From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3E04A138350 for ; Wed, 19 Feb 2020 05:46:54 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 02AF7E094F; Wed, 19 Feb 2020 05:46:50 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 38254E092F for ; Wed, 19 Feb 2020 05:46:49 +0000 (UTC) Received: from linux1.home (cpe-70-124-168-176.austin.res.rr.com [70.124.168.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: williamh) by smtp.gentoo.org (Postfix) with ESMTPSA id B2F9C34ED53; Wed, 19 Feb 2020 05:46:47 +0000 (UTC) Received: (nullmailer pid 19579 invoked by uid 1000); Wed, 19 Feb 2020 05:46:45 -0000 Date: Tue, 18 Feb 2020 23:46:45 -0600 From: William Hubbs To: gentoo-dev@lists.gentoo.org Cc: robbat2@gentoo.org Subject: Re: [gentoo-dev] [PATCH v2 1/4] eclass/go-module: add support for building based on go.sum Message-ID: <20200219054645.GA18470@linux1.home> Mail-Followup-To: gentoo-dev@lists.gentoo.org, robbat2@gentoo.org References: <20200217092232.9483-1-robbat2@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="yrj/dFKFPuw6o+aM" Content-Disposition: inline In-Reply-To: <20200217092232.9483-1-robbat2@gentoo.org> User-Agent: Mutt/1.10.1 (2018-07-13) X-Archives-Salt: ad044cb7-07a8-4045-aa4b-f7e9ce525cdb X-Archives-Hash: cd81465ccadbf1c6b0a3ee854f0b4839 --yrj/dFKFPuw6o+aM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 17, 2020 at 01:22:29AM -0800, Robin H. Johnson wrote: > EGO_SUM mode now supplements the existing EGO_VENDOR mode. >=20 > EGO_SUM should be populated by the maintainer, directly from the go.sum > file of the root package. See eclass and conversion examples for further > details: dev-go/go-tour, app-admin/kube-bench, dev-vcs/cli >=20 > The go-module_set_globals function performs validation of > inputs and dies on fatal errors. >=20 > Signed-off-by: Robin H. Johnson > --- > eclass/go-module.eclass | 419 +++++++++++++++++++++++++++++++++++-- > profiles/thirdpartymirrors | 1 + > 2 files changed, 397 insertions(+), 23 deletions(-) >=20 > diff --git eclass/go-module.eclass eclass/go-module.eclass > index 80ff2902b3ad..50aff92735af 100644 > --- eclass/go-module.eclass > +++ eclass/go-module.eclass > @@ -4,22 +4,45 @@ > # @ECLASS: go-module.eclass > # @MAINTAINER: > # William Hubbs > +# @AUTHOR: > +# William Hubbs > +# Robin H. Johnson > # @SUPPORTED_EAPIS: 7 > # @BLURB: basic eclass for building software written as go modules > # @DESCRIPTION: > -# This eclass provides basic settings and functions > -# needed by all software written in the go programming language that uses > -# go modules. > +# This eclass provides basic settings and functions needed by all softwa= re > +# written in the go programming language that uses go modules. > +# > +# You might know the software you are packaging uses modules because > +# it has files named go.sum and go.mod in its top-level source directory. > +# If it does not have these files, try use the golang-* eclasses FIRST! > +# There ARE legacy Golang packages that use external modules with none of > +# go.mod, go.sum, vendor/ that can use this eclass regardless. > +# > +# Guidelines for usage: > +# "vendor/": > +# - pre-vendored package. Do NOT set EGO_SUM or EGO_VENDOR. > # > -# You will know the software you are packaging uses modules because > -# it will have files named go.sum and go.mod in its top-level source > -# directory. If it does not have these files, use the golang-* eclasses. > +# "go.mod" && "go.sum": > +# - Populate EGO_SUM with entries from go.sum > +# - Append license:${GENTOO_LICENSE} to any modules needed at runtime. > +# dev-go/golicense can tell you which modules in a Golang binary are u= sed at > +# runtime (requires network connectivity). > # > -# If it has these files and a directory named vendor in its top-level > -# source directory, you only need to inherit the eclass since upstream > -# is vendoring the dependencies. > +# None of the above: > +# - Did you try golang-* eclasses first? Upstream has undeclared depende= ncies > +# (perhaps really old source). You can use either EGO_SUM or EGO_VENDO= R. > + > +# > +# If it has these files AND a directory named "vendor" in its top-level = source > +# directory, you only need to inherit the eclass since upstream has alre= ady > +# vendored the dependencies. > + > +# If it does not have a vendor directory, you should use the EGO_SUM > +# variable and the go-module_gosum_uris function as shown in the > +# example below to handle dependencies. > # > -# If it does not have a vendor directory, you should use the EGO_VENDOR > +# Alternatively, older versions of this eclass used the EGO_VENDOR > # variable and the go-module_vendor_uris function as shown in the > # example below to handle dependencies. I think we can remove the example with EGO_VENDOR and go-module_vendor_uris; we really don't want people to continue following that example. > @@ -28,6 +51,28 @@ > # dependencies. So please make sure it is accurate. > # > # @EXAMPLE: > +# @CODE > +# > +# inherit go-module > +# > +# EGO_SUM=3D( > +# "github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.m= od h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I=3D license:BSD-2,MIT" > +# "github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59 h1:W= WB576BN5zNSZc/M9d/10pqEx5VHNhaQ/yOVAkmj5Yo=3D" > +# ) > +# S=3D"${WORKDIR}/${MY_P}" The default setting of S should be fine for most ebuilds, so I don't think we need this in the example. > +# go-module_set_globals > +# > +# SRC_URI=3D"https://github.com/example/${PN}/archive/v${PV}.tar.gz -> $= {P}.tar.gz > +# ${EGO_SUM_SRC_URI}" > +# > +# LICENSE=3D"some-license ${EGO_SUM_LICENSES}" > +# > +# src_unpack() { > +# unpack ${P}.tar.gz > +# go-module_src_unpack > +# } +# I don't think I would put an src_unpack() in the example. > +# @CODE > # > # @CODE > # > @@ -35,7 +80,7 @@ > # > # EGO_VENDOR=3D( > # "github.com/xenolf/lego 6cac0ea7d8b28c889f709ec7fa92e92b82f490dd" > -# "golang.org/x/crypto 453249f01cfeb54c3d549ddb75ff152ca243f9d8 github.c= om/golang/crypto" > +# "golang.org/x/crypto 453249f01cfeb54c3d549ddb75ff152ca243f9d8 github.c= om/golang/crypto" > # ) > # > # SRC_URI=3D"https://github.com/example/${PN}/archive/v${PV}.tar.gz -> $= {P}.tar.gz > @@ -64,10 +109,12 @@ export GO111MODULE=3Don > export GOCACHE=3D"${T}/go-build" > =20 > # The following go flags should be used for all builds. > -# -mod=3Dvendor stopps downloading of dependencies from the internet. > # -v prints the names of packages as they are compiled > # -x prints commands as they are executed > -export GOFLAGS=3D"-mod=3Dvendor -v -x" > +# -mod=3Dvendor use the vendor directory instead of downloading dependen= cies > +# -mod=3Dreadonly do not update go.mod/go.sum but fail if updates are ne= eded > +export GOFLAGS=3D"-v -x -mod=3Dreadonly" > +[[ ${#EGO_VENDOR[@]} -gt 0 ]] && GOFLAGS+=3D" -mod=3Dvendor" > =20 > # Do not complain about CFLAGS etc since go projects do not use them. > QA_FLAGS_IGNORED=3D'.*' > @@ -77,6 +124,42 @@ RESTRICT=3D"strip" > =20 > EXPORT_FUNCTIONS src_unpack pkg_postinst > =20 > +# @ECLASS-VARIABLE: EGO_SUM > +# @DESCRIPTION: > +# This is an array based on the go.sum content from inside the target pa= ckage. > +# Each array entry must be quoted and contain: > +# > +# " [h1:] [:]" > +# > +# To ease conversion from EGO_VENDOR, the presence of the h1:hash is NOT > +# enforced in ebuilds at this time. > +# > +# The format is described upstream here: > +# https://tip.golang.org/cmd/go/#hdr-Module_authentication_using_go_sum > +# > +# h1: is the Hash1 structure used by upstream Go > +# Note that Hash1 is MORE stable than Gentoo distfile hashing, and upstr= eam > +# warns that it's conceptually possible for the Hash1 value to remain st= able > +# while the upstream zipfiles change. E.g. it does NOT capture mtime cha= nges in > +# files within a zipfile. > +# > +# : is an additional set of key-value tuples, to amend Gentoo > +# metadata. > +# > +# The extra metadata keys accepted at this time are: > +# - license: for dependencies built into the final runtime, the value fi= eld is > +# a comma seperated list of Gentoo licenses to apply to the LICENSE va= riable,=20 > +# There are two lines for each module in go.sum, the one with /go.mod as a suffix to the version and the one without. We do not need both right? > +# @EXAMPLE: > +# # github.com/BurntSushi/toml is a build-time only dep > +# # github.com/aybabtme/rgbterm is a runtime dep, annotated with licenses I'm not sure we can distinguish between buildtime only and runtime deps. > +# EGO_SUM=3D( > +# "github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB= 0XUf9Vl28OQ=3D" > +# "github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2= Ht5sIBksp03qcyfWMU=3D" > +# "github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.m= od h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I=3D license:BSD-2,MIT" > +# "github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59 h1:W= WB576BN5zNSZc/M9d/10pqEx5VHNhaQ/yOVAkmj5Yo=3D" > +# ) > + > # @ECLASS-VARIABLE: EGO_VENDOR > # @DESCRIPTION: > # This variable contains a list of vendored packages. > @@ -95,10 +178,10 @@ go-module_vendor_uris() { > local hash import line repo x > for line in "${EGO_VENDOR[@]}"; do > read -r import hash repo x <<< "${line}" > - if [[ -n $x ]]; then > + if [[ -n ${x} ]]; then > eerror "Trailing information in EGO_VENDOR in ${P}.ebuild" > eerror "${line}" > - eerror "Trailing information is: \"$x\"" > + eerror "Trailing information is: \"${x}\"" > die "Invalid EGO_VENDOR format" > fi > : "${repo:=3D${import}}" > @@ -106,18 +189,242 @@ go-module_vendor_uris() { > done > } > =20 > +# @ECLASS-VARIABLE: _GOMODULE_GOPROXY_BASEURI > +# @DESCRIPTION: > +# Golang module proxy service to fetch module files from. Note that the = module > +# proxy generally verifies modules via the Hash1 code. > +# > +# Users in China may find some mirrors in the default list blocked, and = should > +# explicitly set an entry in /etc/portage/mirrors for goproxy to > +# https://goproxy.cn/ or another mirror that is not blocked in China. > +# See https://arslan.io/2019/08/02/why-you-should-use-a-go-module-proxy/= for further details > +# > +# This variable is NOT intended for user-level configuration of mirrors,= but > +# rather to cover Golang modules that might exist only on specific Gopro= xy > +# servers for non-technical reasons. > +# > +# This variable should NOT be present in user-level