[Pkg-javascript-devel] `Build-Depends` parsing problem for node-* packages

Arnaud Ferraris arnaud.ferraris at gmail.com
Thu Mar 18 16:16:29 GMT 2021 

Hi David,

Le 17/03/2021 à 19:22, David Kalnischkies a écrit :
> Hi,
> 
> On Wed, Mar 17, 2021 at 04:52:38PM +0100, Arnaud Ferraris wrote:
>> I've been confronted with an issue affecting a number of node-* packages
>> (and maybe others): apt is unable to parse the Build-Depends field,
>> making `apt build-dep` effectively unusable with those packages.
>>
>> One good example is node-ramda[1]: as the first non-space character apt
>> encounters when parsing Build-Depends is a comma, it considers this a
>> syntax error and errors out.
> 
> While that particular style is odd for my taste¹, apt is not the arbiter
> of the allowed style here. You would need to make a case for dpkg to
> refuse this style and that seems even more odd [bad pun intended].
> 
> Also, being reminded of #875363 I think the ship has sailed on
> "that is odd, lets not support this in apt" even if we would like to be
> the arbiters (we don't).
> 
> 
>> My personal opinion is that apt's current behavior is sane and the 2nd
> 
> Thanks for giving apt so much credit, but this is just another instance
> of "apt developers are lazy and unimaginative" as they reused the parser
> which was once written for well-defined machine-written and trusted data
> and let it loose on all sorts of crazy handcrafted files with comments,
> spaces, newlines and empty fields all over the place. Its a mystery how
> that isn't crashing all the time even through it isn't written in Rust.
> (SCNR)
> 
> 
> So please move this thread to a (wishlist) bug against apt and I will see
> how I can mangle the input string we pass to good old parser to accept
> commas ,all, over ,the, , place, too (currently it accepts only a single
> trailing comma, optionally surrounded by white space) ,

Thanks for sharing your view about this! That sounds sensible, I'll file
that bug against apt then, thanks again!

> As `apt build-dep .` is (to my knowledge) not used in any critical infra
> but only by some humans this isn't fixable for bullseye though as such
> a change would likely not get a freeze exception.

Not in Debian itself indeed, however it's part of our
packaging/publishing workflow for Apertis[1], and may affect other
derivatives. Anyway, we have a workaround for "The Great Bullseye Rebase
of 2021", so it won't be a problem in the short-term, although having it
fixed in the future will definitely help.

Cheers,
Arnaud

[1] https://wiki.debian.org/Derivatives/Census/Apertis

> 
> 
> Best regards
> 
> David Kalnischkies
> 
> 
> ¹ ; char const * const name = "World"
>   ; printf("Hello %s!", name)
> 
> (that style reminds me of some other language I have seen but can't
>  quite remember at the moment; I just haven't seen it in a control file
>  so far. As said later, some apt developers are so unimaginative…)
>

More information about the Pkg-javascript-devel mailing list