[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: building platform-tools without splitting out dependencies (e.g. boringssl)



Hey rosh,

Thanks for all your work maintaining these packages.

Another thing I'd like to add is that the preview tags aren't very useful.

Google releases major versions of Android on a yearly schedule - there are preview builds before that, those are not fully open source.

However, android includes various GPL code, for which they do need to release the source code, and they just tag all projects, most of which don't correspond to the actual source code used. So we've always avoided preview tags.

The latest platform-tools tag is https://android.googlesource.com/platform/manifest/+/refs/heads/platform-tools-33.0.1 - and we would like to update platform-tools to that.

On Thu, Jul 7, 2022 at 6:52 PM Hans-Christoph Steiner <hans@guardianproject.info> wrote:

Hey rosh,

Thanks for all your ongoing work with the Android Tools packages!  I wanted to
ask you something about the *-platform-tools package.  After years of trying to
split out upstream source repos into Debian packages, Chirayu led the charge on
a new approach of building based on how upstream does it, with statically
linking in all the dependencies.  Although this sucks compared to how Debian
manages dependencies, it has proven to be a ton of work to do things differently
with the Android Tools packages.  Other packages with builds like this, Chromium
for example, now also do this.  Otherwise, we can't keep up with updates from
upstream.

So we recently saw that you split out the boringssl dependency from the
-platform-tools package.  boringssl is a classic example of why we have to build
like upstream does.  boringssl does not have releases at all.  Projects that use
boringssl pin to a specific commit, and all new work is just merged to the main
branch.  That means that sharing boringssl binaries between projects could break
things, since the projects could require different commits of boringssl.

.hc

--
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556

Reply to: