Update GitHub packages reference #214
Conversation
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
Signed-off-by: Jérémy Audiger <[email protected]>
There was a problem hiding this comment.
LGTM overall! Caught one failure in jq though
For openssl, luckily it seems like the current URL structure we're using is stable. Like jq, it's a download from /releases/download/*, not /tags/archive/*, meaning it's a tarfile published by OpenSSL directly, not a git archive published by GitHub. Most likely, it too includes a pre-configured ./configure script generated by autoconf, meaning it wouldn't be a direct mirror for the git repo. This one should continue to be safe to download as-is.
As for git... that one is a git archive and I don't have a good answer for it. I don't really have a better plan than "cross our fingers GitHub doesn't change the hash on us", at least for now.
packages/jq/project.bri
Outdated
There was a problem hiding this comment.
jq is another example like openssl where the URL here is a release download rather than a git archive, and one published by the jq project. Trying out brioche build -p packages/jq here fails because the upstream source doesn't have ./configure while the original tarfile does, so I think it'd be better to revert this one
(Longer term, it might be better to always use the autoconf build instead of the pre-packaged ./configure, but that's a different conversation IMO and shouldn't be in scope for this PR)
There was a problem hiding this comment.
I find it quite strange that most of the release downloads contain the script ./configure whereas the git archive does not. I thought we always needed to generate the ./configure through tools as autoreconf. Let's leverage for now the possibility to use the pre-built one that comes with the release download. Indeed it makes things much easier for now.
This reverts commit 24ba4229acea5ca61a6324.
Prefer usage of gitCheckout() + Brioche.gitRef() instead of downloading directly the tarball file for packages available on Github. See this discussion for more information: #176
Two packages have not been migrated:
Since both are used for the command gitCheckout(), which make me wonder how we could resolve this circular dependency other than doing the solution (1) of the discussion.