1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1103033: dh-elpa: Handle version of built-in package better

    From Sean Whitton@21:1/5 to Xiyue Deng on Mon Apr 14 04:50:01 2025
    XPost: linux.debian.maint.emacsen

    Hello,

    On Sun 13 Apr 2025 at 06:28pm -07, Xiyue Deng wrote:

    Package: dh-elpa
    Version: 2.1.9
    Severity: wishlist

    A recent bug#1101304 shows some limitation of version handling of
    dh-elpa for packages that are both built-in and packaged separately. Currently, dh-elpa can mark a package as packaged separately, and then
    detect the version from an addon comment header, much like non-built-in packages. However, when a built-in package is sufficiently new, an
    addon can directly depend on Emacs itself without requiring the
    separately packaged version.

    Right.

    As an improvement to avoid requiring the separated packaged version, for
    a package `foo' that is built-in, if the packaged version meets the requirement of an addon, ${elpa:Depends} can just generate "Emacs (>= <current version>)"; otherwise generate "elpa-foo (>= <required
    version>)" as before.

    There are a couple of options here:

    - Emacs adds versioned Provides: and then it satisfies the dependencies
    without the dependencies getting more complicated

    - We generate dependencies "elpa-foo (>= ...) | emacs (>= ...)".

    I think I prefer the former, because it retains the possibility of not installing Emacs along with addons, an invariant we've had for a while.
    But what's your opinion?

    Implementation wise, AFAIK there is no public API to query the version
    of a built-in package, so for now one may need to inspect `package--built-versions' directly. Not sure whether upstream would implement an API for querying built-package versions.

    I think they probably would, if you'd like to ask about it.

    --
    Sean Whitton

    --=-=-Content-Type: application/pgp-signature; name="signature.asc"

    -----BEGIN PGP SIGNATURE-----

    iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmf8dncZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQKMxD/0Z+1k8Psm0NdGBQcVP8GUA wNC+MAfFl1E1E9sQIocGjnK91ZChoixYInHRHOhlDQG/SZZJThLQULa13z/q0UC7 eVVXin7xZVLN/l0KzK9mkbYmHCxQ+72kUJ5UXXrT+yk6TR5vhrlbu7IQ/eFdDAhG GZ1uoi0poL3DyBkNmglQ1rJ1zL5m79+dbDDziw9BQwJZYn+LVZ8HIzXKip1ftNWu nwsKUsNEOI+M+EaLrdX2tkW1aMU7IPMsX4pLhmB7/CWJ7J3loo77jJnhNFRy/ezE eLBX3vstQUaa8SHGgkv0kf3Gb3s5bWCNTbXK3AKwdxBzBwTTwLfDojI4b0bfR8hp KjQChCZ5KJxmALvWSA6O4/0MlBM+QbpkCCN0fD+a9B1kB0NZOTVOQxNQQG2Y853L eXh9KqIuGShPBKtZ19aUWvkL+/y6cpCrI1Nf19noBSnW6Oerd1ohAwCv9JnXfYih +rUc6ieT02AMlVkc1LnYQgNyE9hqye+Pz/iYWoevN/5maAAIHa/5qcjl/wN4wLuo xe5GoW2EW7lfV0d7rA+gcD2qTfHRpWbvMd4m/9WOKcFME0RPkZNG4H/SQsOQe7eI tQRbq84Eos0JbFENgaUWMlF0KEDBvdsqBimij8/p0+LelDQON9N4MH0TS9HrcgYs QoP6MuCZGZQLjmQBS3HK4g==PHLT
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Us
  • From Sean Whitton@21:1/5 to Xiyue Deng on Mon Apr 14 06:30:01 2025
    XPost: linux.debian.maint.emacsen

    control: reassign -1 src:emacs
    control: retitle -1 emacs: generate versioned Provides for all :core packages

    Hello,

    On Sun 13 Apr 2025 at 08:55pm -07, Xiyue Deng wrote:

    Option 1 also sounds good to me.

    Cool. I'm not planning to work on it but I can review patches.

    This may also be useful to handle security update for stable version,
    though I'm not sure whether it will automatically handle the upgrades.

    (Wondering for the situation that Emacs version A provides foo 1.0, and
    when foo 1.0 founds a security issue, and Emacs version A+deb12u1 fixes
    it by providing foo 1.1, will foo 1.0 automatically upgrade to Emacs A+deb12u1, or it still requires user manually uninstalling foo 1.0?)

    No, and in fact the foo with the security hole would override the one
    shipped with Emacs. We'd have to patch both packages.

    --
    Sean Whitton

    --=-=-Content-Type: application/pgp-signature; name="signature.asc"

    -----BEGIN PGP SIGNATURE-----

    iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmf8jWYZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQBrFD/92KKT6OAsjR4/iuvgOSz6S lOaCTLpOUX93/7wgCqwxqZQIJ4G7Clu2EI1ATJr9N3TU47l0Kppqbgjcof/XZoBY 061ACVTrbfprGsm5yR6bxdXdKQYKE1kmdSIuw/JMcEJ8r6Y0km1YIbq3j0ZwaJJV YsEEGIiEfSNQPU6mcsBEmRU8SFITfYz4xK6U1dPdjrFttnsDzBTvmnoZRtp7KFHA tgV8+JBAwgHuCE2xNsonJHimc816F8DUtGNKZpdAu22pWlhh7ceoFyaAMouDBlqr yDL5/4Gc+OEgP6oTwrRTcFeaQRTbLf+Zy4KUuHMhjyH95UrPTI1z5m/Jf4wMZRKd ZmRQbdk9dOnxbT+khGYR+0Zazs1KOWIuAmsORGgopgGgAdkNaOmtV6ye0ppScR/O /fk579m42QvvdAxXkWcaBtEocXo7tNk9f7gPFn5leKDL39lM4QrJwPQZ5TmgTVKW 4yNd7MuUAmno5o7MHo8ez8Wq85jtK6ex/gCkKKwn2sjxnfuepn8Ze9srJBVlddjw iSDGnqMrgHlzmGVGhHsahPIDc4RG8buPI1LhNr097ynZSbb7FiwyZTQ2iaiVfF+8 ap3MHKvo7CZrhrkOrYnjapvQDk38C+dALmLw23cQ1kcp3QO1D4iJwWZP9uMEKCzq u4iNQ3kDV3OW+rUnxE4vOg==BhjN
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Us