-
-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get rid of old libs and get back into distros' repos #285
Comments
I don't see what's wrong with this one. https://metacpan.org/pod/JSON::MaybeXS is up to date. And I see the package in AUR. |
Oh yeah, thanks for the hint, my bad! edit: No, wait. perl-json-xs is in the official repos (community/) but perl-json-maybexs is in the AUR only, that is, not in the official repos. All Shutter dependencies including the outdated gnome2 libs are available from the AUR but the AUR is not the official repo and Shutter will stick to the AUR as long as it has AUR dependencies. But if perl-json-maybexs is up to date, possibly it can move into community/ as well. But that's just the Arch Linux perspective, I will try to research about other distros as well. |
Hello, Any hope of having a release for Debian stable? I'm really missing having Shutter, none of the other solutions really have the same capabilities. Thanks for your work on this! |
Hello, has there been any progress on removing/replacing the problem dependencies? I am willing to help test any builds that need testing on Debian stable. |
Please have a look at this PR to track the current progress: #284 |
@DarthGandalf What is the status regarding the outdated dependencies after the GTK3 merge? As far as I can see, everything is gone besides of gnome-web-photo? Or is perl-gnome2-wnck still in? For gnome-web-photo (which actually renders websites in a rather simplistic way, so they look quite different from what you see if you open the site in a modern browser) maybe wkhtmltoimage is a good replacement: https://wkhtmltopdf.org/ It's also not perfect but quite usable, I think. |
I never even used that functionality, and with gnome-web-photo not available for my distro anymore, I cannot test and see.
Perhaps.
No, replaced by Wnck-3.0 via Glib::Object::Introspection |
From https://wkhtmltopdf.org/status.html
I'd prefer to not create a security hole in shutter. |
I also never use the web capture feature, actually. gnome-web-photo is present in the AUR but takes a hell lot of time to compile. I have it installed on one of my machines and tested the web capture at some point.
I see. So maybe just remove the web capture feature completely then? I think, gnome-web-photo isn't available in most of the distros out there as it is unmaintained for quite a long time.
Great, then I guess, this bug can be closed with the next release! Do you think, a release can be done soon? Besides of the slightly ugly scaling in gtk3-imageview I haven't stumbled upon any problems so far (been using the -git version since you merged the GTK3 PR. |
If someone wishes to go through troubles of installing gnome-web-photo, I think it's fine to leave it there.
Let's do it |
Shall we schedule a Jitsi meeting like the last time? Next weekend would be perfect for me! |
Actually, thinking about it again, I'm wondering if gnome-web-photo is more secure than wkhtmltoimage or any other similar library. gnome-web-photo uses webkitgtk which also has a long list of CVEs: https://www.cvedetails.com/vulnerability-list/vendor_id-11350/Webkitgtk.html Maybe making screenshots of webpages is just an inherently insecure operation, no matter the library used for it, and the guys from wkhtmltoimage are just the most honest and cautious about it? 😃 |
That is possible, sure |
Something like selenium is probably the best option there, since it runs an actual browser |
Since all the outdated dependencies are gone with 0.96, I have requested Shutter to be included into the official Arch Linux repos: https://bbs.archlinux.org/viewtopic.php?id=266597 I'm excited to see how this goes! What are our options to contact other big distros' package maintainers? |
Does anyone know if it has been submitted to Debian yet? |
Not yet, 0.96 has some bugs, some of which have already been fixed, but not all of them. I think, it is better to wait, till a mostly bug free version is out, before approaching package maintainers. |
Ok, good to know. I have been missing Shutter since I moved from CentOS 7.x to Debian 10.8 |
Shutter itself is quite easy to "install" without any package management, just download it and run bin/shutter. However, you would have to get the dependencies somehow, not sure how many of them are missing in Debian's repo. As far as I understand, you can use PPAs in Debian: https://vitux.com/how-to-add-ppa-repositories-in-debian/ In this case, it might be possible to use the Ubuntu PPA by linuxuprising: https://www.linuxuprising.com/2018/10/shutter-removed-from-ubuntu-1810-and.html |
Shutter has just been moved to the official Arch repos thanks to @muflone. Also, since version 0.97 has fixed most of the regressions from 0.96, I think, we can start approaching other distros' packagers to get Shutter back into their repos. |
Congratulations on successfully fighting the good fight & getting Shutter back into the main Arch repos instead of AUR. Nice work [& thanks]! |
Better pack all into a snap, so it works well everytime, and if there are issues like with the 97 release, we can go back to a version that works on our weird system set up 🦖 |
As far as I know, no team member has experience with snap packaging and also no time resources to learn how to deal with snaps. There is an outdated snap here but it hasn't been updated in a while: https://github.com/popey/shutter-snap Contribution to snap packaging is always welcome though! |
What a great achievement! |
Unfortunately, none of the current team members is familiar with deb packaging. But there is an unofficial PPA by @logix2 which seems to work very well: https://launchpad.net/~linuxuprising/+archive/ubuntu/ppa |
However, that PPA says:
Maybe linuxuprising package can be somehow imported to it? |
As far as I understand, @logix2 prefers to keep it separate (correct me, if I'm wrong). But we could at least delete the official PPA so it won't confuse people any more and the linuxuprising PPA would be the only one to choose from. |
@Photon89 I can maintain your PPA if you want, I don't mind. You need to add me as a team member on Launchpad and then I have access to the PPA if that's what you like. Or I can continue to maintain my PPA. As you wish... |
@logix2 That would be great, thanks! I added you to the Shutter team on Launchpad, may we also add you here on Github? |
@Photon89 Thank you! No need to add me here, I'll just upload the packages to the PPA. I guess I'll start updating the PPA then. |
@logix2 Thanks, just drop a comment when it is done, so we can update the website accordingly! |
@Photon89 I have updated the PPA with Shutter 0.98 for Ubuntu 20.04 (LTS) and 21.04 (current regular release). Users may optionally install gnome-web-photo too from the PPA in order to take website screenshots - I mentioned that in the PPA description. Feel free to modify the PPA description in any way, I just thought I'd add a bit of extra info in there. |
Great, thanks! I think, the information in the PPA description sounds pretty good. The information regarding the revival of the official PPA is now on the website. |
Thank you! I also posted about that: https://www.linuxuprising.com/2021/08/official-shutter-screenshot-tool.html |
Shutter just entered Debian unstable and will enter testing soon! |
Aaand also in Ubuntu 22.04 as I just realized: https://packages.ubuntu.com/jammy/shutter |
Mageia picked up Shutter's latest version in its development release Cauldron a few months ago already: https://madb.mageia.org/rpm/show/release/cauldron/arch/x86_64/name/shutter-0.99.2-1.mga9.noarch.rpm/source/0/t_media/3 |
Shutter went into a testing version. If there are no other issues, it looks like it will be serviced as an official package in Debian 12 (Bookworm), which is expected to be released next year. |
I updated the overview in the original report, thanks! |
Ubuntu's official repositories do not provide the |
Well, I'm pretty sure, it won't enter the official repositories any time soon because the last time it has been updated (I mean, code updates, not just translations and stuff like that) was over ten years ago. I think, the only option here, would be to ask @logix2 to make a 22.04 PPA which would ship gnome-web-photo specifically. |
Another option is to drop this support from shutter. Because in 10 years it likely has some vulnerabilities now. See the discussion about it above |
That's also true. It doesn't produce that accurate renderings anyway, as far as I remember. I can upload some examples, if anybody is interested. |
I agree it would be a worthwhile trade to make. |
I just found a possible alternative, weasyprint. wkhtmltopdf's (which we discussed above) maintainer suggests using it because, unlike wkhtmltopdf, it relies on up to date libraries. Also, there is a detailed text regarding the security risks: https://doc.courtbouillon.org/weasyprint/stable/first_steps.html#security It sounds quite acceptable to me but I'm not a security expert, obviously. edit: It looks like the security risks text specifically targets the Python library, not the CLI variant. But I assume that the CLI variant is not that different, possibly even more secure because it allows less, potentially unsafe, options. |
This issue is to get an overview which dependencies should get away for Shutter to be accepted in varions distros' repositories again.
Arch Linux:
Debian
Update: I would like to track the status of Shutter being reintroduced into the repos of various distros here. Please comment if you find news on distros which are not listed here yet.
The packaging status for various distros can be tracked here: https://repology.org/project/shutter/versions
The text was updated successfully, but these errors were encountered: