Re: request for packaging review - singularity-container
Hi Afif,
On 02/11/18 05:39, Afif Elghraoui wrote:
> In the HPC team, we maintain the singularity-container package, which
> was recently rewritten in Go. This is the first Go package I've ever
> built, so I was hoping one of you would look it over to make sure it's
> done properly.
So I took a quick look at this.
The main 2 things that catch my attention are the build system and the
vendored dependencies.
About the build system, I am not sure what are they trying to do here,
but my suggestion would be to try to ignore it completely and use
dh-golang, which would make your life simpler. You are doing some weird
(to me) things in debian/rules, but all that goes away if you switch to
a standard build.
Then, the vendoring directory is a problem. This is standard in the
golang world, and our biggest source of headache as maintainers. You
have there a source copy of half the archive, with different versions
and possible security vulns lurching. What we do is to remove first
everything that is already packaged, then package as much as possible of
the rest, and only leave vendored small unimportant libs, or libs that
are part of the project and are too intertwined to split in a different
package. THis is the part that might take 90% of your work.
Feel free to pop in #debian-golang if you need help with anything. Good
luck! :)
--
Martín Ferrari (Tincho)
Reply to: