| 1 |
On Fri, 2022-02-11 at 00:53 -0600, William Hubbs wrote: |
| 2 |
> On Thu, Feb 10, 2022 at 07:27:15PM +0100, Andreas K. Huettel wrote: |
| 3 |
> > > I just realized a down side to this approach, but I don't know how |
| 4 |
> > > important that down side is. |
| 5 |
> > > |
| 6 |
> > > As the example shows, if a package has a vendor directory we would trust |
| 7 |
> > > it so nothing would need to be done. If we have to run "go mod |
| 8 |
> > > download", however, this populates the dependency cache from the |
| 9 |
> > > internet. This means that a package that requires this could not be |
| 10 |
> > > built if the building machine is not on the net. |
| 11 |
> > |
| 12 |
> > (hands William a golden potato) |
| 13 |
> > |
| 14 |
> > Congratulations, you've just rediscovered why we do the things the way |
| 15 |
> > we're doing them now... |
| 16 |
> |
| 17 |
> And, you dropped my question at the end of this message, |
| 18 |
> so let me bring it back. |
| 19 |
> |
| 20 |
> > I don't know how important this is, because it is true for any go |
| 21 |
> > package without a vendor directory no matter how you build it. |
| 22 |
> |
| 23 |
> This could also apply to a rust or nodejs package. |
| 24 |
> |
| 25 |
> The build process for all of these languages has the potential to reach |
| 26 |
> out to the net to download dependencies. |
| 27 |
> |
| 28 |
> Iam talking mostly about Go, because that's what I work with, but I know |
| 29 |
> it isn't the only language that does this. |
| 30 |
> |
| 31 |
> In the list of solutions Robin put on this thread, I prefer the third |
| 32 |
> group. That would involve the fetch_extra phase which would for go |
| 33 |
> basically be "cd ${S} || die; go mod download || die" along with an |
| 34 |
> environment variable that would put modules under distfiles. |
| 35 |
> |
| 36 |
> If you have an idea for a better solution, I'm willing to hear it. |
| 37 |
> |
| 38 |
|
| 39 |
The "better solution" has already been provided -- repackage it. |
| 40 |
All of your solutions solve only part of the problem, and usually |
| 41 |
introduce more problems. The current distfile fetching solution works |
| 42 |
well for over 99% of the Gentoo packages today (this is not "the 99%" |
| 43 |
but actual numbers, more below). The problem is with Go, and Go needs |
| 44 |
to be fixed (or worked around), and don't extend it to "theoretically |
| 45 |
Rust or NodeJS" because they're nowhere close to how badly designed Go |
| 46 |
ecosystem is. |
| 47 |
|
| 48 |
No solution based on extended fetch phases is going to work. However |
| 49 |
complex you're going to invent it, it doesn't change that you end up |
| 50 |
with live ebuilds, and as such they're never going to have KEYWORDS. |
| 51 |
All the added complexity to work arounds the usual problems with live |
| 52 |
ebuilds isn't going to change that, not to mention being worth |
| 53 |
the effort specifically for Go. |
| 54 |
|
| 55 |
No change of rules on exported variables makes the problem disappear |
| 56 |
either. The problem of "PM can't handle packages with humongous number |
| 57 |
of tiny files" is not worth addressing. The problem that we need to |
| 58 |
address today is "Go packages are *harmful* through using over 54000 |
| 59 |
tiny .mod distfiles". This problem can be solved via repackaging, |
| 60 |
and rather than wasting our times discussing bad solutions to the wrong |
| 61 |
problem, we should be repackaging these packages *now*. |
| 62 |
|
| 63 |
Now, for some numbers. According to my greps (please correct me if I've |
| 64 |
gotten this wrong), there 121 packages using go .mod files in ::gentoo. |
| 65 |
This is 0.6% of all packages. These 121 packages make up 44.7% of total |
| 66 |
Manifest lines, or 46.6% total Manifest bytes (probably thanks to long |
| 67 |
filenames). This is 18 MiB of DIST lines that unconditionally waste |
| 68 |
user's disk space and cause git history to grow larger with every |
| 69 |
version bump. And the worst part is, if I understand the process |
| 70 |
correctly, every version bump will bring more and more .mod files |
| 71 |
for old versions of packages that aren't even really used to build |
| 72 |
the package! |
| 73 |
|
| 74 |
Again, let me repeat. We are talking about inventing super complex |
| 75 |
solutions to make 121 bad packages suddenly look good. Why isn't |
| 76 |
anybody discussing fixing these packages instead? Why did people think |
| 77 |
it's a good idea to commit them as-is? |
| 78 |
|
| 79 |
-- |
| 80 |
Best regards, |
| 81 |
Michał Górny |
Archives