PR#1144: [WIP] Weak dependencies on subpackages MUST NOT be fully versioned - packaging-committee

packaging-committee

#1144 [WIP] Weak dependencies on subpackages MUST NOT be fully versioned

Closed 2 years ago by churchyard. Opened 2 years ago by churchyard.

churchyard/packaging-committee recommends-no-versioned into master

Weak dependencies on subpackages MUST NOT be fully versioned

Miro Hrončok • 2 years ago

468f464

guidelines/modules/ROOT/pages/WeakDependencies.adoc

file modified

+18

		`@@ -32,6 +32,24 @@`

		`As with regular dependencies, weak dependencies MUST be satisfiable within the official Fedora repositories.`

		`+ Unlike regular dependencies,`
		`+ weak dependencies on subpackages MUST NOT be fully versioned;`
		`+ reasonable version bounds or dependencies without versions MUST be used instead.`
		`+`
		`+ Avoiding fully versioned weak dependencies makes it possible for the package installer to recognize new weak dependencies from the already existing ones.`
		`+ Including the always-changing version-release in the dependency would result in treating it as a new weak dependency on every package update.`
		`+ Examples of correct (and incorrect) weak dependencies:`
		`+`
		`+ ....`
		`+ # DO something like this:`
		`+ Recommends: extra-functionality-lib > 3.2`
		`+ Recommends: %{name}-a-subpackage`
		`+`
		`+ # DON'T DO either of this:`
		`+ Recommends: %{name}-a-subpackage = %{version}-%{release}`
		`+ Recommends: %{name}-a-subpackage >= %{version}-%{release}`
		`+ ....`
		`+`
		`Weak dependencies may only be used in a package if the package still functions`
		`without the dependency present. It is acceptable, however, to create packages`
		`that have very limited functionality without adding any of its weak`

churchyard commented 2 years ago

This is driven by:

ngompa commented 2 years ago

I don't agree with a hard ban on it. All that will do is make it so those will get upgraded to Requires instead, and that's worse. The packager intent may actually be that it must be installed unless you specifically block it because it's only being weakened to deal with an edge-case (minimization, for example).

Edited 2 years ago by ngompa

churchyard commented 2 years ago

All that will do is make it so those will get upgraded to Requires instead, and that's worse. The packager intent may actually be that it must be installed unless you specifically block it because it's only being weakened to deal with an edge-case (minimization, for example).

I don't understand this at all. What do you mean? Why would you change:

Recommends: %{name}-foo = %{version}-%{release}

To:

Requires: %{name}-foo = %{version}-%{release}

Instead of:

Recommends: %{name}-foo

ngompa commented 2 years ago

@churchyard Because the intent is that it should be installed and only if you absolutely are filtering it out you should not get it. It's basically a compromise between standard weak install and standard requires.

churchyard commented 2 years ago

I'll amend the rule to:

mention this is a dnf-specific behavior
explain how to avoid a different version of the subpackage being recommended this way by accident (aka "but if the package is installed I need it to be the same version" problem (which BTW is not solved by using fully versioned Recommends))

Metadata Update from @churchyard:
- Request assigned

2 years ago