| 1 |
On Mon, 2019-09-16 at 09:17 -0500, William Hubbs wrote: |
| 2 |
> Signed-off-by: William Hubbs <williamh@g.o> |
| 3 |
> --- |
| 4 |
> eclass/go-module.eclass | 117 ++++++++++++++++++++++++++++++++++++++++ |
| 5 |
> 1 file changed, 117 insertions(+) |
| 6 |
> create mode 100644 eclass/go-module.eclass |
| 7 |
> |
| 8 |
> diff --git a/eclass/go-module.eclass b/eclass/go-module.eclass |
| 9 |
> new file mode 100644 |
| 10 |
> index 00000000000..7e16ec4e95c |
| 11 |
> --- /dev/null |
| 12 |
> +++ b/eclass/go-module.eclass |
| 13 |
> @@ -0,0 +1,117 @@ |
| 14 |
> +# Copyright 2019 gentoo authors |
| 15 |
> +# Distributed under the terms of the GNU General Public License v2 |
| 16 |
> + |
| 17 |
> +# @ECLASS: go-module.eclass |
| 18 |
> +# @MAINTAINER: |
| 19 |
> +# William Hubbs <williamh@g.o> |
| 20 |
> +# @SUPPORTED_EAPIS: 7 |
| 21 |
> +# @BLURB: basic eclass for building software written in the go |
| 22 |
> +# programming language that uses go modules. |
| 23 |
> +# @DESCRIPTION: |
| 24 |
> +# This eclass provides some basic things needed by all software |
| 25 |
> +# written in the go programming language that uses go modules. |
| 26 |
> +# |
| 27 |
> +# You will know the software you are packaging uses modules because |
| 28 |
> +# it will have files named go.sum and go.mod in its top-level source |
| 29 |
> +# directory. If it does not have these files, use the golang-* eclasses. |
| 30 |
|
| 31 |
Please add a big fat warning around here somewhere that people need to |
| 32 |
look through LICENSE files in all vendored modules, and list them |
| 33 |
in LICENSE. They also need to watch out for license conflicts. |
| 34 |
|
| 35 |
> +# |
| 36 |
> +# If the software you are packaging uses modules, the next question is |
| 37 |
> +# whether it has a directory named "vendor" at the top-level of the source tree. |
| 38 |
> +# |
| 39 |
> +# If it doesn't, you need to create a tarball of what would be in the |
| 40 |
> +# vendor directory and mirror it locally. |
| 41 |
> +# If foo-1.0 is the name of your project and you have the tarball for it |
| 42 |
> +# in your current directory, this is done with the following commands: |
| 43 |
> +# |
| 44 |
> +# @CODE: |
| 45 |
> +# |
| 46 |
> +# tar -xf foo-1.0.tar.gz |
| 47 |
> +# cd foo-1.0 |
| 48 |
> +# go mod vendor |
| 49 |
> +# cd .. |
| 50 |
> +# tar -acf foo-1.0-vendor.tar.gz foo-1.0/vendor |
| 51 |
> +# |
| 52 |
> +# @CODE: |
| 53 |
> + |
| 54 |
> +# If we uncomment src_prepare below, the last two lines in the above |
| 55 |
> +# code block are reduced to one: |
| 56 |
> +# |
| 57 |
> +# @CODE: |
| 58 |
> +# |
| 59 |
> +# tar -acf foo-1.0-vendor.tar.gz vendor |
| 60 |
> +# |
| 61 |
> +# @CODE: |
| 62 |
> + |
| 63 |
> +case ${EAPI:-0} in |
| 64 |
> + 7) ;; |
| 65 |
> + *) die "${ECLASS} API in EAPI ${EAPI} not yet established." |
| 66 |
> +esac |
| 67 |
> + |
| 68 |
> +if [[ -z ${_GO_MODULE} ]]; then |
| 69 |
> + |
| 70 |
> +_GO_MODULE=1 |
| 71 |
> + |
| 72 |
> +BDEPEND=">=dev-lang/go-1.12" |
| 73 |
> + |
| 74 |
> +# The following go flags should be used for all go builds. |
| 75 |
> +# -mod=vendor stopps downloading of dependencies from the internet. |
| 76 |
> +# -v prints the names of packages as they are compiled |
| 77 |
> +# -x prints commands as they are executed |
| 78 |
> +export GOFLAGS="-mod=vendor -v -x" |
| 79 |
> + |
| 80 |
> +# Do not complain about CFLAGS etc since go projects do not use them. |
| 81 |
> +QA_FLAGS_IGNORED='.*' |
| 82 |
> + |
| 83 |
> +# Go packages should not be stripped with strip(1). |
| 84 |
> +RESTRICT="strip" |
| 85 |
> + |
| 86 |
> +# EXPORT_FUNCTIONS src_prepare pkg_postinst |
| 87 |
> + EXPORT_FUNCTIONS pkg_postinst |
| 88 |
> + |
| 89 |
> +# @FUNCTION: go-module_src_prepare |
| 90 |
> +# @DESCRIPTION: |
| 91 |
> +# Run a default src_prepare then move our provided vendor directory to |
| 92 |
> +# the appropriate spot if upstream doesn't provide a vendor directory. |
| 93 |
> +# |
| 94 |
> +# This is commented out because I want to see where the discussion on |
| 95 |
> +# the ml leads. |
| 96 |
> +# Commenting it out and following the above instructions means that you |
| 97 |
> +# are forced to manually re-tar the vendored dependencies for every |
| 98 |
> +# version bump. |
| 99 |
> +# Using the previous method, it would be possible to decide if you need |
| 100 |
> +# to do this by comparing the contents of go.mod in the previous and new |
| 101 |
> +# version. |
| 102 |
> +# Also, note that we can generate a qa warning if a maintainer forgets |
| 103 |
> +# to drop the vendor tarball and upstream starts vendoring. |
| 104 |
> +# go-module_src_prepare() { |
| 105 |
> +# default |
| 106 |
> +# # If upstream vendors the dependencies and we provide a vendor |
| 107 |
> +# # tarball, generate a qa warning. |
| 108 |
> +# if [[ -d vendor ]] && [[ -d ../vendor ]] ; then |
| 109 |
> +# eqawarn "This package's upstream source includes a vendor |
| 110 |
> +# eqawarn "directory and the maintainer provides a vendor tarball." |
| 111 |
> +# eqawarn "Please report this on https://bugs.gentoo.org" |
| 112 |
|
| 113 |
Why aren't you making it fatal? |
| 114 |
|
| 115 |
> +# fi |
| 116 |
> +# # Use the upstream provided vendor directory if it exists. |
| 117 |
> +# [[ -d vendor ]] && return |
| 118 |
> +# # If we are not providing a mirror of a vendor directory we created |
| 119 |
> +# # manually, return since there may be nothing to vendor. |
| 120 |
> +# [[ ! -d ../vendor ]] && return |
| 121 |
> +# # At this point, we know we are providing a vendor mirror. |
| 122 |
> +# mv ../vendor . || die "Unable to move ../vendor directory" |
| 123 |
> +# } |
| 124 |
> + |
| 125 |
> +# @FUNCTION: go-module_pkg_postinst |
| 126 |
> +# @DESCRIPTION: |
| 127 |
> +# Display a warning about security updates for Go programs. |
| 128 |
> +go-module_pkg_postinst() { |
| 129 |
> + ewarn "${PN} is written in the Go programming language." |
| 130 |
> + ewarn "Since this language is statically linked, security" |
| 131 |
> + ewarn "updates will be handled in individual packages and will be" |
| 132 |
> + ewarn "difficult for us to track as a distribution." |
| 133 |
> + ewarn "For this reason, please update any go packages asap when new" |
| 134 |
> + ewarn "versions enter the tree or go stable if you are running the" |
| 135 |
> + ewarn "stable tree." |
| 136 |
> +} |
| 137 |
> + |
| 138 |
> +fi |
| 139 |
|
| 140 |
-- |
| 141 |
Best regards, |
| 142 |
Michał Górny |
Archives