From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C0A8E138334 for ; Mon, 16 Sep 2019 18:05:59 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 65049E097C; Mon, 16 Sep 2019 18:05:56 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 196CDE08AE for ; Mon, 16 Sep 2019 18:05:56 +0000 (UTC) Received: from pomiot (c134-66.icpnet.pl [85.221.134.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 875D234B1F2; Mon, 16 Sep 2019 18:05:54 +0000 (UTC) Message-ID: <9a93cbef4883b37a53ffa0003ca53a8deb393a96.camel@gentoo.org> Subject: Re: [gentoo-dev] [PATCH 1/1] go-module.eclass: introduce new eclass to handle go modules From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Cc: William Hubbs Date: Mon, 16 Sep 2019 20:05:50 +0200 In-Reply-To: <20190916141719.12922-2-williamh@gentoo.org> References: <20190916141719.12922-1-williamh@gentoo.org> <20190916141719.12922-2-williamh@gentoo.org> Organization: Gentoo Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-8oeeEYhAs8oVmlJcLrbX" User-Agent: Evolution 3.32.4 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 X-Archives-Salt: a3658dbf-66b4-4141-9819-f4f48355e70a X-Archives-Hash: 25f841678605eccd4fc14c8e360a0ff6 --=-8oeeEYhAs8oVmlJcLrbX Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, 2019-09-16 at 09:17 -0500, William Hubbs wrote: > Signed-off-by: William Hubbs > --- > eclass/go-module.eclass | 117 ++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 117 insertions(+) > create mode 100644 eclass/go-module.eclass >=20 > diff --git a/eclass/go-module.eclass b/eclass/go-module.eclass > new file mode 100644 > index 00000000000..7e16ec4e95c > --- /dev/null > +++ b/eclass/go-module.eclass > @@ -0,0 +1,117 @@ > +# Copyright 2019 gentoo authors > +# Distributed under the terms of the GNU General Public License v2 > + > +# @ECLASS: go-module.eclass > +# @MAINTAINER: > +# William Hubbs > +# @SUPPORTED_EAPIS: 7 > +# @BLURB: basic eclass for building software written in the go > +# programming language that uses go modules. > +# @DESCRIPTION: > +# This eclass provides some basic things needed by all software > +# written in the go programming language that uses go modules. > +# > +# You will know the software you are packaging uses modules because > +# it will have files named go.sum and go.mod in its top-level source > +# directory. If it does not have these files, use the golang-* eclasses. Please add a big fat warning around here somewhere that people need to look through LICENSE files in all vendored modules, and list them in LICENSE. They also need to watch out for license conflicts. > +# > +# If the software you are packaging uses modules, the next question is > +# whether it has a directory named "vendor" at the top-level of the sour= ce tree. > +# > +# If it doesn't, you need to create a tarball of what would be in the > +# vendor directory and mirror it locally. > +# If foo-1.0 is the name of your project and you have the tarball for it > +# in your current directory, this is done with the following commands: > +# > +# @CODE: > +# > +# tar -xf foo-1.0.tar.gz > +# cd foo-1.0 > +# go mod vendor > +# cd .. > +# tar -acf foo-1.0-vendor.tar.gz foo-1.0/vendor > +# > +# @CODE: > + > +# If we uncomment src_prepare below, the last two lines in the above > +# code block are reduced to one: > +# > +# @CODE: > +# > +# tar -acf foo-1.0-vendor.tar.gz vendor > +# > +# @CODE: > + > +case ${EAPI:-0} in > + 7) ;; > + *) die "${ECLASS} API in EAPI ${EAPI} not yet established." > +esac > + > +if [[ -z ${_GO_MODULE} ]]; then > + > +_GO_MODULE=3D1 > + > +BDEPEND=3D">=3Ddev-lang/go-1.12" > + > +# The following go flags should be used for all go builds. > +# -mod=3Dvendor stopps downloading of dependencies from the internet. > +# -v prints the names of packages as they are compiled > +# -x prints commands as they are executed > +export GOFLAGS=3D"-mod=3Dvendor -v -x" > + > +# Do not complain about CFLAGS etc since go projects do not use them. > +QA_FLAGS_IGNORED=3D'.