<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/bitbake/lib/bb/fetch2/npm.py, branch uninative-3.2</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=uninative-3.2</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=uninative-3.2'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2020-01-27T16:48:10+00:00</updated>
<entry>
<title>bitbake: fetch2/npm: refactor the npm fetcher</title>
<updated>2020-01-27T16:48:10+00:00</updated>
<author>
<name>Jean-Marie LEMETAYER</name>
<email>jean-marie.lemetayer@savoirfairelinux.com</email>
</author>
<published>2020-01-24T17:08:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d842e9e738e14fc54c21434755033d6eb6b6f3f2'/>
<id>urn:sha1:d842e9e738e14fc54c21434755033d6eb6b6f3f2</id>
<content type='text'>
This commit refactors the npm fetcher to improve some points and fix
others:

 - The big change is that the fetcher is only fetching the package
   source and no more the dependencies. Thus the npm fetcher act as the
   other fetchers e.g git, wget. The dependencies will be handled later.

 - The fetcher only resolves the url of the package using 'npm view' and
   then forwards it to a proxy fetcher.

 - This commit also fixes a lot of issues with the package names (exotic
   characters, scoped packages) which were badly handled.

 - The validation files - lockdown.json and npm-shrinkwrap.json - are no
   longer used by the fetcher. Instead, the downloaded tarball is
   verified with the 'integrity' and 'shasum' provided in the 'npm view'
   of the package [1][2].

1: https://docs.npmjs.com/files/package-lock.json#integrity
2: https://www.w3.org/TR/SRI

(Bitbake rev: 0f451cdc43130d503ada53ed1b4fc5a24943f6ef)

Signed-off-by: Jean-Marie LEMETAYER &lt;jean-marie.lemetayer@savoirfairelinux.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bitbake: lib: remove unused imports</title>
<updated>2020-01-19T13:31:05+00:00</updated>
<author>
<name>Frazer Clews</name>
<email>frazer.clews@codethink.co.uk</email>
</author>
<published>2020-01-16T16:55:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=0ac5174c7d39a3e49893df0d517d47bec1935555'/>
<id>urn:sha1:0ac5174c7d39a3e49893df0d517d47bec1935555</id>
<content type='text'>
removed unused imports which made the code harder to read, and slightly
but less efficient

(Bitbake rev: 4367692a932ac135c5aa4f9f2a4e4f0150f76697)

Signed-off-by: Frazer Clews &lt;frazer.clews@codethink.co.uk&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bitbake: fetch2/npm: Use npm pack to download node modules instead of wget</title>
<updated>2019-07-27T21:46:09+00:00</updated>
<author>
<name>Mads Andreasen</name>
<email>mads@andreasen.cc</email>
</author>
<published>2019-07-25T19:05:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=bebeed310bfea80eea3e25481ae246fdc9052eb6'/>
<id>urn:sha1:bebeed310bfea80eea3e25481ae246fdc9052eb6</id>
<content type='text'>
Using npm pack to download the main node module and its dependencies
allow for the use of private npm modules and access to them via .npmrc

(Bitbake rev: e5eda3871893e4eadeb311aeb997e183675598f4)

Signed-off-by: Mads Andreasen &lt;mads@andreasen.cc&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bitbake: bitbake: fetch2/npm: fix npw view parsing</title>
<updated>2019-05-21T11:56:34+00:00</updated>
<author>
<name>Jean-Marie LEMETAYER</name>
<email>jean-marie.lemetayer@savoirfairelinux.com</email>
</author>
<published>2019-05-17T15:14:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a35abe31dc23916fd06afdb3a5e22a81ef3df579'/>
<id>urn:sha1:a35abe31dc23916fd06afdb3a5e22a81ef3df579</id>
<content type='text'>
Fixes [YOCTO #13344]

When parsing manually the 'npm view --json' ouput, an extra closing
brackets in a JSON string can leads the fetcher to fail with a
JSONDecodeError exception.

This commit use the JSON parser to extract:
 - The last object in the returned array if there are multiple results.
 - The returned object if there is only one result.

(Bitbake rev: 3d319c79981811d3cfd4732885057db4fd5afcc2)

Signed-off-by: Jean-Marie LEMETAYER &lt;jean-marie.lemetayer@savoirfairelinux.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bitbake: bitbake: Strip old editor directives from file headers</title>
<updated>2019-05-04T09:44:10+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2019-05-01T11:09:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=9501864db80d6caa1401272a7976cd31de85830a'/>
<id>urn:sha1:9501864db80d6caa1401272a7976cd31de85830a</id>
<content type='text'>
There are much better ways to handle this and most editors shouldn't need this
in modern times, drop the noise from the files. Its not consitently applied
anyway.

