Wait a minute... why do we need to pin libmojolicious-perl? Thanks to Ere's work on https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22522, Koha should be able to work with Mojolicious 8 now (and Mojolicious::Plugin::OpenAPI 2.21 and JSON::Validator 3.18). Admittedly it's only in master right now, but I'm using his patches on 18.11 and 19.11 already with Mojolicious 8, and they're working well so far. So hopefully people start pushing that code to stable branches ASAP.
David Cook Systems Librarian Prosentient Systems 72/330 Wattle St Ultimo, NSW 2007 Australia Office: 02 9212 0899 Direct: 02 8005 0595 -----Original Message----- From: Koha-devel <koha-devel-boun...@lists.koha-community.org> On Behalf Of Mason James Sent: Thursday, 12 March 2020 8:20 PM To: Koha Devel <koha-devel@lists.koha-community.org> Subject: Re: [Koha-devel] Koha packaging problems (Deb10/Buster) On 12/03/20 12:43 am, Mason James wrote: > On 10/03/20 8:08 pm, Mason James wrote: >> Hi Koha devs >> >> We have a dependency problem with the release of debian-10 and the >> following packages. (debian-11 is ok) >> >> libmojolicious-perl >> libmojolicious-plugin-openapi-perl >> libyaml-libyaml-perl >> Two other options... >> 1/ use kc.org debian packages, with cpanminus (or similar) providing >> the distro specific packages (extra installation steps and >> complexity) >> 2/ ignore the problem for now, and accept that older koha/distro >> combinations will be forced to break > some other points i didnt mention... > > koha on buster has a security bug. the solution requires some packages > to be updated > > i can push the packages to the koha repo to fix this problem, but... > (there's always a but) the new packages will break jessie :/ when > jessie-lts support officially finishes on 30th june 2020, i can > happily push these packages - but between now and 30th june we need to > decide on a fix for the security bug on buster > https://wiki.debian.org/LTS > > some other options... > 3/ do nothing and tell people to not use buster, until june > 4/ provide buster packages in an separate repo, until june > 5/ provide instructions to add buster packages using cpanm, until > june > 6/ update koha repo to fix buster, and provide jessie packages in an > separate repo > 7/ update koha repo to fix buster, and provide instructions to add > jessie packages using cpanm > 8/ submit required buster packages to debian buster-backports repo > (not sure how difficult this is) > > i prefer option 4/, as its the least disruptive for users, and only > requires an extra sources.list line to implement > > also... i think we should hold off on redesigning the koha apt > repository until *after* this buster security issue is fixed > > cheers, Mason hmm, i had forgotten another... its possible to tell apt to prefer koha's older mojo v7 package, rather than the newer debian/buster mojo v8 package running the following command before 'apt install koha-common' makes it possible to run the various koha releases on debian 10 $ sudo cat << EOF > /etc/apt/preferences.d/koha-1001 Package: libjson-validator-perl Pin-Priority: 1001 Pin: release o=Koha Package: libmojolicious-perl Pin-Priority: 1001 Pin: release o=Koha EOF for me, this option is probably the easiest workaround for koha on debian 10 if nobody objects? - i am happy to update the koha wiki with this workaround cheers, Mason _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
signature.asc
Description: PGP signature
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
