Re: Adding additional flag in cmake-rpm-macros to disallow the use of the FetchContent module

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, May 27, 2024, at 9:22 AM, Byoungchan Lee via devel wrote:
> In well-maintained Fedora packages, the use of the FetchContent module 
> is generally discouraged because dependencies are already available in 
> the Fedora repositories.
>
> While it's uncertain if build workers in Fedora have internet access, 
> to improve security, I believe it is recommended to entirely disallow 
> the use of the FetchContent module. To achieve this, I propose adding a 
> flag in the cmake-rpm-macros to disable the FetchContent module.
>
> According to the CMake manual 
> (https://cmake.org/cmake/help/latest/module/FetchContent.html), 
> FETCHCONTENT_FULLY_DISCONNECTED=ON seems the flag that disables the use 
> of the FetchContent module.

Homebrew recently implemented a similar restriction https://github.com/Homebrew/brew/pull/17310 which follows a recommendation from a CMake maintainer https://github.com/Homebrew/brew/pull/17075.

In summary FETCHCONTENT_FULLY_DISCONNECTED should not be used to disable FetchContent, instead a trap macro is recommended.

However, I think the Homebrew implementation is not correct either. It is documented that FIND_PACKAGE_ARGS argument in FetchContent_Declare should instruct it to find system packages first. It will break packages that follow this pattern if we trap all FetchContent usage.

It would be better if we can set FindPackage the only dependency provider https://cmake.org/cmake/help/latest/command/cmake_language.html#dependency-providers

> Do I need a formal process to propose this change? Or can I just submit 
> a pull request to the cmake (https://src.fedoraproject.org/rpms/cmake) 
> repository?

This is probably going to break packages. I think a change proposal would be good.

Kan-ru
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux