https://github.com/robfig/glock
Glock is a command-line tool to lock dependencies to specific revisions,
using a version control hook to keep those revisions in sync across a team.
---
testing/glock/APKBUILD | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 67 insertions(+)
create mode 100644 testing/glock/APKBUILD
diff --git a/testing/glock/APKBUILD b/testing/glock/APKBUILD
new file mode 100644
index 0000000..a7c2c18
--- /dev/null+++ b/testing/glock/APKBUILD
@@ -0,0 +1,67 @@
+# Maintainer: Christian Kampka <christian@kampka.net>+pkgname=glock+pkgver=0.0.20151018+pkgrel=0+pkgdesc="A command-line tool to lock dependencies to specific revisions"+url="https://github.com/robfig/glock/"+arch="x86_64"+license="MIT"+makedepends="git go"+options="!strip"+source="http://dev.alpinelinux.org/archive/$pkgname/$pkgname-$pkgver.tar.gz"++_giturl="git://github.com/robfig/${pkgname}.git"+_disturl="dev.alpinelinux.org:/archive/$pkgname/"+_commit="cb3c3ec56de988289cab7bbd284eddc04dfee6c9"++snapshot() {+ local _pkg=$pkgname-$pkgver.tar.gz++ abuild clean+ abuild deps++ mkdir -p "$srcdir"+ cd "$srcdir"+ msg "Creating snapshot: $_pkg"+ export GOPATH="${srcdir}/$pkgname"+ git clone -q ${_giturl} || return 1+ cd $pkgname+ git checkout ${_commit} || return 1+ go get -v -d || return 1+ cd $srcdir+ tar zcf $pkgname-$pkgver.tar.gz $pkgname || return 1+ rsync --progress -La $pkgname-$pkgver.tar.gz \+ $_disturl || return 1+ cd $startdir+ sed -i -e "s/^pkgver=.*/pkgver=$_ver/" APKBUILD || return 1+ abuild checksum+ abuild undeps+}++_builddir="${srcdir}/${pkgname}"+++prepare() {+ local i+ cd "$_builddir"+ for i in $source; do+ case $i in+ *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;+ esac+ done+}++build() {+ cd "$_builddir"+ export GOPATH="$_builddir"+ go build+}++package() {+ cd "$_builddir"+ install -Dm755 ${_builddir}/glock \+ "$pkgdir"/usr/bin/glock+}+md5sums="0abc8aba70acac6685db825eb07076ea glock-0.0.20151018.tar.gz"+sha256sums="b3a1bb29e77807381364451cdd6e5a36a78342125acaf29c440de1cdb5be68a2 glock-0.0.20151018.tar.gz"+sha512sums="6cc9cd1242c64eaaea68f2063ab5508a1751019d02fd4e9ca4c2e99a4fb28a8becbfa4c64a42f10a0587bdad4d28161e5b26e16dff1ba304d4175355d8811849 glock-0.0.20151018.tar.gz"
--
2.6.1
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---
[alpine-aports] [PATCH 2/2] testing/dockerize: new aport
On Sun, 18 Oct 2015 16:05:14 +0200
Christian Kampka <christian@kampka.net> wrote:
> https://github.com/robfig/glock> > Glock is a command-line tool to lock dependencies to specific revisions,> using a version control hook to keep those revisions in sync across a team.> ---> testing/glock/APKBUILD | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++> 1 file changed, 67 insertions(+)> create mode 100644 testing/glock/APKBUILD
I used the snapshot function and uploaded the tarball.
However, the tarball I get must be different from the one you get.
>>> glock: Checking sha512sums...
glock-0.0.20151018.tar.gz: FAILED
sha512sum: WARNING: 1 of 1 computed checksums did NOT match
Because the remote file above failed the sha512sum check it will be deleted.
Rebuilding will cause it to re-download which in some cases may fix the problem.
Deleting: glock-0.0.20151018.tar.gz
>>> ERROR: glock: all failed
I suspect that go pulls in whatever happens to the latest git at that
point of some dependency.
Also, they have not made any releases, which indicates that 1) program
is not ready for packaging, 2) program is not supposed to be packaged.
I am open for suggestions how do properly package Go applications.
Did anyone bring up this for Go community? I have the impression that
go developers wants you to use the Go package manager.
Maybe we should just let the alpine linux users do that?
-nc
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---
>> On Sun, 18 Oct 2015 16:05:14 +0200> Christian Kampka <christian@kampka.net> wrote:>> > https://github.com/robfig/glock> >> > Glock is a command-line tool to lock dependencies to specific revisions,> > using a version control hook to keep those revisions in sync across a> team.> > ---> > testing/glock/APKBUILD | 67> ++++++++++++++++++++++++++++++++++++++++++++++++++> > 1 file changed, 67 insertions(+)> > create mode 100644 testing/glock/APKBUILD>> I used the snapshot function and uploaded the tarball.>> However, the tarball I get must be different from the one you get.>> >>> glock: Checking sha512sums...> glock-0.0.20151018.tar.gz: FAILED> sha512sum: WARNING: 1 of 1 computed checksums did NOT match> Because the remote file above failed the sha512sum check it will be> deleted.> Rebuilding will cause it to re-download which in some cases may fix the> problem.> Deleting: glock-0.0.20151018.tar.gz> >>> ERROR: glock: all failed>>> I suspect that go pulls in whatever happens to the latest git at that> point of some dependency.
That is to be expected, actually, since the tarball is gzip, so no two
snapshots, although the may have identical content, will have different
checksums due to the fact that the gzip header contains (amongst other
things) a timestamp.
A simple solution would be to refactor the patch to use uncompressed tar as
the archive format, which will avoid this issue.
> Also, they have not made any releases, which indicates that 1) program> is not ready for packaging, 2) program is not supposed to be packaged.>
I am not keen on packaging this program either. It is needed as a build
dependency of the dockerize package.
Since the dockerize package has a snapshot function as well (for dealing
with dependencies), I could easily remove this package by building glock
once in the dockerize snapshot function and apply it to generate the
snapshot. Since glock is not used for anything else, I think this might
also be a feasible solution.
I am open for suggestions how do properly package Go applications.
>> Did anyone bring up this for Go community? I have the impression that> go developers wants you to use the Go package manager.>> Maybe we should just let the alpine linux users do that?
Sadly, there is no "one" Go package manager, there are several attempts to
solve this problem [1]. Glock is an attempt that has never really taken of,
so rarely onyone uses it, but the dockerize author has not ported his
program to anything like Godeps (which seems to be the most common choice
atm).
I don't think a good solution will present itself unless the go community
can agree on a sane way of handling dependencies first.
Cheers,
Christian
[1] https://github.com/golang/go/wiki/PackageManagementTools
On Wed, 04 Nov 2015 11:32:16 +0000
Christian Kampka <christian@kampka.net> wrote:
> >> > On Sun, 18 Oct 2015 16:05:14 +0200> > Christian Kampka <christian@kampka.net> wrote:> >> > > https://github.com/robfig/glock> > >> > > Glock is a command-line tool to lock dependencies to specific revisions,> > > using a version control hook to keep those revisions in sync across a> > team.> > > ---> > > testing/glock/APKBUILD | 67> > ++++++++++++++++++++++++++++++++++++++++++++++++++> > > 1 file changed, 67 insertions(+)> > > create mode 100644 testing/glock/APKBUILD> >> > I used the snapshot function and uploaded the tarball.> >> > However, the tarball I get must be different from the one you get.> >> > >>> glock: Checking sha512sums...> > glock-0.0.20151018.tar.gz: FAILED> > sha512sum: WARNING: 1 of 1 computed checksums did NOT match> > Because the remote file above failed the sha512sum check it will be> > deleted.> > Rebuilding will cause it to re-download which in some cases may fix the> > problem.> > Deleting: glock-0.0.20151018.tar.gz> > >>> ERROR: glock: all failed> >> >> > I suspect that go pulls in whatever happens to the latest git at that> > point of some dependency.> > > That is to be expected, actually, since the tarball is gzip, so no two> snapshots, although the may have identical content, will have different> checksums due to the fact that the gzip header contains (amongst other> things) a timestamp.> A simple solution would be to refactor the patch to use uncompressed tar as> the archive format, which will avoid this issue.> > > > Also, they have not made any releases, which indicates that 1) program> > is not ready for packaging, 2) program is not supposed to be packaged.> >> > I am not keen on packaging this program either. It is needed as a build> dependency of the dockerize package.> Since the dockerize package has a snapshot function as well (for dealing> with dependencies), I could easily remove this package by building glock> once in the dockerize snapshot function and apply it to generate the> snapshot. Since glock is not used for anything else, I think this might> also be a feasible solution.
I'm ok with this.
-nc
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---
>> > Since the dockerize package has a snapshot function as well (for dealing> > with dependencies), I could easily remove this package by building glock> > once in the dockerize snapshot function and apply it to generate the> > snapshot. Since glock is not used for anything else, I think this might> > also be a feasible solution.>> I'm ok with this.>
I updated the dockerize patch accordingly.
This patch may now be discarded.