vendor ruby #404
vendor ruby #404
Conversation
|
Could we make this PR just for Ruby for now to slim the diff and add documentation for how to build and upload the Ruby as part of this PR? Thanks! |
|
I make the PR only for ruby now.
I have move the portable formulae repo under Homebrew's organization: https://github.com/Homebrew/homebrew-portable There are already some basic document here. However, I may not find enough free time lately to work on automatic building/uploading tool. If any maintainers are interesting to work on that, feel free to do so. |
|
cc @mistydemeo @sjackman for suggesting on automatic building PowerPC and Linux vendor tools. |
| then | ||
| curl_args="-#fLA" | ||
| else | ||
| curl_args="-sfLA" |
There was a problem hiding this comment.
In a followup PR, I'd like to look into vendoring curl as well; older platforms won't be able to fetch from all hosts without.
There was a problem hiding this comment.
This is on my watch list. However, I haven't figured out how to download vendor curl itself. Maybe a separate fetching strategy using system curl with --insecure flag?
There was a problem hiding this comment.
It's a bit of a chicken and egg problem, huh? Yes, maybe...
There was a problem hiding this comment.
Assuming they got Homebrew from some trusted source, maybe the way to address this would be to ignore transport security and only rely on the SHA-256 to validate the integrity of the download? (I guess this pretty much boils down to system curl with the --insecure flag.)
Can we rename this to
I think re-using |
Thanks. I still see e.g.
Would be good to add how/where to upload to that document, even if it's not automatic or terminal commands but links to e.g. Bintray. Also, rather than documenting multiple commands just making a simple script that runs them and could be part of that tap feels like it'll be easier e.g.
👍
👍 to |
|
|
||
| if [[ -n "$HOMEBREW_VERBOSE" ]] | ||
| then | ||
| curl_args="-fLA" |
There was a problem hiding this comment.
Could turn the shared args into a shared variable. Also, can you use the long form of these flags to make it more readable.
Can we keep it as is for now, which can help me to reduce conflicting in git rebase. Please note I want to ship vendoring Ruby and git at the same time, or at least in short time between two. As I have stated in the old PR, we need to make sure vendoring system work for both Ruby and Git(as they are invoked in different ways). It will create a lot of implemention as well as maintenance problems if we fail to make sure them in the first time. As for auto-building, I am considering to ultilize test-bot in #410. But there are several things need to be done. One simple script for all won't work, because there are a few manually tests invoked. I will need to tweak test and linkage command to make auto test possible. |
I'm pretty distrustful of any system that involves us having to get it perfect first time. As a result, I'd like to consider making this opt-in using an environment variable so we can get wider testing with it in I'm 👎 on shipping Git and Ruby at the same time or having Git references in this PR. We should ship just Ruby first and shipping Git/Curl once we've had vendored Ruby working in production for users for e.g. a few weeks. Making the PR as minimal as possible will make review better and faster and introduce less changes that could break things.
We don't need autobuild or autotesting but there's definitely room to script some of the instructions you have there and e.g. run commands and tell the developers to manually inspect them. Documentation gets easily outdated, scripts less so. |
We can do it.
Sorry, but I fail to understand why a simple line
OK, maybe I should rephrase my word. I won't ship any PR before I have confidence this vendor system can work for both git and ruby, which means it should at lease pass my local tests. As I have kept repeatedly stated, some part of details in system cannot be easily changed afterwards.
I am just trying to make it as perfect as possible in the first time. I don't think you are against this right? |
|
I think I have addressed all comments. |
Great 👍
Sorry, I don't think resolving conflicts in your local development environment justifies adding code to a Homebrew pull request. It won't cause problems but it's dead code that implies a Git feature that's not reviewed yet or a hard requirement for 1.0 (like Ruby is). I'd suggest you focus on just building the Ruby feature for now and don't rebase the Git work until this PR is merged.
Why does this system need to work for Git for us to ship the Ruby PR?
Nope, but I do think it's important to focus on Ruby for now and Git later. |
This is where you missed. We do need to make vendor system including update detection works for both Ruby and Git. On the one hand, I don't like the idea that we will have two different systems to vendor them, if we find it fails for Git. On the other hand, it is extremely important that we should make sure users won't stuck on old vendor version. Because otherwise, we are creating a huge security hole here. And more improtantly, things like file structure cannot be esaily changed in the future PR at all. If any help, I can remove the Git mention only before we are shipping this PR. But before then, I will keep it. I don't want to be shortsighted on robutness and security. |
Yes, that's fine. |
|
Is there any ETA on this PR? There's a few Ruby 1.8 things in the wings that mean I'm wondering how long it's going to be until we're Ruby 2 only. Could you consider shipping this code (without the Git stuff) nearly as-is but just not enabling it without an environment variable so we can test it locally? I think this is higher priority than pretty much any other feature/cleanup in Homebrew at the moment. Another option would be creating this on a non-fork branch so multiple people can work on it. |
The vendor Ruby will be put inside `Library/Homebrew/vendor/portable-ruby/<version>`, with a symlink `Library/Homebrew/vendor/portable-ruby/current` pointed to it. In addition, a `Library/Homebrew/vendor/portable-ruby-version` will track the latest version of vendor binaries. This gives us version control on vendor Ruby and enables us to bump vendor Ruby whenever needed such as security update.
| @@ -0,0 +1,195 @@ | |||
| #: * `vendor-install` [<target>]: | |||
| #: Install vendor version of Homebrew dependencies. | |||
There was a problem hiding this comment.
Think we can hide this from the manpage (for now at least).
There was a problem hiding this comment.
e.g. with #: @hide_from_man_page as the first line.
|
@xu-cheng One final comment then: |
and we can improve documentation etc. afterwards.* Use vendor Ruby if it's present * Install vendor Ruby for system without Ruby 2.x
The name of the formula is not extracted correctly when the URL includes a hyphen.
install-vendorcommand to install vendor ruby/gitLibrary/Homebrew/vendor/{ruby,git}/<version>, with a symlinkLibrary/Homebrew/vendor/{ruby,git}/optpointed to it.In addition, a
Library/Homebrew/vendor/{ruby-version,git-version}willtrack the latest version of vendor binaries.
--homebrew=fail-on-old-vendor-versionflag forENV/scm/gitto help auto detect outdated vendor version.-cflag duringgit clone.To see
vendor git, master...xu-cheng:vendor-bak