fp-wiki>ImportUser (Imported from MoinMoin) |
(remove spurious exclamation marks not needed in mediawiki formatting) |
||
| (One intermediate revision by one other user not shown) | |||
| Line 5: | Line 5: | ||
== Summary == | == Summary == | ||
* '''MUST:''' A package must not include | * '''MUST:''' A package must not include JavaScript libraries that have a separate upstream. Those JavaScript libraries need to be packaged in a JavaScript library. | ||
* '''MUST:''' A | * '''MUST:''' A JavaScript library package must provide an apache config file that lets the library be served by apache. This file is placed in %{_sysconfdir}/js/ with a filename extension of *.conf | ||
* '''MUST:''' The config file must make the | * '''MUST:''' The config file must make the JavaScript library available at the URL http://localhost/js/LIBRARY | ||
* '''MUST:''' Files from the | * '''MUST:''' Files from the JavaScript library must be placed in a subdirectory of %{_datadir} | ||
== Duplication == | == Duplication == | ||
We have a standard to avoid duplication of system libraries. | |||
We have a standard to avoid duplication of system libraries. This applies as much to JavaScript libraries as it does to C, python, Java, and any other programming language.The main concern is security.JavaScript code is not vulnerable to buffer overflows like C but it can be subject to attacks from malicious data that attempts to send the user to alternate web sites, steal their information, or execute code via jsonp requests to an alternate server.Duplicating third party libraries in an application leads to these problems sticking with an application even after the upstream library has fixed the issues and thus is prohibited. | |||
=== Potential Problems === | === Potential Problems === | ||
At least one | Some JavaScript libraries change at a very fast rate and with no eye towards backwards compatibility. We may need to do more work forward porting applications to new versions. | ||
At least one JavaScript library ([http://mootools.net/download mootools] ) has a web form to customize and compress the library before downloading it.This can cause us headaches as it is encouraging frameworks to have their own local fork. We'll need to One way to work around this might be to build it from the [http://svn.mootools.net/trunk/ source repo] so that each of the modules can be obtained as a separate file. | |||
== Default Location == | == Default Location == | ||
| Line 22: | Line 24: | ||
=== URL === | === URL === | ||
JavaScript libraries are served up by a web server. JavaScript libraries must provide an apache conf file that will serve the library from the filesystem to clients.Config files for other web servers are optional. URLs for JavaScript libraries should be rooted in /js/. | |||
=== Filesystem Locations === | === Filesystem Locations === | ||
Config files for apache should be added to %{_sysconfdir}/js.d with a *.conf extension. Until this package is owned by a base package like filesystem, it should be owned by the package that places files there or one of that package's requirements. | |||
Config files for apache should be added to %{_sysconfdir}/js.d with a *.conf extension. Until this package is owned by a base package like filesystem, it should be owned by the package that places files there or one of that package's requirements. We'll either modify apache to source files by default or provide a shim package that adds that directory in future versions. | |||
The !JavaScript library itself must reside in a subdirectory of %{_datadir} | The !JavaScript library itself must reside in a subdirectory of %{_datadir} | ||
| Line 31: | Line 34: | ||
== "Compilation" == | == "Compilation" == | ||
!JavaScript is an interpreted language so source is also runnable. However, since the server sends the !JavaScript over the network to the client, several methods of making the code smaller (JSMin, Pack, etc) have evolved. | !JavaScript is an interpreted language so source is also runnable. However, since the server sends the !JavaScript over the network to the client, several methods of making the code smaller (JSMin, Pack, etc) have evolved. Some of these involve compression implemented in JavaScript while others involve removing extraneous whitespace and comments. ATM, no form of compilation is supported by Fedora but equally, no form of compilation is banned. If one form of compilation becomes prevalent or is in demand in the future we can reevaluate this. | ||
== Spec template == | == Spec template == | ||
MochiKit is a current example of a well packaged JavaScript library. Beginnings of a spec template taken from there | |||
<pre> | <pre> | ||
Source1: %{name}.conf | Source1: %{name}.conf | ||
Revision as of 02:04, 21 July 2008
Packaging JavaScript Libraries
Summary
- MUST: A package must not include JavaScript libraries that have a separate upstream. Those JavaScript libraries need to be packaged in a JavaScript library.
- MUST: A JavaScript library package must provide an apache config file that lets the library be served by apache. This file is placed in %{_sysconfdir}/js/ with a filename extension of *.conf
- MUST: The config file must make the JavaScript library available at the URL http://localhost/js/LIBRARY
- MUST: Files from the JavaScript library must be placed in a subdirectory of %{_datadir}
Duplication
We have a standard to avoid duplication of system libraries. This applies as much to JavaScript libraries as it does to C, python, Java, and any other programming language.The main concern is security.JavaScript code is not vulnerable to buffer overflows like C but it can be subject to attacks from malicious data that attempts to send the user to alternate web sites, steal their information, or execute code via jsonp requests to an alternate server.Duplicating third party libraries in an application leads to these problems sticking with an application even after the upstream library has fixed the issues and thus is prohibited.
Potential Problems
Some JavaScript libraries change at a very fast rate and with no eye towards backwards compatibility. We may need to do more work forward porting applications to new versions.
At least one JavaScript library (mootools ) has a web form to customize and compress the library before downloading it.This can cause us headaches as it is encouraging frameworks to have their own local fork. We'll need to One way to work around this might be to build it from the source repo so that each of the modules can be obtained as a separate file.
Default Location
URL
JavaScript libraries are served up by a web server. JavaScript libraries must provide an apache conf file that will serve the library from the filesystem to clients.Config files for other web servers are optional. URLs for JavaScript libraries should be rooted in /js/.
Filesystem Locations
Config files for apache should be added to %{_sysconfdir}/js.d with a *.conf extension. Until this package is owned by a base package like filesystem, it should be owned by the package that places files there or one of that package's requirements. We'll either modify apache to source files by default or provide a shim package that adds that directory in future versions.
The !JavaScript library itself must reside in a subdirectory of %{_datadir}
"Compilation"
!JavaScript is an interpreted language so source is also runnable. However, since the server sends the !JavaScript over the network to the client, several methods of making the code smaller (JSMin, Pack, etc) have evolved. Some of these involve compression implemented in JavaScript while others involve removing extraneous whitespace and comments. ATM, no form of compilation is supported by Fedora but equally, no form of compilation is banned. If one form of compilation becomes prevalent or is in demand in the future we can reevaluate this.
Spec template
MochiKit is a current example of a well packaged JavaScript library. Beginnings of a spec template taken from there
Source1: %{name}.conf
[...]
%install
mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name}
install -p -m 0644 lib/MochiKit/* $RPM_BUILD_ROOT%{_datadir}/%{name}
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
install -p -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/js.d/
[...]
%files
%defattr(-,root,root,-)
%doc Changes doc examples LICENSE.txt
%{_datadir}/%{name}
%config(noreplace) %{_sysconfdir}/js.d/%{name}.conf