Re: got(1) in base consideration

On Mon, 5 May 2025, at 08:58, Konstantin Belousov wrote:
> On Sun, May 04, 2025 at 08:50:46PM -0500, Kyle Evans wrote:
>> Hi,
>> 
>> I've been toying around with the idea of pulling got(1) into base, but
>> hidden off into /usr/libexec and not supporting it for general usage. The
>>
>
> What is the intended audience of the setup?
> Who would not install normal git port but still want /usr/src populated?
> For what purpose?

thanks Kyle

Konstantin this sounds very interesting from a releng perspective.

From a security perspective today, building freebsd from trusted sources
using a git clone (as we do in official releng builds) requires building
git itself, which means we pull in a very large set of dependencies
from well outside the FreeBSD project, including python, perl, curl, 
cmake -- 49 dependencies in all, assuming git-tiny flavour is sufficient.

In comparison, got (as built today from ports) requires only:

got
libretls
pkgconf
(and pkg ofc)

This is a much more reasonable subset. Assuming there's nothing surprising
in how we use git in releng, having just enough `got` tooling in FreeBSD
source makes our trusted build provenance simpler for somebody to verify.

It shouldn't stop anybody from using git directly to build from sources.
There are only a few git-related calls in release.sh I will have a crack
at building with `got` only.

A+
Dave