Packaging on ArchLinux

[NicoHood]

Hello, I'd like to have some guidance on packaging this app for ArchLinux. The current version on AUR is outdated and uses the prebuilt debian package: https://aur.archlinux.org/packages/boostnote

Now on ArchLinux we want to avoid precompiled binaries/debs and also we want to use shared libraries for all software to avoid any security risk and also to use less disk space. Since this is an electron app, I am not sure how relevant this is, I've never packaged Electron apps before.

ArchLinux itself has Electron, apm and npm in the official repositories. Maybe those can be used as dependencies to reduce the package size.

Now my question is how to properly build such an app for package distribution? The current build instructions sound to me for develop tests but not for packaging.

Can you please give me any guidance to update the AUR package? If enough users upvote on that package I can possibly move it into the official repositories then.

[NicoHood]

Some updates:

I am currently using the PKGBUILD as reference:

# Maintainer: NicoHood <archlinux {cat} nicohood {dog} de>
# PGP ID: 97312D5EB9D7AE7D0BD4307351DAE9B7C1AE9161
# Contributor: Dick Choi <fluke8259@gmail.com>
# Contributor: Romain Bazile <gromain.baz@gmail.com>

pkgname=boostnote
_pkgname=Boostnote
pkgver=0.8.7
pkgrel=1
pkgdesc="Boostnote is an open source note-taking app made for progammers just like you"
arch=('x86_64')
url="https://boostnote.io/"
license=('GPL3')
makedepends=('npm' 'git')
depends=('electron')
source=("${pkgname}-${pkgver}.tar.gz::https://github.com/BoostIO/Boostnote/archive/v${pkgver}.tar.gz")
sha512sums=('400bcd5f2a2fa3c858c4e5ab8ce22c8f9669a5c1c0299724937f56534248e0517c8a814b7c2f2243c8492edbb50e96b2a2a2ce787f6566cbfec1741521d5261c')
validpgpkeys=()

build() {
    cd "${_pkgname}-${pkgver}"
    npm install
    npm run build
}

package() {
    echo "todo"
}

It gives lots of warnings:

npm WARN deprecated minimatch@2.0.4: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
npm WARN deprecated electron-packager@6.0.2: Critical security bug fixed in v7.0.0 - read more at https://github.com/electron-userland/electron-packager/issues/333
npm WARN deprecated electron-prebuilt@1.4.13: electron-prebuilt has been renamed to electron. For more details, see http://electron.atom.io/blog/2016/08/16/npm-install-electron
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@1.2.3: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
npm WARN prefer global coffee-script@1.12.4 should be installed with -g

> electron-prebuilt@1.4.13 postinstall /build/boostnote/src/Boostnote-0.8.7/node_modules/electron-prebuilt
> node install.js

> history@1.17.0 postinstall /build/boostnote/src/Boostnote-0.8.7/node_modules/history
> node ./npm-scripts/postinstall.js

boost@0.8.7 /build/boostnote/src/Boostnote-0.8.7
├── @rokt33r/markdown-it-math@4.0.2 
├─┬ @rokt33r/season@5.3.1 
│ ├─┬ cson-parser@1.3.4 
│ │ └── coffee-script@1.12.4 
│ ├─┬ fs-plus@2.10.1 
│ │ ├── async@1.5.2  deduped

[...]

    └── range-parser@1.2.0  deduped

npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.0.0 (node_modules/chokidar/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.1.1: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN The package react is included as both a dev and production dependency.
npm WARN The package react-dom is included as both a dev and production dependency.
npm ERR! missing script: build

npm ERR! A complete log of this run can be found in:
npm ERR!     /build/.npm/_logs/2017-04-03T17_22_12_092Z-debug.log
==> ERROR: A failure occurred in build().

[clone1612]

Worked on it and seemed to have found a suitable way of packaging based on the way openbazaar is compiled but with some tweaks for this specific application.

PKGBUILD:

# Maintainer: Jannick Hemelhof <mister.jannick@gmail.com>
# Contributor: Dick Choi <fluke8259@gmail.com>
# Contributor: Romain Bazile <gromain.baz@gmail.com>
pkgname=boostnote
_pkgname=Boostnote
pkgver=0.8.7
pkgrel=1
pkgdesc="Open source note-taking app for programmers"
arch=('x86_64')
url="https://b00st.io/"
license=('GPL')
depends=(electron)
makedepends=(npm grunt-cli asar)

source=(
  "${pkgver}.tar.gz::https://github.com/BoostIO/"${_pkgname}"/archive/v"$pkgver".tar.gz"
  "${pkgname}.sh"
  "${pkgname}.desktop"
  "npm-prune-fix.patch"
  )

md5sums=(
  '217d8b343b2215679a212b1a44f21ca7'
  'a4bbf961790883a47e3fef257ba35b98'
  '8547065c63f31831a249ccc1225197e2'
  '5de458c318306de81a9f72bcbfddaa69'
  )

prepare() {
  cd "${srcdir}/${_pkgname}-${pkgver}"

  patch -Np1 -i "${srcdir}"/npm-prune-fix.patch
}

build() {
  cd "${srcdir}/${_pkgname}-${pkgver}"
  npm install
  grunt compile
  npm prune --production
  asar pack . ../${pkgname}.asar
  cp resources/app.png ../app.png
}

package() {
  cd $srcdir

  install -Dm644 ${pkgname}.asar $pkgdir/opt/${pkgname}/${pkgname}.asar

  install -Dm755 ${pkgname}.sh $pkgdir/usr/bin/${pkgname}

  install -Dm644 app.png "$pkgdir"/usr/share/pixmaps/${pkgname}.png
  install -Dm644 ${pkgname}.desktop "$pkgdir"/usr/share/applications/${pkgname}.desktop
}

.sh file:

#!/bin/sh
cd /opt/boostnote
NODE_ENV=production electron boostnote.asar "$@"

.desktop file:

[Desktop Entry]
Name=Boostnote
GenericName=Boostnote is an open source note-taking app made for progammers just like you.
Comment=Boostnote is an open source note-taking app made for progammers just like you.
Exec=/usr/bin/boostnote %U
Icon=boostnote
Type=Application
StartupNotify=true
Categories=Development;Utility;
MimeType=text/plain;

And a patch was needed since two needed dependencies seem to be also present in devDependencies leading to npm prune --production deleting some needed stuff:

--- Boostnote-0.8.7/package.json    2017-03-20 08:11:24.000000000 +0100
+++ Boostnote-0.8.7/package.new.json    2017-04-05 14:12:17.848998504 +0200
@@ -99,10 +99,8 @@
     "jsdom": "^9.4.2",
     "merge-stream": "^1.0.0",
     "nib": "^1.1.0",
-    "react": "^15.3.0",
     "react-color": "^2.2.2",
     "react-css-modules": "^3.7.6",
-    "react-dom": "^15.3.0",
     "react-input-autosize": "^1.1.0",
     "react-router": "^2.4.0",
     "react-router-redux": "^4.0.4",

The result installs fine, works and is only 43,18 MiB large. Feel free to test and suggest some improvements.

[NicoHood]

Some notes:

• The metadata is wrong (url, license, arch)
• Use sha512sums
• Do not install into /opt
• when ready we need to add gpg signatures https://github.com/BoostIO/Boostnote/issues/387
• See my recent AUR Post for more information from tensor5, the electron and atom maintainer.

[clone1612]

Your comments make sense and it seems I still have a lot to learn regarding packaging electron related apps. Since you're already a trusted arch user with experience it might be better to make you the real maintainer if you're interested, I might have picked the wrong package to start my aur career with.

[NicoHood]

@clone1612 I also never packaged electron apps. Feel free to share any updates and I will test. If the package and app works well I can move it to community. But first gpg signatures #387 are required for this anyways.

I am AFK for 2 weeks soon, thatswhy I wont start any bigger maintenance.

[clone1612]

@NicoHood Thank you for the assistance, here is an updated version of the files.

PKGBUILD

# Maintainer: Jannick Hemelhof <mister.jannick@gmail.com>
# Contributor: Dick Choi <fluke8259@gmail.com>
# Contributor: Romain Bazile <gromain.baz@gmail.com>
pkgname=boostnote
_pkgname=Boostnote
pkgver=0.8.7
pkgrel=1
pkgdesc="Open source note-taking app for programmers"
arch=('any')
url="https://boostnote.io/"
license=('GPL3')
depends=('electron')
makedepends=('npm' 'grunt-cli')

source=(
  "${pkgver}.tar.gz::https://github.com/BoostIO/"${_pkgname}"/archive/v"$pkgver".tar.gz"
  "${pkgname}.js"
  "${pkgname}.desktop"
  "npm-prune-fix.patch"
  )

sha256sums=(
  '254437d1386f0bf30d0d039b75bd471eecad57dea6ac19044e3e724d57ddc720'
  '54fe7426e787d6cf1590fa234ea2a48da3ef51c4366822e2f2f7a966e9e0f431'
  '22336c683fc693054a5adebf964f06455ce926eb5c99e377699dd455ed3a7770'
  '44527af1eaef50fc26bf130d065400b2b9b34b3a620317f8f7e4274196f88031'
  )

