Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nimble url-dependency is dependent on package-name only #574

Open
ghost opened this issue Oct 27, 2018 · 2 comments
Open

nimble url-dependency is dependent on package-name only #574

ghost opened this issue Oct 27, 2018 · 2 comments

Comments

@ghost
Copy link

ghost commented Oct 27, 2018

In best case a url dependency like requires "https://github.com/user/package >= 1.2.3" should require the package from the given url, in the given version. That means the package should be detected by package name + package version + package author (+ maybe package url).
Currently my tests with different package names and different versions show that it only depends on package name + package version. That means package name A from source S2 in version V2 is considered an update of A from source S1 with version V1 if V2 > V1. This is normally not the case if V1.repoUrl != V2.repoUrl and will cause hard problems.
A package with same name from different author will break code dependent on this import (See #573 that it will break existing code).

Example:

  1. nimble install https://github.com/ephja/lzma install lzma @ 0.1.0; import lzma does work.
  2. nimble install https://github.com/tim-st/nim-zim@#nimble-same-name
    Installs lzma @ 0.1.1 and zim @ 0.1.0:
C:\Users\->nimble install https://github.com/tim-st/nim-zim@#nimble-same-name
Downloading https://github.com/tim-st/nim-zim using git
  Verifying dependencies for zim@#nimble-same-name
      Info: Dependency on cligen@>= 0.9.16 already satisfied
  Verifying dependencies for cligen@#head
 Installing https://github.com/tim-st/nim-lzma@#test-nimble-version
Downloading https://github.com/tim-st/nim-lzma using git
  Verifying dependencies for lzma@#test-nimble-version
 Installing lzma@#test-nimble-version
   Success: lzma installed successfully.
 Installing zim@#nimble-same-name
   Success: zim installed successfully.

And consideres it working.
Now import lzma doesnt work anymore.
import zim doesnt work too, because it depends on lzma.

@dom96
Copy link
Collaborator

dom96 commented Sep 21, 2019

Your repo is gone :(

I do see the problem though and indeed it is challenging. I'm actually a little confused by the output you got, based on the output the lzma installed from https://github.com/ephja/lzma was overwritten by your package but you're saying that import lzma doesn't work? I'm also surprised that Nimble didn't prompt to ask whether to overwrite this package, did you skip some of the things you've done between those two commands?

In any case, I think we need to do the following here:

  • When installing any package, cross check it with the packages.json. In this case look up lzma in there and check whether the two repo URLs match, if not throw up a prompt asking the user whether they want to continue.

  • When doing the above and the package is not found in packages.json, then prompt if a package already exists (this already happens), but check the repo URLs and make the user aware that they do not match.

Of course, what we could also do is make packages that include a nickname in their name, so your package would be tim-st/lzma and ephja's would be ephja/lzma. This would be more challenging but I will propose it too.

@ghost
Copy link
Author

ghost commented Sep 21, 2019

Sorry, I forgot that I had this related issue open. I recreated the state, it is reproducable again:

C:\Users\->nimble install https://github.com/ephja/lzma
Downloading https://github.com/ephja/lzma using git
  Verifying dependencies for lzma@0.1.0
 Installing lzma@0.1.0
   Success: lzma installed successfully.

C:\Users\->nimble install https://github.com/tim-st/nim-zim@#nimble-same-name
Downloading https://github.com/tim-st/nim-zim using git
  Verifying dependencies for zim@#nimble-same-name
    Prompt: No local packages.json found, download it from internet? [y/N]
    Answer: y
Downloading Official package list
    Success Package list downloaded.
 Installing cligen@>= 0.9.16
Downloading https://github.com/c-blake/cligen.git using git
  Verifying dependencies for cligen@0.9.38
 Installing cligen@0.9.38
   Success: cligen installed successfully.
 Installing https://github.com/tim-st/nim-lzma@#test-nimble-version
Downloading https://github.com/tim-st/nim-lzma using git
  Verifying dependencies for lzma@#test-nimble-version
 Installing lzma@#test-nimble-version
   Success: lzma installed successfully.
 Installing zim@#nimble-same-name
   Success: zim installed successfully.

If you create a file.nim with content import lzma it will fail.

I think the two points you mentioned are a very good start. I agree it's hard to change the import system, if the nickname syntax wouldn't be too hard to implement I think this could solve nearly all cases (not the case where nickname and package name is the same but on different hostname, but this probably never happens).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant