Re: [gentoo-dev] [PATCH v2 4/4] dev-vcs/cli: new package
On Wed, Feb 19, 2020 at 12:18:24AM -0600, William Hubbs wrote:
> > +RDEPEND+=">=dev-vcs/git-1.7.3"
> > +BDEPEND+=">=dev-lang/go-1.13"
> > +GOPATH="${WORKDIR}"
> You don't need += here
I've taken to += as a cleaner variant than xDEPEND="${xDEPEND} cat/pn"
when the eclass MAY be setting some dependencies already.
> or any value of GOPATH.
GOPATH is required in fact!
Without it being set, it inherits GOPATH from my scope when I run emerge
or ebuild, and since the portage user doesn't have permission to write
in that path, the Golang mod tooling fails during src_unpack for the
tidy/get calls. If those are skipped, then it fails during the build.
The vendor mode didn't have this issue, because it handles differently.
I do note that this is despite what the Golang docs say about
GO111MODULE envvar being set should cause GOPATH to be ignored.
The other two packages, go-tour and kube-bench explicitly set GOPATH in
their builds, so didn't run into this.
--
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
E-Mail : robb...@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136
signature.asc
Description: PGP signature
Re: [gentoo-dev] [PATCH v2 3/4] app-admin/kube-bench: convert to go-module go.sum
(WilliamH: apologies for duplicate, I replied directly to you instead of
the list the first time around)
On Wed, Feb 19, 2020 at 12:10:46AM -0600, William Hubbs wrote:
> > +EGO_PN=github.com/aquasecurity/kube-bench
> You shouldn't need EGO_PN
Copied from th previous -r0.
>
> > +DESCRIPTION="Kubernetes Bench for Security runs the CIS Kubernetes
> > Benchmark"
> > +HOMEPAGE="https://github.com/aquasecurity/kube-bench;
> > +
> > +EGO_SUM=(
> > + "cloud.google.com/go v0.26.0/go.mod
> > h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw="
> > + "cloud.google.com/go v0.34.0/go.mod
> > h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw="
> > + "cloud.google.com/go v0.37.4
> > h1:glPeL3BQJsbF6aIIYfZizMwc5LTYz250bDMjttbBGAU="
> > + "cloud.google.com/go v0.37.4/go.mod
> > h1:NHPJ89PdicEuT9hdPXMROBD91xc5uRDxsMtSB16k7hw="
...
> > +)
>
> There's a lot of duplication in here. For example, the only difference
> between the last two lines is one has /go.mod tacked onto the end of the
> version. Do we need both lines for each module?
If we intend on validating h1: then yes, because we need to do it for
the .zip and .mod.
> > +src_unpack() {
> > + unpack ${P}.tar.gz
> > + go-module_src_unpack
> > +}
> Can we do this some how in go-module_src_unpack so we don't have to
> boiler-plate it to every consumer?
See discussion in eclass thread.
--
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
E-Mail : robb...@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136
signature.asc
Description: PGP signature
Re: [gentoo-dev] [PATCH v2 1/4] eclass/go-module: add support for building based on go.sum
On Tue, Feb 18, 2020 at 11:46:45PM -0600, William Hubbs wrote:
> > -# If it does not have a vendor directory, you should use the EGO_VENDOR
> > +# Alternatively, older versions of this eclass used the EGO_VENDOR
> > # variable and the go-module_vendor_uris function as shown in the
> > # example below to handle dependencies.
> I think we can remove the example with EGO_VENDOR and
> go-module_vendor_uris; we really don't want people to continue following
> that example.
I tried to handle more cases here, but now I'm wondering if it would be
cleaner just to put all of new way into a distinct eclass, and sunset
the old eclass entirely. I found unforeseen interactions, see below.
> > +# S="${WORKDIR}/${MY_P}"
> The default setting of S should be fine for most ebuilds, so I don't
> think we need this in the example.
I'd copied it, but yes in this case.
>
> > +# go-module_set_globals
> > +#
> > +# SRC_URI="https://github.com/example/${PN}/archive/v${PV}.tar.gz ->
> > ${P}.tar.gz
> > +# ${EGO_SUM_SRC_URI}"
> > +#
> > +# LICENSE="some-license ${EGO_SUM_LICENSES}"
> > +#
> > +# src_unpack() {
> > +# unpack ${P}.tar.gz
> > +# go-module_src_unpack
> > +# }
> I don't think I would put an src_unpack() in the example.
This is one of the unforeseen interactions.
The go.sum unpack only applies special handling to distfiles that it
knows about. It does NOT process any other distfiles at all.
EAPI8 or future Portage improvements might have annotations to disable
any automatic unpacking for specific distfiles, which would resolve this
issue.
Hence, you need to explicitly unpack any distfiles that are NOT part of
the go.sum dependencies. There are some ebuilds that do unpack & rename
in src_unpack already, so they need extra care as well.
The EGO_VENDOR src_unpack unpacked EVERYTHING, so it didn't have this
issue.
>
> > +# The extra metadata keys accepted at this time are:
> > +# - license: for dependencies built into the final runtime, the value
> > field is
> > +# a comma seperated list of Gentoo licenses to apply to the LICENSE
> > variable,
> > +#
> There are two lines for each module in go.sum, the one with /go.mod as a
> suffix to the version and the one without. We do not need both right?
This is not entirely correct, and it's the warnings from golang upstream
about some hidden complexity in the /go.mod that lead me to list both of
them.
If we intend to verify the h1: in future, then we need to list all
/go.mod entries explicitly, so have somewhere to put the h1: hash.
If you're verifying the h1: hash, you must verify it on the
{version}.mod ALWAYS, and if the {version}.zip is present, then also on
that file (otherwise it could sneak in some evil metadata via the
{version}.mod).
If we omit h1: entirely, then we can get away with listing ONE line in
EGO_SUM for each dependency.
- If it contains /go.mod, it will fetch ONLY the {version}.mod file.
- If it does not contain /go.mod, it will fetch the {version}.mod file
AND the {version}.zip file
> > +# @EXAMPLE:
> > +# # github.com/BurntSushi/toml is a build-time only dep
> > +# # github.com/aybabtme/rgbterm is a runtime dep, annotated with licenses
>
> I'm not sure we can distinguish between buildtime only and runtime deps.
The 'golicense' tool will take a Golang binary and print out all of the
Golang modules that got linked into it. I consider those to be the
runtime deps in this case.
> > +# @ECLASS-VARIABLE: _GOMODULE_GOPROXY_BASEURI
...
> > +# This variable should NOT be present in user-level configuration e.g.
> > +# /etc/portage/make.conf, as it will violate metadata immutability!
> > +: "${_GOMODULE_GOPROXY_BASEURI:=mirror://goproxy/}"
>
> If this isn't supposed to be in user-level configuration, where should
> it be set?
Maybe I'll just prefix it with 'readonly' and force the value for now.
> > # @FUNCTION: go-module_src_unpack
> > # @DESCRIPTION:
> > +# Extract & configure Go modules for consumpations.
> > +# - Modules listed in EGO_SUM are configured as a local GOPROXY via
> > symlinks (fast!)
> > +# - Modules listed in EGO_VENDOR are extracted to "${S}/vendor" (slow)
> > +#
> > +# This function does NOT unpack the base distfile of a Go-based package.
> > +# While the entries in EGO_SUM will be listed in ${A}, they should NOT be
> > +# unpacked, Go will directly consume the files, including zips.
> > +go-module_src_unpack() {
>
> If possible, this function should unpack the base distfile. That would
> keep us from having to write src_unpack for every go ebuild that uses
> the eclass.
That's fine until we get to multiple base distfiles and handling them.
Maybe pass a flag to go-module_src_unpack to tell it not to unpack any
distfile that it does not explicitly know about?
> > + die "Neither EGO_SUM nor EGO_VENDOR are set!"
> This shouldn't die, having neither one set is valid.
Yes, I caught this in later testing: a Golang package in the tree that
inherit go-module, but didn't use EGO_VENDOR, EGO_SUM or have a
Re: [gentoo-dev] [PATCH v2 4/4] dev-vcs/cli: new package
On Mon, Feb 17, 2020 at 01:22:32AM -0800, Robin H. Johnson wrote: > Package-Manager: Portage-2.3.84, Repoman-2.3.18 > Signed-off-by: Robin H. Johnson > --- > dev-vcs/cli/Manifest | 137 +++ > dev-vcs/cli/cli-0.5.5.ebuild | 177 +++ > dev-vcs/cli/metadata.xml | 11 +++ > 3 files changed, 325 insertions(+) > create mode 100644 dev-vcs/cli/Manifest > create mode 100644 dev-vcs/cli/cli-0.5.5.ebuild > create mode 100644 dev-vcs/cli/metadata.xml *snip manifest* > diff --git dev-vcs/cli/cli-0.5.5.ebuild dev-vcs/cli/cli-0.5.5.ebuild > new file mode 100644 > index ..3892d656a46e > --- /dev/null > +++ dev-vcs/cli/cli-0.5.5.ebuild > @@ -0,0 +1,177 @@ > +# Copyright 1999-2020 Gentoo Authors > +# Distributed under the terms of the GNU General Public License v2 > + > +EAPI=7 > +inherit bash-completion-r1 go-module > + > +EGO_SUM=( > + "github.com/akavel/rsrc v0.8.0/go.mod > h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=" > + "github.com/AlecAivazis/survey/v2 v2.0.4/go.mod > h1:WYBhg6f0y/fNYUuesWQc0PKbJcEliGcYHB9sNT3Bg74=" > + "github.com/AlecAivazis/survey/v2 v2.0.4 > h1:qzXnJSzXEvmUllWqMBWpZndvT2YfoAUzAMvZUax3L2M= license:MIT" > + "github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod > h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI=" > + "github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 > h1:smF2tmSOzy2Mm+0dGI2AIUHY+w0BUc+4tn40djz7+6U=" > + "github.com/alecthomas/chroma v0.6.8/go.mod > h1:o9ohftueRi7H5be3+Q2cQCNa/YnLBFUNx40ZJfGVFKA=" > + "github.com/alecthomas/chroma v0.6.8 > h1:TW4JJaIdbAbMyUtGEd6BukFlOKYvVQz3vVhLBEUNwMU= license:MIT" > + "github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721/go.mod > h1:QO9JBoKquHd+jz9nshCh40fOfO+JzsoXy8qTHF68zU0=" > + "github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721 > h1:JHZL0hZKJ1VENNfmXvHbgYlbUOvpzYzvy2aZU5gXVeo=" > + "github.com/alecthomas/kong-hcl > v0.1.8-0.20190615233001-b21fea9723c8/go.mod > h1:MRgZdU3vrFd05IQ89AxUZ0aYdF39BYoNFa324SodPCA=" > + "github.com/alecthomas/kong > v0.1.17-0.20190424132513-439c674f7ae0/go.mod > h1:+inYUSluD+p4L8KdviBSgzcqEjUQOfC5fQDRFuc36lI=" > + "github.com/alecthomas/kong v0.2.1-0.20190708041108-0548c6b1afae/go.mod > h1:+inYUSluD+p4L8KdviBSgzcqEjUQOfC5fQDRFuc36lI=" > + "github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897/go.mod > h1:xTS7Pm1pD1mvyM075QCDSRqH6qRLXylzS24ZTpRiSzQ=" > + "github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897 > h1:p9Sln00KOTlrYkxI1zYWl1QLnEqAqEARBEYa8FQnQcY=" > + "github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod > h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=" > + "github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod > h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= license:BSD-2,MIT" > + "github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59 > h1:WWB576BN5zNSZc/M9d/10pqEx5VHNhaQ/yOVAkmj5Yo=" > + "github.com/BurntSushi/toml v0.3.1/go.mod > h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=" > + "github.com/BurntSushi/toml v0.3.1 > h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=" > + "github.com/coreos/etcd v3.3.10+incompatible/go.mod > h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=" > + "github.com/coreos/go-etcd v2.0.0+incompatible/go.mod > h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=" > + "github.com/coreos/go-semver v0.2.0/go.mod > h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=" > + "github.com/cpuguy83/go-md2man v1.0.10/go.mod > h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=" > + "github.com/cpuguy83/go-md2man v1.0.10 > h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk=" > + "github.com/daaku/go.zipexe v1.0.0/go.mod > h1:z8IiR6TsVLEYKwXAoE/I+8ys/sDkgTzSL0CLnGVd57E=" > + "github.com/danwakefield/fnmatch > v0.0.0-20160403171240-cbb64ac3d964/go.mod > h1:Xd9hchkHSWYkEqJwUGisez3G1QY8Ryz0sdWrLPMGjLk=" > + "github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 > h1:y5HC9v93H5EPKqaS1UYVg1uYah5Xf51mBfIoWehClUQ= license:BSD-2" > + "github.com/davecgh/go-spew v1.1.0/go.mod > h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=" > + "github.com/davecgh/go-spew v1.1.1/go.mod > h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=" > + "github.com/davecgh/go-spew v1.1.1 > h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=" > + "github.com/dlclark/regexp2 v1.1.6/go.mod > h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=" > + "github.com/dlclark/regexp2 v1.1.6 > h1:CqB4MjHw0MFCDj+PHHjiESmHX+N7t0tJzKvC6M97BRg= license:MIT" > + "github.com/fsnotify/fsnotify v1.4.7/go.mod > h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=" > + "github.com/GeertJohan/go.incremental v1.0.0/go.mod > h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0=" > + "github.com/GeertJohan/go.rice v1.0.0/go.mod > h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0=" > +
Re: [gentoo-dev] [PATCH v2 3/4] app-admin/kube-bench: convert to go-module go.sum
On Mon, Feb 17, 2020 at 01:22:31AM -0800, Robin H. Johnson wrote: > Signed-off-by: Robin H. Johnson > --- > app-admin/kube-bench/Manifest | 351 > .../kube-bench/kube-bench-0.2.3-r1.ebuild | 394 ++ > 2 files changed, 745 insertions(+) > create mode 100644 app-admin/kube-bench/kube-bench-0.2.3-r1.ebuild > *snip manifest* > diff --git app-admin/kube-bench/kube-bench-0.2.3-r1.ebuild > app-admin/kube-bench/kube-bench-0.2.3-r1.ebuild > new file mode 100644 > index ..fcab0aed86e9 > --- /dev/null > +++ app-admin/kube-bench/kube-bench-0.2.3-r1.ebuild > @@ -0,0 +1,394 @@ > +# Copyright 1999-2019 Gentoo Authors > +# Distributed under the terms of the GNU General Public License v2 > + > +EAPI=7 > +EGO_PN=github.com/aquasecurity/kube-bench