[WIP] vendor git #497
[WIP] vendor git #497
Conversation
This reverts commit b05a596.
The vendor Git will be put inside `Library/Homebrew/vendor/portable-git/<version>`, with a symlink `Library/Homebrew/vendor/portable-git/current` pointed to it. In addition, a `Library/Homebrew/vendor/portable-git-version` will track the latest version of vendor binaries. This gives us version control on vendor Git and enables us to bump vendor Git whenever needed such as security update.
Also add `--homebrew=fail-on-old-vendor-version` to easy version check
Also add git version check for `git_available?`
Ok, 🆒. In the mean time: I definitely think we want/need to vendor Ruby but I'm much less convinced for Git (or Curl). I think we should lean on
|
|
First of all, I think we should first acknowledge that in long term we want to make the core code, i.e.
This can also be applied to ruby because it's bundled with openssl. Since we have to vendor ruby anyway, the differential maintaining cost is less than the gain. Even more, vendor git and curl will never be used outside Homebrew.
This won't work for following reasons:
This is not entirely true. We still support to install Homebrew using curl instead of git Besides the reasons mentioned above, there is a more important issue. For approach like |
I don't think the core code being cross platform necessitates that we must provide portable, binary, vendored dependencies for each of these tools on each of these platforms. I think Ruby is a special case because it's required to run any Homebrew/brew code and we've wanted to use Ruby 2 for a long time and it's the only way we can do so.
Ruby's OpenSSL is not used for downloads so it's not the same. Our vendored Ruby will not need to be updated on every (possibly any) OpenSSL update as a result.
In that case: why not install the Homebrew/homebrew-core tap in the same way? Then we can
I don't agree. The vendor system (even once it's been documented/rolled out to users) adds a lot of maintenance overhead and process changes. Regardless: stepping aside for a minute: Homebrew/brew is not cross-platform yet and it's not being used by Tigerbrew. Linuxbrew requires you to |
I explored this in #36, which is way better than
I acknowledge it introduces some overhead. But comparing with existed overhead for vendor ruby,
As far as from my daily usage, this has not been the case since Linuxbrew starts to do bottle. For now, Homeberw's hard deps are curl and git, in addition of Xcode/CLT if you cannot use bottle. Linuxbrew's hard deps are just curl, git, which makes it less deps than Homebrew.
We can see plenty on Linuxbrew: cc @sjackman and @mistydemeo Who should have more experience than me why Homebrew depends on curl and git formula is a bad idea. |
I'm OK with tapping the core tap using
As mentioned: vendored Git and Curl will need updated far more frequently.
But none on Homebrew, which is my point and it's unclear whether we would see the same given the linking differences on both platforms. I don't mind if Linuxbrew uses this vendor system to install their If you want to get us to that stage the best thing we can do is:
|
However, I have changed my mind on that. Using curl to tap core tap during Homebrew installation may make sense. But it's definitely a bad idea to do it automatically inside Homebrew. The reason is the same as
If it's a just git and curl version update, in long term, we can in fact to make it to be done fully automatically. e.g. auto update
That's because even we ship vendor git now, it will still be mostly used in old systems like Tigerbrew and Linuxbrew. There is a survival basis here. The majority of normal Homebrew users will always use git and curl from Apple. Make no mistake. Vendor system is never intended to be used by everyone.
Even without linking issue and assume git formula and curl formula are self contained(which are not true in reality), it would still be a bad idea. For example, users can always run
We can of course do this, as from the starting point vendor git and curl is meant to be mostly used by Linuxbrew and old systems like Tigerbrew. And they are not near urgent like Ruby does. But may I ask not to judge vendor as a bad idea for git and curl too soon? |
I don't see a big difference between install and runtime but 👍 to having less code in Homebrew itself.
If you get everything setup and written so it's automatic I'll be a lot more 👍 on this PR. I do think it needs done before this PR is merged, though. I still don't think the documentation or tooling is where is should be for the vendored Ruby and I think it's a shame we're focusing on this before that is done.
If it's not intended to be used on any Homebrew supported platforms: I'm not sure I understand why Homebrew maintainers are responsible for building and maintaining these formulae. Again, this is more arguments for it being at the bottom of the list I mentioned.
Sure, I understand the differences, I'm just (still) not convinced the trade-offs are worth it for the moment. Ruby was/is different because we can't have
If it's not used by the vast majority of Homebrew users and Tigerbrew and Linuxbrew aren't using an unmodified Homebrew/brew: it's far too soon to be including this. As an aside, Tigerbrew is currently not using Homebrew/brew at all and we don't have access to a 10.4 VM for testing. If you want us to better support Tigerbrew getting those things fixed first is another requirement before we can sensibly include these. It's obviously up to you what you work on and when you work on it but I'll be a very strong 👎 on merging this for Git or Curl for a long time and I've suggested in this issue a lot of things that are far higher priority (and actually blocking) this PR from being included. I don't want to monopolise conversation here but it does seem a bit premature to have this PR opened and definitely merged before more of those other things are addressed. |
It is not intended widely used by average Homebrew users rather than not be used at all. There is a difference here. For example, no Xcode/CLT configuration is the same that not intended to be widely used yet.
I have stated enough reasons. So I don't want to repeat again that in long term vendor is the best solution from stability and robustness respect. Why we want to force certain users to use unideal solution when there is a much better one. One of biggest reasons that I'm 👎 on using formula to solve this problem is the fact it works terribly on Linuxbrew.
I'm not suggesting to merge this immediately as it's labeled as WIP. And how a PR can be opened premature? I acknowledge there are much to do, which are what I'm actually working on, i.e, to make it perfection. But you are basically tell me not working on this and vendor is a bad idea without much consideration on its actual use context, which is very frustrated. |
If you're asking for review and discussion when there's other, blocking dependencies that do not have PRs.
I said I'm not and can't tell you what to work on but: yes, I think working on this right now is not sensible when there's other work that needs done before this can be included in any form.
I have considered it: you've just not convinced me that it's necessary for Homebrew users, particularly right now. It's also frustrating to have things that are worked on, almost done and then neglected. Some examples:
I can't really understand why we're spending time discussing the pros and cons of the vendor system when it's still not been tested by our users in production. |
I think we're at the point where it should just be turned on now. |
Need to fix or boneyard at least these formulae Homebrew/homebrew-core#342 and then enable it just for homebrew/core to start with. |
There's something other than homebrew/core? 🙈 |
|
Closing this; it's marked "do not merge", "in progress" and has conflicts. I'd recommend an issue first to reach some consensus on how we want to implement this (if at all). |
I will add some explanation in later time.