*' > + > +# Go packages should not be stripped with strip(1). > +RESTRICT=3D"strip" > + > +# EXPORT_FUNCTIONS src_prepare pkg_postinst > + EXPORT_FUNCTIONS pkg_postinst > + > +# @FUNCTION: go-module_src_prepare > +# @DESCRIPTION: > +# Run a default src_prepare then move our provided vendor directory to > +# the appropriate spot if upstream doesn't provide a vendor directory. > +# > +# This is commented out because I want to see where the discussion on > +# the ml leads. > +# Commenting it out and following the above instructions means that you > +# are forced to manually re-tar the vendored dependencies for every > +# version bump. > +# Using the previous method, it would be possible to decide if you need > +# to do this by comparing the contents of go.mod in the previous and new > +# version. > +# Also, note that we can generate a qa warning if a maintainer forgets > +# to drop the vendor tarball and upstream starts vendoring. > +# go-module_src_prepare() { > +# default > +# # If upstream vendors the dependencies and we provide a vendor > +# # tarball, generate a qa warning. > +# if [[ -d vendor ]] && [[ -d ../vendor ]] ; then > +# eqawarn "This package's upstream source includes a vendor > +# eqawarn "directory and the maintainer provides a vendor tarball." > +# eqawarn "Please report this on https://bugs.gentoo.org" Why aren't you making it fatal? > +# fi > +# # Use the upstream provided vendor directory if it exists. > +# [[ -d vendor ]] && return > +# # If we are not providing a mirror of a vendor directory we created > +# # manually, return since there may be nothing to vendor. > +# [[ ! -d ../vendor ]] && return > +# # At this point, we know we are providing a vendor mirror. > +# mv ../vendor . || die "Unable to move ../vendor directory" > +# } > + > +# @FUNCTION: go-module_pkg_postinst > +# @DESCRIPTION: > +# Display a warning about security updates for Go programs. > +go-module_pkg_postinst() { > + ewarn "${PN} is written in the Go programming language." > + ewarn "Since this language is statically linked, security" > + ewarn "updates will be handled in individual packages and will be" > + ewarn "difficult for us to track as a distribution." > + ewarn "For this reason, please update any go packages asap when new" > + ewarn "versions enter the tree or go stable if you are running the" > + ewarn "stable tree." > +} > + > +fi --=20 Best regards, Micha=C5=82 G=C3=B3rny --=-8oeeEYhAs8oVmlJcLrbX Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQGTBAABCgB9FiEEx2qEUJQJjSjMiybFY5ra4jKeJA4FAl1/zv9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM3 NkE4NDUwOTQwOThEMjhDQzhCMjZDNTYzOUFEQUUyMzI5RTI0MEUACgkQY5ra4jKe JA7kRAf7Bas6FCHEwe7xGCdC50LQrpTusT9j6ldEU5vXvh3vzt2TGNWjBKPX1jk/ MXx18z7uBD2zJepW9zhU/0rojf5Fan+HjHJLgq6g2oGDib/DNexjwMWLAycYeED+ 3aEP5kdNxxrvnar/lccnWrqDFl9VUjG9Q2v5R2+PX/k/fGr4ZHhQWLYrUzGHPx+R ftOQLZJA6ELcfx6B3k5P3SLWZj4HsTf0ba5nNi5a3Nkb0/xzmqzO1ZYn45NOxoUQ 49Jj4hWYzzA/D5xJYCKC03vntMp/PDI3xjGzvhCVzPdMtfGBgjQV4fy3kw74pj22 GmFhKkWSMKmwbdd6hXv7fgqWXVgVdA== =yGLE -----END PGP SIGNATURE----- --=-8oeeEYhAs8oVmlJcLrbX--