GNU bug report logs - #69889
Rclone is 4 years outdated

Previous Next

To reply to this bug, email your comments to 69889 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Adroit <adroit1 <at> proton.me>
To: "bug-guix <at> gnu.org" <bug-guix <at> gnu.org>
Subject: Rclone is 4 years outdated
Date: Tue, 19 Mar 2024 01:35:26 +0000

[Message part 1 (text/plain, inline)]

The package "rclone" has not been updated in a long time. I did not find any open bug reports about it.

I was brave and tried to run the latest myself using:
`guix build rclone --with-source=rclone <at> 1.66.0=./rclone-1.66.0.tar.gz`
With the latest source tarball from the Github release. The recipe (in sync.scm) uses a tar download rather than a git-fetch for some reason, so I wasn't able to reuse the recipe with --with-branch. (Btw --with-version would be nice to have, since the version's download URL is done correctly in the recipe.)

Unfortunately I ran into some obscure build error and don't know how to proceed as this is outside of my familiarity.

[Message part 2 (text/html, inline)]

Message #8 received at 69889 <at> debbugs.gnu.org (full text, mbox):

From: Alexandre Hannud Abdo <abdo <at> member.fsf.org>
To: 69889 <at> debbugs.gnu.org
Subject: Rclone is 4 years outdated
Date: Mon, 23 Dec 2024 13:30:44 +0100

[Message part 1 (text/plain, inline)]

Ni! Using `--with-latest` and using `--with-version` also fails during build.

Build log is attached.

I've never played with the go build system, but it seems that the definition doesn't include the required dependencies.

There's a comment in the current outdated definition saying that dependencies are bundled with the tarball. Looking at current files that no longer seems to be the case. I'm assuming --with-latest and --with-version just download newer tarballs.

There seems to be many dependencies. I have no idea whether they're all in guix, so I wonder how hard would it be to fix this. And if it's really only the dependencies that are missing from the definition.

.~´

[hmw7nifk9am1ry9gj0rlirpvhv5xfa-rclone-1.68.2.drv.gz (application/gzip, attachment)]

Message #11 received at 69889 <at> debbugs.gnu.org (full text, mbox):

From: Sharlatan Hellseher <sharlatanus <at> gmail.com>
To: 69889 <at> debbugs.gnu.org
Cc: leo <at> famulari.name
Subject: Rclone is 4 years outdated
Date: Tue, 04 Feb 2025 09:37:05 +0000

[Message part 1 (text/plain, inline)]

Hi,

Thanks for reporting.

--8<---------------cut here---------------start------------->8---
guix describe
Generation 75   Feb 03 2025 21:37:27    (current)
  guix 2574ae3
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: 2574ae3733637ead786fb3dc454369590794bc51

guix show rclone
name: rclone
version: 1.52.3
<...>
--8<---------------cut here---------------end--------------->8---

<2020-08-08> in Guix
<https://github.com/rclone/rclone/releases/tag/v1.52.3>

<2025-01-14> the current latest release
<https://github.com/rclone/rclone/releases/tag/v1.69.0>

The project changed the module of release and now ships vendor and source separatly:
- https://github.com/rclone/rclone/releases/download/v1.69.0/rclone-v1.69.0-vendor.tar.gz
- https://github.com/rclone/rclone/releases/download/v1.69.0/rclone-v1.69.0.tar.gz

It means we need to package all missing inputs before update to the
latest.

CC Leo for the second opinion if we may grab vendor and ingest it
during build and initiate packaging for the future to reduce amount of
vendored packages.

--
Oleg

[signature.asc (application/pgp-signature, inline)]

Message #14 received at 69889 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Sharlatan Hellseher <sharlatanus <at> gmail.com>
Cc: 69889 <at> debbugs.gnu.org
Subject: Re: Rclone is 4 years outdated
Date: Wed, 5 Feb 2025 19:08:35 -0500

On Tue, Feb 04, 2025 at 09:37:05AM +0000, Sharlatan Hellseher wrote:
> The project changed the module of release and now ships vendor and source separatly:
> - https://github.com/rclone/rclone/releases/download/v1.69.0/rclone-v1.69.0-vendor.tar.gz
> - https://github.com/rclone/rclone/releases/download/v1.69.0/rclone-v1.69.0.tar.gz
> 
> It means we need to package all missing inputs before update to the
> latest.

I see.

> CC Leo for the second opinion if we may grab vendor and ingest it
> during build and initiate packaging for the future to reduce amount of
> vendored packages.

I think it's fine to use this vendored / bundled tarball.

Using the vendored code is not the Guix way, but we are already using
the bundled dependencies for this package.

The change is that now they are provided in a separate tarball.

This is not a meaningful change with respect to the why Guix generally
doesn't use bundled source code and I don't think the code review
process for this update should force them to be unbundled now.

In the past I've argued that the way we handle Go packages right now is
insufficient to package them properly. Either we could make an easy to
parameterize Go libraries / modules so that they are not vendored
(improve the importer as part of that?), or just use the vendored code.

But I always say that motivation is not fungible. If you are interested
in packaging these dependencies in the future, go for it!

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.