securedrop icon indicating copy to clipboard operation
securedrop copied to clipboard

Published 20 hours ago verified publisher icon freedomofpress

Ruby sass gem used at build time has reached end-of-life

Open eloquence opened this issue 5 years ago • 4 comments

Per https://github.com/sass/ruby-sass (which is archived) and https://sass-lang.com/ruby-sass, this gem, which is used at package build time for CSS generation, has reached end-of-life. We should consider migrating to a maintained codebase, like sassc / libsass.

Note that we're also using a pinned outdated version due to #1594; we could update now that we're on Xenial, but that no longer seems worth resolving at this point.

eloquence avatar May 22 '19 06:05 eloquence

Since I started working on the SI frontend, I looked into this a bit:

  • sassc, while available from Debian/Ubuntu/Fedora repos, is now also deprecated but (supposedly) maintained (at time of writing the CI badges show that builds fail :shrug:)
  • DartSass is the only library/tool that is being actively worked on anymore. It requires either node.js to run the compiled-to-JS version, or Dart to build a native version. Dart itself is not available in Debian/Ubuntu (or Fedora) repos, instead they provide their own repo. They also release binaries on GitHub, but there's no signatures for those.

However, it may turn out that relying on Sass at all may not be necessary - after all, SecureDrop is an unusual webapp that has different targets and goals than most contemporary web apps. I'll look into that first, once I'm closer with #6211

eaon avatar Feb 11 '22 17:02 eaon

However, it may turn out that relying on Sass at all may not be necessary - after all, SecureDrop is an unusual webapp that has different targets and goals than most contemporary web apps. I'll look into that first, once I'm closer with https://github.com/freedomofpress/securedrop/issues/6211

@eaon I'm curious how you feel about this now that #6315 has landed. If we're still stuck with sass in the short term, I would like to switch us over to sassc, which is at least maintained in Debian, allowing us to drop all the ruby stuff from our stack.

legoktm avatar Jul 14 '22 16:07 legoktm

Briefly discussed with @eaon, we could theoretically get rid of sass but it would require compiling everything to CSS and switching to CSS variables, etc. and I'm not ready to take that all on. I'm first going to see how difficult it would be to drop in sassc, as that would be enough to unblock my Debian packaging work.

legoktm avatar Jul 18 '22 19:07 legoktm

I generated journalist.css using both the ruby gem and sassc, the diff is: https://gist.github.com/legoktm/8700e8e132a592f00689c040d7a3fdec

Differences:

  • single quotes instead of double quotes
  • escape sequences instead of unicode symbols
  • omitting 0. prefix for numbers
  • weird comment indentation

legoktm avatar Jul 19 '22 19:07 legoktm