os icon indicating copy to clipboard operation
os copied to clipboard
verified publisher icon wolfi-dev

expect-5.45.4: new package

Open 0xfed opened this issue 1 year ago • 4 comments

Add expect-5.45.4 (https://core.tcl-lang.org/expect/index) as a new package.

Expect is a tool for automating interactive applications such as telnet, ftp, passwd, fsck, rlogin, tip, etc.

Pre-review Checklist

For new package PRs only

  • [ ] This PR is marked as fixing a pre-existing package request bug
    • [ ] Alternatively, the PR is marked as related to a pre-existing package request bug, such as a dependency
  • [ ] REQUIRED - The package is available under an OSI-approved or FSF-approved license
    • [X] NIST Public Domain Notice

    As a result, a formal license is not needed to use this software.

  • [X] REQUIRED - The version of the package is still receiving security updates
  • [ ] This PR links to the upstream project's support policy (e.g. endoflife.date)

0xfed avatar Jul 08 '24 01:07 0xfed

There are 4 workflows which require approval and a review approval in order for this package to merge.

0xfed avatar Jul 23 '24 04:07 0xfed

We don't maintain this extent of patches to change upstream functionality. Can you file upstream PRs to get those contributed into the project?

mamccorm avatar Aug 03 '24 23:08 mamccorm

Hi @mamccorm The patches are comming from alpine's expect: https://git.alpinelinux.org/aports/tree/main/expect. I think it's good to pickup APKBUILD and its dependencies from Alpine's project.

0xfed avatar Aug 05 '24 04:08 0xfed

Anything I can do to get this PR approved?

0xfed avatar Aug 18 '24 14:08 0xfed

@0xfed @tuananh can you please explain what you need expect for? It is a very powerful, yet fragile piece of software that inherently is not declarative and extremely difficult to debug. In modern times, I have used it to automate z/VM form navigation on mainframes; but beyond that all other pieces of software have non-interactive input/output that is scriptable or even better api driven (json/yaml input/output).

What are you planning to use expect with? Can that software instead gain non-interactive UX?

xnox avatar Nov 07 '24 10:11 xnox

@0xfed @tuananh can you please explain what you need expect for? It is a very powerful, yet fragile piece of software that inherently is not declarative and extremely difficult to debug. In modern times, I have used it to automate z/VM form navigation on mainframes; but beyond that all other pieces of software have non-interactive input/output that is scriptable or even better api driven (json/yaml input/output).

What are you planning to use expect with? Can that software instead gain non-interactive UX?

i dont have the need for this one myself. it was initiated by @0xfed

tuananh avatar Nov 07 '24 10:11 tuananh

Jumping in here a little... I checked with my organization's developers and apparently the expect library is needed by the https://www.npmjs.com/package/jest?activeTab=readme Jest NPM library. Nearly all of our frontend-based apps use jest for their unit testing. Also, based on the ~14million downloads of jest a week, I would guess that it's an industry-wide popular choice.

elnewfie avatar Nov 08 '24 16:11 elnewfie

Jumping in here a little... I checked with my organization's developers and apparently the expect library is needed by the https://www.npmjs.com/package/jest?activeTab=readme Jest NPM library. Nearly all of our frontend-based apps use jest for their unit testing. Also, based on the ~14million downloads of jest a week, I would guess that it's an industry-wide popular choice.

to quote jestjs website - well that's "delightful".

xnox avatar Nov 08 '24 17:11 xnox

Jumping in here a little... I checked with my organization's developers and apparently the expect library is needed by the https://www.npmjs.com/package/jest?activeTab=readme Jest NPM library. Nearly all of our frontend-based apps use jest for their unit testing. Also, based on the ~14million downloads of jest a week, I would guess that it's an industry-wide popular choice.

to quote jestjs website - well that's "delightful".

I'll look into that closer; it does have expect package, but that seems to be test-utilities pure javascript expect package; it doesn't call out to the /usr/bin/expect binary or scripts. Do you know how CLI console keyboard input only tool is being used by that? If you can point me to that, that would help. Otherwise I will trace that myself. As this is not packaging javascript npm expect package; but the Tcl extension https://en.wikipedia.org/wiki/Expect

xnox avatar Nov 08 '24 17:11 xnox

Hi @xnox, The initial idea of this PR was I needed to automate the configuration after installed the software - which I cannot interact via simple stdin/stdout redirect or anything else except expect, and it's not easy to ask the developer rewrite the software.

Also, currently we have Python version of expect here. And I think a single, small, precompiled binary will reduce size of the image if needed.

0xfed avatar Mar 11 '25 14:03 0xfed

The StepSecurity Actions Security / StepSecurity Harden-Runnerhas been running for more than a month now. Anything I can do from my side?

0xfed avatar May 06 '25 06:05 0xfed