Re: License reporting for golang (and rust)


Robert Berger
 

Hi,

My comments are in-line

On 30/06/2020 14:37, Irving ST wrote:
Hi,
For anyone else having the same problem, here's what I eventually did
for my go stuff:
I created a bbclass containing a task that gets inherited by all
packages, but the task only does some work when it detects that it is
inherited by a golang recipe.
The task basically sets up GOPATH and calls
https://github.com/rancher/trash - this tool populates all the source
dependencies and generate a trash.lock file in the repository.
Then I used https://github.com/pivotal/LicenseFinder to generate a
json report that can be postprocessed with python.
Is your work available somewhere in the public? I would like to give it a try with dunfell 3.1.1 and influxdb.[1] Also it would be interesting what happens if you include a prebuilt go executable[2].

[1] https://gitlab.com/meta-layers/meta-tig/-/blob/master/recipes-from-source/github.com-influxdata-influxdb/github.com-influxdata-influxdb_1.8.0.bb (from khem and slightly hacked)

[2] https://gitlab.com/meta-layers/meta-tig/-/blob/master/recipes-prebuilt/influxdb/influxdb_1.8.0.bb

To me it seems that Go used the vendor directory approach in the past,
and there are multiple tools that can be used for this; and nowadays
go seems to have switched to a different approach called go modules.
It looks like master and dunfell 3.1.1 support go modules now.[3][4]

[3] http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=dunfell&id=7892a056f7e03e9c086148f8f027bd1cebf2aa68
[4] http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=dunfell&id=ce277ec45f1f241b1eb17ea6999dbe5a718b898a

Now we have both go dep and go modules support ;)

With this multiple tools and methods of managing dependencies, I am
not sure whether it is feasible to integrate this in Yocto at all -
though I think I have seen mailing list posts on meta-virtualization
adding vendor information to their recipes, so maybe some progress is
happening there.
Currently arm 32 Golang support is broken in meta-virt (docker), but I am confident it's going to be fixed soon.[5]

[5] https://lists.yoctoproject.org/g/meta-virtualization/message/5488?p=,,,20,0,0,0::Created,,docker,20,2,0,75127700

Best regards,
Irving Tjiptowarsono
Regards,

Robert

Join yocto@lists.yoctoproject.org to automatically receive all group messages.