prepare() {
  cd ${_pkgname}-${pkgver}

  patch -Np1 -i "${srcdir}"/npm-prune-fix.patch
}

build() {
  cd ${_pkgname}-${pkgver}
  npm install
  grunt compile
  npm prune --production
  cp resources/app.png ../app.png
}

package() {
  cd ${_pkgname}-${pkgver}

  appdir=/usr/lib/${pkgname}

  install -dm755 "${pkgdir}"${appdir}
  cp -r * "${pkgdir}"${appdir}

  install -Dm755 "${srcdir}"/${pkgname}.js $pkgdir/usr/bin/${pkgname}

  install -Dm644 "${srcdir}"/app.png "$pkgdir"/usr/share/pixmaps/${pkgname}.png
  install -Dm644 "${srcdir}"/${pkgname}.desktop "$pkgdir"/usr/share/applications/${pkgname}.desktop
}

New .js filed based on examples provided by the repositories the mail mentioned:

#!/usr/bin/electron

const name = 'boostnote';

const {app} = require('electron');
const fs = require('fs');
const path = require('path');

// Change command name.
const fd = fs.openSync('/proc/self/comm', fs.constants.O_WRONLY);
fs.writeSync(fd, name);
fs.closeSync(fd);

// Remove first command line argument (/usr/bin/electron).
process.argv.splice(0, 1);

// Set application paths.
const appPath = path.join(path.dirname(__dirname), 'lib', name);
const packageJson = require(path.join(appPath, 'package.json'));
const productName = 'Boostnote';
app.setAppPath(appPath);
app.setDesktopName(name + '.desktop');
app.setName(productName);
app.setPath('userCache', path.join(app.getPath('cache'), productName));
app.setPath('userData', path.join(app.getPath('appData'), productName));
app.setVersion(packageJson.version);

// Run the application.
require('module')._load(appPath, module, true);

EDIT: make-depends fix for grunt-cli

[NicoHood]

I dont have the time to test, just general things:

• sha512 not sha256
• you need to put every variable in "" to avoid space problems in the path.

The rest i need to test myself. Looks promising. If it works, put it in aur and let the users test and give feedback. :)

[escorponox]

I'll test this

[clone1612]

Updated with those two changes:

# Maintainer: Jannick Hemelhof <mister {dot} jannick {at} gmail {dot} com>
# Contributor: NicoHood <aur {at} nicohood {dot} de>
# Contributor: Dick Choi <fluke8259 {at} gmail {dot} com>
# Contributor: Romain Bazile <gromain {dot} baz {at} gmail {dot} com>
pkgname=boostnote
_pkgname=Boostnote
pkgver=0.8.7
pkgrel=2
pkgdesc="Open source note-taking app for programmers"
arch=('any')
url="https://boostnote.io/"
license=('GPL3')
depends=('electron')
makedepends=('npm' 'grunt-cli')

source=(
  "${pkgver}.tar.gz::https://github.com/BoostIO/"${_pkgname}"/archive/v"$pkgver".tar.gz"
  "${pkgname}.js"
  "${pkgname}.desktop"
  "npm-prune-fix.patch"
  )

sha512sums=(
  '400bcd5f2a2fa3c858c4e5ab8ce22c8f9669a5c1c0299724937f56534248e0517c8a814b7c2f2243c8492edbb50e96b2a2a2ce787f6566cbfec1741521d5261c'
  'f0abbdcca34d7f74d3dc66ffc2d0995416e7708c715d55fa58c4c2abc31d191ea42f3434e3105292b4817f83ac0ca89f456f5f93007ae80ab2426c8941f615f9'
  '18bcda13580da8ceeaa86793a77ec00a053b8fd51451dad7e2b1a19553fe1a467ac647b44b789212e783f3f6a80968cc9404e884ef7ff6b1f6588473b3229d40'
  'c500237c18fc1fcd98f3fd6d1b0bd74764e6f53a87c258b4d68b6d4754ad2281317b89e411aaf5af4d2c9f837f67218cd3663e27fc77da5137b217724f91039c'
  )

prepare() {
  cd "${_pkgname}-${pkgver}"

  patch -Np1 -i "${srcdir}/npm-prune-fix.patch"
}

build() {
  cd "${_pkgname}-${pkgver}"
  npm install
  grunt compile
  npm prune --production
  cp resources/app.png ../app.png
}

