How to update a Cygwin package that has no maintainer? - cygwin

Many Cygwin's packages have no maintainer, is it still revelant to use Cygwin ?
I would like to update ruby or ansible package to the last version, how can I do that ?
Thanks

Package maintainers are volunteers.
Anyone can offer him/herself for the job.
Documentation
https://cygwin.com/packaging-contributors-guide.html
Mailing list for discussion about Maintainers
https://cygwin.com/mailman/listinfo/cygwin-apps

If you want to be a maintainer you must subscribe to the Cygwin mailing lists. All discussions about maintaining packages are there, and you will be required to post your credentials (i.e. public key) there in order to upload updated packages. Note that some orphan packages became so because the previous maintainer needed to reduce their workload.
Once you are subscribed, just ask to take over an orphaned package, upload your credentials, install the source package, make necessary changes, and upload the new package. It sounds easy, but you might want to build the package and make sure it runs all tests before asking to be the new maintainer.
Note that there may be others who have tried to update a package, and encountered blocking problems. Those will be discussed in the mailing lists, which you can search.

Related

Identifying most suitable dependent rpm packages

Not sure SO is the best place to ask this, but it is development related so maybe someone can help.
I've written an app (in python but that's not important) which parses a Yum repo database to collate RPM packages and their dependencies. The problem I have is that I am sucking in too many packages when a dependency is met by more than one.
Specific example: I am seeking the list of packages which meet dependencies for Java-1.8.0 and getting a dependency of libjli.so()(64bit). libjli.so()(64bit) My code correctly works out that this is provided by multiple -devel packages from the Java 1.8, 1.7 and 1.6 streams. Unfortunately all three versions (and their dependencies) then get included in my list.
I guess my question is, given a list of packages meeting a requirement, what is the best way to identify the most appropriate package to include? i.e. when resolving the dependencies for Java-1.8.0, only include the -devel package for 1.8.0 and not suck in the -devel packages for 1.6 and 1.7 as well.
I know this is a problem with my code, I'm just not sure what facilities are provided by the yum ecosystem to help me identify which package would be best to include from the list of multiple.
It is hard to tell without seeing your code.
Yum is dead. If you are developing something new, you should develop on top of DNF. DNF use satsolver algorithm (https://doc.opensuse.org/projects/satsolver/11.4/index.html) and you can use libdnf https://github.com/rpm-software-management/libdnf (formerly known as libhif, formerly known as libhawkey).

How do I remove a package from Package Control but not uninstall it for current users?

I have a ST3 package hosted on GitHub and available through Package Control. It has been superseded by a new package that I wrote, but I keep getting bug reports for the old one since many people are still using it.
What is the correct way to remove the option to install the original package from package control, and ideally from GitHub if possible, without messing anything up for users who currently have the old package installed?
Specifically, will submitting a pull request to Package Control to remove the old package, and/or deleting the old package's github repo, cause the old package to disappear from people's Sublime Text?
I strongly suggest reading through the package developer docs, especially the section entitled Renaming a Package, as they explain everything in detail. Essentially, the easiest path would be to following the directions for renaming a package, and at the same time change the URL to your new Github repo. This way, the old packagecontrol.io page will no longer be available, and upon restart users of the old package should be upgraded to the new one.
I'd also recommend reading through the Package Control Channel's issues to see if this issue has come up before. Worst case scenario, you submit your PR and it gets rejected for some reason, but they'll explain what you need to do differently.

How to gather the full config of a NixOS system?

