-
-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add pam-devel and its dependencies pam, audit-libs, cracklib, cracklib-dicts, and libpwquality #55
Conversation
Hello, we need this to add RStudio as a conda-forge package conda-forge/staged-recipes#13760 |
Can you explain why these cannot be conda packages? |
I mean why do they have to be CDTs instead of regular conda packages? |
Thanks @isuruf for the quick answer! I'm not sure - they are cdt's in pkgs/main and we used them as such before conda-forge dropped the defaults channel last month. You think they would better be conda packages? |
I have no idea. Sorry. I thought you would have an idea. |
@isuruf I'm not whether it is (easy enough) possible to implement pam-devel and it's dependencies directly as conda-packages. It used to be usable as (bringing @h-vetinari into the loop) |
Are there some guidelines how to determine cdt-vs-regular packages? The documentation is a bit sparse on that, but I guess it's mostly around things having to do with Would you prefer to attempt to package these things as regular packages, @isuruf?
Is there anyone else we should be bringing into this discussion, @isuruf? [Sidenote: Isuru is one of the key people in conda-forge, so he'll likely be involved in such decisions, if he wants to. 🙃]
Thanks! |
So cdts are for things where building in conda is very impractical / difficult or we always want to use the system version of a package. The basic guideline is to never use a CDT unless you absolutely have to. When I moved the CDT builds from defaults to here, I made CDTs for everything we used at the time. Defaults must have added more in the meantime and we didn't notice until we dropped the channel as you say. I'd ask you all to take a close look at the underlying software before we merge this and figure out why it is hard to build or w/e. Maybe the anaconda folks have some insight too? @chenghlee? cc @conda-forge/core for viz |
If I remember correctly, we decided on a libpam CDT for defaults because:
|
@isuruf what do you think? |
To find out (and hopefully move forward one way or another), I opened conda-forge/staged-recipes#16911, though I'm pretty quickly reching the limits of my make-fu. I also think the following comment above is pretty pertinent if we want to consider packaging it ourselves:
|
Hi everyone. Please excuse me for bringing up an old issue. I had another attempt on the regular packaging: conda-forge/staged-recipes#21955. The build is "passed" from a tech perspective, but I don't have the expertise to spot the security issues. I would appreciate some reviews and comments! |
Quoting from conda-forge/staged-recipes#21955 (respin of conda-forge/staged-recipes#16911), we finally seem to have direction to move forward with this:
Also copying my answer w.r.t. to the last bit:
|
Ah, just saw a linked PR above that also seems to need it: jupyter-desktop-server... |
I think we're resolved to merge this once it passes and I have a chance to do some review. |
Thanks everyone for working through this. A full year is not great for a pr but we got to the end! |
I thought the consensus was that we needed more information either way. |
This came up in the core call in context of #66 today. I brought it as an example of something that should be a CDT, not least due to the security implications and infeasibility of properly testing this. There was general agreement on having libpam as a CDT (particularly from @mariusvniekerk, who seems to know libpam quite well), and no disagreement. So I'd like to unblock this PR, independently of the alma8 enablement effort. |
Don't want to add noise here, but I would really appreciate a |
c.f. conda-forge/flang-feedstock@8005097 and its parent
@beckermr, the builds were hanging and I managed to solve this by adding a swapfile, except for the two altarch legacy jobs:
even with 30GB swapfile. Do we still need the legacy CDTs? If so, would you know how to debug/fix what's happening? |
We can drop all of the cos6 and legacy cdt builds. |
So I cleaned up this long-standing PR (we had agreed to make I have some follow-up work to add some (limited) Alma 8 CDTs on top of this. PTAL @conda-forge/core |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We may have to restart the build here a few times to get it to pass, but LGTM!
Please see the repo readme for directions on how to make PRs on this repo.
Checklist:
cdt_slugs.yaml
file andyou have rerun the script
python gen_cdt_recipes.py
.rpm.py
), you have bumpedthe build number in
conda_build_config.yaml
and have remade all of therecipes via running
python gen_cdt_recipes.py --force
with
custom: true
in thecdt_slugs.yaml
file.{{ cdt_build_number }}
forold-style/legacy CDTs or
{{ cdt_build_number|int + 1000 }}
for new-style CDTslicense_file
key in thecdt_slugs.yaml
file with the path to the appropriatelicense in
licenses/
NOTE: If you make any changes to
cd_slugs.yaml
, you need to reun the generator codevia
python gen_cdt_recipes.py
.