On 2026-06-19 8:00 PM, Neal Gompa wrote:
There is no allowance. If there was, it would have been written out as such.


Yeah, that's what I thought. If I look through the packages that BuildRequire nodejs-devel, I see binaries in node_modules in at least:

magicmirror

nodejs-aw-webui

nodejs-postcss-url

nodejs-undici

openclaw

In theory, these things can be stripped of binaries before uploading source to the lookaside cache, and the build process can run "npm rebuild" to regenerate some binaries, but in practice it definitely isn't that simple. I haven't been able to successfully build nodejs-undici yet.

I can think of a few things we probably should do, including updating nodejs-packaging-bundler to detect binary files in node_modules and either strip them out or at the very least warn the packager that this content is not permitted. The review guidelines should probably be updated to tell reviewers more specifically how to look for these things. The fedora-review tool can *surely* be extended to extract all source archives and search for binary files.

But.. what else? And what needs to be done with those packages until they are able to build without binaries in their "source" archives?


--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to