search

anatol / quarry

Rubygems binary repository for Arch Linux
GNU General Public License v3.0
53 stars 25 forks source link

Show dependencies of gems #31

Closed carstene1ns closed 9 years ago

carstene1ns commented 9 years ago

It would be nice to have a command to show some kind of dependency graph to see which gems will be added to the repository when a gem is whitelisted. Also, this could be used to find the "offender" that needs some rather old slot version of a gem.

pactree comes to mind, but that only works after the addition to the database:

ruby-guard
|-ruby
|-ruby-formatador
| `-ruby
|-ruby-listen
| |-ruby
| |-ruby-rb-fsevent
| | `-ruby
| `-ruby-rb-inotify
|   |-ruby
|   `-ruby-ffi
|     `-ruby
|-ruby-lumberjack
| `-ruby
|-ruby-nenv
| `-ruby
|-ruby-notiffany
| |-ruby
| |-ruby-nenv
| `-ruby-shellany
|   `-ruby
|-ruby-pry
| |-ruby
| |-ruby-coderay
| | `-ruby
| |-ruby-method_source
| | `-ruby
| `-ruby-slop-3
|   `-ruby
|-ruby-shellany
`-ruby-thor
  `-ruby

It should be possible to implement this using the rubygems api, as there is already a command to display them (gem dependency):

Gem guard-2.13.0
  formatador (>= 0.2.4)
  listen (<= 4.0, >= 2.7)
  lumberjack (~> 1.0)
  nenv (~> 0.1)
  notiffany (~> 0.0)
  pry (>= 0.9.12)
  shellany (~> 0.0)
  thor (>= 0.18.1)

However, this can not easily filter out slot versions.

anatol commented 9 years ago

What exactly issue you want to solve with this tool? Quarry itself does not care about dependencies and pulls everything a gem needs. If there are old version requirements then it creates all slot versions as well.

carstene1ns commented 9 years ago

Yes, i think of the following use cases:

You cannot know this is needed, because it is not in the whitelist. I think it would be worth to have some way to find out which gems actually depend on this, so it can be considered to remove them (or patch them/contact upstream/etc.) It would make it possible to keep the repository small and simple.

If you just add it to the whitelist, quarry will work a bit and you have a few (maybe 100!) new packages, but you cannot predict before, how many will be added/if they need some tweaks/etc. The dependency chain could tell you how many needed packages are already present in the repository and how many need to be added.

anatol commented 9 years ago

it would be worth to have some way to find out which gems actually depend on this, so it can be considered to remove them

There is a script called lib/cleanup.rb that does exactly this.

The dependency chain could tell you how many needed packages are already present in the repository and how many need to be added

It does not really matter how many gems will be added. quarry can manage any number of dependencies.

carstene1ns commented 9 years ago

cleanup.rb will only remove packages, if they are not needed anymore. It cannot tell you which package you need to remove from the whitelist, if you want some dependency removed. But I see a dependency tracker is not needed for your workflow, so closing.