[Buildroot] [RFC PATCH v1 1/1] package/pkg-golang: download deps to vendor tree if not present
Christian Stewart
christian at paral.in
Mon Aug 31 06:23:35 UTC 2020
NOTE: This patch is a RFC and is not intended for merging in its current state.
It is a naiive implementation of the "go mod vendor" download step as a
post-extract hook, for early testing and demonstration of the desired effect. I
don't yet know what a final implementation might look like.
Add a new hook to POST_EXTRACT_HOOKS for Go packages which will create the
"vendor" directory structure under $(@D)/vendor with Go package deps by running
the "go mod vendor" command.
This will download dependency sources and use $GOPATH/pkg as a caching
directory for lookups and downloads.
Go specifies commit hashes OR version tags in go.mod, and lists source code
checksums in go.sum. The Go module system has a robust security model for
preventing MITM attacks or changed Git tags on dependencies through this
checksumming and explicitly-specified versioning approach.
Reference: https://blog.golang.org/using-go-modules
Signed-off-by: Christian Stewart <christian at paral.in>
---
package/pkg-golang.mk | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/package/pkg-golang.mk b/package/pkg-golang.mk
index 2d80e99619..88eb89a68e 100644
--- a/package/pkg-golang.mk
+++ b/package/pkg-golang.mk
@@ -98,6 +98,16 @@ endef
$(2)_POST_EXTRACT_HOOKS += $(2)_APPLY_EXTRACT_GOMOD
+# WIP - download dependencies with the Go tool if vendor does not exist.
+define $(2)_DOWNLOAD_GOMOD
+ if [ ! -d $$(@D)/vendor ]; then \
+ cd $$(@D); \
+ go mod vendor; \
+ fi
+endef
+
+$(2)_POST_EXTRACT_HOOKS += $(2)_DOWNLOAD_GOMOD
+
# Build step. Only define it if not already defined by the package .mk
# file.
ifndef $(2)_BUILD_CMDS
--
2.28.0
More information about the buildroot
mailing list