Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(spm): Ensure identifiers of packages are unique
Previously, tuples of the form `(VCS host organization name, package name)` have been used. However, such tuples are not guaranteed to be unique, because the name of the VCS host is not included. Looking at how dependencies are defined for SPM packages [1], it becomes clear that the repository URL is actually used as the key / identifier, not the package name (plus maybe the organization name). Note that [1] says that "Each dependency specifies a source URL and version requirements. The source URL is a URL accessible to the current user that resolves to a Git repository." Furthermore, SPM allows only one package to be present per repository, which in fact makes the repository URL a good candidate to be used as ID. Note that the restriction to one package per repository used to be too restrictive in some cases which is one reason why the concept of so called targets [1] has been introduced. However, ORT's `Spm` integration currently works on package granularity only and does not look at the more fine grained targets. The approach to specifying dependencies by their repository is very similar to the approach Go modules has taken. So, using an analog format for the IDs of packages seems to be a better fit, which also ensures the uniqueness of the IDs. Note also the discussion in [2]. [1] https://www.swift.org/package-manager/ [2] package-url/purl-spec#53 Signed-off-by: Frank Viernau <[email protected]>
- Loading branch information
