package revisionism can break things #10531
Comments
|
I'd be very much in favour if you add custom patches to a released package, bump its version (a lengthy discussion is #10350 (comment)). there's no harm in having if the maintainers of opam-repository agree with this ("no patches / modification of released packages"), it should be communicated in CONTRIBUTING.md. It would make this opam repository more immutable (easier to debug issues). the downside is that upon a new version opam recompiles all reverse dependencies - but imho this is required (as @toolslive outlined above). |
|
I ran into something similar today - I tried to The fix was to install a fresh switch, but in this case the error message was not very helpful, saying that Lwt's configuration script could not build a basic toplevel. |
@hannesm To move on this issue I would suggest you prepare a PR that does communicates the rules and a scheme in One of the problem I see is that there's no way to make sure that the new name allows to fit existing constraints on the package in other packages. This means that all the other packages constraints have to be updated and that upstream needs to be aware of this new version name (for e.g. when it opam submits). In some sense you would like a new version number |
|
MacPorts has a notion of a revision number for all packages. Packages start (naturally) at revision number 0. If you make any substantive change to a package (altering dependencies, patches, anything else), you bump the rev number. When the package gets upgraded to the next maintainer release, you put the rev number back to 0 again. For simplicity, the revision field is assumed to be 0 if it isn't listed in the Portfile, so in the usual case (in which nothing gets changed between maintainer releases), you don't have to edit anything at all. |
|
b610e6d |
|
@toolslive could you please give more information ? |
|
@kit-ty-kate the linked commit breaks the build for users that specify snappy.0.1.0 that use an ocaml-version >= 4.06 (with unsafe-string option enabled), so we had to adapt... |
|
Are we talking here about modifying the package contents or the package metadata? I don't think modifying the package contents without doing a new release has been done (or maybe it was just to fix a broken release of a package in the process of being published to opam). And I agree that we shouldn't change the contents of a package after it is released. However, changing the metadata (e.g. the version constraints, the available platform, etc) is what the repository maintainers have to do to maintain a proper repository hygiene. Initial constraints are usually not very well defined, and it's the job of the the repo maintainers to help upstream to make them as exact as possible, to adapt to new compiler versions, etc. It's very hard to be deal with forward compatibility in general (and I know no perfect solution for this, but allowing human intervention once a breakage is observed by the CI and/or reported by an user). |
|
@samoht I think the problem is when people patch packages without bumping the version number. That happens at the metadata level but formally that changes the package contents so a version bump should happen in that case. |
|
yes, this is about changing checksums of release tarballs (where the contents changed), adding patches to the package (fix compilation on YYY), and other things that affect the build results. (see e.g. the above linked issue, or nocrypto 0.5.4-1 / -2 as "good examples" how to integrate patches if upstream is not responsive). changing constraints on dependencies is (usually) nothing that leads to a different build result. |
The original issue report gives a concrete example of a patch of the contents of the oUnit package. |
|
This issue is stale because it has been open 90 days with no activity. Remove the stale label, or comment, or this will be closed in 15 days. |
|
this should not have been closed |
|
This issue has been open 90 days with no activity. Consequently, it is being marked with the "stale" label. What this means is that the issue will be automatically closed in 30 days unless more comments are added or the "stale" label is removed. If you come across this issue in the future, you may also find it helpful to visit our forum at https://discuss.ocaml.org where queries related to OCaml package management are very welcome. |
|
This should probably be in the FAQ, and not directly related, but there is a trick if you need a stable (in time) repository and changes are breaking things for you like making packages uninstallable: you can pin the git revision of the repository you want to use to a given hash: Then set your switch to use |
|
FWIW, I'm still in favor of revision (and epoch!) numbers... |
Sometimes, a package is patched after a release, and then it's released again, with the same version.
This practice makes it hard to track dependency changes, but it also (probably) changes the checksums of the modules in the package. As a consequence, this can break the usage of this module in a dynamically loadable plugin context. It has happened quite a few times for us, and I think it's just as easy to just release a new version whenever the code changed.
As a concrete example,
the recent patching of oUnit.2.0.0 causes a
The text was updated successfully, but these errors were encountered: