Hi Konrad,
Am 05.10.2021 um 21:29 schrieb Konrad Weihmann:
On 05.10.21 21:17, Alexander Kanavin wrote:
On Tue, 5 Oct 2021 at 19:44, Stefan Herbrechtsmeier
<stefan.herbrechtsmeier-...@weidmueller.com
<mailto:stefan.herbrechtsmeier-...@weidmueller.com>> wrote:
> A layer with thousands of recipes seems totally intractable.
What is your concern? The high number of dependencies or to handle it
via OE?
Generating recipes with a tool means the tool will be custom and
non-standard, and chances of anyone outside of your company
understanding, using and contributing to it are rather small. There's
also the problem of needing multiple versions of the same thing for
different
consumer items, which oe doesn't easily support. The link Robert
provided already exposes some of the pain points with that approach.
I tend to think the best way forward (or least painful at least) is to
gradually improve what there already is, which is the npm class
and devtool, and send patches to various upstream njs projects when
they're using outdated dependencies or otherwise need changing.
Alex
Just to chime in :-), I like to question this approach of having
multiple versions of the same in an image.
As already outlined npm is horrible in many ways, but using the lockfile
approach multiplies that even more.
But I tend to agree that using the currently available oe-core code
would be suited best for a broader audience
But this audience loose the some basic features of OE (ex. version and
CVE check) and have to manual fix or ignore the licenses.
- in your own layer you
simply can do whatever you like.
But this make it impossible to share recipes. Why don't we create a
meta-nodejs with a different approach to avoid doing the same thing
multiple times.
While personally I think in the long run, every npm dependency has to be
provided as a recipe of its own (even I know the costs of that pretty
well)... esp when CVE checking and basic packaging hygiene should be
enforced.
Why should OE provide a solution with doesn't support this? I think this
is a main feature of OE.
Nevertheless for oe-core I wouldn't want to change a lot right now, as
there is simply a valid set of consumers missing that could enable us to
do some proper testing. But yeah fixes/improvements for devtool are very
welcome (also the available docu might need a touch)
My problem is that the current approach doesn't support the build of an
express or angular application. Does it makes sense to add this feature
if we know that some basic OE features are missing (CVE and version
check) and fixing bugs is a nightmare?
Regards
Stefan
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156679):
https://lists.openembedded.org/g/openembedded-core/message/156679
Mute This Topic: https://lists.openembedded.org/mt/86089523/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-