Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Core modules are not installed/upgraded, even if a package requires a newer version #270

Open
TheRealCuran opened this issue May 28, 2020 · 3 comments
Open

Core modules are not installed/upgraded, even if a package requires a newer version #270

TheRealCuran opened this issue May 28, 2020 · 3 comments

Comments

@TheRealCuran
Copy link

I have a cpanfile which ends up depending on HTTP::Date and HTTP::Message. These two packages declare dependencies on Time::Local >= 1.28 and Encode >= 3.01.

If I run this through carton install with a Perl 5.28.1 I get installation failures because the bundled core versions of Time::Local and Encode are too old and carton is apparently not considering to install those to into the local library directory. If I run cpanm -l /path/to/local/perl5lib Encode Time::Local before calling carton on the same directory everything works.

Carton should consider upgrading core modules to satisfy dependencies. This only needs to happen on deployment.
@hbarnard
Copy link

Yes, I've hit this with List::Utils where there's a version mismatch between the deploy and (apparently) the version pre-installed. Since quite a few other modules depend on it, they don't work either. This was AWS Ubuntu, and I had something likr this:
https://stackoverflow.com/questions/45000585/listutil-c-loadable-library-and-perl-binaries-are-mismatched-got-handshake-key

@nicolasfranck
Copy link

@TheRealCuran that is the difference between cpanm and carton.

The first can by used either to install packages at root level, or more locally.

carton by contrast wants to create self contained installations. This means:

  • packages that originate from perl distributions (i.e. the zip/tar you download) are expected to preexist. Those are never installed by carton, because that would require installing a different perl. Every perl distribution has a package named Module::CoreList that lists them.
  • perl distributions must be full. This is problematic on Centos for example where the distribution is split among rpm packages.

I know you can install modules like Encode separately, but I'm not sure if that is a good idea. Maybe some other core modules depend on that older version?

@TheRealCuran
Copy link
Author

The problem is then: carton is happy to take the latest version of Some::Module, which declares a dependency on an Encode version that is newer than what is in the core modules. Either carton needs to resolve to an older version or it must install Encode's newer package. Having it both ways is not OK.

Apart from that: I've been installing those packages from CPAN for many rather big deployments with cpanm in front and that has been working for years – after all, those core packages declare minimums as well. If an update to, say, Encode breaks another package, then that is either a regression in Encode (eg. forgot to declare a minimum Perl version high enough to satisfy its new requirements) or the other package did something it shouldn't have and just got lucky, that it worked before. In either case there needs to be a fix to one of those packages.

If this behaviour is not good for everybody (I am not seeing a case where it shouldn't that isn't a bug somewhere, but OK), then hide it behind an option like --upgrade-core-modules-if-needed or whatever. Maybe even attach a big warning to it. Or, as an alternative, only consider versions of a package, that are installable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hbarnard @nicolasfranck @TheRealCuran