(Bitbake rev: 5e43070e3087d09aea2f459b033d035c5ef747d0)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bitbake: bitbake: Add initial pass of SPDX license headers to source code</title>
<updated>2019-05-04T09:44:04+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2019-04-30T10:05:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=79834a71447f89c52c6c9ad62c9bcbf9b8e0e05b'/>
<id>urn:sha1:79834a71447f89c52c6c9ad62c9bcbf9b8e0e05b</id>
<content type='text'>
This adds the SPDX-License-Identifier license headers to the majority of
our source files to make it clearer exactly which license files are under.

The bulk of the files are under GPL v2.0 with one found to be under V2.0
or later, some under MIT and some have dual license. There are some files
which are potentially harder to classify where we've imported upstream code
and those can be handled specifically in later commits.

The COPYING file is replaced with LICENSE.X files which contain the full
license texts.

(Bitbake rev: ff237c33337f4da2ca06c3a2c49699bc26608a6b)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bitbake: fetch2/npm.py: Allow shrinkwrap resolved relative URL which startswith 'http' (e.g http-proxy)</title>
<updated>2018-11-21T11:54:47+00:00</updated>
<author>
<name>Parthiban Nallathambi</name>
<email>pn@denx.de</email>
</author>
<published>2018-11-16T18:07:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=83b587e77baac9991a1073af99c82210d07e2b90'/>
<id>urn:sha1:83b587e77baac9991a1073af99c82210d07e2b90</id>
<content type='text'>
shrinkwrap resolved relative URL can start with http. For example,
"resolved: http-proxy/-/http-proxy-${PV}.tgz" is still relative URL
to npm registry, but starts with http.

Current if statement compares the startswith 'resolved' to 'http',
which makes impossible to use npm download. Condtional comparison
now strictly checks for "http://" and "https://"

(Bitbake rev: f76075aa1a5159fd4d62949cb588346888b9fe60)

Signed-off-by: Parthiban Nallathambi &lt;pn@denx.de&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bitbake: fetch2: fix import error for Python 3.6.5</title>
<updated>2018-05-29T20:07:46+00:00</updated>
<author>
<name>Tzu Hsiang Lin</name>
<email>t9360341@ntut.org.tw</email>
</author>
<published>2018-05-21T17:56:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=719d068bde55ef29a3468bc0779d4cb0c11e8c1d'/>
<id>urn:sha1:719d068bde55ef29a3468bc0779d4cb0c11e8c1d</id>
<content type='text'>
When running bitbake command with Python 3.6.5 always result in
import error causing by the change of distutils module.
This patch replaces the method to search executable in PATH by
"/usr/bin/env &lt;command&gt;".

(Bitbake rev: bd9a1b063633af2936ba1dd87b19202424900151)

Signed-off-by: Tzu Hsiang Lin &lt;t9360341@ntut.org.tw&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bitbake: fetch2/npm.py: Fix inverted condition to prevent infinite loop</title>
<updated>2018-02-14T15:26:03+00:00</updated>
<author>
<name>Böszörményi Zoltán</name>
<email>zboszor@pr.hu</email>
</author>
<published>2018-02-04T08:36:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=bb3a634226c68b235d0110b9955d0aae7dde994a'/>
<id>urn:sha1:bb3a634226c68b235d0110b9955d0aae7dde994a</id>
<content type='text'>
At least the cli-color node module has dependencies that have
cyclic dependency among themselves. npm.py is prepared to deal
with such a case but the condition is handled only for downloading
or not a dependency again, but then it goes checking the its
dependency which causes an infinite loop in _getdependencies().
Make this function simply return when a dependency is already
downloaded and only download and check its dependencies when not.

(Bitbake rev: 545540420112992e53f4a83104af10452df168d0)

Signed-off-by: Zoltán Böszörményi &lt;zboszor@pr.hu&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bitbake: fetch2/npm: add noverify parameter to skip lockdown/shrinkwrap</title>
<updated>2017-08-31T22:30:04+00:00</updated>
<author>
<name>Paul Eggleton</name>
<email>paul.eggleton@linux.intel.com</email>
</author>
<published>2017-08-30T23:30:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=29c8eb4759714ace5056933e793076cbc4377888'/>
<id>urn:sha1:29c8eb4759714ace5056933e793076cbc4377888</id>
<content type='text'>
When fetching source for the first time within scripts such as
OpenEmbedded's recipetool, we don't want to be showing warnings about
NPM_SHRINKWRAP or NPM_LOCKDOWN not being set since there's no way we
could have set them in advance. Previously we were using
ud.ignore_checksums to suppress these but since we are now using a more
standard task-based path to fetch the source, we need to disable these
through the metadata. Look for a "noverify" parameter set on the npm URL
and skip the checks if it is set to "1".

(Bitbake rev: 8c4b35d1e4d31bae9fddd129d5ba230acb72c3bb)

Signed-off-by: Paul Eggleton &lt;paul.eggleton@linux.intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
