Debian Bug report logs - #688896
ITP: fpm -- Effing Package Management

Package: wnpp; Maintainer for wnpp is wnpp@debian.org;

Reported by: Dan Kegel <dank@kegel.com>

Date: Wed, 26 Sep 2012 17:30:01 UTC

Owned by: Laurent Bigonville <bigon@debian.org>

Severity: wishlist

Done: Laurent Bigonville <bigon@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#688896; Package wnpp. (Wed, 26 Sep 2012 17:30:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Dan Kegel <dank@kegel.com>:
New Bug report received and forwarded. Copy sent to wnpp@debian.org. (Wed, 26 Sep 2012 17:30:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Dan Kegel <dank@kegel.com>
To: submit@bugs.debian.org
Subject: RFP: FPM -- Effing Package Management
Date: Wed, 26 Sep 2012 10:27:09 -0700
Package: wnpp
Severity: wishlist

* Package name    : fpm
  Version         : 0.4.19
  Upstream Authors: Jordan Sissel <jls@semicomplete.com>
* URL             : https://github.com/jordansissel/fpm
* License         : MIT-style
  Description     : Build packages for multiple platforms (deb, rpm,
etc) with great ease and sanity.



Owner recorded as Laurent Bigonville <bigon@debian.org>. Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Wed, 16 Jan 2013 17:27:05 GMT) Full text and rfc822 format available.

Changed Bug title to 'ITP: fpm -- Effing Package Management' from 'RFP: FPM -- Effing Package Management' Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Wed, 16 Jan 2013 17:27:05 GMT) Full text and rfc822 format available.

Added blocking bug(s) of 688896: 704684, 704686, 704687, and 704685 Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Thu, 04 Apr 2013 15:57:04 GMT) Full text and rfc822 format available.

Removed blocking bug(s) of 688896: 704687 Request was from Ansgar Burchardt <ansgar@debian.org> to 704687-submit@bugs.debian.org. (Thu, 04 Apr 2013 16:03:07 GMT) Full text and rfc822 format available.

Added blocking bug(s) of 688896: 703075 and 704687 Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Thu, 04 Apr 2013 16:12:08 GMT) Full text and rfc822 format available.

Added blocking bug(s) of 688896: 582641 Request was from Cédric Boutillier <boutil@debian.org> to control@bugs.debian.org. (Thu, 04 Apr 2013 17:06:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Laurent Bigonville <bigon@debian.org>:
Bug#688896; Package wnpp. (Tue, 09 Apr 2013 15:48:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Wouter Verhelst <wouter@debian.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Laurent Bigonville <bigon@debian.org>. (Tue, 09 Apr 2013 15:48:04 GMT) Full text and rfc822 format available.

Message #22 received at 688896@bugs.debian.org (full text, mbox):

From: Wouter Verhelst <wouter@debian.org>
To: 688896@bugs.Debian.org
Subject: This is a bad idea
Date: Tue, 09 Apr 2013 17:46:22 +0200
Hi Laurent,

I had a look at fpm a while back, but the way it's implemented makes it
a pretty bad idea, in my opinion. It will generate a .deb file by
running tar and ar etc manually, completely bypassing what dpkg does.

While this happens to work and *might* be the right thing to do on
non-Debian systems, I don't think it's something a tool in Debian should
do. Please consider at least patching it so it uses dpkg behind the
radar, rather than trying to bypass it entirely.

-- 
Copyshops should do vouchers. So that next time some bureaucracy
requires you to mail a form in triplicate, you can mail it just once,
add a voucher, and save on postage.




Marked Bug as done Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Fri, 14 Jun 2013 09:39:07 GMT) Full text and rfc822 format available.

Notification sent to Dan Kegel <dank@kegel.com>:
Bug acknowledged by developer. (Fri, 14 Jun 2013 09:39:09 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Laurent Bigonville <bigon@debian.org>:
Bug#688896; Package wnpp. (Sat, 06 Jul 2013 21:12:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Colin Alston <colin.alston@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Laurent Bigonville <bigon@debian.org>. (Sat, 06 Jul 2013 21:12:09 GMT) Full text and rfc822 format available.

Message #31 received at 688896@bugs.debian.org (full text, mbox):

From: Colin Alston <colin.alston@gmail.com>
To: 688896@bugs.debian.org
Subject: Bad idea?
Date: Sat, 6 Jul 2013 23:10:21 +0200
[Message part 1 (text/plain, inline)]
Wouter, is it your stance that people cannot produce a competing tool to
dpkg and be included in Debian? If something can produce .deb files in
accordance with whatever standard applies to them then using dpkg 'behind
the scenes' or not is a non-issue to you or anyone else, and certainly any
work towards making Debian packaging trivial should be welcome.
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Laurent Bigonville <bigon@debian.org>:
Bug#688896; Package wnpp. (Sun, 14 Jul 2013 23:27:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Wouter Verhelst <w@uter.be>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Laurent Bigonville <bigon@debian.org>. (Sun, 14 Jul 2013 23:27:04 GMT) Full text and rfc822 format available.

Message #36 received at 688896@bugs.debian.org (full text, mbox):

From: Wouter Verhelst <w@uter.be>
To: Colin Alston <colin.alston@gmail.com>
Cc: 688896@bugs.debian.org
Subject: Re: Bad idea?
Date: Mon, 15 Jul 2013 00:48:19 +0200
Hi Colin,

[for future reference: just mailing to the bug does not guarantee that
any random person who's commented on it before will see your mail. If
you want that, please make sure you Cc that person]

On Sat, Jul 06, 2013 at 11:10:21PM +0200, Colin Alston wrote:
> Wouter, is it your stance that people cannot produce a competing tool to dpkg
> and be included in Debian?

Not necessarily. I understand that no code is perfect, and sometimes it
may be a good idea to reimplement something from scratch in order to
produce something better. If the goal is to replace dpkg with "something
better", then it may make sense, for a while, to temporarily have the
competing tool in Debian so that people can test it, before replacing
dpkg.

However, that is not what fpm is. Instead, fpm is a tool to convert
packages from one format to another. That, itself, is not necessarily a
bad idea either; case in point, we do have a package in Debian, "alien",
which provides similar functionality.

What makes fpm a bad idea is that it seems to be based on a stance of
"Debian Policy is just too hard, and I can't be bothered trying to
implement things so they will follow that policy". While I'm not saying
that a tool should necessarily expose all the gory details of Debian
policy to the end user (not everyone wants to build a package for upload
into the archive), such a tool *should* be written in a smart enough way
that where relevant, Debian policy *is* adhered to -- at the very least
by default.

After looking at the code and the documentation, it was my impression
that fpm does not do that; it is, in fact, made in a rather fragile way.

If the author says he believes maintainer scripts are "almost always
poorly written shell scripts that break easily"[1], and combining that
with the fact that parts of Debian's infrastructure require stuff being
called from maintainer scripts in order to do something properly, then
that does not inspire much confidence in the resulting packages.

As such, I don't think putting fpm into Debian is a good idea.

[1]
<https://docs.google.com/presentation/d/11TOsLeg58w7GCt6i7y1VIQWnUYotsx0MzGMJ_dWUJNo/edit?pli=1#slide=id.i146>,
slide 24

-- 
This end should point toward the ground if you want to go to space.

If it starts pointing toward space you are having a bad problem and you
will not go to space today.

  -- http://xkcd.com/1133/



Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Laurent Bigonville <bigon@debian.org>:
Bug#688896; Package wnpp. (Mon, 15 Jul 2013 04:57:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Colin Alston <colin.alston@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Laurent Bigonville <bigon@debian.org>. (Mon, 15 Jul 2013 04:57:04 GMT) Full text and rfc822 format available.

Message #41 received at 688896@bugs.debian.org (full text, mbox):

From: Colin Alston <colin.alston@gmail.com>
To: Wouter Verhelst <w@uter.be>
Cc: 688896@bugs.debian.org
Subject: Re: Bad idea?
Date: Mon, 15 Jul 2013 06:55:50 +0200
[Message part 1 (text/plain, inline)]
On Mon, Jul 15, 2013 at 12:48 AM, Wouter Verhelst <w@uter.be> wrote:

> However, that is not what fpm is. Instead, fpm is a tool to convert
> packages from one format to another. That, itself, is not necessarily a
> bad idea either; case in point, we do have a package in Debian, "alien",
> which provides similar functionality.
>

That is not what fpm is. Its goal is to be a tool for packaging software
from scratch into multiple formats. In general it tackles the issues of
deployment and release management which people face in the real world of
horizontally scaled software. One thing to consider in requiring dpkg is
that fpm might be outputting a .deb but not itself be running on Debian.


