Update to scheme version 4.0.0 #157
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- rename dependency to library - drop load_order from libraries table - add python_versions to library_releases table - add migration scheme file
commit aede06d414bb9a3a6f710690f2f3f698c7303beb
Scheme 4.0.0 is incompatible with 3.0.0 and will cause current PC 3.4.x releases to completely fail. They wouldn't even be able to fetch data to upgrade itself. Hence a dummy channel_v3.json needs to be served for all clients not updated before new packagecontrol.io release goes online. PC 4.0 can ship with both channel_v3 and _v4 pre-configured to ensure a smooth transition to new scheme version. The only thing changing for end users is availability of libraries for python 3.8 then.
This change caused explicit data from JSON to be overwritten with fallback defaults. see: wbond/package_control@a8262a9
__all__ is a list of names (strings) of exported modules.
This commit enables packagecontrol.io to optionally store packages' python_versions, which are declared within a repository.json This way old packages, which are proofed compatible with python 3.8, can be pushed to new plugin_host without touching their github repo. A local .python-version file always overrides upstream settings.
deathaxe
force-pushed
the
pr/update-schemes
branch
from
62143c4
to
4f4e861
Compare
deathaxe
force-pushed
the
pr/update-schemes
branch
from
59d036d
to
7f0bd8b
Compare
Provide fallbacks if release keys are not found. Primarily possible only for `python_versions` as it is optional for packages.
Adds missing python_versions column to package releases.
|
Got it up and running on Debian 12 with python 3.11 and PostgreSQL 15 with a little patch to |
This commit 1. moves asset storage functionality to a dedicated module as it might also be used to provide compressed stylesheets or javascript assets in future. 2. fixes an issue which caused generated channel.json files to look different after each poll. This causes the file to change each 10mins even if content hasn't changed. This degrades chance to return 304 so clients could re-use local cache. To achieve it, json objects content is sorted by key and a hash file is used to check, whether content has changed since last run.
|
! |
15 tasks
|
@wbond Can we merge this change into Package Control? Do we require an ownership transfer first? I would be willing to host/contribute maintenance to packagecontrol.io to get this merged. |
|
Package Control is critical for Sublime Text package ecosystem's security. It should therefore be hosted and administrated by trusted and well-known actors, only, especially after recently disclosed XS supply chain attack, which targeted compromizing SSH connections of widely used linux distributions. |
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces required changes to support scheme 4.0.0 for Package Control 4.0
Overview
dependencybylibrarypython_versionskeyload_orderTested by creating a DB with 3.0.0 scheme, fetching some libs/packages and finally running library.sql
generate_channel_v4_jsontask and updategenerate_channel_v3_jsonto only provide PC.Why channel_v4.json
Package Control 4.0 handles both 3.0.0 and 4.0.0 schemes well. Just requires 4.0.0 to pull dependencies/libraries for python 3.8. So its safe (and required) to publish it before this PR is published to packagecontrol.io
If we would keep going with channel_v3.json and just update its scheme version no Package Control 3.x client was able to fetch packages from official sources due to mismatching scheme version. We would end up in users needing manually update Package Control, which may cause some complains.
By providing a dummy channel_v3.json with only Package Control in it, all clients have a chance to update to 4.0 even after packagecontrol.io is updated.
In the meanwhile Package Control 4.0 can be preconfigured to pull in channel_v3.json and channel_v4.json, so it keeps going with v3 until packagecontrol.io is updated.
This should ensure a smooth transition from 3.x to 4.0.
Required changes to channel can be found at wbond/package_control_channel#8713