[Buildroot] [PATCH 05/16 v5] core/legal-info: ensure legal-info works in off-line mode

[Yann E. MORIN <yann.morin.1998@free.fr>]

Thomas, All,

On 2016-03-19 15:47 +0100, Thomas Petazzoni spake thusly:
> On Fri, 11 Mar 2016 18:49:18 +0100, Yann E. MORIN wrote:
> > Almost all packages which are saved for legal-info have their source
> > archives downloaded as part of 'make source', which makes an off-line
> > build completely possible [0].
> > 
> > However, for the pre-configured external toolchains, the source tarball
> > is different, as the main tarball is a binary package. And that source
> > tarball is only downloaded during the legal-info phase, which makes it
> > inconvenient for full off-line builds.
> > 
> > We fix that by adding a new rule, $(1)-legal-source which only
> > $(1)-all-source depends on, so that we only download it for a top-level
> > 'make source', not as part of the standard download mechanism (i.e. only
> > what is really needed to build).
> > 
> > This new rule depends, like the normal download mechanism, on a stamp
> > file, so that we do not emit a spurious hash-check message on successive
> > runs of 'make source'.
> > 
> > This way, we can do a complete [0] off-line build and are still able to
> > generate legal-info, while at the same time we do not incur any download
> > overhead during a simple build.
> 
> I am wondering what is the motivation for making "make legal-info"
> absolutely executable off-line, after a "make source".

I think you (sort of) got it backwards.

The reason is not about doing "make source; make legal-info", but to be
able to do "make source" and store all in a local mirror for example.

Companies like not to rely on third-party /storage/ and want to mirror
the whole world, just in case (and that's sane; one can not rely on a
third party for legal stuff, especially one that is not sub-contracted
to that effect, like most FLOSS projects are).

So, really, the case for "make source" to also retrieve the actual
sources is about being able to not rely on the upstream for legal-info.

> I was about to
> apply this patch, so my opinion is definitely not firm on this, but
> I have some concern:
> 
>  * Now "make source" is downloading more stuff than is actually needed
>    to do the build. And potentially a *lot* more this is going to
>    download the source code for the toolchain, which you absolutely
>    don't care about. So for a CodeSoucery ARM toolchain, instead of
>    download just the 97 MB of the toolchain, you would download 97 MB +
>    278 MB of source code. You're basically quadrupling the data to be
>    downloaded for the toolchain itself.

Yes, this is unfortunate when one is not interested in legal compliance
(e.g. for a purely internal use without redistribution).

>  * Now, after a successful build, "make source" will no longer be a
>    no-op operation, because "make source" will also download the files
>    needed for legal-info. This is IMO rather unexpected.

I see. This can indeed be seen as unexpected.

However, I was pondering another change, whereby the build would
*always* trigger legal-info. I am absolutely not sure about that one,
but I like that "make" generates *all* output artifacts, of which I
consider legal-info to be part. But this is for another day, if ever...

> Now whether those two concerns are really sufficient to justify a
> different implementation can be discussed. One possible solution is to
> have a "make legal-info-source", which would download whatever
> legal-info needs to be executed offline.

I'm not so sure. One interesting point in hooking into "make source" is
that everyine already knows about it. I am not too fond of adding yet
another top-level make target...

But if that would allow for the merging of that series faster, I'd be OK
with that.

> That being said, we're really talking about a few corner cases, because
> essentially, only the external toolchains currently make use of
> <pkg>_ACTUAL_SOURCE.

And when the user has a local download directory outside of Buildroot,
it acts as a cache, and it will be doewnloaded only once.

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'