| Message ID | 20250202213910.284312-4-peter.marko@siemens.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [meta-oe,1/8] protobuf: remove unneeded atomic linker flag | expand |
On Sun, Feb 2, 2025 at 1:40 PM Peter Marko via lists.openembedded.org <peter.marko=siemens.com@lists.openembedded.org> wrote: > > From: Peter Marko <peter.marko@siemens.com> > > All dependencies are used from recipe sysroot now. It might work now with the version set, how do we keep it working when the packages get updated asynchronously unless upstream stops using vendored components as a first class way of doing things. > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > --- > meta-oe/recipes-devtools/protobuf/protobuf_4.25.5.bb | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_4.25.5.bb b/meta-oe/recipes-devtools/protobuf/protobuf_4.25.5.bb > index 470c368cf3..ded2c9b11b 100644 > --- a/meta-oe/recipes-devtools/protobuf/protobuf_4.25.5.bb > +++ b/meta-oe/recipes-devtools/protobuf/protobuf_4.25.5.bb > @@ -12,7 +12,7 @@ DEPENDS:append:class-target = " protobuf-native" > > SRCREV = "9d0ec0f92b5b5fdeeda11f9dcecc1872ff378014" > > -SRC_URI = "gitsm://github.com/protocolbuffers/protobuf.git;branch=25.x;protocol=https \ > +SRC_URI = "git://github.com/protocolbuffers/protobuf.git;branch=25.x;protocol=https \ > file://run-ptest \ > file://0001-examples-Makefile-respect-CXX-LDFLAGS-variables-fix-.patch \ > " > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#115223): https://lists.openembedded.org/g/openembedded-devel/message/115223 > Mute This Topic: https://lists.openembedded.org/mt/110959920/1997914 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
> -----Original Message----- > From: Khem Raj <raj.khem@gmail.com> > Sent: Monday, February 3, 2025 1:38 > To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com> > Cc: openembedded-devel@lists.openembedded.org > Subject: Re: [oe] [meta-oe][PATCH 4/8] protobuf: don't download git submodules > > On Sun, Feb 2, 2025 at 1:40 PM Peter Marko via lists.openembedded.org > <peter.marko=siemens.com@lists.openembedded.org> wrote: > > > > From: Peter Marko <peter.marko@siemens.com> > > > > All dependencies are used from recipe sysroot now. > > It might work now with the version set, how do we keep it working > when the packages get updated asynchronously unless upstream stops using > vendored components as a first class way of doing things. > I think that git submodules are a problematic feature. Similar to npm fetcher, it's not tracked anywhere what is downloaded. Even worse, there is no reference between downloaded hash and component version. That's why we have very long rust crates include files which then track the dependencies. This means that SPDX/SBOM reports and SVM reports don't work on this component. And this will become crucial after EU CRA and US cybersecurity executive order hits us. So I'd propose to remove git submodules wherever possible and replace them with second/third/... clones where not. Also consider this example when fetching scarthgap grpc recipe with shallow clones, it's just crazy. Can you tell which abseil and googetest version is used if we use the bundled version? Or if any of these didn't slip trough the cracks and is not used? gitsmshallow_github.com.abseil.abseil-cpp.git_bare_29bf808-1.tar.gz gitsmshallow_github.com.abseil.abseil-cpp.git_bare_5dd2407-1.tar.gz gitsmshallow_github.com.abseil.abseil-cpp.git_bare_fb3621f-1.tar.gz gitsmshallow_github.com.aquynh.capstone.git_bare_852f46a-1.tar.gz gitsmshallow_github.com.c-ares.c-ares.git_bare_6360e96-1.tar.gz gitsmshallow_github.com.census-instrumentation.opencensus-proto.git_bare_4aa53e1-1.tar.gz gitsmshallow_github.com.cncf.xds.git_bare_e9ce688-1.tar.gz gitsmshallow_github.com.envoyproxy.data-plane-api.git_bare_9d6ffa7-1.tar.gz gitsmshallow_github.com.envoyproxy.protoc-gen-validate.git_bare_fab737e-1.tar.gz gitsmshallow_github.com.googleapis.googleapis.git_bare_2f9af29-1.tar.gz gitsmshallow_github.com.google.benchmark_bare_015d1a0-1.tar.gz gitsmshallow_github.com.google.benchmark.git_bare_5b7683f-1.tar.gz gitsmshallow_github.com.google.bloaty.git_bare_60209eb-1.tar.gz gitsmshallow_github.com.google.boringssl.git_bare_2ff4b96-1.tar.gz gitsmshallow_github.com.google.googletest.git_bare_2dd1c13-1.tar.gz gitsmshallow_github.com.google.googletest.git_bare_4c9a3bb-1.tar.gz gitsmshallow_github.com.google.googletest.git_bare_565f1b8-1.tar.gz gitsmshallow_github.com.google.googletest.git_bare_5ec7f0c-1.tar.gz gitsmshallow_github.com.google.re2_bare_5bd6137-1.tar.gz gitsmshallow_github.com.google.re2.git_bare_0c5616d-1.tar.gz gitsmshallow_github.com.grpc.grpc.git_e5ae3b6-1_v1.60.x.tar.gz gitsmshallow_github.com.madler.zlib_bare_04f42ce-1.tar.gz gitsmshallow_github.com.madler.zlib_bare_cacf7f1-1.tar.gz gitsmshallow_github.com.nico.demumble.git_bare_01098ea-1.tar.gz gitsmshallow_github.com.open-telemetry.opentelemetry-proto.git_bare_60fa875-1.tar.gz gitsmshallow_github.com.protocolbuffers.protobuf.git_bare_6b5d8db-1.tar.gz gitsmshallow_github.com.protocolbuffers.protobuf.git_bare_bc1773c-1.tar.gz I'll keep this commit in v2, but feel free to drop it if you disagree. Peter
diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_4.25.5.bb b/meta-oe/recipes-devtools/protobuf/protobuf_4.25.5.bb index 470c368cf3..ded2c9b11b 100644 --- a/meta-oe/recipes-devtools/protobuf/protobuf_4.25.5.bb +++ b/meta-oe/recipes-devtools/protobuf/protobuf_4.25.5.bb @@ -12,7 +12,7 @@ DEPENDS:append:class-target = " protobuf-native" SRCREV = "9d0ec0f92b5b5fdeeda11f9dcecc1872ff378014" -SRC_URI = "gitsm://github.com/protocolbuffers/protobuf.git;branch=25.x;protocol=https \ +SRC_URI = "git://github.com/protocolbuffers/protobuf.git;branch=25.x;protocol=https \ file://run-ptest \ file://0001-examples-Makefile-respect-CXX-LDFLAGS-variables-fix-.patch \ "