A GYP-based package manager for C/C++ projects.
GYP has a very lovely way to manage dependencies, however the amount of the boilerplate code required to build a project is very huge:
- Project's own
common.gypifile with default compiler warning flags, etc
gyp_project_nameexecutable python script to set proper GYP defines and execute
- Dependencies checked out into the project tree
All of this has to be repeated in every project, but fear not -
this and also a dependency management problem as well.
gypkg solves the problem with duplicate sub-dependencies
a depends on
b depends on
# Node.js is required to run thisnpm install -g gypkg
build.gyp file for a C/C++ project may be generated with
gypkg init, and
will look like this:
Dependencies could be added to
Source files to
gypkg CLI tool can be used to build a project (NOTE: while
is not necessary, it is recommended for fast incremental builds):
gypkg build file.gyp -- -Duv_library=static-library
build command will install all dependencies into
gypkg_deps and will update
them automatically on next
gypkg supports local and remote (git) dependencies. Remote dependencies are
gypkg_deps/ folder in the root directory of the project (the
one that has the main
.gyp file). Nested dependencies still live in the same
gypkg_deps/ in the root directory.
The syntax for declaring dependencies is:
/path/to/dependency => /sub/path/to/main.gyp:target_name- use local dependency
git://github.com/author/project => /path/to/main.gyp:target_name- checkout the latest commit of remote dependency. Note that (
git@are supported too)
git://github.com/author/project#branch => /path/to/main.gyp:target_name- checkout particular branch/hash of remote dependency
git://github.com/author/project@semver => /path/to/main.gyp:target_name- checkout whole repository and find the latest version-tag (the on that starts with
v) that matches the particular
git://github.com/author/project@semver [gpg] => ...- find the latest version tag matching
semverand verify it's GPG signature and
Git-EVTag-v0-SHA512. Note: this type of dependency will maintain a project local GPG keyrings for each github team name or explicit scope (specified with
gypkg buildwill ask for confirmation before adding any new keys to those keyrings.
While Node.js implementation of
gypkg loads dependencies in asynchronously and
in parallel, it may be required for gypkg-based project to be distributed to
the platforms without Node.js binaries.
In this case
gypkg gen --freeze file.gyp can be used to generate
.gypkg-freeze file, which will help ./shim/gypkg python shim in resolving
all dependencies statically.
.gypkg-freeze and ./shim/gypkg should be distributed with the project in
such cases , and the project users should be advised to extend their
environment variable with a folder that contains ./shim/gypkg script.
NOTE: no GPG signatures are checked in this mode, since it requires extensive Node.js-based tooling.
This software is licensed under the MIT License.
Copyright Fedor Indutny, 2016.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.