Newest version of package not installed unless specified #24199
Comments
|
@mikecormier - have you found a solution to this problem? |
The broken-openssl/libcrypto condapocalypse (see conda/conda#9905, bioconda/bioconda-recipes#24199, et al) has now caught up with samtools et al 1.9. Update pinnings to (at least) the current version, 1.11. Remove the ncurses pinning, which has been unnecessary since bioconda/bioconda-recipes#17273.
The broken-openssl/libcrypto condapocalypse (see conda/conda#9905, bioconda/bioconda-recipes#24199, et al) has now caught up with samtools et al 1.9. Update pinnings to (at least) the current version, 1.11. Remove the ncurses pinning, which has been unnecessary since bioconda/bioconda-recipes#17273. Instead pin the blas variant as the openblas variant that bcftools (with GSL) was built against.
The broken-openssl/libcrypto condapocalypse (see conda/conda#9905, bioconda/bioconda-recipes#24199, et al) has now caught up with samtools et al 1.9. Update pinnings to (at least) the current version, 1.11. Remove the ncurses pinning, which has been unnecessary since bioconda/bioconda-recipes#17273. Instead pin the blas variant as the openblas variant that bcftools 1.11(+GSL) was built against.
|
@bgruening @dpryan79 @bioconda/core: This bug is causing confusion for users every day — most recently as reported in samtools/htslib#1192 — and has been ongoing for months. Whether this is properly a conda problem (cf conda/conda#9905) or something that could in principle be fixed with updates to the bioconda repo metadata files, please pin this issue and add an explanation of the workarounds (check the version you're offered and explicitly specify the latest version if necessary; mamba apparently) and ideally an overview of the roadmap towards fixing this (if there is one). |
|
@jmarshall As you're aware, we have no control over this issue. I'm happy to pin this, but be aware that it will not help since regular users almost never read such things. As you indicated, the only solutions are (1) to specify the exact version you want or (2) to use mamba, which lacks this annoying quirk. |
|
Conda
|
|
But we're here to fix this problem, not just provide awkward workarounds that users would need to use 😄 As described in conda/conda#9905 (comment) and its followups, the problem here is that these bioconda recipes depend on superseded conda-forge package versions that are no longer in conda-forge's current_repodata.json cache. When there are older versions of these bioconda recipes with reduced requirements (or otherwise) hence do not depend on such packages omitted from conda-forge's current_repodata.json, those older versions are selected for installation (leading to user disappointment) rather than installation falling back to retrieving conda-forge's complete repodata.json and selecting the desired up-to-date bioconda packages and their now-visible conda-forge dependencies. For concreteness, consider htslib and libdeflate. The htslib-1.11 package was first built on 2020-09-23 against the then-current libdeflate-1.6. At that time, libdeflate-1.6 was the latest version and was in conda-forge's current_repodata.json, and (If the dependant package was also in conda-forge, then the construction of current_repodata.json would ensure that the particular packages it requires were also listed in current_repodata.json. But this does not automatically work across separate channels.) In lieu of improving the current_repodata.json cache mechanism, bioconda can avoid this problem by ensuring (via manually-enforced policy) that its current builds of these packages depend only on conda-forge packages that actually are listed in conda-forge's current_repodata.json. There are several possible ways to ensure this (again, for concreteness consider htslib and libdeflate):
As noted in #17212 (comment), which of these two approaches is the appropriate one comes down to @bioconda/core's policy around libdeflate pinning (and in general pinning of other conda-forge dependencies). Is libdeflate currently pinned to 1.6? When would that be updated to 1.7? [Edited to add: Libdeflate was pinned in the distant past, but this was removed in bioconda/bioconda-utils#610. That PR and commit don't explain why the pinning was removed — but I suspect it's because, of 16 bioconda packages that list libdeflate as a dependency, only a couple (htslib, staden_io_lib, possibly one or two others) actually ought to depend directly on libdeflate. So the answer is libdeflate is not pinned; and it's not pinned because it really doesn't need to be.] I have a slight preference for (2) as it is more flexible and less timing-critical at the moments when packages such as libdeflate are updated. What are @bioconda/core's thoughts? |
|
Maybe I'm missing something obvious, but looking at the Makefile it seems libdeflate 1.6 and 1.7 both have a library .so version of 0. Hence the package ABI hasn't changed and there should be no reason at all for a package to claim it depends precisely on 1.6. That's just a recipe for disaster. Can conda not pin on library so versions instead of package release numbers? If not, then maybe just start with the assumption that so doesn't change and pin if, and only if, a ABI breaking change is discovered later on. |
|
@jkbonfield: Yes, conda is way too conservative here, but not having soversion-based dependency tracking infrastructure is a separate problem. (Adding such infrastructure would greatly reduce the times during which this issue appears, but it's a lot of work and a major change that would require major buy-in from the conda mothership — while this proposal is a simple policy that bioconda could implement today.) |
|
For the htslib/libdeflate case: it turns out that libdeflate is not pinned at all in bioconda. Hence the correct approach to fix it (at least, until libdeflate-1.8 comes out) really is simply to bump htslib so that there exists an htslib package built against conda-forge's current libdeflate-1.7. PR #26237 does that and has been merged, so (It remains to work through the dozen other overlinked bioconda packages that spuriously depend on both htslib and libdeflate. By bumping them to remove their explicit libdeflate requirement — in reality, they only depend on it via htslib — they will no longer be stuck on libdeflate-1.6.) When in the future conda-forge releases libdeflate-1.8 and libdeflate-1.7 falls out of their current_repodata.json,
For the other packages for which older versions are still being installed, it remains to identify the particular critical conda-forge package that is causing the problem and bump the affected package (if there are no pinning considerations) and/or resolve the problem appropriately. I might investigate for |
|
These days repodata patching provides another alternate for dealing with this problem, in cases like libdeflate where there is in fact forward compatibility and the library's soversion has not changed.
PR #40675 applies this to htslib, staden_io_lib, and fastp, which are the main bioconda packages directly using libdeflate. |
When installing a package, like
ggd, an older version of the package is installed unless the newest version is provided. Exampleconda install -c bioconda ggdwill install version0.1.2, which is a few versions away from the latest version. This problem has been seen with multiple packages from bioconda.Additionally, when a package is updated or removed other packages are downgraded to an older version even though the package being updated or removed has no dependencies on the other packages. Again, an example is when a package, say
vepis updated or removed it downgradesggdto version0.1.2even though vep does not depend onggdor any of the dependenciesggdhas.This seems to be a similar problem with the version priority when installing a specific package like
ggd. How do we set version priority for a package so it doesn't revert back to an older version unless specified to do so?The text was updated successfully, but these errors were encountered: