[Buildroot] [PATCH v3 1/1] jsen: new package

Thu Feb 25 14:01:04 UTC 2016

On Do, 2016-02-25 at 13:51 +0100, Thomas Petazzoni wrote:
> Hello,
> 
> On Thu, 25 Feb 2016 11:32:17 +0100, Jörg Krause wrote:
> 
> > 
> > > 
> > > Atul, are you using jsen in the context of NodeJS ? If not, in
> > > which
> > > context are you using it ?
> > Using BR2_PACKAGE_NODEJS_MODULES_ADDITIONAL should be the only way
> > to
> > install Node.js modules. Note that npm, the Node.js package manager
> > takes care of all the package dependencies. In my opinion, this is
> > the
> > only sane way of installing Node.js modules for now.
> Thanks for raising your voice on this patch, it's definitely
> interesting to get some feedback. Since I'm not at all a NodeJS guy,
> I'm interested in having more details about:
> 
>  - Why you think the only sane way is to use
>    BR2_PACKAGE_NODEJS_MODULES_ADDITIONAL as opposed to having proper
>    packages for the different modules, like we do for the Perl,
>    Python and Lua packages ?

Because npm supports version ranges. Have a look at the example from
the npm's docs [1]:

{ "dependencies" :
  { "foo" : "1.0.0 - 2.9999.9999"
  , "bar" : ">=1.0.2 <2.1.2"
  , "baz" : ">1.0.2 <=2.3.4"
  , "boo" : "2.0.1"
  , "qux" : "<1.0.0 || >=2.3.1 <2.4.5 || >=2.5.2 <3.0.0"
  , "asd" : "http://asdf.com/asdf.tar.gz"
  , "til" : "~1.2"
  , "elf" : "~1.2.3"
  , "two" : "2.x"
  , "thr" : "3.3.x"
  , "lat" : "latest"
  , "dyl" : "file:../dyl"
  }
}

Lets take for example the dependency "boo". A package "A" may depend on
version "2.0.1" whereas another package "B" may depend on version
"2.3.x".

In this case npm installs boo at 2.0.1 in the subdirectory "node_modules"
of package "A" and boo at 2.3.4 (assume 2.3.4 is the most recent version
for 2.3.x) in the subdirectory "node_modules" of package "B":

{prefix}/lib/node_modules ├── A
 │   └── node_modules
 │       └── boo at 2.0.1
 └── B
     └── node_modules
         └── boo at 2.3.4

As Buildroot does not support different versions for most of the
packages I think we should only use npm to install Node.js packages.

>  - What solution you propose to properly integrate this with the
>    download and legal infrastructure of Buildroot. Right now, having
>    "npm install" directly download and install stuff means that the
>    download and legal-info infrastructure of Buildroot is completely
>    worked-around. Due to this, "make source" will not download all
> the
>    source, "make legal-info" will not list all the licenses, caching
> in
>    BR2_DL_DIR doesn't work, BR2_PRIMARY_SITE doesn't work, etc.

I am not sure for now howto integrate this into the Buildroot
infrastructure properly. I have never thought about this, but it will
need some work to be done, I guess.

> > 
> > About legal infrastructure: for all installed Node.js packages the
> > package.json file could be searched for the license information.
> Yes, but that's not integrated in the legal-info output, and doesn't
> solve the download infrastructure integration problem.
> 
> At best, what this package.json file could help with, is help
> creating
> a script (much like scancpan) that automatically creates a
> Buildroot
> package for a given npm module.

I have never had a look at scancpan and I am not familiar with Perl
packages, but looking at some META.json files, I guess it could be done
similiar.

Best regards
Jörg Krause

[1] https://docs.npmjs.com/files/package.json#dependencies