configuration e.g. > +# /etc/portage/make.conf, as it will violate metadata immutability! > +: "${_GOMODULE_GOPROXY_BASEURI:=3Dmirror://goproxy/}" If this isn't supposed to be in user-level configuration, where should it be set? > + > +# @ECLASS-VARIABLE: _GOMODULE_GOSUM_REVERSE_MAP > +# @DESCRIPTION: > +# Mapping back from Gentoo distfile name to upstream distfile path. > +# Associative array to avoid O(N*M) performance when populating the GOPR= OXY > +# directory structure. > +declare -A -g _GOMODULE_GOSUM_REVERSE_MAP > + > +# @FUNCTION: go-module_set_globals > +# @DESCRIPTION: > +# Convert the information in EGO_SUM for other usage in the ebuild. > +# - Populates EGO_SUM_SRC_URI that can be added to SRC_URI > +# - Exports _GOMODULE_GOSUM_REVERSE_MAP which provides reverse mapping f= rom > +# distfile back to the relative part of SRC_URI, as needed for > +# GOPROXY=3Dfile:///... > +go-module_set_globals() { > + local line exts > + # for tracking go.sum errors > + local error_in_gosum=3D0 > + local -a gosum_errorlines > + # used make SRC_URI easier to read > + local newline=3D$'\n'=20 > + # capture unique licenses > + local -A unique_licenses > + > + # Now parse EGO_SUM > + for line in "${EGO_SUM[@]}"; do > + local module version modfile version_modfile kvs x > + local hash1=3D'' license=3D'' > + read -r module version_modfile kvs <<< "${line}" > + # Parse the key:value set on the end of the line > + for _kv in ${kvs}; do > + local _v=3D${_kv#*:} > + local _k=3D${_kv%$_v} > + case "$_k" in > + 'h1:') hash1+=3D" $_kv" ;; > + 'license:') license+=3D" ${_v//,/ }" ;; > + *) error_in_gosum=3D1 ; gosum_errorlines+=3D( "Unknown EGO_SUM key:v= alue: k=3D$_k v=3D$_v" ) ;; > + esac > + done > + > + # Split 'v0.3.0/go.mod' into 'v0.3.0' and '/go.mod' > + # It might NOT have the trailing /go.mod > + IFS=3D/ read -r version modfile x <<<"${version_modfile}" > + # Reject multiple slashes > + if [[ -n ${x} ]]; then > + error_in_gosum=3D1 > + gosum_errorlines+=3D( "Bad version: ${version_modfile}" ) > + continue > + fi > + > + # The modfile variable should be either empty or '/go.mod' > + # There is a chance that upstream Go might add something else here in > + # future, and we should be prepared to capture it. > + # The .info files do not need to be downloaded, they will be created > + # based on the .mod file. > + # See https://github.com/golang/go/issues/35922#issuecomment-584824275 > + exts=3D() > + local errormsg=3D'' > + case "${modfile}" in > + '') exts=3D( zip ) ;; > + 'go.mod'|'/go.mod') exts=3D( mod ) ;; > + *) errormsg=3D"Unknown modfile: line=3D'${line}', modfile=3D'${modfil= e}'" ;; > + esac > + > + # If it was a bad entry, restart the loop > + if [[ -n ${errormsg} ]]; then > + error_in_gosum=3D1 > + gosum_errorlines+=3D( "${errormsg} line=3D'${line}', modfile=3D'${mod= file}'" ) > + continue > + fi > + > + # Capture unique licenses > + for _l in ${license} ; do > + unique_licenses["${_l}"]=3D1 > + done > + > + _dir=3D$(_go-module_gomod_encode "${module}") > + > + for _ext in "${exts[@]}" ; do > + # Relative URI within a GOPROXY for a file > + _reluri=3D"${_dir}/@v/${version}.${_ext}" > + # SRC_URI: LHS entry > + _uri=3D"${_GOMODULE_GOPROXY_BASEURI}/${_reluri}" > + # SRC_URI: RHS entry, encode any slash in the path as %2F in the file= name > + _distfile=3D"${_reluri//\//%2F}" > + > + EGO_SUM_SRC_URI+=3D" ${_uri} -> ${_distfile}${newline}" > + _GOMODULE_GOSUM_REVERSE_MAP["${_distfile}"]=3D"${_reluri}" > + done > + done > + > + # Dedupe licenses > + for license in "${!unique_licenses[@]}" ; do > + EGO_SUM_LICENSES+=3D" ${license}" > + done > + > + > + if [[ ${error_in_gosum} !=3D 0 ]]; then > + eerror "Trailing information in EGO_SUM in ${P}.ebuild" > + for line in "${gosum_errorlines[@]}" ; do > + eerror "${line}" > + done > + die "Invalid EGO_SUM format" > + fi > + > + # Ensure these variables not not changed past this point > + readonly EGO_SUM > + readonly EGO_SUM_SRC_URI > + readonly EGO_SUM_LICENSES > + readonly _GOMODULE_GOSUM_REVERSE_MAP > + > + # Set the guard that we are safe > + _GO_MODULE_SET_GLOBALS_CALLED=3D1 > +} > + > + > # @FUNCTION: go-module_src_unpack > # @DESCRIPTION: > +# Extract & configure Go modules for consumpations. > +# - Modules listed in EGO_SUM are configured as a local GOPROXY via syml= inks (fast!) > +# - Modules listed in EGO_VENDOR are extracted to "${S}/vendor" (slow) > +# > +# This function does NOT unpack the base distfile of a Go-based package. > +# While the entries in EGO_SUM will be listed in ${A}, they should NOT be > +# unpacked, Go will directly consume the files, including zips. > +go-module_src_unpack() { If possible, this function should unpack the base distfile. That would keep us from having to write src_unpack for every go ebuild that uses the eclass. > + if [[ "${#EGO_VENDOR[@]}" -gt 0 ]]; then > + _go-module_src_unpack_vendor > + elif [[ "${#EGO_SUM[@]}" -gt 0 ]]; then > + _go-module_src_unpack_gosum > + else > + die "Neither EGO_SUM nor EGO_VENDOR are set!" This shouldn't die, having neither one set is valid. > + fi > +} > + > +# @FUNCTION: _go-module_src_unpack_gosum > +# @DESCRIPTION: > +# Populate a GOPROXY directory hierarchy with distfiles from EGO_SUM > +# > +# Exports GOPROXY environment variable so that Go calls will source the > +# directory correctly. > +_go-module_src_unpack_gosum() { > + # shellcheck disable=3DSC2120 > + debug-print-function "${FUNCNAME}" "$@" > + > + if [[ ! ${_GO_MODULE_SET_GLOBALS_CALLED} ]]; then > + die "go-module_set_globals must be called in global scope" > + fi > + > + local goproxy_dir=3D"${T}/goproxy" > + mkdir -p "${goproxy_dir}" || die > + > + # For each Golang module distfile, look up where it's supposed to go, a= nd > + # symlink into place. > + local _A > + local goproxy_mod_dir > + for _A in ${A}; do > + goproxy_mod_path=3D"${_GOMODULE_GOSUM_REVERSE_MAP["${_A}"]}" > + if [[ -n "${goproxy_mod_path}" ]]; then > + debug-print-function "Populating goproxy for ${goproxy_mod_path}" > + # Build symlink hierarchy > + goproxy_mod_dir=3D$( dirname "${goproxy_dir}"/"${goproxy_mod_path}" ) > + mkdir -p "${goproxy_mod_dir}" || die > + ln -sf "${DISTDIR}"/"${_A}" "${goproxy_dir}/${goproxy_mod_path}" || d= ie "Failed to ln" > + local v=3D${goproxy_mod_path} > + v=3D"${v%.mod}" > + v=3D"${v%.zip}" > + v=3D"${v//*\/}" > + _go-module_gosum_synthesize_files "${goproxy_mod_dir}" "${v}" > + fi > + done > + export GOPROXY=3D"file://${goproxy_dir}" > + > + # Validate the gosum now > + _go-module_src_unpack_verify_gosum > +} > + > +# @FUNCTION: _go-module_gosum_synthesize_files > +# @DESCRIPTION: > +# Given a path & version, populate all Goproxy metadata files which are= n't > +# needed to be downloaded directly. > +# - .../@v/${version}.info > +# - .../@v/list > +_go-module_gosum_synthesize_files() { > + local target=3D$1 > + local version=3D$2 > + # 'go get' doesn't care about the hash of the .info files, they > + # just need a 