You shouldn't need EGO_PN > +DESCRIPTION="Kubernetes Bench for Security runs the CIS Kubernetes Benchmark" > +HOMEPAGE="https://github.com/aquasecurity/kube-bench; > + > +EGO_SUM=( > + "cloud.google.com/go v0.26.0/go.mod > h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=" > + "cloud.google.com/go v0.34.0/go.mod > h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=" > + "cloud.google.com/go v0.37.4 > h1:glPeL3BQJsbF6aIIYfZizMwc5LTYz250bDMjttbBGAU=" > + "cloud.google.com/go v0.37.4/go.mod > h1:NHPJ89PdicEuT9hdPXMROBD91xc5uRDxsMtSB16k7hw=" > + "github.com/BurntSushi/toml v0.3.1 > h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=" > + "github.com/BurntSushi/toml v0.3.1/go.mod > h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=" > + "github.com/NYTimes/gziphandler > v0.0.0-20170623195520-56545f4a5d46/go.mod > h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=" > + "github.com/OneOfOne/xxhash v1.2.2/go.mod > h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=" > + "github.com/PuerkitoBio/purell v1.0.0/go.mod > h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=" > + "github.com/PuerkitoBio/purell v1.1.1 > h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=" > + "github.com/PuerkitoBio/purell v1.1.1/go.mod > h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=" > + "github.com/PuerkitoBio/urlesc > v0.0.0-20160726150825-5bd2802263f2/go.mod > h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=" > + "github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 > h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=" > + "github.com/PuerkitoBio/urlesc > v0.0.0-20170810143723-de5bf2ad4578/go.mod > h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=" > + "github.com/Shopify/sarama v1.19.0/go.mod > h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=" > + "github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod > h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=" > + "github.com/alecthomas/template > v0.0.0-20160405071501-a0175ee3bccc/go.mod > h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=" > + "github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod > h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=" > + "github.com/apache/thrift v0.12.0/go.mod > h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=" > + "github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod > h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=" > + "github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod > h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=" > + "github.com/beorn7/perks v1.0.0/go.mod > h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=" > + "github.com/cespare/xxhash v1.1.0/go.mod > h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=" > + "github.com/client9/misspell v0.3.4/go.mod > h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=" > + "github.com/coreos/bbolt v1.3.2/go.mod > h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=" > + "github.com/coreos/etcd v3.3.10+incompatible/go.mod > h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=" > + "github.com/coreos/go-semver v0.2.0/go.mod > h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=" > + "github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod > h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=" > + "github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod > h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=" > + "github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod > h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=" > + "github.com/davecgh/go-spew v1.1.0/go.mod > h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=" > + "github.com/davecgh/go-spew v1.1.1 > h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=" > + "github.com/davecgh/go-spew v1.1.1/go.mod > h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=" > + "github.com/denisenkom/go-mssqldb v0.0.0-20190515213511-eb9f6a1743f3 > h1:tkum0XDgfR0jcVVXuTsYv/erY2NnEDqwRojbxR1rBYA=" > + "github.com/denisenkom/go-mssqldb > v0.0.0-20190515213511-eb9f6a1743f3/go.mod > h1:zAg7JM8CkOJ43xKXIj7eRO9kmWm/TW578qo+oDO6tuM=" > + "github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod >
Re: [gentoo-dev] [PATCH v2 2/4] dev-go/go-tour: convert to go-module go.sum
This ebuild isn't fully convirted, so it probably isn't the best
example.
My comments are just a couple of aspects of it.
On Mon, Feb 17, 2020 at 01:22:30AM -0800, Robin H. Johnson wrote:
> Signed-off-by: Robin H. Johnson
> ---
> dev-go/go-tour/Manifest | 7 ++
> dev-go/go-tour/go-tour-0_p20190829-r2.ebuild | 68
> 2 files changed, 75 insertions(+)
> create mode 100644 dev-go/go-tour/go-tour-0_p20190829-r2.ebuild
>
> diff --git dev-go/go-tour/Manifest dev-go/go-tour/Manifest
> index 4790cfab02c5..89515578048c 100644
> --- dev-go/go-tour/Manifest
> +++ dev-go/go-tour/Manifest
> @@ -1,3 +1,10 @@
> DIST github.com-golang-net-3b0461eec859c4b73bb64fdc8285971fd33e3938.tar.gz
> 1099680 BLAKE2B
> 989a8d6c9166696bef1aff398acc8cd1e41e1240c5c113be030c80355cdf96eaa6d5f231c99f2c44d8eacf199579804c59fc45f999862bc4bf057b694841c8dc
> SHA512
> 5e42e26ac17f52d6408b63eebd740bedc5a78b8023b675688d7b39b20afa53b34ffde764b693828143483c8f5450180f6a00e9eb28b8f3f6e14303cc4cd7c62b
> DIST github.com-golang-tools-7b79afddac434519a8ca775cc575fddb0d162aab.tar.gz
> 2682003 BLAKE2B
> 60d9981b9fcc47077bc0dc1179e518ba2f2373595d5798eb6aa37a832ce72f475b0808b2030919f141cd978533792294fdd8528e1d52b4eeec6e9f1a3b6e772d
> SHA512
> 5b7af03d138567edaa70e1b3555b8a9c4822f33c3fb14e8ec435499d21f46d61f44b62fddcec3ecc6f75d4e9a6dfb6b2a7526ddf8785d933941d64e646dc1b9b
> DIST go-tour-0_p20190829.tar.gz 321179 BLAKE2B
> 56fad2c3608aec9653e31a59e8696aa445375de88f17e72a95620b4b375c88b8e45838360c09a1c53184e5a20c1a5ca044f6ad055de3736e675d3faf3fd52a91
> SHA512
> 2701234788810a8fdb932faae666ec89796664e078b3170344b8c219a2247a510df66bff825bdc458ba062bd4b3f5dccd07dbf88a092053b1ea791c2f50248f4
> +DIST golang.org%2Fx%2Fcrypto%2F@v%2Fv0.0.0-20190308221718-c2843e01d9a2.mod
> 88 BLAKE2B
> aec7d0eea1278eb3d1568d5bfb4041267501ad14457ebfcbdbc5fe21473170b8616ca4028f52af2edbfd85922cbe04540b4b0df7f69f63197698143cc5557a7a
> SHA512
> 2df49895053b36fed7ea905aa73f86568fbafd79ff0a7976679d8c77cf15025129435d9dbfd89367b611b1aadbea4f4bd1835eb4efa9ea702466e443638d379e
> +DIST golang.org%2Fx%2Fnet%2F@v%2Fv0.0.0-20190311183353-d8887717615a.mod 119
> BLAKE2B
> e042b2716739483252c3340451b2c3c7b421fdf8d6b3e0333e979802fca66159596982ea63a24b6a64457b2757a0ad24cbb9ea032bab4c5377edf84a3ea18b97
> SHA512
> 26b6c92eecd2208967336d4d23f8a71f77f9a73643ad1e5cd84dee36b2f626fffc806e4dd33acc284831a0961e2b363d898a747903235945fbfb665c5b4d5ef2
> +DIST golang.org%2Fx%2Fnet%2F@v%2Fv0.0.0-20190311183353-d8887717615a.zip
> 1273340 BLAKE2B
> 7d42472afb905448b6ae6f66258dc805fa7c4b9c8dffb230ad6458b250fe5d564a3f6e2bf97b241ac9293c9f5885f28cc996ab7953a0ba9e97b8731911b982d5
> SHA512
> 57852d3cd066a9eb279f909b464824041e138db1eb98c66ffbbc81259cb3f94da8ecd4d2b961646fbbe0c05156785ab2f44408b19d9f467001627d7b12fed4af
> +DIST golang.org%2Fx%2Fsys%2F@v%2Fv0.0.0-20190215142949-d0b11bdaac8a.mod 24
> BLAKE2B
> 64a70c4594f5d3c37d962c1ed07630fba8abeaf534242f8f1509af271684499252af9a2320d5bac8e44064dba344b807535e4e9dd085fc0fb47bd9304120601a
> SHA512
> ffe50fccf7f1d200f2ebc805b190e3f10c5a3184458a38f4590e520d7ce115e1520fbabe56651bbdc2e08da4a8db5ac86d0e88728efde3ab26c64ab4e0cd604c
> +DIST golang.org%2Fx%2Ftext%2F@v%2Fv0.3.0.mod 25 BLAKE2B
> 31009af0fdcd0f8730c9985287e6e364ec4e5183e57e92560dbc80a2010eced51b8a90f01a82b49384268c8a0adbf69d179c205d3f68e0eb459169d2ea9528f0
> SHA512
> ca081ef7cccd7bbedc6843fbe0c452352661a07e1298cd02ff338ed79d807c6401d613a3cf20011189d2f98a794ffa410547b3e352eb58a6f0a84822285d391d
> +DIST golang.org%2Fx%2Ftools%2F@v%2Fv0.0.0-20190312164927-7b79afddac43.mod 87
> BLAKE2B
> 32cb406deea05323b1121386bf61f344f8eda0b5370e95bb73828ce0bea50bee375ae3e9b076b9d683a4d89561709c5e97e45e6b08344fbdf6b03b3ce4398dcd
> SHA512
> 18ae9b2f54109b4ec5cdea433ee0e3b7006e4d5ea57022d6e8151d4d364735a6b55cf7b5eb2f43b602ec786b2b6819ad78dfc33151ee1a63a0b1199f54ce34a1
> +DIST golang.org%2Fx%2Ftools%2F@v%2Fv0.0.0-20190312164927-7b79afddac43.zip
> 3200356 BLAKE2B
> 8ebbd9b772d54bfa39de2319a583c5d80cf6580456a4da5043a5b9a49450c3dcc5eba68ac7726dd7771c0855032294b2ee6a9df738780e87c312935fbc94e5a8
