Add support for source tarball builds #212
Conversation
In --force-build mode pkg-fetch clones desired Node.js source from Github which is impractical for network-restricted (e.g. corporate) environments and also fully reproducible builds. This changeset adds support for building from official Node.js source tarballs via setting PKG_SOURCE_TAR pointing to archive. This also fixes relevant bug in spawn() which did not throw when exit code of command is non-zero. Such behavior causes various problems (e.g. when tar returns non-zero program would continue and attempt to patch). Signed-off-by: Ondrej Balaz <blami@blami.net>
There was a problem hiding this comment.
I don't like it.
In almost all cases, it is undesirable to make compiling Node.js runtime a part of your regular workflow. You should build your own binaries once, and reuse them by transferring the built-* in .pkg-cache. Additionally, you don't have to use pkg-fetch to build those patched binaries. You can apply the patches in patches/ manually.
|
I do not see how passing path to tarball is different to fetching source from Github nor how that contradicts with:
as that workflow is still applicable (you pre-build binaries from tarball, they get cached in I agree my usecase is a bit of cornercase. I am trying to create self-contained binaries of bitwarden-cli (which uses pkg) for Ubuntu and distribute them in PPA so that users of bitwarden-cli don't have to fetch untrusted binaries nor install full Nodejs runtime where they just need to have bitwarden-cli. As it is against rules of Ubuntu PPA to distribute pre-compiled binaries in source packages and I want reproducible builds there's not much else I can do than compiling Node.js as part of bitwarden-cli build process. If you don't like it I will maintain patches against pkg-fetch (this + other to allow passing custom arguments to configure) and pkg (to allow cross armhf builds on arm64 in sysroot) transpiled Typescript in my debian/patches directory as I do now. I just felt this might be useful for others too. |
In
--force-buildmode pkg-fetch clones desired Node.js source fromGithub which is impractical for network-restricted (e.g. corporate)
environments and also fully reproducible builds. This changeset adds
support for building from official Node.js source tarballs via setting
PKG_SOURCE_TARpointing to archive.This also fixes relevant bug in
spawn()which did not throw when exitcode of command is non-zero. Such behavior causes various problems (e.g.
when tar returns non-zero program would continue and attempt to patch).
Signed-off-by: Ondrej Balaz blami@blami.net