'version' element! > + # This saves a download of a tiny file > + # The .time key is omitted, because that is the time a module was added= to the > + # upstream goproxy, and not metadata about the module itself. > + cat >"${target}/${version}.info" <<-EOF > + { > + "Version": "${version}", > + "shortName": "${version}", > + "Name": "${version}" > + } > + EOF > + listfile=3D"${target}"/list > + if ! grep -sq -x -e "${version}" "${listfile}" 2>/dev/null; then > + echo "${version}" >>"${listfile}" > + fi > +} > + > +# @FUNCTION: _go-module_src_unpack_vendor > +# @DESCRIPTION: > # Extract all archives in ${a} which are not nentioned in ${EGO_VENDOR} > # to their usual locations then extract all archives mentioned in > # ${EGO_VENDOR} to ${S}/vendor. > -go-module_src_unpack() { > - debug-print-function ${FUNCNAME} "$@" > +_go-module_src_unpack_vendor() { > + # shellcheck disable=3DSC2120 > + debug-print-function "${FUNCNAME}" "$@" Maybe add an eqawarn here that EGO_VENDOR is deprecated to encourage people to migrate their ebuilds. > local f hash import line repo tarball vendor_tarballs x > vendor_tarballs=3D() > for line in "${EGO_VENDOR[@]}"; do > read -r import hash repo x <<< "${line}" > - if [[ -n $x ]]; then > + if [[ -n ${x} ]]; then > eerror "Trailing information in EGO_VENDOR in ${P}.ebuild" > eerror "${line}" > die "Invalid EGO_VENDOR format" > @@ -125,10 +432,10 @@ go-module_src_unpack() { > : "${repo:=3D${import}}" > vendor_tarballs+=3D("${repo//\//-}-${hash}.tar.gz") > done > - for f in $A; do > - [[ -n ${vendor_tarballs[*]} ]] && has "$f" "${vendor_tarballs[@]}" && > + for f in ${A}; do > + [[ -n ${vendor_tarballs[*]} ]] && has "${f}" "${vendor_tarballs[@]}" && > continue > - unpack "$f" > + unpack "${f}" > done > =20 > [[ -z ${vendor_tarballs[*]} ]] && return > @@ -145,13 +452,53 @@ go-module_src_unpack() { > done > } > =20 > +# @FUNCTION: _go-module_src_unpack_verify_gosum > +# @DESCRIPTION: > +# Validate the Go modules declared by EGO_SUM are sufficent to cover bui= lding > +# the package, without actually building it yet. > +# > +# This might be a good candidate for src_prepare in later versions of the > +# eclass, but all consumers will need updating! > +_go-module_src_unpack_verify_gosum() { > + # shellcheck disable=3DSC2120 > + debug-print-function "${FUNCNAME}" "$@" > + > + if [[ ! ${_GO_MODULE_SET_GLOBALS_CALLED} ]]; then > + die "go-module_set_globals must be called in global scope" > + fi > + > + cd "${S}" > + > + # Cleanup the modules before starting anything else > + # This will print 'downloading' messages, but it's accessing content fr= om > + # the $GOPROXY file:/// URL! > + einfo "Tidying go.mod/go.sum" > + go mod tidy >/dev/null > + > + # Verify that all needed modules are really present, by fetching everyt= hing > + # in the package's main go.mod. If the EGO_SUM was missing an entry th= en > + # 'go mod tidy' && 'go get' will flag it. > + # -v =3D verbose > + # -d =3D download only, don't install > + # -mod readonly =3D treat modules as readonly source > + einfo "Verifying linked Golang modules" > + GO111MODULE=3Don \ > + go get \ > + -v \ > + -d \ > + -mod readonly \ > + all \ > + || die "Some module is missing, update EGO_SUM" > +} If EGO_SUM is up to date, this could also mean that upstream forgot to run go mod tidy and commit the go.mod/go.sum before the release, so it could be a bug that needs to be reported. > + > # @FUNCTION: go-module_live_vendor > # @DESCRIPTION: > # This function