1 |
On Thu, Feb 10, 2022 at 07:27:15PM +0100, Andreas K. Huettel wrote: |
2 |
> > I just realized a down side to this approach, but I don't know how |
3 |
> > important that down side is. |
4 |
> > |
5 |
> > As the example shows, if a package has a vendor directory we would trust |
6 |
> > it so nothing would need to be done. If we have to run "go mod |
7 |
> > download", however, this populates the dependency cache from the |
8 |
> > internet. This means that a package that requires this could not be |
9 |
> > built if the building machine is not on the net. |
10 |
> |
11 |
> (hands William a golden potato) |
12 |
> |
13 |
> Congratulations, you've just rediscovered why we do the things the way |
14 |
> we're doing them now... |
15 |
|
16 |
And, you dropped my question at the end of this message, |
17 |
so let me bring it back. |
18 |
|
19 |
> I don't know how important this is, because it is true for any go |
20 |
> package without a vendor directory no matter how you build it. |
21 |
|
22 |
This could also apply to a rust or nodejs package. |
23 |
|
24 |
The build process for all of these languages has the potential to reach |
25 |
out to the net to download dependencies. |
26 |
|
27 |
Iam talking mostly about Go, because that's what I work with, but I know |
28 |
it isn't the only language that does this. |
29 |
|
30 |
In the list of solutions Robin put on this thread, I prefer the third |
31 |
group. That would involve the fetch_extra phase which would for go |
32 |
basically be "cd ${S} || die; go mod download || die" along with an |
33 |
environment variable that would put modules under distfiles. |
34 |
|
35 |
If you have an idea for a better solution, I'm willing to hear it. |
36 |
|
37 |
William |