Received: (at submit) by debbugs.gnu.org; 23 Oct 2021 14:57:22 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Oct 23 10:57:22 2021 Received: from localhost ([127.0.0.1]:36890 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1meISY-0004Pv-D0 for submit <at> debbugs.gnu.org; Sat, 23 Oct 2021 10:57:22 -0400 Received: from lists.gnu.org ([22.214.171.124]:45418) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <GNUtoo@HIDDEN>) id 1meISU-0004Pl-OQ for submit <at> debbugs.gnu.org; Sat, 23 Oct 2021 10:57:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47674) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <GNUtoo@HIDDEN>) id 1meISU-0001sN-FQ for bug-guix@HIDDEN; Sat, 23 Oct 2021 10:57:18 -0400 Received: from cyberdimension.org ([126.96.36.199]:38010 helo=gnutoo.cyberdimension.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from <GNUtoo@HIDDEN>) id 1meISR-0001NM-Dr for bug-guix@HIDDEN; Sat, 23 Oct 2021 10:57:18 -0400 Received: from gnutoo.cyberdimension.org (localhost [127.0.0.1]) by cyberdimension.org (OpenSMTPD) with ESMTP id d076fc8d for <bug-guix@HIDDEN>; Sat, 23 Oct 2021 14:49:34 +0000 (UTC) Received: from primarylaptop (localhost.localdomain [::1]) by gnutoo.cyberdimension.org (OpenSMTPD) with ESMTP id 2d735684 for <bug-guix@HIDDEN>; Sat, 23 Oct 2021 14:49:34 +0000 (UTC) Date: Sat, 23 Oct 2021 16:57:02 +0200 From: Denis 'GNUtoo' Carikli <GNUtoo@HIDDEN> To: bug-guix@HIDDEN Subject: Matterbridge contained a lot of vendored code Message-ID: <20211023165702.1e518f56@primarylaptop> X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.30; i686-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/Czpt6ebe/uoYt26sifvXjHE"; protocol="application/pgp-signature"; micalg=pgp-sha256 Received-SPF: pass client-ip=188.8.131.52; envelope-from=GNUtoo@HIDDEN; helo=gnutoo.cyberdimension.org X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.4 (--) --Sig_/Czpt6ebe/uoYt26sifvXjHE Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hi, When I sent the patch adding matterbridge to Guix, I only notified that I didn't know if it contained vendored code or not at the last moment (after the patch was sent, during the discussion about it, and before it was merged). The issue is that I didn't know go at all and more specifically I didn't know its the compilation system worked. So I managed to create a package for matterbridge by looking at how it was done for other go packages. After learning more about how go compilation worked, I found out that matterbridge contained a lot of vendored code. And Guix explicitly wants to avoid bundles code. In the "16.6 Submitting Patches" section of the manual, we have: > 6. Make sure the package does not use bundled copies of software > already available as separate packages. And here while most dependencies are not already packaged, some are, and I guess that I should read between the lines and conclude that all the matterbridge dependencies should rather be packaged. So the question is what should we do about that.=20 As I understand with the go build system, or you vendor all dependencies, or you vendor none, and I've not yet managed to find a way to workaround that yet in Guix (to do a progressive unvendoring). So instead I've started working on unvendoring matterbridge completely, but if we go this route, there are more than 500 dependencies. To do that I first used the following command: guix import go -r github.com/42wim/matterbridge I then started looking at each package definition that Guix didn't manage to detect the license of, and I read the licenses to find if they were free software. All the licenses I read were FSDG compliant. Usually they had some extra text indicating the provenance of the code or they would have multiple free software licenses. Then I started adding packages for the dependencies that guix import go didn't manage to find. Theses are repositories that are being forked from the official ones for a reason or another. I've not finished that yet, but I still think it was a good idea to open a bug report as I've now more understanding of the problem. Given the huge amount of dependencies I was wondering what was the best approach here: - Would it makes sense to remove matterbridge from Guix, or should we fix it instead? - If we fix it by packaging each dependencies, would it be ok if that is done step by step, like if dependencies are packaged and patches for them are sent, without necessarily a way to seriously test if the packaged dependency work until they are used by other software (like matterbridge)? Also when I'll manage to update matterbridge how should we deal with such amount of packages? Would I need to send one (generated) patch for the upgrade of each package? I also guess that sticking as much as possible to what Guix import go generates would help in situations like that as it would make the maintenance faster. References: ----------- https://guix.gnu.org/manual/en/guix.html#Submitting-Patches https://git.replicant.us/contrib/GNUtoo/infrastructure/guix/log/?h=3Dmat= terbridge-unvendor Right now there is a compilation issue that I didn't manage to fix, even with help from #guix). Denis. --Sig_/Czpt6ebe/uoYt26sifvXjHE Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEeC+d2+Nrp/PU3kkGX138wUF34mMFAmF0IsAACgkQX138wUF3 4mOH+Q//ZpZ+CbsJyQfHQmfgy33cT01st4p8UWP4/+1NIyw43bS/A+vtrqNv46B+ P/uN9p7OhZ2XG5FsdQ/HrcB2akuOMDhSR+qPsgAFr1uvVajJz9lB0uS1gUZ8za9q ++KdwXxV4/LxBi/5aBCxirLKP3F5Yn4S2tXifJyMvC3lI2w1gF3boy0sGx2oIvup UvjSew7aKVa60rZkk2GpdoU3S7Xk+RxyirowDeS2kvkcf/VidJK/BFbv2JVCkmk5 rFh6g+b3ewU8+kBv0axNz9taNz8kcZ7YzfiZRSzxJEwANSF62Sy4CFK9c+7TDAD0 Q7+6Yhj/N8Cur7kwPKSrJVyO/8O45CN3OsmA6zld09FofPrfIXQ2DCJNNF8gwFl9 pNven+IikcmE03780pVJwdbrqCAkMEbiZ+ydP2j4uegiGNWAeNsAaydQVBSpm4GA qlOdrI9dleszAkGlfZmkYdpSfB6ULgCTzwTUsHIu6ftwVlEK+05yGVOkETvNYiA8 Fw+dVkw3QTP8Rcq3zzXj6nhso8xzKgmhlvWSAvO1X7gjV6TTQ15o97eP4dlLLqIA eCtWPaDT0mDqmPsKbfl99nYYBZMLHlYQdk+h+hKNXzs3/6YHJ3oCPqa3uDa3fcIE e71584IUdFgU/nChHATwfhmlBls3tHYqblNei0XT5FRhD2nikC8= =1Rqb -----END PGP SIGNATURE----- --Sig_/Czpt6ebe/uoYt26sifvXjHE--
Denis 'GNUtoo' Carikli <GNUtoo@HIDDEN>:
bug-guix@HIDDEN. Full text available.
guix. Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.