From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:470:142:3::10]:45549)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iwiHX-0004Xi-Db
 for guix-patches@gnu.org; Wed, 29 Jan 2020 03:01:04 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iwiHW-0002rG-6g
 for guix-patches@gnu.org; Wed, 29 Jan 2020 03:01:03 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:55451)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1iwiHW-0002r9-3I
 for guix-patches@gnu.org; Wed, 29 Jan 2020 03:01:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iwiHW-0006OW-2c
 for guix-patches@gnu.org; Wed, 29 Jan 2020 03:01:02 -0500
Subject: bug#39263: [PATCH 2/2] gnu: godot: Unbundle some dependencies.
Resent-To: guix-patches@gnu.org
Resent-Message-ID: <handler.39263.D39263.158028483324533.done@debbugs.gnu.org>
References: <20200124150226.27294-1-timotej.lazar@araneo.si>
 <20200124150226.27294-2-timotej.lazar@araneo.si> <87y2tv6gie.fsf@cbaines.net>
 <875zgvtpge.fsf@araneo.si>
From: Christopher Baines <mail@cbaines.net>
In-reply-to: <875zgvtpge.fsf@araneo.si>
Date: Wed, 29 Jan 2020 08:00:27 +0000
Message-ID: <87v9ouofok.fsf@cbaines.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Timotej Lazar <timotej.lazar@araneo.si>
Cc: 39263-done@debbugs.gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Timotej Lazar <timotej.lazar@araneo.si> writes:

> Thanks for the feedback! I am sending updated patches after this reply.
>
> Christopher Baines <mail@cbaines.net> [2020-01-25 09:16:08+0000]:
>> I did have a look if the package builds with the mbedtls-apache
>> package, rather than using the included source code, and it looks to.
>> Although I'm aware that [1] says there are modifications.
>
> The two Godot patches for mbedtls don=E2=80=99t seem to be relevant to Gu=
ix, so
> I replaced the bundled copy with the mbedtls-apache package. I don=E2=80=
=99t
> have a use case to test this, but the minimal example from the
> HTTPRequest tutorial seems to work OK with an HTTPS URI.

Wonderful :)

> Christopher Baines <mail@cbaines.net> [2020-01-25 09:18:33+0000]:
>> One thought I had here is that it would be more rigorous to have a list
>> of directories that are kept, and anything not on the list is deleted.
>> That way it's harder for new thirdparty dependencies to sneak in.
>
> Makes sense. As you suggest, I flipped the logic for removing thirdparty
> files: whitelist preserved files and remove everything else. The snippet
> can only preserve direct children of the thirdparty/ directory, which
> keeps it simple but perhaps not flexible enough in the long run.

Great, this looks really useful.

> Do we generally prefer whitelisting bundled files? Most packages I have
> seen (and written) do the opposite and list the files to remove. Maybe
> we could add a guideline somewhere? Or point me to the one I missed. :)

I don't know if it's written down somewhere, all I can say is it
occurred to me when looking at the package definition.

I've pushed the 3 latest patches you sent to master, so they're included
in 18f8e935e85a99d5c284c0a6b719351a402ada21.

Thanks,

Chris

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQKSBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl4xO5xfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE
9XfuMQ/4nNxYIpA9DR5InMRzcOvXWDkkg2PH6prAXBYMMusC1DtgSoUUbqMqsarv
RSE0m5vDXFQIgoE/c6XXMy7aGjJkPciigGZCCgtENy3s14kGVujzRnsyPBxl8a7J
XWIwdZ5tazPMpsOowz6D6YZsCHLY6yoGip8pdO28Vwj4WUF6Kkq0Q00ePYlssTpN
r8CwYdyc79B4r5sDkolLSwwnZZx/iUeLA7Gm7b85Pvd9+Bbeww3RKsu7RU814Sud
weaA3oKZQl6pNIzT5AfIUW0p+TpS2LxJKW1EXT1WpB6qBTJphWzYtMBxbZx2EkGv
z0AYHXpq2TQzcDAYGNTnPu7uP7xoT5SzODzh0yat2tnmGoXoySyDlroVS9AaITfA
9qdfMb97ZlGk2ka5b06HizitMFyQhbC5qbqgh0v0Ocqrjbnq9yuW8OQFwDVlYHvQ
CIIiuvm/FtQivU0esdVZrDdwWd8Yv5panStGIKXHNHLlh7Vx/dBTkt72UeF0tQKY
SZL71l6ZbFUNLNjD0pRhdlU+4YRi73S7QDoF0arFlT8EqDKpcf5bOJi+EB4h6P3T
xpLY2KWWheke3WqKwNGIhirRuiUw2t92a3Yzc/6HQ3Nm2GOST77R8wWwjusXJZCY
LBWoV+PRcddmSwROnOs3DxV0uuqw4qbMSO/cDGgOvxLcGqKJ7w==
=Wj4Z
-----END PGP SIGNATURE-----
--=-=-=--