-
Notifications
You must be signed in to change notification settings - Fork 284
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vibed broken OpenSSL dependency #2284
Comments
The way If you work with something that actually uses OpenSSL 1.1 then you suddenly can't, because dependencies don't match. |
A vanilla vibe-d install doesn't work. I can't dub upgrade my existing projects. This is a severe issue. @s-ludwig I can't figure out a correct configuration for generating a valid dub.selections.json file. I'm not sure if this is something that botan broke or something that vibe-d needs to address. steves@linuxmint-virtual-machine ~/Documents/testd/testvibe $ dub init -t vibe.d
Package recipe format (sdl/json) [json]:
Name [testvibe]:
Description [A simple vibe.d server application.]:
Author name [Steven Schveighoffer]:
License [proprietary]:
Copyright string [Copyright © 2020, Steven Schveighoffer]:
Add dependency (leave empty to skip) []:
Successfully created an empty project in '/mnt/hgfs/Documents/testd/testvibe'.
Package successfully created in .
steves@linuxmint-virtual-machine ~/Documents/testd/testvibe $ dub
Unresolvable dependencies to package openssl:
botan 1.12.11 depends on openssl ~>2.0.1
vibe-d:tls 0.8.6 depends on openssl >=1.0.0+1.0.0e
vibe-d:tls 0.8.6 depends on openssl ~>1
vibe-d:tls 0.8.6 depends on openssl ~>1
vibe-d:tls 0.8.6 depends on openssl ~>1
vibe-d:tls 0.8.6 depends on openssl ~>1
steves@linuxmint-virtual-machine ~/Documents/testd/testvibe $ |
Note: I tried depending on botan v1.12.10. This also doesn't work, as its version of memutils is different than some other dependency. |
Workaround is to depend on botan < 1.12.11 and libasync < 0.8.5. I'm currently into finding a reproduction case to determine why the dependency resolution fails instead of falling back to the older versions. See also vibe-d/eventcore#137 |
Would it make sense for botan to remove v1.12.11 and use 2.0.0 to switch the openssl dependency? @etcimon |
I've updated v1.12.11 to use the old version of OpenSSL. The 2.0.0 doesn't include the changes needed anyways in the buffer io structs, so once I make a pull request for that I'll change the version tag to v2.x afterwards |
Thanks, that has fixes the situation for now! I have also managed to prepare a small test case as a unit test in dub and know where the issue is. Now the only problem is finding a corresponding correction to the algorithm, which appears to be not very intuitive, unfortunately. |
The part after the + could be taken in consideration where both need to be a full version higher |
The issue that triggered the resolution failure is caused by a slightly wrong way in which the recursion through the dependency graph happens. This can cause one branch in the dependency graph to pick a version of a certain common dependency that will produce a conflict in another branch, while in reality an older version would have matched in both branches. Unfortunately fixing this leads to an algorithm that is not as easily representable as a normal recursive algorithm AFAICS, as it requires repeated back tracking. I have a better picture of a possible solution now, though, so I hope to have something ready during the next days, as time permits. |
This doesn't manifest anymore. |
I have a package that depends on OpenSSL 1.1 (
"openssl": "~>2.0.0+1.1.0h"
), the new vibed release makes it impossible to use both as vibe.d defaults to 1.1 but doesn't explicitly sets it trough the dependencies.The error is:
I had to use the same
"openssl": "~>2.0.0+1.1.0h"
in thevibe-d:tls
package in order for this to work.The text was updated successfully, but these errors were encountered: