1 |
On Fri, 2022-02-11 at 00:53 -0600, William Hubbs wrote: |
2 |
> On Thu, Feb 10, 2022 at 07:27:15PM +0100, Andreas K. Huettel wrote: |
3 |
> > > I just realized a down side to this approach, but I don't know how |
4 |
> > > important that down side is. |
5 |
> > > |
6 |
> > > As the example shows, if a package has a vendor directory we would trust |
7 |
> > > it so nothing would need to be done. If we have to run "go mod |
8 |
> > > download", however, this populates the dependency cache from the |
9 |
> > > internet. This means that a package that requires this could not be |
10 |
> > > built if the building machine is not on the net. |
11 |
> > |
12 |
> > (hands William a golden potato) |
13 |
> > |
14 |
> > Congratulations, you've just rediscovered why we do the things the way |
15 |
> > we're doing them now... |
16 |
> |
17 |
> And, you dropped my question at the end of this message, |
18 |
> so let me bring it back. |
19 |
> |
20 |
> > I don't know how important this is, because it is true for any go |
21 |
> > package without a vendor directory no matter how you build it. |
22 |
> |
23 |
> This could also apply to a rust or nodejs package. |
24 |
> |
25 |
> The build process for all of these languages has the potential to reach |
26 |
> out to the net to download dependencies. |
27 |
> |
28 |
> Iam talking mostly about Go, because that's what I work with, but I know |
29 |
> it isn't the only language that does this. |
30 |
> |
31 |
> In the list of solutions Robin put on this thread, I prefer the third |
32 |
> group. That would involve the fetch_extra phase which would for go |
33 |
> basically be "cd ${S} || die; go mod download || die" along with an |
34 |
> environment variable that would put modules under distfiles. |
35 |
> |
36 |
> If you have an idea for a better solution, I'm willing to hear it. |
37 |
> |
38 |
|
39 |
The "better solution" has already been provided -- repackage it. |
40 |
All of your solutions solve only part of the problem, and usually |
41 |
introduce more problems. The current distfile fetching solution works |
42 |
well for over 99% of the Gentoo packages today (this is not "the 99%" |
43 |
but actual numbers, more below). The problem is with Go, and Go needs |
44 |
to be fixed (or worked around), and don't extend it to "theoretically |
45 |
Rust or NodeJS" because they're nowhere close to how badly designed Go |
46 |
ecosystem is. |
47 |
|
48 |
No solution based on extended fetch phases is going to work. However |
49 |
complex you're going to invent it, it doesn't change that you end up |
50 |
with live ebuilds, and as such they're never going to have KEYWORDS. |
51 |
All the added complexity to work arounds the usual problems with live |
52 |
ebuilds isn't going to change that, not to mention being worth |
53 |
the effort specifically for Go. |
54 |
|
55 |
No change of rules on exported variables makes the problem disappear |
56 |
either. The problem of "PM can't handle packages with humongous number |
57 |
of tiny files" is not worth addressing. The problem that we need to |
58 |
address today is "Go packages are *harmful* through using over 54000 |
59 |
tiny .mod distfiles". This problem can be solved via repackaging, |
60 |
and rather than wasting our times discussing bad solutions to the wrong |
61 |
problem, we should be repackaging these packages *now*. |
62 |
|
63 |
Now, for some numbers. According to my greps (please correct me if I've |
64 |
gotten this wrong), there 121 packages using go .mod files in ::gentoo. |
65 |
This is 0.6% of all packages. These 121 packages make up 44.7% of total |
66 |
Manifest lines, or 46.6% total Manifest bytes (probably thanks to long |
67 |
filenames). This is 18 MiB of DIST lines that unconditionally waste |
68 |
user's disk space and cause git history to grow larger with every |
69 |
version bump. And the worst part is, if I understand the process |
70 |
correctly, every version bump will bring more and more .mod files |
71 |
for old versions of packages that aren't even really used to build |
72 |
the package! |
73 |
|
74 |
Again, let me repeat. We are talking about inventing super complex |
75 |
solutions to make 121 bad packages suddenly look good. Why isn't |
76 |
anybody discussing fixing these packages instead? Why did people think |
77 |
it's a good idea to commit them as-is? |
78 |
|
79 |
-- |
80 |
Best regards, |
81 |
Michał Górny |