From: "Eregon (Benoit Daloze) via ruby-core" <ruby-core@...>
Date: 2023-02-07T16:36:36+00:00
Subject: [ruby-core:112269] [Ruby master Misc#19421] Distribution documentation

Issue #19421 has been updated by Eregon (Benoit Daloze).


vo.x (Vit Ondruch) wrote in #note-8:
> > and https://github.com/rbenv/ruby-build/wiki#suggested-build-environment
> 
> I really wonder what is the source of this information? Just looking at Fedora, I don't understand why `patch` should be recommended there. And for CentOS / RHEL, why gcc-6? Also RHEL9 has more recent toolchain then RHEL6, so the instructions should be probably differentiated. I don't think that ncurses-devel is needed anymore.

It is what people have found to be necessary.
`patch` is needed by `ruby-build` itself because it needs it to apply patches and OpenSSL 1.1.1q was pretty broken, they didn't even check their own CI before release :/ and didn't ship a fixed release for a long time: https://github.com/rbenv/ruby-build/blob/a6976a5af32443ae0af41fa7713c6b1e8d629ed3/bin/ruby-build#L1152 (probably could be removed now, anyway, out of scope of this issue).
Re `gcc-6` yeah that doesn't sound ideal, does just `gcc` work on CentOS/RHEL? Any package with a version number in the name is a smell, but some package managers don't offer any alternative.

----------------------------------------
Misc #19421: Distribution documentation
https://bugs.ruby-lang.org/issues/19421#change-101697

* Author: ioquatix (Samuel Williams)
* Status: Open
* Priority: Normal
----------------------------------------
I use Ruby a lot, on a lot of different systems, and help people and companies use it, including developers who install it on their systems.

Over time, I found that installing Ruby isn't always easy. Part of this is due to package management. There are many systems, and Ruby has had some tricky migrations (e.g. OpenSSL is probably one of the most painful ones that lots of developers have trouble with).

Arch Linux has been stuck on Ruby 3.0 for a long time, which could be considered surprising given that Arch Linux is often on the bleeding edge of releases. I personally use Arch too. So I decided to ask, what is holding them up from making a release?

I found out they had many questions about how to distribute Ruby correctly. When I listened to those questions I felt that there are many ambiguities in how we build and package Ruby for operating system packages. This isn't to say that there isn't a good way to do it, just that we as a core team might be able to improve our communication about how Ruby is evolving and the implications for package managers (if any).

I've introduced `doc/distribution.md` as an effort to start having better documentation for people distributing Ruby. There are many ways which people distribute Ruby, and many "partial" documentation or assumptions being made about how to distribute Ruby and I'd like to provide a convenient standard location that can help people build package for Ruby distribution. Ultimately this makes my job easier because the latest versions of Ruby will be easier to install, so that's what I care about, but I don't care about what specifically is in the document, except that I think we should listen to the kinds of questions being asked and, in the best interest of Ruby, provide guidance.

There was a lot of good discussion on the PR, but my goal is not to make a finished document, but instead plant the seed so it can grow.

https://github.com/ruby/ruby/pull/6856

Some follow up discussion is required:

- What is the best practice for building source packages. The documentation I wrote from this was removed as "out of scope" but I disagree with that (https://github.com/ruby/ruby/commit/c35ebed895e1a3f7bced3db50ea0db8f284744e8). I don't have a strong opinion about what it should look like, but I think we should give a clear example of how to build source packages like what I wrote.

- Related to the above, what is the official location for source tarballs?

- What optional dependencies are required for building vs distributing Ruby. Arch Linux currently lists: `doxygen gdbm graphviz libffi libyaml openssl ttf-dejavu tk` as dependencies but it's not clear if this list is up to date, or what the expectations are. When someone installs Ruby (e.g. `apt-get install ruby`) what dependencies should be installed? I think it would be helpful to list expected dependencies (from a system package POV), etc.

- Is Ruby needed for building Ruby? Should source packages install Ruby before building from source? If so, what versions are supported?

- Clear guidance on gems that are distributed an alongside Ruby, and how security changes to gems are managed.

Even if we have more detailed documentation elsewhere, let's summarise it and then cross-reference it. People who build packages to distribute and install Ruby should feel supported, they are very important to our community. To this end, I established `#distribution` channel on Slack for discussion. We should listen to the questions being asked and use those questions to drive improvements to documentation.




-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/