From nobody Fri Jun 09 18:41:20 2023 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qd9055Hg6z4c6Rd for ; Fri, 9 Jun 2023 18:41:25 +0000 (UTC) (envelope-from bofh@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qd9054kQWz45Q3; Fri, 9 Jun 2023 18:41:25 +0000 (UTC) (envelope-from bofh@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1686336085; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8wnjG5C0+gNJ8vFwTrfk3JZWFn9jAwql8TyHLJop+9E=; b=xeFjHSlHqoDuAUEjSuzxeNumLtgvrPD5gzIhm9GM6aRXAv43CvA88zbsFqD/RrJI/1k24H 5nSLcooA/oyN5Ah50nZFdpZh5m1r94OQO7u3BzrBLx4SZg15MnPsQiQyoR4/Pv2vzxEkLv Gji6nAjzdN58pB9wl8QboUVCL1XvyDryoxFgt5KH4K3+pYQBxPCThvi55OZu3FHbOG18L/ cjajDRagPFyMeSzFUEJ2HSI0qso4K+/dayysTNEdUQzNWKFIHBGEYVx5okbUEbr7bczlZW wNsd9SaDMh7dxlM9vHr9dak9HweriL7KZERaI0TOjCcs56lqHOUl8m1Ktb9E3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1686336085; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8wnjG5C0+gNJ8vFwTrfk3JZWFn9jAwql8TyHLJop+9E=; b=uluEOyTV4NOJxzqH1onUZ6ZBmOr0U4R5ooQU1EjDoZLSV1ANPHw2mBB/S7YerOWIvC3Z47 fr6oMu1GKZgei92+XEyu65JrAWjbmaeySNR5cNbfIxttu9H8fSfwcdU40FOY2Y3AYaS+U3 iey9Fjl+1h/hg7Efn+ZsNhYyJaEw2jTnhKpNTjqv9c7KIX4kCV5RBHF4ax5BEIdPS5zwd5 ZCbsdO2yE+zXeFRHH8HIDpG9mjRvmflmWIFLxgWSUHAGXiqJ7Gf/pTyHz12L7BqbehIzJT kAynlS8zAReMXIdSf6940Z01Ixv7i9zj/Y5PR4nC4c75aX9E+S4YEa0GkGP3qA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1686336085; a=rsa-sha256; cv=none; b=G/BTHQus6S1hgbXvOx+LmlugZBC0HE7vpa4/YwphsGnLPSi9f+7CgTa14jkZ9OB07XPcIw 9F4PWvGVCvRuvX3hcGv6f7yN29SC3HXO9tmSDY//u879os6ZvkkwZygUfrx0hr2cqVbFWB dvvOB75SdNZ6k+WJ7SFFJrbRSBYTz2XlYGybGSlixpfxagjkhLtyIVCR0beOtrzJhng7Lz +pDWcxKWkWVMvdoafRcNdrdgS7wjOZ8FIJR6+01q92HMFWfjxQ0N8fa2hADsALawSkR8SI nl/BHX+Y2bKPe6Zl4EjCD3u5C/AKwaDbhGaEihWCMrpLhLXaXQm3bDtQOjIE0g== Received: from mx.bofh.network (mx.bofh.network [IPv6:2a01:4f8:261:25de::227]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (P-256) client-digest SHA256) (Client CN "mx.bofh.network", Issuer "R3" (verified OK)) (Authenticated sender: bofh/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4Qd9051CBJzL8F; Fri, 9 Jun 2023 18:41:25 +0000 (UTC) (envelope-from bofh@freebsd.org) Received: from smtpclient.apple (gw.office.cyso.net [95.97.78.194]) by mx.bofh.network (OpenSMTPD) with ESMTPSA id c1d387c6 (TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256:NO); Fri, 9 Jun 2023 18:41:23 +0000 (UTC) Content-Type: text/plain; charset=utf-8 List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\)) Subject: Re: Guidance on creating a port for an npm installed tool From: Moin Rahman In-Reply-To: <8DBB6008-5EFC-4775-9FF1-7EFDA627B552@punkt.de> Date: Fri, 9 Jun 2023 20:41:20 +0200 Cc: Mark Millard via freebsd-ports Content-Transfer-Encoding: quoted-printable Message-Id: References: <81CDD118-1475-4CF2-9180-54A8F1FEEAEF@freebsd.org> <8DBB6008-5EFC-4775-9FF1-7EFDA627B552@punkt.de> To: "Patrick M. Hausen" X-Mailer: Apple Mail (2.3696.120.41.1.1) X-ThisMailContainsUnwantedMimeParts: N > On Jun 9, 2023, at 8:22 PM, Patrick M. Hausen wrote: >=20 > Hi, >=20 >> Am 09.06.2023 um 20:15 schrieb Moin Rahman : >> There is no specific guidelines but so far what have been most useful >> is you install the package and then install the npm deps. After that >> create a tarball of the npm deps installed and add it as a DISTFILE. >=20 > So I create my own binary archive from the result of "npm install" or > "npm run setup" or similar? >=20 > That does not feel right. How will the user know that my tar archive > is authentic? I don't know whether if you are a committer or not. But once you submit a patch it will be the committer's duty to check the size and SHA and that there are not nothing malicious. The users have to trust something and in FreeBSD world they trust the committer. And if a committer = violates the rules there are consequences for them. >> One another approach is just install the dist with node as a = RUN_DEPEND >> and ask user to install it through a pkg-message. >=20 > Neither does this. So the state of npm based installation is that is > in a mess? I'm not blaming FreeBSD or the ports system here :-) >=20 > What a way to distribute software. >=20 > Your second suggestion is btw out of the question because we > build packages in poudriere and from these build immutable > read-only base images for our jails. I think this is also possible with poudriere jail hooks. But not sure = because it depends on the way you are creating the jail images. Kind regards, Moin > *sigh* >=20 > Thanks for your insight. > Patrick > --=20 > punkt.de GmbH > Patrick M. Hausen > .infrastructure >=20 > Sophienstr. 187 > 76185 Karlsruhe >=20 > Tel. +49 721 9109500 >=20 > https://infrastructure.punkt.de > info@punkt.de >=20 > AG Mannheim 108285 > Gesch=C3=A4ftsf=C3=BChrer: J=C3=BCrgen Egeling, Daniel Lienert, Fabian = Stein >=20