-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hello, dear TUs and Arch developers.
I'd like to ask relative the package clickhouse-static[1]. The officially supported way to build ClickHouse binaries is static linking[2]. And my question: is it possible that the package with the current building structure (getting contribs like submodules in upstream, static linking etc.) would theoretically come to [community] repository?
Best regards, Mikhail f. Shiryaev
[1] https://aur.archlinux.org/packages/clickhouse-static/ [2] https://clickhouse.tech/docs/en/development/style/#platform
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
It looks like mail-list has added new lines automatically, so the signature is bad now. Here's the new one.
Best regards, Mikhail f. Shiryaev
On February 10, 2020 5:02:08 AM EST, Felixoid via aur-general aur-general@archlinux.org wrote:
Hello, dear TUs and Arch developers.
I'd like to ask relative the package clickhouse-static[1]. The officially supported way to build ClickHouse binaries is static linking[2]. And my question: is it possible that the package with the current building structure (getting contribs like submodules in upstream, static linking etc.) would theoretically come to [community] repository?
Best regards, Mikhail f. Shiryaev
[1] https://aur.archlinux.org/packages/clickhouse-static/ [2] https://clickhouse.tech/docs/en/development/style/#platform
Unlikely, but not really worth the conversation unless a team member wants to add it to the repos.
-- Best, Daniel https://danielcapella.com
Tue Feb 11 23:25:09 UTC 2020 Eli Schwartz <eschwartz at archlinux.org>
"upstream recommends using vendored static linking" is not an acceptable reason to violate the packaging guidelines.
The program *must* build using the system versions of the 46 dependencies listed in the -static package, and the pkgname must be "clickhouse", not "clickhouse-static", in order to be moved to community; this is part of the "quality of life" care which defines a Trusted User's job.
Among other things, this ensures that the openssl and libcurl versions used are the latest versions which are tracked on the security tracker and patched with security backports if needed -- something which is understandably important for anything that is communicating over the network.
Also, libxml2 from 2 years ago, which is a bit ouch because xml is not exactly the least-exploited data format ever.
Even linux distributions which build statically by default, will expect that the program link to the system's lib*.a static library packages rather than build a custom one.
Hello Eli, Thank you for the full answer. So, as a conclusion, to fulfill the requirements, every dependency must be added to [community] before the main package, and only after that clickhouse could be added there as well.
That's understandable. Maybe, I could try to implement the regular buildings for Arch in the repo and then will bring this topic again.
Best regards, Mikhail f. Shiryaev
On 2/10/20 5:02 AM, Felixoid via aur-general wrote:
Hello, dear TUs and Arch developers.
I'd like to ask relative the package clickhouse-static[1]. The officially supported way to build ClickHouse binaries is static linking[2]. And my question: is it possible that the package with the current building structure (getting contribs like submodules in upstream, static linking etc.) would theoretically come to [community] repository?
"upstream recommends using vendored static linking" is not an acceptable reason to violate the packaging guidelines.
The program *must* build using the system versions of the 46 dependencies listed in the -static package, and the pkgname must be "clickhouse", not "clickhouse-static", in order to be moved to community; this is part of the "quality of life" care which defines a Trusted User's job.
Among other things, this ensures that the openssl and libcurl versions used are the latest versions which are tracked on the security tracker and patched with security backports if needed -- something which is understandably important for anything that is communicating over the network.
Also, libxml2 from 2 years ago, which is a bit ouch because xml is not exactly the least-exploited data format ever.
Even linux distributions which build statically by default, will expect that the program link to the system's lib*.a static library packages rather than build a custom one.
aur-general@lists.archlinux.org