update paho-mqtt-c to 1.3.7 #3834
Conversation
ghost
mentioned this pull request
|
I detected other pull requests that are modifying paho-mqtt-c/all recipe: This message is automatically generated by https://github.com/ericLemanissier/conan-center-conflicting-prs so don't hesitate to report issues/improvements there. |
ghost
mentioned this pull request
|
#3382 has been closed now |
|
I was going to wait and add 1.3.8 to conan rather than rush with 1.3.7 as there are a few useful changes in 1.3.8 and it shouldn't be long. This update adds a source file change which is a fix which will be in 1.3.8. I think this is bad practice. How many other fixes are going to be thrown in as patches? Better to get the changes added into the base project rather than confuse behaviour between libraries with the same version number but different packaging. This also just increases the maintenance workload, having fixes in two different places. Why update the OpenSSL version requirement? It's fine if there's a good reason, I'd just like to know what it is. Adding changes without knowing why makes it difficult to know what's ok to change. I'd like to not have any patches, but the original author didn't leave any explanation as to why they were necessary, so I've treaded carefully in reducing them. Maybe I'll learn a bit more in packaging the next version. |
|
The patch fixes an existing bug in 1.3.7, so it is required The original patch author left a comment in the code,
There is also this extra not in the openssl doc
so the patch does the right thing, going into the error branch if the return value is != 0 I hope you do no prefer to distribute a buggy version over a fixed one, and I hope you understand that there are project that need a correct behaviour for this call and that can not wait until 1.3.8 is released and packaged. The openssl topic is a conan thing, if you use several packages that have dependencies to openssl, you do not want to end up with several openssl versions as indirect dependencies. Openssl is a pain to build, and I build 11 compiler/os combinations, 22 if I build release and debug. So having just 1 openssl version as project dependency is absolute required. |
|
You said yourself you didn't like patch files. Now you're cherry picking a fix and adding a patch for it because you want it in a hurry. If everyone did that there would be patches all over the place. It doesn't help the base project to throw in fixes as patches in a packaging mechanism. There are always fixes that are needed for various reasons - other people have fixes that are important to them too. Who is to say what is the most important? So yes, I think you're subverting whatever process there is. OpenSSL versions. Who defines what the 'correct' level is to use and where? |
|
OpenSSL is security relevant, hence we always use the latest patch version ( Regarding patches, it is desired to try to upstream patches so we can get rid of them in upcoming versions. So maybe some of you could have a look at the I'm not sure if I completely understood you two regarding the new Personally, I would say, since this patch is pretty small and can be dropped in the next version, it would be okay to keep it. If you decide to keep it, it needs to get added to the |
|
To add the "where" answer to the stellar remark above... ➡️ OpenSSL change log very clearly states the motivation for each new release. Most of them are due to CVEs which are published and registered with organizations dedicated to managing there impact. For instance the new Given the sensitive nature of data being passed in many of today's applications, I would argue there's a very definitive answer to "correctness" of OpenSSL versioning. If we have not satisfied the original question:
I have contact information (as do others) on my profile and I will gladly take more time to prepare and share resources! As to the other topic I would like to politely ask you to remember the code of conduct 😸
If the CCI team sees anything needs to be done with the added details about the patch, they have the right to request change. That being said thank you everyone for putting this together and reviewing it! 🚂 it's a delight getting to work with passionate individuals from around the world 🗺️ |
|
Ians behaviour is kind of hostile. Luckily I am not that sensible :-) 0005_SSL_CTX_set_alpn_protos-for-1-3-7.patch is required since it fixes a real bug that causes mqtt-c not working under some conditions. The link to the documentation has been posted, it takes only 5 minutes to verify and you do not need to be an expert in anything to check. Especially respecting the info I already gave here. Back-porting such fixes is super normal in packaging. Look at existing package of your Linux distro. This discussion is here is so not productive, the only proper reaction would have been a thank you for doing the work and focusing on the actual changes. Thanks a lot @Croydon for pointing out that I missed adding the patch to coandata.yaml ! That was a great catch!! Any idea why the pipeline seems to hang? |
You did no answer this question. Please provide a direct source for this patch. Or did you write it yourself?