I read a bit about NixOS and tried it these days, because I got the impression that it would let me configure a Linux with just one file.
When I used it, I installed a bunch of packages with nix-env, so they didn't end up in the configuration.nix, but I could simply uninstall them later and add them to the configuration.nix by hand. I there something like npm i -g <package> that would install this globally so it would end up in the configuration.nix and could simply be copied to another machine.
Also, I installed stuff like zsh and atom and they have an entirely different approach to configuration and customization (bashscript, javascript, less, etc).
Is there a way for Nix/NixOS to track the package-specific config too?
Does it already happen and I don't see it? Like the nix expression of the package knows where the package will store its config etc.
I mean, it's nice that I can add these packages to the main config and when using it at another PC I get the same software installed, but I still see myself writing rather much configs for the installed packages too.
If you want packages installed through configuration.nix, then the easiest way to accomplish that is to add them to the environment.systemPackages attribute. Packages listed in there will be available automatically to all users on the machine. As far as I know, there is no shell command available to automate the maintenance of that attribute, though. The only way to manage that list is by editing configuration.nix and manually adding the packages you'd like to have installed.
Nix does not manage package-specific configuration files. As you probably know, NixOS provides such a mechanism for files in /etc, but a similar mechanism to manage config files in $HOME etc. does not exist. The PR https://github.com/NixOS/nixpkgs/pull/9250 on Github contains a concrete proposal to add this capability to Nix, but it hasn't been merged yet because it requires some changes that are controversial.
Nix does not currently offer ways of managing user specific configuration or language specific package managers. AFAICT that's because it is a very complex and opinionated territory compared to generating configs for sshd etc.
There are however Nix-based projects providing solution to at least some parts of your question. For managing user configuration (zsh etc.), have a look at home manager.

Why can't cabal keep multiple versions of the same package?

Coming from Ruby where I can have as many versions of every gem as I want, it's confusing to me why there is the restriction of Cabal being able to only have one version installed at the same time?
I've tried searching for an answer, but couldn't find anything explaining the reasoning behind this. And another good question would be if is there a workaround to this other than using sandboxes, which require me to recompile everything for every project (or share the sandbox, which doesn't always work).
edit: To clarify this question, what I don't understand is how cabal gets to the point where it says that installing a package would break another package. What is the cause of this issue?
I know it can be fixed by using a sandbox, but that's not an answer to the cause of this problem.
Your assumption is incorrect: cabal does allow installation of multiple versions of the same package. Packages are distinguished by version number.

Can the "author" field on Nuget be spoofed? Can I trust the file's authenticity?

I'm browsing Nuget libraries from an author and see questionable content.. something that doesn't have the same quality as some of the prior work I've seen.
How do I know that the author of a Nuget package is really that person?
Can I extend that trust into the built-in update process of Nuget?
The "author" is simply metadata that is included in the .nuspec file. See (http://docs.nuget.org/docs/reference/nuspec-reference). This can be different than the package owner/creator.
In the beginning when NuGet was starting out, there were a few people that were creating packages for projects that they didn't author mainly to get the package in the repository.
Now that NuGet is more established, it is recommended that people contact the project owner and have them create their own NuGet package.
For packages that have already been uploaded to the repository by someone other than the author, the author can request to have the ownership transferred to them.
Since there's no guarantee that the package creator is the original author, I'm not sure how that affects trust. However, if you install a package, it is pretty safe to say that updates will either be from the same person that created the initial package, or potentially it will have transferred to the actual author of the project.
In other words, trust will likely be the same or perhaps better (if actual author), but seldom worse than the original package you installed.
Hope that helps.
I know this is a fairly old question, but this is the best answer I've found. I'd like to add my $.02 to the till. I've got a couple of packages on nuget.org that are based on another package. Unity.Mvc3.VB, Unity.Mvc3.DLL, and I'm working on a Unity.Mvc4.VB package. They're all based on Unity.Mvc3 from devtrends. The DLL project basically just installs the assembly reference for Unity.Mvc3 without the c# source code files so that it's a little easier to use in projects of other languages. The VB package(s) include VB.Net versions of the C# source files. Since I didn't write anything other than the nuspec file in the DLL package, I just listed Paul Hiles as the author and myself as the package owner.
For the VB package(s), again I'm listed as the owner, but for the author I list Paul and myself with each of our contributions in parenthesis like so:
The idea is that I'm giving credit to the original author of my derivative work.
Kiliman's answer is correct and comprehensive. I would like to add that it is up to the community to start writing reviews of nuget packages in the NuGet Gallery. Reviews are very few and far between and they have a star-rating system, so if you don't think a package is useful, or if you have concerns about a particular package, write them there and help your fellow programmers.

Resources