From Fedora Project Wiki

Revision as of 02:04, 21 July 2008 by Sundaram (talk | contribs) (remove spurious exclamation marks not needed in mediawiki formatting)

Packaging JavaScript Libraries

Summary

  • MUST: A package must not include JavaScript libraries that have a separate upstream. Those JavaScript libraries need to be packaged in a JavaScript library.
  • MUST: A JavaScript library package must provide an apache config file that lets the library be served by apache. This file is placed in %{_sysconfdir}/js/ with a filename extension of *.conf
  • MUST: The config file must make the JavaScript library available at the URL http://localhost/js/LIBRARY
  • MUST: Files from the JavaScript library must be placed in a subdirectory of %{_datadir}

Duplication

We have a standard to avoid duplication of system libraries. This applies as much to JavaScript libraries as it does to C, python, Java, and any other programming language.The main concern is security.JavaScript code is not vulnerable to buffer overflows like C but it can be subject to attacks from malicious data that attempts to send the user to alternate web sites, steal their information, or execute code via jsonp requests to an alternate server.Duplicating third party libraries in an application leads to these problems sticking with an application even after the upstream library has fixed the issues and thus is prohibited.

Potential Problems

Some JavaScript libraries change at a very fast rate and with no eye towards backwards compatibility. We may need to do more work forward porting applications to new versions.

At least one JavaScript library (mootools ) has a web form to customize and compress the library before downloading it.This can cause us headaches as it is encouraging frameworks to have their own local fork. We'll need to One way to work around this might be to build it from the source repo so that each of the modules can be obtained as a separate file.

Default Location

URL

JavaScript libraries are served up by a web server. JavaScript libraries must provide an apache conf file that will serve the library from the filesystem to clients.Config files for other web servers are optional. URLs for JavaScript libraries should be rooted in /js/.

Filesystem Locations

Config files for apache should be added to %{_sysconfdir}/js.d with a *.conf extension. Until this package is owned by a base package like filesystem, it should be owned by the package that places files there or one of that package's requirements. We'll either modify apache to source files by default or provide a shim package that adds that directory in future versions.

The !JavaScript library itself must reside in a subdirectory of %{_datadir}

"Compilation"

!JavaScript is an interpreted language so source is also runnable. However, since the server sends the !JavaScript over the network to the client, several methods of making the code smaller (JSMin, Pack, etc) have evolved. Some of these involve compression implemented in JavaScript while others involve removing extraneous whitespace and comments. ATM, no form of compilation is supported by Fedora but equally, no form of compilation is banned. If one form of compilation becomes prevalent or is in demand in the future we can reevaluate this.

Spec template

MochiKit is a current example of a well packaged JavaScript library. Beginnings of a spec template taken from there

Source1:        %{name}.conf

[...] 

%install
mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name}
install -p -m 0644 lib/MochiKit/* $RPM_BUILD_ROOT%{_datadir}/%{name}
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
install -p -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/js.d/

[...] 

%files
%defattr(-,root,root,-)
%doc Changes doc examples LICENSE.txt
%{_datadir}/%{name}
%config(noreplace) %{_sysconfdir}/js.d/%{name}.conf