On Wed, 2019-09-18 at 15:26 -0500, William Hubbs wrote:
> Signed-off-by: William Hubbs <willi...@gentoo.org>
> ---
> eclass/go-module.eclass | 161 ++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 161 insertions(+)
> create mode 100644 eclass/go-module.eclass
>
> diff --git a/eclass/go-module.eclass b/eclass/go-module.eclass
> new file mode 100644
> index 00000000000..6f609e94542
> --- /dev/null
> +++ b/eclass/go-module.eclass
> @@ -0,0 +1,161 @@
> +# Copyright 2019 gentoo authors
> +# Distributed under the terms of the GNU General Public License v2
> +
> +# @ECLASS: go-module.eclass
> +# @MAINTAINER:
> +# William Hubbs <willi...@gentoo.org>
> +# @SUPPORTED_EAPIS: 7
> +# @BLURB: basic eclass for building software written in the go
> +# programming language that uses go modules.
> +# @DESCRIPTION:
> +# This eclass provides some basic things needed by all software
> +# written in the go programming language that uses go modules.
> +#
> +# You will know the software you are packaging uses modules because
> +# it will have files named go.sum and go.mod in its top-level source
> +# directory. If it does not have these files, use the golang-* eclasses.
> +#
> +# This eclass provides a src_unpack function which unpacks the
> +# first tarball mentioned in SRC_URI to the usual location and unpacks
> +# any modules mentioned in EGO_VENDOR to ${S}/vendor if upstream doesn't
> +# vendor its own dependencies.
> +#
> +# If upstream vendors its dependencies, setting EGO_VENDOR is an error.
> +#
> +# Please note that this eclass currently handles only tarballs
> +# (.tar.gz), but support for more formats may be added in the future.
> +#
> +# Since Go programs are statically linked, it is important that your ebuild's
> +# LICENSE= setting includes the licenses of all statically linked
> +# dependencies. So please make sure it is accurate.
> +#
> +# @EXAMPLE:
> +#
> +# @CODE
> +# EGO_VENDOR=(
> +# "github.com/xenolf/lego 6cac0ea7d8b28c889f709ec7fa92e92b82f490dd"
> +# "golang.org/x/crypto 453249f01cfeb54c3d549ddb75ff152ca243f9d8
> github.com/golang/crypto"
> +# )
> +#
> +# inherit go-module
> +#
> +# SRC_URI="https://github.com/example/${PN}/archive/v${PV}.tar.gz ->
> ${P}.tar.gz
> +# ${EGO_VENDOR_URI}"
> +# @CODE
> +#
> +# The above example will extract the tarball to ${S} and
> +# extract the contents of EGO_VENDOR to ${S}/vendor.
> +
> +case ${EAPI:-0} in
> + 7) ;;
> + *) die "${ECLASS} API in EAPI ${EAPI} not yet established."
> +esac
> +
> +if [[ -z ${_GO_MODULE} ]]; then
> +
> +_GO_MODULE=1
> +
> +BDEPEND=">=dev-lang/go-1.12"
> +
> +# Force go to build in module mode.
> +# In this mode the GOPATH environment variable is ignored.
> +# this will become the default in the future.
> +export GO111MODULE=on
> +
> +# The following go flags should be used for all builds.
> +# -mod=vendor stopps downloading of dependencies from the internet.
> +# -v prints the names of packages as they are compiled
> +# -x prints commands as they are executed
> +export GOFLAGS="-mod=vendor -v -x"
> +
> +# Do not complain about CFLAGS etc since go projects do not use them.
> +QA_FLAGS_IGNORED='.*'
> +
> +# Go packages should not be stripped with strip(1).
> +RESTRICT="strip"
> +
> +EXPORT_FUNCTIONS src_unpack pkg_postinst
> +
> +# @ECLASS-VARIABLE: EGO_VENDOR
> +# @DESCRIPTION:
> +# This variable contains a list of vendored packages.
> +# The items of this array are strings that contain the
> +# import path and the git commit hash for a vendored package.
> +# If the import path does not start with github.com, the third argument
> +# can be used to point to a github repository.
> +
> +declare -arg EGO_VENDOR
> +
> +_go-module_set_vendor_uri() {
> + EGO_VENDOR_URI=
> + local lib
> + for lib in "${EGO_VENDOR[@]}"; do
> + lib=(${lib})
> + if [[ -n ${lib[2]} ]]; then
> + EGO_VENDOR_URI+="
> https://${lib[2]}/archive/${lib[1]}.tar.gz ->
> ${lib[2]//\//-}-${lib[1]}.tar.gz"
> + else
> + EGO_VENDOR_URI+="
> https://${lib[0]}/archive/${lib[1]}.tar.gz ->
> ${lib[0]//\//-}-${lib[1]}.tar.gz"
> + fi
> + done
> + readonly EGO_VENDOR_URI
> +}
> +
> +_go-module_set_vendor_uri
> +unset -f _go-module_set_vendor_uri
> +
> +_go-module_dovendor() {
> + local VENDOR_PATH=$1 VENDORPN=$2 TARBALL=$3
> + rm -fr "${VENDOR_PATH}/${VENDORPN}" || die
> + mkdir -p "${VENDOR_PATH}/${VENDORPN}" || die
> + tar -C "${VENDOR_PATH}/${VENDORPN}" -x --strip-components 1\
> + -f "${DISTDIR}/${TARBALL}" || die
> +}
> +
> +# @FUNCTION: go-module_src_unpack
> +# @DESCRIPTION:
> +# Extract the first archive from ${A} to ${S}, then extract
> +# any sources mentioned in ${EGO_VENDOR} to ${S}/vendor.
> +go-module_src_unpack() {
> + local lib vendor_path x
> + set -- ${A}
> + x="$1"
> + mkdir -p "${S}" || die
> + tar -C "${S}/" -x --strip-components 1 \
> + -f "${DISTDIR}/${x}" || die
> +
> + if [[ -n "${EGO_VENDOR}" ]]; then
> + vendor_path="${S}/vendor"
> + if [[ -d "${vendor_path}" ]]; then
> + eerror "Upstream for ${P}.ebuild vendors dependencies."
> + die "Remove EGO_VENDOR from the ebuild."
> + fi
> + mkdir -p "${vendor_path}" || die
> + for lib in "${EGO_VENDOR[@]}"; do
> + lib=(${lib})
> + if [[ -n ${lib[2]} ]]; then
> + einfo "Vendoring ${lib[0]}
> ${lib[2]//\//-}-${lib[1]}.tar.gz"
> + _go-module_dovendor "${vendor_path}" ${lib[0]} \
> + ${lib[2]//\//-}-${lib[1]}.tar.gz
> + else
> + einfo "Vendoring ${lib[0]}
> ${lib[0]//\//-}-${lib[1]}.tar.gz"
> + _go-module_dovendor "${vendor_path}" ${lib[0]} \
> + ${lib[0]//\//-}-${lib[1]}.tar.gz
> + fi
> + done
> + fi
> +}
> +
> +# @FUNCTION: go-module_pkg_postinst
> +# @DESCRIPTION:
> +# Display a warning about security updates for Go programs.
> +go-module_pkg_postinst() {
> + ewarn "${PN} is written in the Go programming language."
> + ewarn "Since this language is statically linked, security"
> + ewarn "updates will be handled in individual packages and will be"
> + ewarn "difficult for us to track as a distribution."
> + ewarn "For this reason, please update any go packages asap when new"
> + ewarn "versions enter the tree or go stable if you are running the"
> + ewarn "stable tree."I don't really understand why you're adding it to *this* eclass. Isn't it true for all Go packages? So I suppose golang-* eclasses are affected as well. > +} > + > +fi -- Best regards, Michał Górny
signature.asc
Description: This is a digitally signed message part
