1 |
On Mon, 2019-09-16 at 09:17 -0500, William Hubbs wrote: |
2 |
> Signed-off-by: William Hubbs <williamh@g.o> |
3 |
> --- |
4 |
> eclass/go-module.eclass | 117 ++++++++++++++++++++++++++++++++++++++++ |
5 |
> 1 file changed, 117 insertions(+) |
6 |
> create mode 100644 eclass/go-module.eclass |
7 |
> |
8 |
> diff --git a/eclass/go-module.eclass b/eclass/go-module.eclass |
9 |
> new file mode 100644 |
10 |
> index 00000000000..7e16ec4e95c |
11 |
> --- /dev/null |
12 |
> +++ b/eclass/go-module.eclass |
13 |
> @@ -0,0 +1,117 @@ |
14 |
> +# Copyright 2019 gentoo authors |
15 |
> +# Distributed under the terms of the GNU General Public License v2 |
16 |
> + |
17 |
> +# @ECLASS: go-module.eclass |
18 |
> +# @MAINTAINER: |
19 |
> +# William Hubbs <williamh@g.o> |
20 |
> +# @SUPPORTED_EAPIS: 7 |
21 |
> +# @BLURB: basic eclass for building software written in the go |
22 |
> +# programming language that uses go modules. |
23 |
> +# @DESCRIPTION: |
24 |
> +# This eclass provides some basic things needed by all software |
25 |
> +# written in the go programming language that uses go modules. |
26 |
> +# |
27 |
> +# You will know the software you are packaging uses modules because |
28 |
> +# it will have files named go.sum and go.mod in its top-level source |
29 |
> +# directory. If it does not have these files, use the golang-* eclasses. |
30 |
|
31 |
Please add a big fat warning around here somewhere that people need to |
32 |
look through LICENSE files in all vendored modules, and list them |
33 |
in LICENSE. They also need to watch out for license conflicts. |
34 |
|
35 |
> +# |
36 |
> +# If the software you are packaging uses modules, the next question is |
37 |
> +# whether it has a directory named "vendor" at the top-level of the source tree. |
38 |
> +# |
39 |
> +# If it doesn't, you need to create a tarball of what would be in the |
40 |
> +# vendor directory and mirror it locally. |
41 |
> +# If foo-1.0 is the name of your project and you have the tarball for it |
42 |
> +# in your current directory, this is done with the following commands: |
43 |
> +# |
44 |
> +# @CODE: |
45 |
> +# |
46 |
> +# tar -xf foo-1.0.tar.gz |
47 |
> +# cd foo-1.0 |
48 |
> +# go mod vendor |
49 |
> +# cd .. |
50 |
> +# tar -acf foo-1.0-vendor.tar.gz foo-1.0/vendor |
51 |
> +# |
52 |
> +# @CODE: |
53 |
> + |
54 |
> +# If we uncomment src_prepare below, the last two lines in the above |
55 |
> +# code block are reduced to one: |
56 |
> +# |
57 |
> +# @CODE: |
58 |
> +# |
59 |
> +# tar -acf foo-1.0-vendor.tar.gz vendor |
60 |
> +# |
61 |
> +# @CODE: |
62 |
> + |
63 |
> +case ${EAPI:-0} in |
64 |
> + 7) ;; |
65 |
> + *) die "${ECLASS} API in EAPI ${EAPI} not yet established." |
66 |
> +esac |
67 |
> + |
68 |
> +if [[ -z ${_GO_MODULE} ]]; then |
69 |
> + |
70 |
> +_GO_MODULE=1 |
71 |
> + |
72 |
> +BDEPEND=">=dev-lang/go-1.12" |
73 |
> + |
74 |
> +# The following go flags should be used for all go builds. |
75 |
> +# -mod=vendor stopps downloading of dependencies from the internet. |
76 |
> +# -v prints the names of packages as they are compiled |
77 |
> +# -x prints commands as they are executed |
78 |
> +export GOFLAGS="-mod=vendor -v -x" |
79 |
> + |
80 |
> +# Do not complain about CFLAGS etc since go projects do not use them. |
81 |
> +QA_FLAGS_IGNORED='.*' |
82 |
> + |
83 |
> +# Go packages should not be stripped with strip(1). |
84 |
> +RESTRICT="strip" |
85 |
> + |
86 |
> +# EXPORT_FUNCTIONS src_prepare pkg_postinst |
87 |
> + EXPORT_FUNCTIONS pkg_postinst |
88 |
> + |
89 |
> +# @FUNCTION: go-module_src_prepare |
90 |
> +# @DESCRIPTION: |
91 |
> +# Run a default src_prepare then move our provided vendor directory to |
92 |
> +# the appropriate spot if upstream doesn't provide a vendor directory. |
93 |
> +# |
94 |
> +# This is commented out because I want to see where the discussion on |
95 |
> +# the ml leads. |
96 |
> +# Commenting it out and following the above instructions means that you |
97 |
> +# are forced to manually re-tar the vendored dependencies for every |
98 |
> +# version bump. |
99 |
> +# Using the previous method, it would be possible to decide if you need |
100 |
> +# to do this by comparing the contents of go.mod in the previous and new |
101 |
> +# version. |
102 |
> +# Also, note that we can generate a qa warning if a maintainer forgets |
103 |
> +# to drop the vendor tarball and upstream starts vendoring. |
104 |
> +# go-module_src_prepare() { |
105 |
> +# default |
106 |
> +# # If upstream vendors the dependencies and we provide a vendor |
107 |
> +# # tarball, generate a qa warning. |
108 |
> +# if [[ -d vendor ]] && [[ -d ../vendor ]] ; then |
109 |
> +# eqawarn "This package's upstream source includes a vendor |
110 |
> +# eqawarn "directory and the maintainer provides a vendor tarball." |
111 |
> +# eqawarn "Please report this on https://bugs.gentoo.org" |
112 |
|
113 |
Why aren't you making it fatal? |
114 |
|
115 |
> +# fi |
116 |
> +# # Use the upstream provided vendor directory if it exists. |
117 |
> +# [[ -d vendor ]] && return |
118 |
> +# # If we are not providing a mirror of a vendor directory we created |
119 |
> +# # manually, return since there may be nothing to vendor. |
120 |
> +# [[ ! -d ../vendor ]] && return |
121 |
> +# # At this point, we know we are providing a vendor mirror. |
122 |
> +# mv ../vendor . || die "Unable to move ../vendor directory" |
123 |
> +# } |
124 |
> + |
125 |
> +# @FUNCTION: go-module_pkg_postinst |
126 |
> +# @DESCRIPTION: |
127 |
> +# Display a warning about security updates for Go programs. |
128 |
> +go-module_pkg_postinst() { |
129 |
> + ewarn "${PN} is written in the Go programming language." |
130 |
> + ewarn "Since this language is statically linked, security" |
131 |
> + ewarn "updates will be handled in individual packages and will be" |
132 |
> + ewarn "difficult for us to track as a distribution." |
133 |
> + ewarn "For this reason, please update any go packages asap when new" |
134 |
> + ewarn "versions enter the tree or go stable if you are running the" |
135 |
> + ewarn "stable tree." |
136 |
> +} |
137 |
> + |
138 |
> +fi |
139 |
|
140 |
-- |
141 |
Best regards, |
142 |
Michał Górny |