On Fri, Mar 10, 2017 at 11:48 AM, Alexander Kanavin <alexander.kana...@linux.intel.com> wrote: > On 03/10/2017 04:30 PM, Otavio Salvador wrote: >> >> When integrating the CHICKEN Scheme support onto the Yocto Project we >> dealt it using their installation tool but making the package of >> individual packages (eggs, in this specific case) as individual >> recipes. We went further and automated the recipe generation and this >> made it quite easy to maintain in long term. >> >> Take a look at: >> >> https://github.com/OSSystems/meta-chicken > > > Thanks, even though my Scheme-fu isn't great :) > > I'd like to avoid generating entire separate recipes though, because that > implies your custom-written tool would be figuring out where the dependency > source came from in the first place, and what are its own dependencies, when > creating the recipe, which can be tricky, breakage-prone guesswork.
In fact not; as you generate the recipes for the dependencies, it goes recursively and is always good. > I want to use existing tools (like 'npm install') for getting the stuff from > the network - we don't really need full recipes, we just want to know the > licenses of the dependencies, and, if possible, lock them down to a specific > version. Well we initially thought this would suffice but consider a security flaw. As many apps may be using different versions of same package it becomes a nightmare to figure which ones are affected. If using dependencies it is fine, for free. -- Otavio Salvador O.S. Systems http://www.ossystems.com.br http://code.ossystems.com.br Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750 -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto