Hi, I need to do a security update for a nodejs package, nodejs-ws to be specific. The fix was to update to the latest package, and didn't give any other alternatives. So, I've got my package made, in bohdi, and tomorrow will be when the week's wait is up.
Here's the problem, and I think many of us nodejs packages have hit it.
You update a package, every test you try works, great. You push it to stable, and the next morning you get a pile of emails stating that you broke all sorts of dependencies. Not that your new package can't install, but other packages that depended on your package can no longer install.
How can I check for dependent issues before I push to stable?
This must be a fairly common thing for Fedora but I can't seem to find documentation for it. Everything I find talks about your new package being able to install, not the other way around.
Troy
On 12/01/16 22:24, Troy Dawson wrote:
Here's the problem, and I think many of us nodejs packages have hit it.
You update a package, every test you try works, great. You push it to stable, and the next morning you get a pile of emails stating that you broke all sorts of dependencies. Not that your new package can't install, but other packages that depended on your package can no longer install.
How can I check for dependent issues before I push to stable?
The best way I know is to check what requires the package:
dnf repoquery --whatrequires 'npm(ws)'
In this case the answer appears to be (in F23) nothing!
But if something does require it then check exactly what version it requires with:
dnf repoquery --requires <requiring-package>
Tom
On Tue, Jan 12, 2016 at 6:01 PM, Tom Hughes tom@compton.nu wrote:
On 12/01/16 22:24, Troy Dawson wrote:
Here's the problem, and I think many of us nodejs packages have hit it.
You update a package, every test you try works, great. You push it to stable, and the next morning you get a pile of emails stating that you broke all sorts of dependencies. Not that your new package can't install, but other packages that depended on your package can no longer install.
How can I check for dependent issues before I push to stable?
The best way I know is to check what requires the package:
dnf repoquery --whatrequires 'npm(ws)'
In this case the answer appears to be (in F23) nothing!
But if something does require it then check exactly what version it requires with:
dnf repoquery --requires <requiring-package>
Tom
Thank you Tom I am now much less stressed about pushing out this update. And ... now I have a nifty tool in my packaging toolbelt.
Troy
On Wed, Jan 13, 2016 at 7:41 PM, Troy Dawson tdawson@redhat.com wrote:
On Tue, Jan 12, 2016 at 6:01 PM, Tom Hughes tom@compton.nu wrote:
On 12/01/16 22:24, Troy Dawson wrote:
Here's the problem, and I think many of us nodejs packages have hit it.
You update a package, every test you try works, great. You push it to stable, and the next morning you get a pile of emails stating that you broke all sorts of dependencies. Not that your new package can't install, but other packages that depended on your package can no longer install.
How can I check for dependent issues before I push to stable?
The best way I know is to check what requires the package:
dnf repoquery --whatrequires 'npm(ws)'
In this case the answer appears to be (in F23) nothing!
But if something does require it then check exactly what version it requires with:
dnf repoquery --requires <requiring-package>
Tom
Thank you Tom I am now much less stressed about pushing out this update. And ... now I have a nifty tool in my packaging toolbelt.
The repoquery command always gives correct results compared to "dnf repoquery". But there is some workaround now. Always add --alldeps option. Use "dnf repoquery --whatrequires <package> --alldeps". See this
$ repoquery --whatrequires nodejs-got <snip> nodejs-package-info-0:2.2.0-3.fc23.noarch
$ dnf repoquery --whatrequires nodejs-got Last metadata expiration check performed 0:00:41 ago on Wed Jan 13 20:02:07 2016.
$ dnf repoquery --whatrequires nodejs-got --alldeps Last metadata expiration check performed 0:00:41 ago on Wed Jan 13 20:02:07 2016. nodejs-package-info-0:2.2.0-3.fc23.noarch
Regards, Parag
nodejs@lists.fedoraproject.org