New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bug] Private dependencies and disabled/inaccessible remotes. #6854
Comments
Hi @awgil Some quick feedback:
If you are talking about Regarding the issue, it doesn't seem it is a bug, it is by design. I would strongly recommend to user regular |
I understand that recipe has to be fetched - no problem with that. Problem is with that while binary package is skipped, conan still asks remote for "package info" of the binary: in GraphBinariesAnalyzer::_process_node() it checks whether binary package exists in cache, if not - it calls _evaluate_remote_pkg, which fails if remote is inaccessible. If I remove remote completely, it will succeed (returning BINARY_MISSING, which is not a problem, since binary won't be needed after all). The resulting behaviour is at least confusing: I have to remove (not even disable) inaccessible remote to be able to complete install successfully. About not using private dependencies - but how would I model private dependencies then? Say, static library that gets linked into shared library and is not visible in the API - I definitely don't want consumer of the shared library to implicitly get access to and link with the libraries used as implementation details. That's the same reason why we don't make all cmake target properties public and instead carefully distinguish between private & public ones. One more motivating example - consider a tool like https://renderdoc.org/ or https://bitbucket.org/wolfpld/tracy/src/master/. These are debuggers/profilers, and consist of a small client library that can be integrated into application we're developing, and large GUI analyzer application. We want the library and application version to always match, and we want to import analyzer app executables into build tree, so that developers can easily use correct version to analyze traces they gather. Small client library has no dependencies, but GUI application requires large UI frameworks to be built. If we perform the build of both parts of the tool using conan (it is useful if we make private patches to the tool) rather than packaging prebuilt binaries, the recipe will have to mention UI frameworks as requirements - but we definitely don't want these requirements to be propagated to the users of the tool. |
Ok, we need to have a look at this then. Thanks for the detailed explanation!
Yes, this is something that is planned, a better graph model to model those things. But in the meantime, I would recommend to use normal requires, and manage things in the build scripts. In most cases, the linker is smart enough to optimize out the not used libraries. If not, the information from generated cmake files can be manipulated and controlled. That might be less problematic than using private dependencies.
Just in case,
For debuggers/profiles, I would recommend |
Yes, I understand that, what i meant is that myapp depends on tool publicly, and tool depends on large-ui-framework privately, so that this dependency is not propagated to myapp (in fact, if myapp ever uses large-ui-framework, it can use different version, which is great!). By the way, what is the difference between requires(private=True) and build_requires? I assume "static library linked into shared library" is better modeled by requires(private=True), is that right? |
We have a similar use case. I was quite sure that this should be available in Conan already somehow, but looks like I will have to model it myself?
Unfortunately even with private dependenices in the tools itself, that means that the users of our tools will have to have access to the development Conan repositories (and even call the |
Let me clarify, because this is a bit outdated issue and Conan 2.0 is imminent: Conan 2.0 does the following:
That means that the only way to make some dependencies fully invisible or non existing for consumers of some packages is to actually re-package in a new one, decoupling the dependencies. Conan 2.0 bring some interesting capabilities for this kind of task:
The concept of Thanks all for the feedback! |
Consider app -> lib -> sublib dependency graph, where lib -> sublib is a private dependency. Both lib and sublib packages are created and uploaded to some (private) remote artifactory instance.
On a fresh PC, when you install dependencies of app (conan install path-to-app-recipe), conan will download recipe and package for lib and recipe only for sublib. At this point, imagine remote becomes inaccessible for some reason (e.g. user goes offline).
If user now tries to install dependencies of app again, it will fail. The problem can be traced to GraphBinariesAnalyzer::_evaluate_remote_pkg() function: it will attempt to connect to remote, get Forbidden exception, print (misleading - it seems to imply it tried to download binary rather than get its info!) error message and rethrow.
Environment Details (include every applicable attribute)
Steps to reproduce (Include if Applicable)
The text was updated successfully, but these errors were encountered: