Bug#1060840: ITP: golang-k8s-sigs-release-utils -- utilities for kubernetes Go release engineering (library)

To: Simon Josefsson <simon@josefsson.org>
Cc: 1060840@bugs.debian.org
Subject: Bug#1060840: ITP: golang-k8s-sigs-release-utils -- utilities for kubernetes Go release engineering (library)
From: Shengjing Zhu <zhsj@debian.org>
Date: Mon, 15 Jan 2024 22:37:13 +0800
Message-id: <[🔎] CAFyCLW_va3Yx660xq0GV9HwHgv_6=ZxCzb+vWJHhD7XG+oG97g@mail.gmail.com>
Reply-to: Shengjing Zhu <zhsj@debian.org>, 1060840@bugs.debian.org
In-reply-to: <[🔎] 871qaillla.fsf@kaka.sjd.se>
References: <[🔎] 871qain33c.fsf@kaka.sjd.se> <[🔎] CAFyCLW8-OOhb98OwXFYUw+MeQc5x0XM-XAbebU4gehJUOedfng@mail.gmail.com> <[🔎] 871qaillla.fsf@kaka.sjd.se> <[🔎] 871qain33c.fsf@kaka.sjd.se>

On Mon, Jan 15, 2024 at 10:25 PM Simon Josefsson <simon@josefsson.org> wrote:
>
> Shengjing Zhu <zhsj@debian.org> writes:
>
> > On Mon, Jan 15, 2024 at 9:27 PM Simon Josefsson <simon@josefsson.org> wrote:
> >>
> >> Package: wnpp
> >> Severity: wishlist
> >> Owner: Simon Josefsson <simon@josefsson.org>
> >>
> >> * Package name    : golang-k8s-sigs-release-utils
> >>   Version         : 0.7.7-1
> >>   Upstream Author : Kubernetes SIGs
> >> * URL             : https://github.com/kubernetes-sigs/release-utils
> >> * License         : Apache-2.0
> >>   Programming Lang: Go
> >>   Description     : utilities for kubernetes Go release engineering (library)
> >>
> >>  Tiny utilities for use by the Release Engineering subproject and
> >>  kubernetes/release (https://github.com/kubernetes/release/).
> >>
> >
> > Which package will need this library? It looks strange by the name and
> > description. We certainly don't do the release stuff for kubernetes.
>
> Sigstore's rekor complained:
>
> https://salsa.debian.org/jas/golang-github-sigstore-rekor/-/jobs/5160982
>
> src/github.com/sigstore/rekor/cmd/backfill-redis/main.go:44:2: cannot find package "sigs.k8s.io/release-utils/version" in any of:
>         /usr/lib/go-1.21/src/sigs.k8s.io/release-utils/version (from $GOROOT)
>         /builds/jas/golang-github-sigstore-rekor/debian/output/source_dir/_build/src/sigs.k8s.io/release-utils/version (from $GOPATH)
>
> Use is here:
>
> https://github.com/sigstore/rekor/blob/main/cmd/backfill-redis/main.go#L44
>

Hmm, then this library is needed.

However I just checked the code in sigs.k8s.io/release-utils/version,
I'm afraid it's not compatible with how we build Go binaries in
Debian.
We don't have any VCS info when building the binaries. And we use
GOPATH mde as well. So the Go compiler can't inject any version info
in the binaries.
This code https://github.com/sigstore/rekor/blob/main/cmd/backfill-redis/main.go#L103
would probably just print "unknown, unknown"...

> Can you think of some other solution than packaging
> golang-k8s-sigs-release-utils?  I would be happy to learn about
> alternative approaches to reduce golang dependencies.
>
> /Simon



-- 
Shengjing Zhu

Reply to:

Follow-Ups:
- Bug#1060840: ITP: golang-k8s-sigs-release-utils -- utilities for kubernetes Go release engineering (library)
  - From: Simon Josefsson <simon@josefsson.org>

References:
- Bug#1060840: ITP: golang-k8s-sigs-release-utils -- utilities for kubernetes Go release engineering (library)
  - From: Simon Josefsson <simon@josefsson.org>
- Bug#1060840: ITP: golang-k8s-sigs-release-utils -- utilities for kubernetes Go release engineering (library)
  - From: Shengjing Zhu <zhsj@debian.org>
- Bug#1060840: ITP: golang-k8s-sigs-release-utils -- utilities for kubernetes Go release engineering (library)
  - From: Simon Josefsson <simon@josefsson.org>

Prev by Date: Bug#1060840: ITP: golang-k8s-sigs-release-utils -- utilities for kubernetes Go release engineering (library)
Next by Date: Bug#1060839: ITP: golang-github-adamkorcz-go-fuzz-headers-1 -- helper functions for Go fuzzing (library)
Previous by thread: Bug#1060840: ITP: golang-k8s-sigs-release-utils -- utilities for kubernetes Go release engineering (library)
Next by thread: Bug#1060840: ITP: golang-k8s-sigs-release-utils -- utilities for kubernetes Go release engineering (library)
Index(es):
- Date
- Thread