Hi Alex, Am 18.01.2022 um 00:09 schrieb Alexander Kanavin:
Even SRC_URI need not be long and ugly. Consider the git submodules fetcher: we simpy list the single top level revision in gitsm:// and trust that the git executable, having just that one revision, will both verify source integrity for all submodules and produce a tree suitable for archiving and offline builds.
This fetcher calls the git fetcher and direct fetch the git submodule. I think we need the possibility to patch the dependency tree / lock file inside the source before fetch.
I don't see why npm can't behave similarly: first produce a shrinkwrap with checksums separately
This is already supported by recipetool.
(if not already provided by upstream),
This is only possible if you unpack and maybe patch the source before the fetch of the dependencies. I already suggest this some days ago.
then trust that npm (that we can build ourselves) will utilize the shrinkwrap to provide the same guarantees as git does with submodules.
This isn't possible because npm doesn't guaranty the same dependency tree. But the npmsw fetcher already setup the dependency tree and it is possible to build it without install.
Regards Stefan
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1429): https://lists.openembedded.org/g/openembedded-architecture/message/1429 Mute This Topic: https://lists.openembedded.org/mt/88417908/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-architecture/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
