Open f321x opened 2 years ago
RequestPrivacy
commented
2 years ago Sparrow in Tails OS would be so awesome and by now simply fits better to the goals of the OS. That being said, I guess Electrum as an old and closely watched project might be seen by Tails as a more conservative and therefore potentially safer bitcoin wallet (not saying that such a consideration reflects truth).
I love the issue!
craigraw
commented
2 years ago It looks like the first step is getting Sparrow into the Debian repo as a package: https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#new-packages
Anyone keen to take this on? @nyxnor?
nyxnor
commented
2 years ago I would have to study.
debian/, gradle generates the package ready, so I don't know if this is already acceptable.Ok, let's assume the package builds succesfully with the debian/ directory, then follow the standard bug filing (ITP - Intent to Package), and maybe try to find the same group that package onionshare, electrum, tor on debian - https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-privacy-maintainers, this is the group that packages related programs.
What is see of possible drawbacks:
Build-depends on debian/control, and its method is via apt, so the temurin, would need to be avaiable ( by default ?) on debian, or adding an external repo counts for the build? Idk, best to ask other maintainers of debian java programs. If that option is not possible, then temurin would need to be included in the debian repos.Also read material
So what I see as goals here:
debian/ directory needs to be done.debian/ dir needs to be done, I will do it, but not alone, because if I do that, this project debian package will be dependent on me, so I will teach how to evaluate the install procedure with debian tools such as lintian etc.debian/ package is ready, now it is time to convince some sponsor to maintain the package, someone from pkg-privacy-maintainers probably, if they are interested, or if not, convince them, with something like: electrum is the only bitcoin wallet available on debian repos, single point of failure.RequestPrivacy
commented
2 years ago Great overview @nyxnor, thanks.
ITP - brag about what Sparrow does, convince them,...
I will do it, but not alone, because if I do that, this project debian package will be dependent on me, so I will teach how to evaluate the install procedure with debian tools such as lintian etc.
time to convince some sponsor to maintain the package, someone from pkg-privacy-maintainers probably, if they are interested, or if not, convince them, with something like: electrum is the only bitcoin wallet available on debian repos, single point of failure.
If I can do something...
craigraw
commented
2 years ago Thanks @nyxnor, this is a great start.
One thing that I should clarify is that the Debian Java packaging notes are somewhat dated, and mainly refer to distribution of Java applications as .jar files which depend on the system JRE - which to be fair was the standard method for many years. However, the arrival of jpackage now means that Java applications can now be shipped with a stripped down JRE inside them, and the arrival of JPMS with jlink means that Java bytecode is shipped as modules file following the Java modules format. Sparrow uses both jpackage and jlink.
In practice, what this means is that Sparrow can be considered to be a normal standalone binary application (which happens to use Java internally, but that's largely immaterial as far as Debian packaging goes).
With respect to packaging, jpackage has a number of configuration settings which may be useful, for example --install-dir and --linux-deb-maintainer: https://docs.oracle.com/en/java/javase/14/docs/specs/man/jpackage.html
Although I am far from understanding this fully, it appears the the debian/ configuration directory is just an input to the debuild tool, and jpackage already contains the same functionality to create (at least some of) the required data in the .deb with the command line flags documented in the link above. For example, the control information for the current release:
> dpkg -I ~/Downloads/sparrow_1.6.6_amd64.deb
new Debian package, version 2.0.
size 104770848 bytes: control archive=1860 bytes.
213 bytes, 11 lines control
968 bytes, 35 lines * postinst #!/bin/sh
812 bytes, 31 lines * postrm #!/bin/sh
573 bytes, 30 lines * preinst #!/bin/sh
3233 bytes, 142 lines * prerm #!/bin/sh
Package: sparrow
Version: 1.6.6
Section: misc
Maintainer: Unknown <Unknown>
Priority: optional
Architecture: amd64
Provides: sparrow
Description: Sparrow
Depends: libc6, xdg-utils, zlib1g
Installed-Size: 130790So am hopeful we can simply tweak the Linux-specific jpackage arguments in build.gradle to create a .deb that is suitable.
nyxnor
commented
2 years ago One thing that I should clarify is that the Debian Java packaging notes are somewhat dated, and mainly refer to distribution of Java applications as .jar files which depend on the system JRE - which to be fair was the standard method for many years. However, the arrival of jpackage now means that Java applications can now be shipped with a stripped down JRE inside them, and the arrival of JPMS with jlink means that Java bytecode is shipped as modules file following the Java modules format. Sparrow uses both jpackage and jlink.
I think the best thing is to start the ITP (Intent to Package) as described above, then you will be able to get better replies from upstream of what they do accept or not.
Although I am far from understanding this fully, it appears the the debian/ configuration directory is just an input to the debuild tool, and jpackage already contains the same functionality to create (at least some of) the required data in the .deb with the command line flags documented in the link above. For example, the control information for the current release:
:+1:
craigraw
commented
1 year ago ITP submitted: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024547
tadeubas
commented
1 year ago Hey @craigraw I've seen the ITP for Debian and the guidance for finding a "sponsor" to publish the package, or to apply for a "new member application", any news?
I've also opened an issue in Tails and got the same response
Image from: https://www.debian.org/doc/manuals/developers-reference/new-maintainer.en.html#debian-mentors-and-sponsors
craigraw
commented
1 year ago @tadeubas no news - I'm just not getting to it. The next step to get it into Debian is to create a Debian format source package. As I noted previously, I don't think the Java packaging advice applies, since Sparrow is effectively self-contained and the declared dependencies are minimal and very standard (libc6, xdg-utils, zlib1g). If anyone is keen to take on the job of getting it into Debian, I'd be grateful.
tadeubas
commented
1 year ago Hi @craigraw ! We just need a sponsor to submit the package! (someone that is a Debian member)
See the response from Robin:
"You'd need to find a sponsor to actually get a package into Debian though. That's generally how you'd get started with packaging. See https://mentors.debian.net/intro-maintainers/ ."
Response from theirs mentors list (I was too fast to reply and questioned twice the same thing 😄): https://lists.debian.org/debian-mentors/2023/05/msg00079.html
Sparrow could substitute Electrum in Tails OS and help many with easy coinjoin functionality. But a previous request was rejected because sparrow doesn't fulfill the criteria for integration in Tails (yet). Request: https://gitlab.tails.boum.org/tails/tails/-/issues/18615
Criteria: https://tails.boum.org/support/faq/#new-software