On 2026-06-19 8:00 PM, Neal Gompa wrote:
There is no allowance. If there was, it would have been written out as such.
Yeah, that's what I thought. If I look through the packages that
BuildRequire nodejs-devel, I see binaries in node_modules in at least:
magicmirror
nodejs-aw-webui
nodejs-postcss-url
nodejs-undici
openclaw
In theory, these things can be stripped of binaries before uploading
source to the lookaside cache, and the build process can run "npm
rebuild" to regenerate some binaries, but in practice it definitely
isn't that simple. I haven't been able to successfully build
nodejs-undici yet.
I can think of a few things we probably should do, including updating
nodejs-packaging-bundler to detect binary files in node_modules and
either strip them out or at the very least warn the packager that this
content is not permitted. The review guidelines should probably be
updated to tell reviewers more specifically how to look for these
things. The fedora-review tool can *surely* be extended to extract all
source archives and search for binary files.
But.. what else? And what needs to be done with those packages until
they are able to build without binaries in their "source" archives?
--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new