Mono Package audit

Toshio Kuratomi a.badger at gmail.com
Thu Apr 10 02:08:32 UTC 2008


Hey all,

We discovered that a few mono packages had issues with including 
prebuilt binaries so I did a quick check of all the mono packages I 
could find to see just how big the problem is.  I used the 
mono-detect.sh script I'm attaching to find mono using packages.  It 
might not be a complete list as I was unable to find one package that 
everything depended on.  (It really seems like everything should depend 
on mono(System) or mono-core but they don't)  If someone can come up 
with a better check and make sure I found all the packages that would be 
appreciated.

I then downloaded the tarballs for each of the packages and ran find . 
'*.dll' to find prebuilt binaries.  Where prebuilt binaries existed, I 
looked to see if there was discernable source files.  If I found none, 
then I marked the package as binary in the attached mono-pkgs list.  If 
I found source the package was marked as unknown since someone has to 
check if the files are rebuilt or included verbatim.

I also looked for packages which appeared to bundle third party library 
source.  This is the equivalent of linking against static libraries in 
the C world so we want to fix these at some point as well.  They are 
marked 'bundled' in the mono-pkgs file.

What to do about these problems?  It has been proposed that the programs 
which contain binaries be blocked from going into F9 until the problems 
have been resolved.  This plan would still have to address what to do 
with the "unknowns" on the list.

I'm also thinking of drafting a packaging guideline to delete all 
prebuilt binaries from the spec file.  This would make it quite plain 
when a package is built from source and when it is not as opposed to 
having to decipher whether timestamps have forced a rebuild.  I think 
this should be fine for any package already in Fedora (and not blocked 
by the binary requirement).  Some packages may need to be bootstrapped 
in initially, though, so I'll have to think of some way to deal with that.

-Toshio

PS:  spot has a patch for db4o so that's one down :-)
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: mono-pkgs
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080409/55816a28/attachment.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mono-detect.sh
Type: application/x-shellscript
Size: 513 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080409/55816a28/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080409/55816a28/attachment.sig>


More information about the fedora-devel-list mailing list