Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add vendoring support #676

Closed
benma opened this issue Apr 22, 2016 · 7 comments
Closed

Add vendoring support #676

benma opened this issue Apr 22, 2016 · 7 comments

Comments

@benma
Copy link
Contributor

benma commented Apr 22, 2016

Hi

Since Go 1.6, it is recommended to vendor the dependencies:

https://golang.org/doc/go1.6#go_command

Could you do this in this project? This way, the exact version of the dependencies is fixed, and in my project, I only have to directly vendor btcd, and not manually transitively vendor all its dependencies.
@jrick
Copy link
Member

jrick commented Apr 22, 2016

We're in the process of converting btcwallet over to use glide to manage the vendor directory: btcsuite/btcwallet#419

I'd like to do the same with btcd eventually as well.

We want to use glide since it allows us to avoid checking dependencies themselves into git (instead, just a lockfile is committed that is used to restore them). It also streamlines the process of updating dependencies.

@benma
Copy link
Contributor Author

benma commented Apr 22, 2016

I see, thanks. It this compatible with the go vendor experiment approach?

When you restore, is integrity checking being performed (if you restore from remote sources, you need to be sure you are not pulling something unwanted).

@jrick
Copy link
Member

jrick commented Apr 22, 2016
edited
Loading

It is compatible with the go tool's vendoring approach. That approach is also no longer an experiment, it's official.

Integrity checking is entirely up to your vcs. The lockfile contains a specific commit hash to use. It's up to the vcs to verify that the downloaded blobs match the hash.

If you haven't already, you probably want to add this to your git config:

[transfer]
        fsckobjects = true

Without it, git doesn't actually verify those blobs.

@davecgh
Copy link
Member

davecgh commented Apr 22, 2016

As @jrick said, the plan is to move to glide.

For a quick primer, glide will download the dependencies into the vendor directory, which is compatible with the go tool, and check them out at the correct revisions per a lockfile which specifies the exact commit hashes to use.

The end result is that the btcd repo itself does not have to duplicate all of the dependencies. Instead, only a lockfile is required in order to properly restore all of the dependencies at the appropriate revisions.

@tb00 tb00 mentioned this issue Apr 29, 2016
Closed
@davecgh davecgh mentioned this issue May 6, 2016
Merged
@davecgh
Copy link
Member

davecgh commented May 6, 2016
edited
Loading

As an update, I've pushed PR #689 which implements the aforementioned support for glide and will close this issue. It would be helpful to have some testing on it.

EDIT: Corrected the PR number.

@jrick
Copy link
Member

jrick commented May 6, 2016

@davecgh you mean #689

@davecgh
Copy link
Member

davecgh commented May 6, 2016
edited
Loading

Oops. Yes, that's right. I'll edit the the message to fix it. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@benma @jrick @davecgh