> SHA512
> 5e56ee0659802472d5187c0fe65c6e2b93478cf968b95c2c79db3d458844c38b18a597ad032cfe3a712a5516215d6010f1efcf36db2aa2bb2d29bf337819969d
> diff --git dev-go/go-tour/go-tour-0_p20190829-r2.ebuild
> dev-go/go-tour/go-tour-0_p20190829-r2.ebuild
> new file mode 100644
> index ..256553da8002
> --- /dev/null
> +++ dev-go/go-tour/go-tour-0_p20190829-r2.ebuild
> @@ -0,0 +1,68 @@
> +# Copyright 1999-2019 Gentoo Authors
> +# Distributed under the terms of the GNU General Public License v2
> +
> +EAPI=7
> +MY_PN=tour
> +EGO_PN="golang.org/x/${MY_PN}"
+
You shouldn't need EGO_PN or MY_PN any longer.
> +EGO_SUM=(
> + # Minimal covering set
> + "golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod"
> + "golang.org/x/net v0.0.0-20190311183353-d8887717615a license:BSD"
> + "golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod"
> +
Re: [gentoo-dev] [PATCH v2 1/4] eclass/go-module: add support for building based on go.sum
On Mon, Feb 17, 2020 at 01:22:29AM -0800, Robin H. Johnson wrote:
> EGO_SUM mode now supplements the existing EGO_VENDOR mode.
>
> EGO_SUM should be populated by the maintainer, directly from the go.sum
> file of the root package. See eclass and conversion examples for further
> details: dev-go/go-tour, app-admin/kube-bench, dev-vcs/cli
>
> The go-module_set_globals function performs validation of
> inputs and dies on fatal errors.
>
> Signed-off-by: Robin H. Johnson
> ---
> eclass/go-module.eclass| 419 +++--
> profiles/thirdpartymirrors | 1 +
> 2 files changed, 397 insertions(+), 23 deletions(-)
>
> diff --git eclass/go-module.eclass eclass/go-module.eclass
> index 80ff2902b3ad..50aff92735af 100644
> --- eclass/go-module.eclass
> +++ eclass/go-module.eclass
> @@ -4,22 +4,45 @@
> # @ECLASS: go-module.eclass
> # @MAINTAINER:
> # William Hubbs
> +# @AUTHOR:
> +# William Hubbs
> +# Robin H. Johnson
> # @SUPPORTED_EAPIS: 7
> # @BLURB: basic eclass for building software written as go modules
> # @DESCRIPTION:
> -# This eclass provides basic settings and functions
> -# needed by all software written in the go programming language that uses
> -# go modules.
> +# This eclass provides basic settings and functions needed by all software
> +# written in the go programming language that uses go modules.
> +#
> +# You might know the software you are packaging uses modules because
> +# it has files named go.sum and go.mod in its top-level source directory.
> +# If it does not have these files, try use the golang-* eclasses FIRST!
> +# There ARE legacy Golang packages that use external modules with none of
> +# go.mod, go.sum, vendor/ that can use this eclass regardless.
> +#
> +# Guidelines for usage:
> +# "vendor/":
> +# - pre-vendored package. Do NOT set EGO_SUM or EGO_VENDOR.
> #
> -# You will know the software you are packaging uses modules because
> -# it will have files named go.sum and go.mod in its top-level source
> -# directory. If it does not have these files, use the golang-* eclasses.
> +# "go.mod" && "go.sum":
> +# - Populate EGO_SUM with entries from go.sum
> +# - Append license:${GENTOO_LICENSE} to any modules needed at runtime.
> +# dev-go/golicense can tell you which modules in a Golang binary are used
> at
> +# runtime (requires network connectivity).
> #
> -# If it has these files and a directory named vendor in its top-level
> -# source directory, you only need to inherit the eclass since upstream
> -# is vendoring the dependencies.
> +# None of the above:
> +# - Did you try golang-* eclasses first? Upstream has undeclared dependencies
> +# (perhaps really old source). You can use either EGO_SUM or EGO_VENDOR.
> +
> +#
> +# If it has these files AND a directory named "vendor" in its top-level
> source
> +# directory, you only need to inherit the eclass since upstream has already
> +# vendored the dependencies.
> +
> +# If it does not have a vendor directory, you should use the EGO_SUM
> +# variable and the go-module_gosum_uris function as shown in the
> +# example below to handle dependencies.
> #
> -# If it does not have a vendor directory, you should use the EGO_VENDOR
> +# Alternatively, older versions of this eclass used the EGO_VENDOR
> # variable and the go-module_vendor_uris function as shown in the
> # example below to handle dependencies.
I think we can remove the example with EGO_VENDOR and
go-module_vendor_uris; we really don't want people to continue following
that example.
> @@ -28,6 +51,28 @@
> # dependencies. So please make sure it is accurate.
> #
> # @EXAMPLE:
> +# @CODE
> +#
> +# inherit go-module
> +#
> +# EGO_SUM=(
> +# "github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod
> h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= license:BSD-2,MIT"
> +# "github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59
> h1:WWB576BN5zNSZc/M9d/10pqEx5VHNhaQ/yOVAkmj5Yo="
> +# )
> +# S="${WORKDIR}/${MY_P}"
The default setting of S should be fine for most ebuilds, so I don't
think we need this in the example.
> +# go-module_set_globals
> +#
> +# SRC_URI="https://github.com/example/${PN}/archive/v${PV}.tar.gz ->
> ${P}.tar.gz
> +# ${EGO_SUM_SRC_URI}"
> +#
> +# LICENSE="some-license ${EGO_SUM_LICENSES}"
> +#
> +# src_unpack() {
> +#unpack ${P}.tar.gz
> +#go-module_src_unpack
> +# }
+#
I don't think I would put an src_unpack() in the example.
> +# @CODE
> #
> # @CODE
> #
> @@ -35,7 +80,7 @@
> #
> # EGO_VENDOR=(
> #"github.com/xenolf/lego 6cac0ea7d8b28c889f709ec7fa92e92b82f490dd"
> -# "golang.org/x/crypto 453249f01cfeb54c3d549ddb75ff152ca243f9d8
> github.com/golang/crypto"
> +#"golang.org/x/crypto 453249f01cfeb54c3d549ddb75ff152ca243f9d8
> github.com/golang/crypto"
> # )
> #
> # SRC_URI="https://github.com/example/${PN}/archive/v${PV}.tar.gz ->
> ${P}.tar.gz
> @@ -64,10 +109,12 @@ export GO111MODULE=on
> export GOCACHE="${T}/go-build"
>
> # The
Re: [gentoo-dev] [PATCH 3/3] app-admin/kube-bench: convert to go-module go.sum
On 02/18/20 02:36, Matt Turner wrote: > On Mon, Feb 17, 2020 at 11:47 PM desultory wrote: >> > > You've got a particular knack for this kind of argumentative nonsense. > > While I will gladly accept that post being described as "argumentative", as after all I am very much interested in reading actual arguments sufficient to convince me that my impressions and the opinions derived therefrom are incorrect; I do take issue with it being described as "nonsense". So, I put to you the simple question: how, exactly, is it nonsense? I extrapolated from your own activities and your own statements about your own activities. If you don't like the impressions thus derived it might do you well to address the sources of those impressions instead of dismissing them as nonsense. Or, are you telling me that your own statements are nonsense and your actions nonsensical and thus impressions derived from them are nonsense? That in itself produces a rather strong impression.
Re: [gentoo-dev] [PATCH] eclass/acct-user.eclass: disable pkg_* on Prefix.
Michael 'veremitz' Everitt writes: > Peanut gallery says 'ACK' +1 Thank you veremitz. Let's see :) Benda signature.asc Description: PGP signature
Re: [gentoo-dev] [Policy change] Package masking of live ebuilds
On 18/02/20 19:52, Ulrich Mueller wrote: > The devmanual says about live ebuilds: > > | CVS ebuilds must be either with empty KEYWORDS or package.masked > | (but not both). Empty KEYWORDS are strongly preferred. This applies > | to "live" ebuilds (-) and to ebuilds that extract a static > | revision but still use CVS for fetching. > > As of today, I count 2123 live ebuilds in the Gentoo repository with > empty KEYWORDS and 1 (one) ebuild with non-empty KEYWORDS but > package.masked. > > So, can we finally make empty KEYWORDS mandatory and drop the part > about package.masking? > > Ulrich > > [1] > https://devmanual.gentoo.org/ebuild-writing/functions/src_unpack/cvs-sources/index.html > (Yes, there really should be a chapter about Git sources ...) This sounds like an ideal opportunity for repoman/pkgcheck warnings .. no? signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] [Policy change] Package masking of live ebuilds
On Tue, Feb 18, 2020 at 08:52:59PM +0100, Ulrich Mueller wrote: > The devmanual says about live ebuilds: > > | CVS ebuilds must be either with empty KEYWORDS or package.masked > | (but not both). Empty KEYWORDS are strongly preferred. This applies > | to "live" ebuilds (-) and to ebuilds that extract a static > | revision but still use CVS for fetching. > > As of today, I count 2123 live ebuilds in the Gentoo repository with > empty KEYWORDS and 1 (one) ebuild with non-empty KEYWORDS but > package.masked. > > So, can we finally make empty KEYWORDS mandatory and drop the part > about package.masking? I'm all for this; live ebuilds should have empty keywords and not be in package.mask. On a side note, the subject of this thread is somewhat confusing because it implies that you want to do the opposite. ;-) William signature.asc Description: Digital signature
[gentoo-dev] [Policy change] Package masking of live ebuilds
The devmanual says about live ebuilds: | CVS ebuilds must be either with empty KEYWORDS or package.masked | (but not both). Empty KEYWORDS are strongly preferred. This applies | to "live" ebuilds (-) and to ebuilds that extract a static | revision but still use CVS for fetching. As of today, I count 2123 live ebuilds in the Gentoo repository with empty KEYWORDS and 1 (one) ebuild with non-empty KEYWORDS but package.masked. So, can we finally make empty KEYWORDS mandatory and drop the part about package.masking? Ulrich [1] https://devmanual.gentoo.org/ebuild-writing/functions/src_unpack/cvs-sources/index.html (Yes, there really should be a chapter about Git sources ...) signature.asc Description: PGP signature
Re: [gentoo-dev] [PATCH] eclass/acct-user.eclass: disable pkg_* on Prefix.
On 18/02/20 13:02, hero...@gentoo.org wrote:
> From: Benda Xu
>
> Gentoo Prefix runs with a normal user and cannot manage any other user.
> Exit gracefully with a message.
>
> Closes: https://bugs.gentoo.org/709570
> Signed-off-by: Benda Xu
> ---
> eclass/acct-user.eclass | 10 ++
> 1 file changed, 10 insertions(+)
>
> diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass
> index be6b3dd3e600..e3ec3966035d 100644
> --- a/eclass/acct-user.eclass
> +++ b/eclass/acct-user.eclass
> @@ -360,6 +360,11 @@ acct-user_pkg_preinst() {
> acct-user_pkg_postinst() {
> debug-print-function ${FUNCNAME} "${@}"
>
> + if [[ ${EUID} != 0 ]] ; then
> + einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
> + return 0
> + fi
> +
> # NB: eset* functions check current value
> esethome "${ACCT_USER_NAME}" "${ACCT_USER_HOME}"
> esetshell "${ACCT_USER_NAME}" "${ACCT_USER_SHELL}"
> @@ -376,6 +381,11 @@ acct-user_pkg_postinst() {
> acct-user_pkg_prerm() {
> debug-print-function ${FUNCNAME} "${@}"
>
> + if [[ ${EUID} != 0 ]] ; then
> + einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
> + return 0
> + fi
> +
> if [[ -z ${REPLACED_BY_VERSION} ]]; then
> if [[ -z $(egetent passwd "${ACCT_USER_NAME}") ]]; then
> ewarn "User account not found: ${ACCT_USER_NAME}"
Peanut gallery says 'ACK' +1
signature.asc
Description: OpenPGP digital signature
[gentoo-dev] [PATCH] eclass/acct-user.eclass: disable pkg_* on Prefix.
From: Benda Xu
Gentoo Prefix runs with a normal user and cannot manage any other user.
Exit gracefully with a message.
Closes: https://bugs.gentoo.org/709570
Signed-off-by: Benda Xu
---
eclass/acct-user.eclass | 10 ++
1 file changed, 10 insertions(+)
diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass
index be6b3dd3e600..e3ec3966035d 100644
--- a/eclass/acct-user.eclass
+++ b/eclass/acct-user.eclass
@@ -360,6 +360,11 @@ acct-user_pkg_preinst() {
acct-user_pkg_postinst() {
debug-print-function ${FUNCNAME} "${@}"
+ if [[ ${EUID} != 0 ]] ; then
+ einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
+ return 0
+ fi
+
# NB: eset* functions check current value
esethome "${ACCT_USER_NAME}" "${ACCT_USER_HOME}"
esetshell "${ACCT_USER_NAME}" "${ACCT_USER_SHELL}"
@@ -376,6 +381,11 @@ acct-user_pkg_postinst() {
acct-user_pkg_prerm() {
debug-print-function ${FUNCNAME} "${@}"
+ if [[ ${EUID} != 0 ]] ; then
+ einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
+ return 0
+ fi
+
if [[ -z ${REPLACED_BY_VERSION} ]]; then
if [[ -z $(egetent passwd "${ACCT_USER_NAME}") ]]; then
ewarn "User account not found: ${ACCT_USER_NAME}"
--
2.25.0
