Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
What are the advantages/disadvantages of using Cocoapods vs. Git Submodules? I am aware that there are several differences, but I would like to find out more about the advantages and disadvantages of using either system. Thanks!
Git submodules shouldn't be used for dependancy management. I suggest you to use Cocoapods.
Git Submodule
Pros
Basically a one liner to initiate it, no need for extra files / configuration.
Cons
You can't specify target directories, you always have to clone the whole repository.
When the repository moves you have to manually update it.
You have to check in the actual dependancies.
Cocoapods
Pros
Only clones the directories you need.
Easy to update / maintain.
You doesn't have to check in the whole dependancy tree, you just need to check in the Podfile and Podfile.lock. Every maintainer can fetch the dependancies on there own.
Cons
Depends on the Podfile in your Spec repository or the main spec repository.
Depends on an external tool.
You can read more about Cocoapods here.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
Im get so many time to push an react-native project to git someone know why this happen
it's take more time on writing objects
There are many files that do not need to be checked into Github.
Your biggest directory is probably node_modules. This directory does not need to be check in to Github because these are your project dependencies which are downloaded with the command nom install when you check out the project.
Then you have your build directory which are your compiled/generated files that are always rebuilt when you build.
To avoid checking in these files to Github, create a .gitignore file. On separate lines, add the files/directory that you do not need (ex: node_modules/). Here is a React Native starter project .gitignore file. You should be good with this one: https://github.com/start-react/native-starter-kit/blob/master/.gitignore
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
My CMake-based C++ project uses a third-party library. It is relying on that this library is installed. I'd like to include or add the third-party library in some way into my project. How can I achieve that?
For external project that are available with their source code, use CMake's external project, cf. https://cmake.org/cmake/help/latest/module/ExternalProject.html
With that you can automatically download and compile external project. Then you can use them like an internal library and you can install them together with your library, if you wish.
Depending on the licence you can add the compiled library, too. Thus your user does not need to compile by it self, which can save a lot of trouble.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
How will I install GNUStep in Linux ?
First, make sure you path the start up scripts. They were necessary to be invoked once per shell before running any GNUstep binary. Something like this
. /usr/local/share/GNUstep/Makefiles/GNUstep.sh
(Don't miss the first dot and a space after it)
You can install things directly from trunk. Here are some useful scripts from Etoile project. It fetch the svn and install things for you. You may also look into the script and ignore the Etoile bits.
http://svn.gna.org/svn/etoile/trunk/Etoile/BuildScripts/
AFAICR, it is not a good idea to use distributor's packages, they were badly maintained, broken and should be avoided.
And you should ditch gcc for clang.
Also, take a look at Philippe Roussel's package repository. I've never use them.
http://lists.gnu.org/archive/html/discuss-gnustep/2012-10/msg00034.html
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
Currently we use FTP to maintain build artifact distribution and 3rd party products (for internal use only).
Artifacts are docs (HTML/pdf/chm/...), libs (.dll/.so/.a/.jar/...), programs (.exe/.jar/...) and anything else. They are not restricted to Java/.NET and can come from different cultures (firmware, driver, mobile/workstation, GUI, Win/Linux/Mac/Solaris/AIX,... etc).
To orginize hierarhy we use such paths:
ftp://3pp/VENDOR/PRODUCT/VERSION/...
ftp://3pp/opensource/PACKAGE-x.x.x.tar.bz2
ftp://dist/PRODUCT/VERSION/...
To maintain description of artifacts we use README and CHANGES plain test files (reStructuredText).
What is missing in this schema?
Missing permissions (anyone can damage storage).
Missing dependency tracking (so every build file must be updated if version dependency changed).
Missing fetching activity (some files seem no longer needed, but we don't know which).
I am not deeply looking for existing solutions. Some package manager like rpm/dpkg, heard about Maven repo etc...
Please recommend Build Artifact Repository Managers. Also it is good to hear drawbacks and restrictions.
UPDATE
https://en.wikipedia.org/wiki/Binary_repository_manager
https://binary-repositories-comparison.github.io/
You're creating a custom software artifact repository. There are three open-source projects which already do this:
Artifactory
Nexus
Archiva
Artifactory and Nexus also have paid versions.
You can store any kind of file in these repositories, and you don't need to use Maven. You can manually deploy artifacts to them. You can set up fine-grained access control. They integrate well with automated build tools.
I think using one of these tools would save you a lot of effort!
Here's fairly unbiased (community-driven) comparison matrix between the three.
With SVN + Apache (mod_dav_svn.so, mod_authz_svn.so) seems I get:
Anonymous read only access through HTTP protocol with wide range of
supported clients for downloading (wget/curl from GNU Make, task for
Apache Ant).
Easy maintainable write access for users/groups (easy syntax):
[repo:/path]
user = rw
through cadaver utility.
Integration with LDAP.
History of releases (when, what and who).
Atomic operation (prevent from concurrent releases and rollback on errors).
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
How can I convince my corp employer, than jars from the Maven repositories are safe for use? I've conducted a count of jars on my local repo and it came back as 552. My goal is to setup a corporate repository with approved jars, but I'd like to not have to submit hundreds and eventually thousands of software requests. any suggestions (other than find new emp)?
How can I convince my corp employer, than jars from the Maven repositories are safe for use?
Downloading a jar from a Maven repository is not less safe than downloading a jar from another location. In other words, Maven repositories don't really introduce a problem, the problem is your dependency on an external library.
Now, if your boss is really paranoid, he can always ask you to grab the sources of your 552 jars, audit them line by line, build them and install them in a repository of approved jars. That will "just" cost him a few dollars :)
But since most projects are open source, since they are transparent, since many eyes can inspect them, I personally believe that any malicious attacks would be detected pretty fast and that the cost isn't worth the risk (which is pretty low). Maybe I trust the community too much but, so far, it works.