>
> What makes fpm a bad idea is that it seems to be based on a stance of
> "Debian Policy is just too hard, and I can't be bothered trying to
> implement things so they will follow that policy".
>

And fpm is not even pretending to create packages which will be included
into Debian, that's not its use case. That aside however, if there is some
explicit part of how fpm works which results in a .deb file which does not
conform to "Debian Policy" (whatever that is) then perhaps file a bug as to
what the details of that is - just as long as that bug isn't "fpm isn't
dpkg".


>
> If the author says he believes maintainer scripts are "almost always
> poorly written shell scripts that break easily"[1], and combining that
> with the fact that parts of Debian's infrastructure require stuff being
> called from maintainer scripts in order to do something properly, then
> that does not inspire much confidence in the resulting packages.
>

Well? In my experience too the Debian scripts are poorly maintained and
documented worse still - I can't imagine what Joe Public would think. Good
software is simple software. Dpkg, dh-make, and all their friends are far
from good software, which thus does not inspire my confidence in opinions
about new tools from those who wrote them unless they can point to actual
technical failures rather than "policy".
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Laurent Bigonville <bigon@debian.org>:
Bug#688896; Package wnpp. (Mon, 15 Jul 2013 08:09:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Colin Alston <colin.alston@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Laurent Bigonville <bigon@debian.org>. (Mon, 15 Jul 2013 08:09:05 GMT) Full text and rfc822 format available.

Message #46 received at 688896@bugs.debian.org (full text, mbox):

From: Colin Alston <colin.alston@gmail.com>
To: Wouter Verhelst <w@uter.be>
Cc: 688896@bugs.debian.org
Subject: Re: Bad idea?
Date: Mon, 15 Jul 2013 10:08:02 +0200
[Message part 1 (text/plain, inline)]
On Mon, Jul 15, 2013 at 9:44 AM, Wouter Verhelst <w@uter.be> wrote:

>
> However, as a long-time and experienced Debian Developer, I can say that
> what dpkg does is not some trivial thing. It's certainly possible to
> build a debian package by bypassing all that; but it just feels wrong.
> The right way is not to throw away the tools, but to pass the right
> options and environment variables to get them to do what you want, and
> to use the tools that were built for this.
>

The thing is this opens a pandora's box of issues. What dpkg does
conceptionally most certainly should be trivial, in fact most of the real
hard work happens in apt itself. fpm is not without its faults (you can't
sign .deb's - bleh), however dpkg has become old and unweildy with various
patches and transitions and Debian have done little to actually improve its
usability or consistency over the years - only to add an increasing set of
policies around submission to patch shortfalls in the format itself. As
someone who is also experienced in using the real dpkg tools to create
packages, it's a serious pain tracking down /accurate/ information even
from the Debian wiki regarding what the correct process is, and often that
process breaks down in weird ways when (as an example) something like
dhpython2 arbitrarily breaks things like Twisted plugins, and maintaining a
tree of control files all the time. This is the very reason fpm exists, so
that people can get on with their lives and release their software to
multiple distros - otherwise we might as well write Windows software and
suffer with MSDN accounts.

In the words of Dijkstra "How do we convince people that in programming
simplicity and clarity - in short: what mathematicians call `elegance` -
are not a dispensable luxury, but a crucial matter that decides between
success and failure?"
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Laurent Bigonville <bigon@debian.org>:
Bug#688896; Package wnpp. (Mon, 15 Jul 2013 08:27:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Wouter Verhelst <w@uter.be>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Laurent Bigonville <bigon@debian.org>. (Mon, 15 Jul 2013 08:27:05 GMT) Full text and rfc822 format available.

Message #51 received at 688896@bugs.debian.org (full text, mbox):

From: Wouter Verhelst <w@uter.be>
To: Colin Alston <colin.alston@gmail.com>
Cc: 688896@bugs.debian.org
Subject: Re: Bad idea?
Date: Mon, 15 Jul 2013 09:44:15 +0200
Hi Colin,

On 15-07-13 06:55, Colin Alston wrote:
> On Mon, Jul 15, 2013 at 12:48 AM, Wouter Verhelst <w@uter.be
> <mailto:w@uter.be>> wrote:
> 
>     However, that is not what fpm is. Instead, fpm is a tool to convert
>     packages from one format to another. That, itself, is not necessarily a
>     bad idea either; case in point, we do have a package in Debian, "alien",
>     which provides similar functionality.
> 
> 
> That is not what fpm is.

Yes, it is. Conceptually, it converts data from one format into another.
It's just that it also considers "a DESTDIR style directory of compiled
software" as a "format", hence allows you to _also_ package from scratch.

As a tool, it is much more similar to alien than it is to dpkg.

[...]
>     What makes fpm a bad idea is that it seems to be based on a stance of
>     "Debian Policy is just too hard, and I can't be bothered trying to
>     implement things so they will follow that policy".
> 
> 
> And fpm is not even pretending to create packages which will be included
> into Debian, that's not its use case.

Which is fair enough, and I'm not saying it should be. Evince, for
another example, is also a tool in Debian to create packages, but not
packages that would be included into Debian.

> That aside however, if there is
> some explicit part of how fpm works which results in a .deb file which
> does not conform to "Debian Policy" (whatever that is)

since you ask: <http://www.debian.org/doc/debian-policy>

> then perhaps file
> a bug as to what the details of that is - just as long as that bug isn't
> "fpm isn't dpkg".

Because of the way in which fpm was written, such bugs are almost going
to be a given.

I realize (and agree!) that for local packages, there are parts of
Debian Policy that aren't all that important. To name just one example,
Debian Policy requires that you compress files in /usr/share/doc; if you
don't want to bother with that for local packages, then that won't break
anything.

But there are parts of policy that bits of the Debian infrastructure
depend on; and by ignoring those, things will break in subtle and
complicated ways. If you're going to reimplement the packaging
toolchain, you're almost certainly going to miss those.

>     If the author says he believes maintainer scripts are "almost always
>     poorly written shell scripts that break easily"[1], and combining that
>     with the fact that parts of Debian's infrastructure require stuff being
>     called from maintainer scripts in order to do something properly, then
>     that does not inspire much confidence in the resulting packages.
> 
> 
> Well? In my experience too the Debian scripts are poorly maintained and
> documented worse still - I can't imagine what Joe Public would think.

That's an opinion, and one that does not match my experience.

Most maintainer scripts consist of shell snippets generated/shipped by
debhelper. These snippets have been tested extensively, and are *not*
poorly maintained, by any definition.

There are of course some that are manually written, and of those I grant
you that some will be poorly maintained. But those are not, by any
means, a majority.

> Good software is simple software. Dpkg, dh-make, and all their friends
> are far from good software,

Well, if that's your opinion, we haven't got much more to discuss, really.

> which thus does not inspire my confidence in
> opinions about new tools from those who wrote them unless they can point
> to actual technical failures rather than "policy".

I can't do that, because I haven't actually used fpm.

However, as a long-time and experienced Debian Developer, I can say that
what dpkg does is not some trivial thing. It's certainly possible to
build a debian package by bypassing all that; but it just feels wrong.
The right way is not to throw away the tools, but to pass the right
options and environment variables to get them to do what you want, and
to use the tools that were built for this.

The worst part is that for the case of rpm packages, fpm _actually does
the right thing_ and builds the package using rpmbuild. This is probably
because contrary to dpkg, the rpm format is a special-case one, that
cannot easily be built by other tools; but it does show that it is
possible to build something like fpm _without_ bypassing the tools that
were built for this purpose.

Finally, I'd like to say that while I do believe it's a bad idea, I'm
not necessarily opposed to someone uploading it into Debian. I don't
think we need it, I don't think it's a good idea, and I think it's going
to be a time sink for whoever decides to maintain it for Debian; but if
you want to do that and prove me wrong, hey, more power to you.

-- 
This end should point toward the ground if you want to go to space.

If it starts pointing toward space you are having a bad problem and you
will not go to space today.

  -- http://xkcd.com/1133/



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 13 Aug 2013 07:40:55 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 13:42:17 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.