Bug#1060772: python3-jupyterlab: Using node-corepack downloads yarnpkg from Internet
control: severity -1 serious On 2024-01-14 08:20, Yadd wrote: > Package: python3-jupyterlab > Version: 4.0.9+ds1-1 > Severity: important > X-Debbugs-Cc: y...@debian.org > > Hi, > > the patch 0003-Use-system-provided-yarn.js.patch replaces missing > yarn.js by node-corepack. Please keep in mind that > node-corepack/../yarn.js is a wrapper that downloads yarnpkg from > Internet instead of using Debian's one. As network access is forbidden by Debian Policy section 4.9, this is actually a serious bug. Changing the severity accordingly. Regards Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://aurel32.net
Bug#1060772: [Python-modules-team] Bug#1060772: python3-jupyterlab: Using node-corepack downloads yarnpkg from Internet
Le 14/01/2024 à 05:20, Yadd a écrit : Hi, the patch 0003-Use-system-provided-yarn.js.patch replaces missing yarn.js by node-corepack. Please keep in mind that node-corepack/../yarn.js is a wrapper that downloads yarnpkg from Internet instead of using Debian's one. Hi Yadd, I spent some time trying to patch things all around so as to get the build to run offline, but I must confess I got myself lost in the maze of commands and helper tools. In the end I think my source package tried to use the yarn.js provided by node-corepack in some places, the one provided by yarnpkg in others, and pkgjs-install-minimal in yet others. They all seem subtly incompatible (especially with regards to --offline behaviour), and I think it would be better if someone more fluent than me in Yarn and related tools were to tackle this problem. I pushed to Salsa the last state of the packaging before I started getting completely lost, any help would be most welcome :-) Roland.
Bug#1060772: python3-jupyterlab: Using node-corepack downloads yarnpkg from Internet
Package: python3-jupyterlab Version: 4.0.9+ds1-1 Severity: important X-Debbugs-Cc: y...@debian.org Hi, the patch 0003-Use-system-provided-yarn.js.patch replaces missing yarn.js by node-corepack. Please keep in mind that node-corepack/../yarn.js is a wrapper that downloads yarnpkg from Internet instead of using Debian's one. Cheers, Yadd