package() {
  cd "${_pkgname}-${pkgver}"

  appdir="/usr/lib/${pkgname}"

  install -dm755 "${pkgdir}""${appdir}"
  cp -r * "${pkgdir}""${appdir}"

  install -Dm755 "${srcdir}/${pkgname}.js" "$pkgdir/usr/bin/${pkgname}"

  install -Dm644 "${srcdir}/app.png" "$pkgdir/usr/share/pixmaps/${pkgname}.png"
  install -Dm644 "${srcdir}/${pkgname}.desktop" "$pkgdir/usr/share/applications/${pkgname}.desktop"

  find "${pkgdir}""${appdir}" \
        -name "package.json" \
            -exec sed -e "s|${srcdir}/${pkgname}-${pkgver}|${appdir}|" \
                -i {} \; \
        -or -name ".*" -prune -exec rm -r '{}' \; \
        -or -name "Gruntfile.js" -exec rm '{}' \; \
        -or -name "Makefile" -exec rm '{}' \; \
        -or -name "bower.json" -exec rm '{}' \; \
        -or -name "cmd.js" -exec rm '{}' \; \
        -or -name "coffee" -prune -exec rm -r '{}' \; \
        -or -name "example" -prune -exec rm -r '{}' \; \
        -or -name "gulpfile.js" -exec rm '{}' \; \
        -or -name "test" -prune -exec rm -r '{}' \; \
        -or -name "tests" -prune -exec rm -r '{}' \;
}

Desktop:

[Desktop Entry]
Name=Boostnote
GenericName=Boostnote is an open source note-taking app made for programmers just like you.
Comment=Boostnote is an open source note-taking app made for programmers just like you.
Exec=/usr/bin/boostnote %U
Icon=boostnote
Type=Application
StartupNotify=true
Categories=Development;Utility;
MimeType=text/plain;

JS:

#!/usr/bin/electron

const name = 'boostnote';

const {app} = require('electron');
const fs = require('fs');
const path = require('path');

// Change command name.
const fd = fs.openSync('/proc/self/comm', fs.constants.O_WRONLY);
fs.writeSync(fd, name);
fs.closeSync(fd);

// Remove first command line argument (/usr/bin/electron).
process.argv.splice(0, 1);

// Set application paths.
const appPath = path.join(path.dirname(__dirname), 'lib', name);
const packageJson = require(path.join(appPath, 'package.json'));
const productName = 'Boostnote';
app.setAppPath(appPath);
app.setDesktopName(name + '.desktop');
app.setName(productName);
app.setPath('userCache', path.join(app.getPath('cache'), productName));
app.setPath('userData', path.join(app.getPath('appData'), productName));
app.setVersion(packageJson.version);

// Run the application.
require('module')._load(appPath, module, true);

Patch:

--- Boostnote-0.8.7/package.json    2017-03-20 08:11:24.000000000 +0100
+++ Boostnote-0.8.7/package.new.json    2017-04-05 14:12:17.848998504 +0200
@@ -99,10 +99,8 @@
     "jsdom": "^9.4.2",
     "merge-stream": "^1.0.0",
     "nib": "^1.1.0",
-    "react": "^15.3.0",
     "react-color": "^2.2.2",
     "react-css-modules": "^3.7.6",
-    "react-dom": "^15.3.0",
     "react-input-autosize": "^1.1.0",
     "react-router": "^2.4.0",
     "react-router-redux": "^4.0.4",

[NicoHood]

Can you push those changes to AUR if they work? (seems you did)

I recommend to build in a clean chroot if you dont do that yet. Its really simple and clean. Install devtools and run extra-x86_64-build instead of makepkg.

--> the git makedep is missing

-pkgdesc="Opensource note app for developer"
+pkgdesc="Boostnote is an open source note-taking app made for progammers just like you"

Also we need to fix the warnings. Maybe upstream or as a patch. For security reasons, shared binaries and compatiblity with nodejs > v7

npm WARN deprecated minimatch@2.0.4: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
npm WARN deprecated electron-packager@6.0.2: Critical security bug fixed in v7.0.0 - read more at https://github.com/electron-userland/electron-packager/issues/333
npm WARN deprecated electron-prebuilt@1.4.13: electron-prebuilt has been renamed to electron. For more details, see http://electron.atom.io/blog/2016/08/16/npm-install-electron
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@1.2.3: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
npm WARN prefer global coffee-script@1.12.4 should be installed with -g

npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.0.0 (node_modules/chokidar/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.1.1: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
secret/auth_code.json is not found. CodeSigning is not available.

npm WARN eslint-config-standard@6.2.1 requires a peer of eslint@>=3.8.1 but none was installed.
npm WARN eslint-config-standard@6.2.1 requires a peer of eslint-plugin-promise@>=3.3.0 but none was installed.
npm WARN eslint-config-standard@6.2.1 requires a peer of eslint-plugin-standard@>=2.0.0 but none was installed.
npm WARN grunt-electron-installer-debian@0.2.0 requires a peer of grunt@^0.4.0 but none was installed.

namcap warnings:

Checking PKGBUILD
Checking boostnote-0.8.7-2-any.pkg.tar.xz
boostnote W: Potential non-FHS man page (usr/lib/boostnote/node_modules/regjsparser/node_modules/jsesc/man/jsesc.1) found.
boostnote W: Potential non-FHS man page (usr/lib/boostnote/node_modules/jsesc/man/jsesc.1) found.
boostnote W: Potential non-FHS man page (usr/lib/boostnote/node_modules/ctype/man/man3ctype/ctio.3ctype) found.
boostnote W: Referenced library 'gnuplot' is an uninstalled dependency
boostnote E: Dependency nodejs detected and not included (programs ['node'] needed in scripts ['usr/lib/boostnote/node_modules/window-size/cli.js', 'usr/lib/boostnote/node_modules/regjsparser/bin/parser', 'usr/lib/boostnote/node_modules/temp/node_modules/rimraf/bin.js', 'usr/lib/boostnote/node_modules/jsesc/bin/jsesc', 'usr/lib/boostnote/node_modules/get-folder-size/bin/get-folder-size', 'usr/lib/boostnote/node_modules/nopt/bin/nopt.js', 'usr/lib/boostnote/node_modules/mime/cli.js', 'usr/lib/boostnote/node_modules/node-uuid/bin/uuid', 'usr/lib/boostnote/node_modules/semver/bin/semver', 'usr/lib/boostnote/node_modules/source-map-support/build.js', 'usr/lib/boostnote/node_modules/nopt/examples/my-program.js', 'usr/lib/boostnote/node_modules/@rokt33r/season/bin/csonc', 'usr/lib/boostnote/node_modules/har-validator/bin/har-validator', 'usr/lib/boostnote/node_modules/electron-installer-debian/src/cli.js', 'usr/lib/boostnote/node_modules/asar/bin/asar', 'usr/lib/boostnote/node_modules/katex/cli.js', 'usr/lib/boostnote/node_modules/form-data/node_modules/async/support/sync-package-managers.js', 'usr/lib/boostnote/node_modules/regjsparser/node_modules/jsesc/bin/jsesc', 'usr/lib/boostnote/node_modules/loose-envify/cli.js', 'usr/lib/boostnote/node_modules/touch/node_modules/nopt/bin/nopt.js', 'usr/lib/boostnote/node_modules/touch/node_modules/nopt/examples/my-program.js', 'usr/lib/boostnote/node_modules/decompress-zip/bin/decompress-zip', 'usr/lib/boostnote/node_modules/coffee-script/bin/cake', 'usr/lib/boostnote/node_modules/babylon/bin/babylon.js', 'usr/lib/boostnote/node_modules/traverse/examples/stringify.js', 'usr/lib/boostnote/node_modules/markdown-it/bin/markdown-it.js', 'usr/lib/boostnote/node_modules/rimraf/bin.js', 'usr/lib/boostnote/node_modules/json5/lib/cli.js'])

[clone1612]

Thanks once more for the great assistance. Configured the clean chroot and discovered you were right about the missing git makedepend, fixed that one and pushed it asap. Looking at the npm warning these can indeed be done with a patch, will definitely look into that (ideally upstream of course). Will also look further into the namcap warnings!

EDIT Released a new package version which fixes all warnings save one:

npm WARN prefer global coffee-script@1.12.4 should be installed with -g

Also incorporated the suggestions from tensor5

[NicoHood]

@kazup01 Okay thanks to @clone1612 boostnote now builds fine on archlinux. I am willing to take it into the official repositories once #387 is resolved.

[kazup01]

Thank you for you guys cooperation! @NicoHood @clone1612

[NicoHood]

@kazup01 The package is now working very smooth. Any chance to see gpg signatures for secure packaging? #387

[Flexo013]

@NicoHood Feel free to open a new issue on the addition of GPG signatures. That way we keep everything nice and organized.

[NicoHood]

@Flexo013 I already linked the separate issue in my post: https://github.com/BoostIO/Boostnote/issues/387

Still no reaction there.