Something that Linux distributions should not do when packaging things
Right now I am a bit unhappy at Fedora for a specific packaging situation, so let me tell you a little story of what I, as a system administrator, would really like distributions to not do.
For reasons beyond the scope of this blog entry, I run a Prometheus and Grafana setup
on both my home and office Fedora Linux machines (among other things,
it gives me a place to test out various things involving them).
When I set this up, I used the official upstream versions of both,
because I needed to match what we are running (or would soon be). The Grafana people supply
Grafana in a variety of package formats, and because Grafana has a
bunch of files and paths I opted to use their RPM package instead
of their tarball. The Grafana people give their RPM package the
package name of 'grafana
', which is perfectly reasonable of them.
(We use the .deb on our Ubuntu 18.04 based production server for the same reason. Life is too short to spend patiently setting tons of command line switches or configuration file paths to tell something where to find all of its bits if the people provide a nice pre-packaged artifact.)
Recently, Fedora decided to package Grafana themselves (as a RPM),
and they called this RPM package 'grafana
'. Since the two different
packages are different versions of the same thing as far as package
management tools are concerned, Fedora basically took over the
'grafana
' package name from Grafana. This caused my systems to
offer to upgrade me from the Grafana.com 'grafana-6.1.5-1' package
to the Fedora 'grafana-6.1.6-1.fc29' one, which I actually did after
taking reasonable steps to make sure that the Fedora version of
6.1.6 was compatible with the file layouts and so on from the Grafana
version of 6.1.5.
So far, I have no objection to what Fedora did. They provided the latest released version of Grafana, and their new package was a drop in replacement for the upstream Grafana RPM. The problem is what happened next, which is that the Grafana people released Grafana 6.2 on May 22nd (cf) and currently there is no sign of any update to the Fedora package (the Bodhi page for grafana has no activity since 6.1.6, for example). At this point it is unclear to me if Fedora has any plans to update from 6.1.6 at all, for example; perhaps they have decided to freeze on this initial version.
Why is this a problem? It's simple. If you're going to take over
a package name from the upstream, you should keep up with the
upstream releases. If you take over a package name and don't keep
up to date or keep up to date only sporadically, you cause all sorts
of heartburn for system administrators who use the package. The
least annoying future of this situation is that Fedora has abandoned
Grafana at 6.1.6 and I am going to 'upgrade' it with the upstream
6.2.1, which will hopefully be a transparent replacement and not
blow up in my face. The most annoying future is that Fedora and
Grafana keep ping-ponging versions back and forth, which will make
'dnf upgrade
' into a minefield (because it will frequently try
to give me a 'grafana
' upgrade that I don't want and that would
be dangerous to accept). And of course this situation turns Fedora
version upgrades into their own minefield, since now I risk an
upgrade to Fedora 30 actually reverting the 'grafana
' package
version on me.
You can hardly miss that Grafana.com already supplies a 'grafana
'
RPM; it's right there on their download page. In this situation I feel
that the correct thing for a Linux distribution to do is to pick
another package name, one that doesn't clash with the upstream's
established packaging. If you can't stand doing this, don't package
the software at all.
(Fedora's packaging of Prometheus itself is fairly amusing in a terrible way, since they only provide the extremely obsolete 1.8.0 release (which is no longer supported upstream or really by anyone). Prometheus 2.x is a major improvement that everyone should be using, and 2.0.0 was released way back in November of 2017, more than a year and a half ago. At this point, Fedora should just remove their Prometheus packages from the next version of Fedora.)
Comments on this page:
|
|