There is no universal truth for what is the right way to do packaging. The general discussion should however be spin out in another issue. |
|
@Croydon , the source for the patch is here eclipse-paho/paho.mqtt.c#1005 I am slightly surprised that this topic exploded like this, but maybe it is not about technical questions, at least that this is my impression. |
Thanks for the explanation @Croydon |
|
because the problem this patch fixes is a show stopper when we talk to (cloud provider 1, can not tell) mqtt. If any of the other things is a show stopper like that one, I can not say, if it would be I would add it here. |
|
All sort of issues can be show stoppers for different consumers of the library. That's what I manage all the time in the base project. There are issues which will be included in 1.3.8 which are 'show stoppers' for the Paho C++ client next release. Which is why there is an incentive to get 1.3.8 out soon. I mean go ahead with this if you all want to. I've just been trying to do as suggested by @Croydon (and explained above in my last comment): Regarding patches, it is desired to try to upstream patches so we can get rid of them in upcoming versions. So maybe some of you could have a look at the fix-MinGW-and-OSX-builds and fix-cmake-install patches to see what would be general improvements for upstream. After all, we have those patches around since version 1.3.0 And so I've been reducing the content of patches and incorporating those changes into the base. But not all in one go. |
|
if some user finds a show stopper within the functionality of this build, and spare others hours of debugging, I would be happy if these would be back ported to this build. about looking at the CMake patches, this is actually why I triggered the conversation at eclipse-paho/paho.mqtt.c#1017 Maybe we can together find out what is why required, so we get the changes with according documentation Still don't know why the build stuck sice yesterday ... |
|
An unexpected error happened and has been reported. Help is on its way! 🏇 |
|
I don't want to hold this up any longer (if I was) - I'm working on getting 1.3.8 out, and then I'll see where we've got to. I'll just make the observation that adding patches for issues doesn't scale and bypasses the CI tests. |
|
and an other day without a review, passed, thanks to all the Apple Banana comparisons and fog grenade that had been thrown for reasons of .... who knows. (Hope the creator of this chaos is now proud of the outcome) And meanwhile, cci ships for an other day a package with a known bug without caring about the users, wow! |
|
You cannot blame conan or anyone contributing here for any bug present in a project outside of conan scope. Sure, there are bugs in ALL the libraries packaged with conan, and there will continue to be, because all computer projects have bugs. If you need bug fixes so critically that you cannot wait for few days, then you should really consider maintaining a fork of the recipes you need to patch. |
There was a problem hiding this comment.
We need to reach a consensus about patches. We really appreciate all the work everyone is doing contributing recipes to these repositories and all the authors writing the libraries. Sometimes it is hard for us to keep pace, sometimes there are issues related to the infrastructure and sometimes we need to define a policy before taking an action.
I'm blocking this PR until we define that policy. Sorry for the inconvenience.
jgsogo
added
the
blocked
|
side note: the PR is failed, that's one more reason why it wasn't reviewed yet. |
|
nobody cared about the unexpected Unexpected Error, but created bureaucracy for no brainers like that patch issue since I do not expect any soon decision for that doc issue, since obviously the involved persons miss basic knoledge on the subject, I count this as major failur and bug in and of the cci team Thanks for nothing, lesson learned, in future I will schedule my priorities different |
|
let's see if a simple close an re open fixes the error of the build |
This is not inconvenience, this is just incopetent, to prioritise deliver know buggy software, |
|
All green in build 3 (
|
Specify library name and version: paho-mqtt-c/1.3.7
conan-center hook activated.
if #3833 gets in soon, we should maybe wait and update the openssl requirement (what has still to be absolute value in cci and is therefore
brokenproblematic)Needed to update the src/CMakeLists.txt patch, since there is a new file involved, I wish this src/CMakeLists.txt patch would not be required.
I will therefore ask for an review from @icraggs , since he created the patch my change is based on with the previous version