> Just some comments on the port:
>
> Line 13 (name) is not necessary because github.setup sets the name (second
> argument).
>
> Does the build {} step actually download deps with Carthage? (I am fairly
> certain it does). This should be avoided even if it is difficult. If Carthage
> is downloading dependencies, then a fully offline installation is impossible
> with this port (think of users who suddenly have poor network conditions who
> still have distfiles on their machine and need to reinstall). For Rust and Go
> ports, we set the Portfile to download everything in the fetch phase and then
> build a compatible environment. This allows offline installation and avoids
> potential security issues. I have a Portfile that does a similar thing for an
> Xcode project with submodules:
> https://github.com/Tatsh/ports/blob/master/aqua/Fanny/Portfile#L17
>
> You can do that, or you can make a separate port for each dependency (or
> subports in your port to keep it all in one file). My mas port uses separate
> ports for dependencies and depends on Commandant, which would normally come
> via Carthage:
> https://github.com/Tatsh/ports/blob/master/sysutils/mas/Portfile, Commandant:
> https://github.com/Tatsh/ports/blob/master/devel/Commandant/Portfile
>
>
> The fetch.type git should be removed as you should set the submodules to be
> downloaded in the fetch phase (and remove post-fetch phase). See
> https://github.com/Tatsh/ports/blob/master/aqua/Fanny/Portfile#L17 for an
> example. Then in the pre-configure or some other phase (post-extract is
> probably most appropriate), move the other extracted contents to the
> appropriate place in the source.
Thanks for the review. I will try to create separate ports for all dependencies
currently fetched by carthage and also implement your other suggestions.
Your comment about the git submodules is a bit surprising to me because I got
that part straight from the macports guide:
https://guide.macports.org/index.html#reference.portgroup.github.submodule. So
is fetching the submodule „manually“ considered the better approach? Should we
update the guide?
I will update the PR as soon as I have created port files for all dependencies
- that may take a while though.
—
Janosch