is used in live ebuilds to vendor the dependencies when > # upstream doesn't vendor them. > go-module_live_vendor() { > - debug-print-function ${FUNCNAME} "$@" > + debug-print-function "${FUNCNAME}" "$@" > =20 > + # shellcheck disable=3DSC2086 > has live ${PROPERTIES} || > die "${FUNCNAME} only allowed in live ebuilds" > [[ "${EBUILD_PHASE}" =3D=3D unpack ]] || > @@ -168,7 +515,7 @@ go-module_live_vendor() { > # @DESCRIPTION: > # Display a warning about security updates for Go programs. > go-module_pkg_postinst() { > - debug-print-function ${FUNCNAME} "$@" > + debug-print-function "${FUNCNAME}" "$@" > [[ -n ${REPLACING_VERSIONS} ]] && return 0 > ewarn "${PN} is written in the Go programming language." > ewarn "Since this language is statically linked, security" > @@ -179,4 +526,30 @@ go-module_pkg_postinst() { > ewarn "stable tree." > } > =20 > +# @FUNCTION: _go-module_gomod_encode > +# @DESCRIPTION: > +# Encode the name(path) of a Golang module in the format expected by Gop= roxy. > +# > +# Upper letters are replaced by their lowercase version with a '!' prefi= x. > +# > +_go-module_gomod_encode() { > + ## Python: > + # return re.sub('([A-Z]{1})', r'!\1', s).lower() > + > + ## Sed: > + ## This uses GNU Sed extension \l to downcase the match > + #echo "${module}" |sed 's,[A-Z],!\l&,g' > + # > + # Bash variant: > + debug-print-function "${FUNCNAME}" "$@" > + #local re input lower > + re=3D'(.*)([A-Z])(.*)' > + input=3D"${1}" > + while [[ ${input} =3D~ ${re} ]]; do > + lower=3D'!'"${BASH_REMATCH[2],}" > + input=3D"${BASH_REMATCH[1]}${lower}${BASH_REMATCH[3]}" > + done > + echo "${input}" > +} > + > fi > diff --git profiles/thirdpartymirrors profiles/thirdpartymirrors > index ad4c4b972146..d60f166e07c9 100644 > --- profiles/thirdpartymirrors > +++ profiles/thirdpartymirrors > @@ -25,3 +25,4 @@ sourceforge https://download.sourceforge.net > sourceforge.jp http://iij.dl.sourceforge.jp https://osdn.dl.sourceforge.= jp https://jaist.dl.sourceforge.jp > ubuntu http://mirror.internode.on.net/pub/ubuntu/ubuntu/ https://mirror= =2Etcc.wa.edu.au/ubuntu/ http://ubuntu.uni-klu.ac.at/ubuntu/ http://mirror.= dhakacom.com/ubuntu-archive/ http://ubuntu.c3sl.ufpr.br/ubuntu/ http://ubun= tu.uni-sofia.bg/ubuntu/ http://hr.archive.ubuntu.com/ubuntu/ http://cz.arch= ive.ubuntu.com/ubuntu/ https://mirror.dkm.cz/ubuntu http://ftp.cvut.cz/ubun= tu/ http://ftp.stw-bonn.de/ubuntu/ https://ftp-stud.hs-esslingen.de/ubuntu/= https://mirror.netcologne.de/ubuntu/ https://mirror.unej.ac.id/ubuntu/ htt= p://kr.archive.ubuntu.com/ubuntu/ https://mirror.nforce.com/pub/linux/ubunt= u/ http://mirror.amsiohosting.net/archive.ubuntu.com/ http://nl3.archive.ub= untu.com/ubuntu/ https://mirror.timeweb.ru/ubuntu/ http://ubuntu.mirror.su.= se/ubuntu/ https://ftp.yzu.edu.tw/ubuntu/ https://mirror.aptus.co.tz/pub/ub= untuarchive/ https://ubuntu.volia.net/ubuntu-archive/ https://mirror.sax.uk= =2Eas61049.net/ubuntu/ https://mirror.pnl.gov/ubuntu/ http://mirror.cc.colu= mbia.edu/pub/linux/ubuntu/archive/ https://mirrors.namecheap.com/ubuntu/ > vdr-developerorg http://projects.vdr-developer.org/attachments/download > +goproxy https://proxy.golang.org/ https://goproxy.io/ https://gocenter.i= o/ > --=20 > 2.25.0 >=20 >=20 --yrj/dFKFPuw6o+aM Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTVeuxEZo4uUHOkQAluVBb0MMRlOAUCXkzLvgAKCRBuVBb0MMRl OC3DAKCaG+B9jFu6WigNM2Bt0e2DknRavACgseQJSnkOFBj8RuIadDd1c14J0XY= =/Ww9 -----END PGP SIGNATURE----- --yrj/dFKFPuw6o+aM--