Discussion:
[gentoo-user] gradle as source? How safe are overlays?
(too old to reply)
n952162
2023-10-16 19:30:01 UTC
Permalink
In order to build an android app, I need gradle.  Apparently, there's
only a binary version in gentoo, dev-java/gradle-bin, but there's a
source version in the mva overlay.  Why might it only be in an overlay?

This link:

https://wiki.gentoo.org/wiki/Gradle#Availability

links to:

https://github.com/msva/mva-overlay/tree/master/dev-java/gradle

containing 3 files, none of which is 100 lines.

If that's all it takes, why not be part of the distribution?

TIA
Viktar Patotski
2023-10-16 19:40:01 UTC
Permalink
Usually all gradle projects contain gradle wrappers (gradlew.bat and
gradlew.sh). If you have them, you just need Java and run: ./gradlew build

Viktar
In order to build an android app, I need gradle. Apparently, there's
only a binary version in gentoo, dev-java/gradle-bin, but there's a
source version in the mva overlay. Why might it only be in an overlay?
https://wiki.gentoo.org/wiki/Gradle#Availability
https://github.com/msva/mva-overlay/tree/master/dev-java/gradle
containing 3 files, none of which is 100 lines.
If that's all it takes, why not be part of the distribution?
TIA
n952162
2023-10-16 19:40:01 UTC
Permalink
Post by Viktar Patotski
Usually all gradle projects contain gradle wrappers (gradlew.bat and
gradlew.sh). If you have them, you just need Java and run: ./gradlew build
Yes, that was the case with f-droid/sms-ie-master, totally easy. But not
for f-droid/mupdf, unfortunately.  But I read that it's easy enough to
generate a gradlew - if you have gradle ...
Michael Orlitzky
2023-10-16 21:00:02 UTC
Permalink
Post by n952162
Why might it only be in an overlay?
Because it bundles 100+ other packages. That is inherently a security
risk, although plenty of people use Windows and install all of their
software that way and are perfectly happy on those days of the year
when their documents aren't encrypted by ransomware.
n952162
2023-10-17 05:30:01 UTC
Permalink
That's what I was afraid of hearing .... ;-)
Post by Michael Orlitzky
Post by n952162
Why might it only be in an overlay?
Because it bundles 100+ other packages. That is inherently a security
risk, although plenty of people use Windows and install all of their
software that way and are perfectly happy on those days of the year
when their documents aren't encrypted by ransomware.
Loading...