* Package name    : node-compressjs
  Version         : 1.0.3
  Upstream Author : C. Scott Ananian <cscott@cscott.net>
* URL             : https://github.com/cscott/compressjs
* License         : GPL
  Programming Lang: Javascript
  Description     : fast pure-JavaScript compression/decompression algorithms


Fast, pure-JavaScript implementations of various compression and
decompression algorithms, including:

 * bzip2
 * LZP3
 * a modified LZJB, and
 * PPM-D
---

this is needed for recent versions of OpenPGP.js, which i'm struggling
to package.

2018-04-25 0:32 GMT+02:00 Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
This software is not actively maintained, and not so much used.
However, it seems there isn't any better replacement for bzip2-on-browsers.

Jérémy

Control: tags 896846 + help

i also note that the version of this that openpgp.js uses has some sort
of additional dependency on this patch series, which creates
bzip2.build.js:

https://github.com/openpgpjs/compressjs/pull/1

This itself appears to add a build-time dependency on amdclean.  which
itself then adds a build-time dependency on the following NPM modules,
if i'm understanding the output of npm2deb correctly:

gulp-insert (~0.3.0)                              None
gulp-jasmine (~0.1.1)                             None
gulp-jshint (~1.3.2)                              None
gulp-uglify (~0.1.0)                              None
jasmine-node (~1.14.3)                            None
jasmine-only (~0.1.0)                             None

Am i understanding this right?  I feel like my attempt to package
javascript is turning into a hall of mirrors and i'm not able to easily
see the way out.

help much appreciated!

On Thu, 26 Apr 2018 18:19:02 -0400 Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:

This could be ignored in the first iteration, used for tests.

same here, used for style checks.

these two required for tests only.

Its a bit exhausting, but I can help and guide you through it.

Control: retitle 896846 RFP: node-compressjs -- fast pure-JavaScript compression/decompression algorithms
Control: unclaim 896846 dkg@fifthhorseman.net
Control: noowner 896846
Control: retitle 894753 RFP: node-asmcrypto -- JavaScript Cryptographic Library
Control: unclaim 894753 dkg@fifthhorseman.net
Control: noowner 894753
Control: retitle 894752 RFP: node-rusha -- high-performance pure-javascript SHA1 implementation
Control: unclaim 894752 dkg@fifthhorseman.net
Control: noowner 894752
Control: retitle 787774 RFP: node-openpgp -- OpenPGP JavaScript Implementation (OpenPGP.js)
Control: unclaim 787774 dkg@fifthhorseman.net
Control: noowner 787774

I have tried to package OpenPGP.js for debian, but i don't think i have
the capacity to do it responsibly, so i'm releasing these tickets in the
hope that someone else with more stamina (or more
confidence/understanding of the node/npm ecosystem) can take the process
over.

I still want OpenPGP.js in debian, but i won't be the one maintaining it
in its current form.  I would be very grateful to anyone who steps up to
this task.

What i've found in trying to package it is that each attempt to package
turns up several additional missing dependencies, and this process is
recursive.  Including the packages necessary to actually build each
package from source (rather than just redistributing the blobs) and run
the package's unit tests adds even more dependencies.  (i'm basing this
understanding on the output of npm2deb more than anything else -- if
that tool is incorrect, i'd love to hear more about it!)

i don't currently have the time to maintain dozens of new node packages,
unfortunately.

Furthermore, it seems that OpenPGP.js uses some slight variants of other
packages.  for example, it uses a variant of compressjs that builds a
deployable version of bzip2, rather than either making that deployable
version as part of the openpgpjs build process, or getting that change
upstreamed into compressjs.  in another example, the 3.0.x branch of
OpenPGP.js uses git master of https://github.com/indutny/elliptic,
rather than relying on a released version.

There are several tools that depend on OpenPGP.js that would be really
good to have in debian, and in general having another implementation of
OpenPGP built with the attention to software freedom, distributability,
and reproducibility that are the hallmarks of debian would be healthy
for the OpenPGP ecosystem.  So i hope someone else can pick up this
packaging work.  If you're interested and have questions about it, i'm
happy to try to consult with you, but i can't do it myself.

Many thanks to the folks on #debian-js who helped me understand just how
far over my head i'd need to go!

Hi Daniel!

I feel so sorry for you. I understand how you feel - packaging
Javascript stuff is hard in Debian! I have never managed to do anything
in there myself.

That said, I did spend a few minutes creating a task page here, as seems
to be the custom in the team:

https://wiki.debian.org/Javascript/Nodejs/Tasks/openpgp

It reused part of your RFPs (in CC) but somehow missed asmcrypto which I
added by hand. node-rusha also seems to be missing from the current
dependencies, so maybe that was fixed/changed.

Anways - from the looks of it, there are at least seven run-time
dependencies missing, and 26 (or more?) build-time depends missing.

And that's not counting the peculiarities of OpenPGP.js you found during
your work as well.

Hopefully some Debian JavaScript wizard can pick that up eventually!

A.