Date: Tue, 06 May 2025 11:05:22 +0000 From: "Dave Cottlehuber" <dch@FreeBSD.org> To: "Konstantin Belousov" <kostikbel@gmail.com>, "Kyle Evans" <kevans@freebsd.org> Cc: freebsd-git@freebsd.org, "Colin Percival" <cperciva@freebsd.org> Subject: Re: got(1) in base consideration Message-ID: <161bb38e-19e1-48cf-a75a-9a7365a6b841@app.fastmail.com> In-Reply-To: <aBh9uuaPy8Vd9V38@kib.kiev.ua> References: <9f48a955-5f8a-450c-94c1-2a7d9d69ecb9@FreeBSD.org> <aBh9uuaPy8Vd9V38@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 5 May 2025, at 08:58, Konstantin Belousov wrote: > On Sun, May 04, 2025 at 08:50:46PM -0500, Kyle Evans wrote: >> Hi, >> >> I've been toying around with the idea of pulling got(1) into base, but >> hidden off into /usr/libexec and not supporting it for general usage. The >> > > What is the intended audience of the setup? > Who would not install normal git port but still want /usr/src populated? > For what purpose? thanks Kyle Konstantin this sounds very interesting from a releng perspective. >From a security perspective today, building freebsd from trusted sources using a git clone (as we do in official releng builds) requires building git itself, which means we pull in a very large set of dependencies from well outside the FreeBSD project, including python, perl, curl, cmake -- 49 dependencies in all, assuming git-tiny flavour is sufficient. In comparison, got (as built today from ports) requires only: got libretls pkgconf (and pkg ofc) This is a much more reasonable subset. Assuming there's nothing surprising in how we use git in releng, having just enough `got` tooling in FreeBSD source makes our trusted build provenance simpler for somebody to verify. It shouldn't stop anybody from using git directly to build from sources. There are only a few git-related calls in release.sh I will have a crack at building with `got` only. A+ Dave
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?161bb38e-19e1-48cf-a75a-9a7365a6b841>