[OE-core] [RFC][PATCH 0/6] NPM refactoring
Jean-Marie LEMETAYER
jean-marie.lemetayer at savoirfairelinux.com
Wed Oct 23 13:17:39 UTC 2019
On Oct 22, 2019, at 1:22 PM, Richard Purdie richard.purdie at linuxfoundation.org wrote:
> On Tue, 2019-10-22 at 11:03 +0200, Jean-Marie LEMETAYER wrote:
>> The current NPM support have several issues:
>> - The current NPM fetcher downloads the dependency tree but not the other
>> fetchers. The 'subdir' parameter was used to fix this issue.
>> - They are multiple issues with package names (uppercase, exotic characters,
>> scoped packages) even if they are inside the dependencies.
>> - The lockdown file generation have issues. When a package depends on
>> multiple version of the same package (all versions have the same checksum).
>>
>> This patchset refactors the NPM support in Yocto:
>> - As the NPM algorithm for dependency management is hard to handle, the new
>> NPM fetcher downloads only the package source (and not the dependencies,
>> like the other fetchers) (patch submitted in the bitbake-devel list).
>> - The NPM class handles the dependencies using NPM (and not manually).
>> - The NPM recipe creation is simplified to avoid issues.
>> - The lockdown file is no more used as it is no longer relevant compared to the
>> latest shrinkwrap file format.
>>
>> This patchset may remove some features (lockdown file, license management for
>> dependencies) but fixes the majority of the NPM issues. All of these issues
>> from the bugzilla.yoctoproject.org are resolved by this patchset:
>> #10237, #10760, #11028, #11728, #11902, #12534
>
> One key requirement which many of our users have from the fetcher is
> that its deterministic and allows for "offline" builds.
>
> What this means is that should I have a populated DL_DIR, the build
> should not need to touch the network. Also, only do_fetch tasks would
> make network accesses.
>
> What is the situation for npm after these changes with regard to this?
This is a good point. With this patchset the build is working but some
network accesses are done during the do_compile task (the 'npm install'
command). This needs to be fixed.
Other people have reported some issues with this patchset which will be
fixed in the v2:
- Use do_fetch only to access the network.
- Respect the existing MIRROR, BB_NO_NETWORK, BB_ALLOWED_NETWORKS settings.
- Add some tests for the fetcher.
Regards,
Jean-Marie
More information about the Openembedded-core
mailing list