Roll install_deps.sh into pinned_build.sh #832
Conversation
|
The downside with this is that it encourages users to run the entire script as root, where really only just the |
That is a really good point! I added code that prepends |
for Debian-family OSes
…rt if used externally).
ae6ec74 to
7ec00d4
Compare
There was a problem hiding this comment.
I had a look and I am not convinced this change is desirable because:
install_deps.shcan be useful even if you don't want to do the pinned build. I used it myself to install the dependencies, even though I was doing the unpinned build.- it now requires sudo permissions every time
pinned_build.shis run, instead of just when runninginstall_deps.sh(which is typically run only once). - the shell script is more complex than the two scripts were before, but I think we actually lost functionality.
- I think having the install_deps step separate may be better for people building on other platforms, like MacOS, as it makes it obvious that they have to install dependencies themselves, and the script is easier to understand.
This deviates from the instructions in the
I agree it is not ideal to prompt a user for their password each time the script is invoked. However, the purpose of this script is to build binaries using the exact dependencies specified by your team - not to do casual builds. These builds should be performed in a clean environment where we do not expect the dependencies to already exist, such as a clean virtual machine, a docker container, or a CI system. In some of these cases (docker), no password is needed. If the password is needlessly invoked, root permissions are only available to
I suspect the "lost" functionality is not the intended use-case for these scripts, as described above.
There are multiple warning messages for this purpose, one at the beginning and one when the |
That really isn't the purpose of the script and it's missing some dependencies required for unpinned builds (boost, llvm). It's more of a
I agree, this does seem like a regression. It's also seemingly at odds with the reasoning behind this change #812 (comment) as now the user does always expect the script to prompt for a password.
Probably out of scope, since the |
I can add code to detect if the dependencies exist, but I just don't think this is worth our time - especially for a script you told me not to invest too much time into because you plan to delete it. I rolled these together because having two separate scripts cost me several hours of time because I did not read the instructions that in the I think our goal should be focusing on making these processes easier for downstream consumers to do, above some ideological principle like "it is bad to ask for sudo." I would double-down on this stance after the last BP call. Our process is already so complicated that people do not update. |
|
in pinned_build.sh don't prompt me to run |
|
I still don't see this change as an improvement. I'd rather have two dead simple scripts, |
…s are already installed
I found that this may be the fastest way to move forward. I have gone ahead and pushed changes that look for the list of dependencies and only run the code invoking |
They aren't simple, though. It does not make sense to have two different scripts for a pinned build. It is also not easier to debug - I spent over two hours trying to debug missing dependencies because I did not read my own instructions in the |
scripts/pinned_build.sh
Outdated
| zlib1g-dev | ||
| DEPENDENCIES="$(cat "$SCRIPT_DIR/pinned_deps.txt")" | ||
| echo 'Checking for missing package dependencies.' | ||
| dpkg -l $DEPENDENCIES &> /dev/null && MISSING_DEPS='false' || MISSING_DEPS='true' |
There was a problem hiding this comment.
you can put the command directly inside the if, so you don't need a MISSING_DEPS variable.
This doesn't look sufficient, as just installing and uninstalling the package still returns 0 exit code, for example
# dpkg -l cmake ; echo $?
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-============-============-=================================
un cmake <none> <none> (no description available)
0
There was a problem hiding this comment.
This is really good feedback! I switched from dpkg -l to dpkg -s, which I verified does not have the problematic behavior on Ubuntu 22.04:
Thank you.
💯 but the solution is not more complex build scripts. |
The original two scripts are significantly simpler than your new version. They are easier to understand, esp. if the user doesn't know the bash scripting language. Each does exactly what its name implies, no more, no less. They don't have to jump through hoops to check if deps are already installed, or whether to run |
…or quote to avoid splitting) Note: This implementation is backwards-compatible with BASH 3.x for macOS
I did not use any BASH syntax that was not already present. The
Except For example, In any case, this does not matter because I have added code to detect whether dependencies are missing or not in a Debian-family OS, then only invoke |
|
Closing because this body of work has been split into three smaller pieces to help address some of the contention and make forward-progress:
Please continue the conversation there. |
From issue 735, this pull request rolls
scripts/install_deps.shintoscripts/pinned_build.shwith a guard for operating systems that are not in the Debian family because theinstall_deps.shscript is not used by anything else. I also sorted the packages, put them each on their own line (for traceability and readability), addressed one linter suggestion about my changes, added some print statements, and updated the pinned build instructions in theREADME.md.See Also
Pull Request 832 - Rollinstall_deps.shintopinned_build.shlibcurl4-openssl-devREADME.mdFormatting