[OE-core] [RFC][PATCH 0/6] NPM refactoring
Richard Purdie
richard.purdie at linuxfoundation.org
Tue Oct 22 11:22:55 UTC 2019
On Tue, 2019-10-22 at 11:03 +0200, Jean-Marie LEMETAYER wrote:
> The current NPM support have several issues:
> - The current NPM fetcher downloads the dependency tree but not the other
> fetchers. The 'subdir' parameter was used to fix this issue.
> - They are multiple issues with package names (uppercase, exotic characters,
> scoped packages) even if they are inside the dependencies.
> - The lockdown file generation have issues. When a package depends on
> multiple version of the same package (all versions have the same checksum).
>
> This patchset refactors the NPM support in Yocto:
> - As the NPM algorithm for dependency management is hard to handle, the new
> NPM fetcher downloads only the package source (and not the dependencies,
> like the other fetchers) (patch submitted in the bitbake-devel list).
> - The NPM class handles the dependencies using NPM (and not manually).
> - The NPM recipe creation is simplified to avoid issues.
> - The lockdown file is no more used as it is no longer relevant compared to the
> latest shrinkwrap file format.
>
> This patchset may remove some features (lockdown file, license management for
> dependencies) but fixes the majority of the NPM issues. All of these issues
> from the bugzilla.yoctoproject.org are resolved by this patchset:
> #10237, #10760, #11028, #11728, #11902, #12534
One key requirement which many of our users have from the fetcher is
that its deterministic and allows for "offline" builds.
What this means is that should I have a populated DL_DIR, the build
should not need to touch the network. Also, only do_fetch tasks would
make network accesses.
What is the situation for npm after these changes with regard to this?
Cheers,
Richard
More information about the Openembedded-core
mailing list