for me to work with upstream if things need to be done there.

If you want to ship old versions of Debian tools in Fedora that you maintain, that's your business, but note that makes it harder for people packaging for Debian officially from Fedora to work, since they'll be missing the versions of tools needed to develop packaging against the latest version of the Debian Policy.

Comment 13 Sergio Basto 2019-10-23 18:39:12 UTC
I think you misunderstood me , this is for review, is not a final version. I already changed sources.list, I can do sub-packaging and doc packages. I honestly don't want ship any non-released version is not my goal in "deb tools project". You have to look how are the evolution of the other packages , for example dpkg (which I owned) is not updated , I need updated it urgently, is version 1.18.25, is not 1.19.7 but epel 7 haven't minimums required for version 1.19.x
I just try to help , you may do whatever you like , I already have a apt-1.8.4 working which is useful for my work, no worries. 

Best regards,

Comment 14 Neal Gompa 2019-10-23 22:39:45 UTC
(In reply to Sergio Monteiro Basto from comment #13)
> I think you misunderstood me , this is for review, is not a final version. I
> already changed sources.list, I can do sub-packaging and doc packages. I
> honestly don't want ship any non-released version is not my goal in "deb
> tools project". You have to look how are the evolution of the other packages
> , for example dpkg (which I owned) is not updated , I need updated it
> urgently, is version 1.18.25, is not 1.19.7 but epel 7 haven't minimums
> required for version 1.19.x

Is there anything other than GnuTLS that isn't satisfied in EPEL7?

> I just try to help , you may do whatever you like , I already have a
> apt-1.8.4 working which is useful for my work, no worries. 
> 

APT 1.9.4 shipped with Ubuntu 19.10, so I consider that sufficiently stable. Also, as a matter of course, I think it makes sense to follow the latest released versions of software as our policy dictates, provided they can be built and installed in Fedora.

This also makes it so that we can handle supporting building packages that necessitate transitions from Debian, for example when Debian and Ubuntu switched from gzip to xz in mid 2018. They're debating a similar change again, this time to zstd. And build-side changes such as updates to debhelper and the set of dh_* scripts are relevant for building packages complying with the latest standards of the Debian Policy.

Comment 15 Panu Matilainen 2019-10-28 12:47:51 UTC
Oh bollocks. I just noticed that apt-rpm is STILL in the damn distro with all its vulnerabilities as of F31: while the previous maintainer finally gave up on it last February to let it retire. Instead, seems Neal picked it up, preventing it from being removed as was everybodys intention.

I don't care if you put a "this space intentionally left blank" package in its place or whatever, but get rid of apt-rpm, NOW!

Comment 16 Sergio Basto 2019-10-28 13:06:13 UTC
(In reply to Panu Matilainen from comment #15)
> Oh bollocks. I just noticed that apt-rpm is STILL in the damn distro with
> all its vulnerabilities as of F31: while the previous maintainer finally
> gave up on it last February to let it retire. Instead, seems Neal picked it
> up, preventing it from being removed as was everybodys intention.
> 
> I don't care if you put a "this space intentionally left blank" package in
> its place or whatever, but get rid of apt-rpm, NOW!

I agree, apt-rpm should be already retired , after we may processed with request review and unretire process.

Comment 17 Neal Gompa 2019-10-28 13:53:24 UTC
(In reply to Panu Matilainen from comment #15)
> Oh bollocks. I just noticed that apt-rpm is STILL in the damn distro with
> all its vulnerabilities as of F31: while the previous maintainer finally
> gave up on it last February to let it retire. Instead, seems Neal picked it
> up, preventing it from being removed as was everybodys intention.
> 
> I don't care if you put a "this space intentionally left blank" package in
> its place or whatever, but get rid of apt-rpm, NOW!

Wait, what? I don't even have any privileges on that repo. Yes, I filed the request, but since I didn't get it, I didn't replace it immediately with apt.

Comment 18 Neal Gompa 2019-10-28 13:55:16 UTC

*** This bug has been marked as a duplicate of bug 1678632 ***

Comment 19 Neal Gompa 2019-10-28 13:56:50 UTC

*** This bug has been marked as a duplicate of bug 1764813 ***

Comment 20 Panu Matilainen 2019-10-28 14:07:09 UTC
> Wait, what? I don't even have any privileges on that repo. Yes, I filed the request, but since I didn't get it, I didn't
> replace it immediately with apt.

Okay, I only saw your email on fedora-devel about claiming it and didn't check further.

At any rate, *somebody* took ownership instead of letting it die, which is what I'm upset about. Whoever the heck owns it, GET RID OF IT. Having that zombie linger in the distro year after year after year is just downright irresponsible.


Note You need to log in before you can comment on or make changes to this bug.