Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pod version resolution issue when both Podfile and pod depend on different versions of same dependency #2002

Closed
fabiopelosin opened this issue Apr 2, 2014 · 1 comment
Closed

Pod version resolution issue when both Podfile and pod depend on different versions of same dependency #2002

fabiopelosin opened this issue Apr 2, 2014 · 1 comment
Assignees
@segiddins
Labels
d2:moderate A moderately-difficult ticket that may require a bit of knowledge about the codebase s3:detailed Issues with in-depth explanations and examples that make it easier to troubleshoot t2:defect These are known bugs. The issue should also contain steps to reproduce. PRs welcome!
Milestone
0.35.0

Comments

@fabiopelosin
Copy link
Member

This issue has been originally submitted by @phatblat in CocoaPods/Core#64

I've found a very subtle yet potentially serious issue where the version of a dependency is miscalculated or multiple copies of the dependency are installed.

Note that I assume this is an issue in Core based on my guess of how the various CocoaPods repos depend on each other. Let me know if this issue is mis-filed and I will happily recreate in the correct repo.

This issue originally arose when my app's Podfile depended on a loose (~> 2.0) version of an AFNetworking subspec. Two pods called out in the Podfile also depended on loose versions of AFNetworking subspecs. When I ran pod install on 2/26 (when 2.2 was released), I ended up with both 2.1.0 and 2.2.0 versions of AFNetworking installed on top of each other, causing compiler issues.

I've since determined that whether the Podfile specifies a dependency on the subspec or the top-level spec does not matter. The version of the dependency in the Podfile also doesn't matter much since even pinning it to a specific version (= 2.1.0) causes the issues. What matters is the (shared) dependency declaration in the referenced podspec.

Issue Cases

  1. Two different versions of a shared dependency installed
  2. The latest version of a shared dependency installed, despite the Podfile forbidding it with version pinning

Conditions

  • Pod which depends on the shared dependency must appear before it in the Podfile
  • Pod which depends on the shared dependency must have a name string sorted after it (install progress shows in this order)
  • .podspec
    • If pod depends on a subspec of the shared dependency, both the Podspec-pinned version and the latest version of it will be installed (Issue case 1 above).
    • If pod depends on the top-level spec of the shared dependency, only the latest version of it will be installed (Issue case 2 above).

shared dependency == AFNetworking

I've created a project which reproduces these issues at https://github.com/phatblat/SubspecUpdateIssue. Toggle the AFNetworking dependency lines in ZPodUsingAFN.podspec between the subspec and the top-level spec and run pod install to witness the above 2 issue cases.

If someone gives me some pointers on the pertinent details I might be able to include them in an example at https://github.com/CocoaPods/cocoapods-integration-specs/.

Reproducing the case where pod install upgrades a pod it shouldn't have with a fuzzy version spec (~> 2.0) is harder to reproduce as it requires a Podfile.lock created while the offending version didn't exist. However, I believe the above cases are enough to resolve the current issue since it's reproducible with a pinned version in the Podfile.
@fabiopelosin fabiopelosin mentioned this issue Apr 2, 2014
Closed
@kylefleming kylefleming mentioned this issue Jul 9, 2014
Closed
@segiddins segiddins added d2:moderate A moderately-difficult ticket that may require a bit of knowledge about the codebase s3:detailed Issues with in-depth explanations and examples that make it easier to troubleshoot t2:defect These are known bugs. The issue should also contain steps to reproduce. PRs welcome! labels Sep 8, 2014
@segiddins segiddins self-assigned this Sep 8, 2014
@segiddins segiddins mentioned this issue Oct 9, 2014
Merged
10 tasks
@segiddins segiddins added this to the 0.35.0 milestone Oct 23, 2014
@segiddins
Copy link
Member

Closed by #2637.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@segiddins segiddins

Labels
d2:moderate A moderately-difficult ticket that may require a bit of knowledge about the codebase s3:detailed Issues with in-depth explanations and examples that make it easier to troubleshoot t2:defect These are known bugs. The issue should also contain steps to reproduce. PRs welcome!
Projects
None yet
Milestone
0.35.0
Development

No branches or pull requests
2 participants
@fabiopelosin @segiddins