Expose the internal @signing_key value in RbNaCl::Signatures::Ed25519 as #keypair #135
Conversation
|
Looks like the Travis CI build failed due to a gem dependency (listen) that released a few days ago and now requires on ruby ~> 2.2, and not as a result of this pull request. They pushed the release out within the last few days. |
|
Adding |
|
About the guard/listen issue: Bundler 1.12 gracefully selects an earlier version of Listen for the given Ruby version. So a build should even work on 1.9.3 (by finding the last supported version of Listen for that Ruby version). Bundler 1.11 still doesn't handle ruby version requirements well (it just fails to install). A workaround for that could be: Anyway ... Now the problem is: You can decide which group you want those dev deps to go to with something like this: https://github.com/guard/listen/blob/6ff4b77/Gemfile#L9 I think specifying development deps in a gemspec file is detrimental, but never got anywhere arguing about it. I think just having bundler as a development dependency in a gemspec file is enough. Everything else should be in the I recommend adding |
|
Oh, and for the sake of discussion, pretty much only Ruby 2.3 and 2.2 (since 2.2.5) are "supported". So testing earlier Ruby versions is a bit unsensible, because those versions have unfixed bugs anyway... |
|
About the missing rspec: I gave up long ago and just copy and paste config files from other projects, like here: https://github.com/guard/listen/blob/master/Gemfile It's too easy to forget something useful. |
Been there, done that: https://github.com/guard/listen/blob/master/Rakefile#L6 |
|
I'm half-frustrated at how hard these things are to get right on the first shot here. |
|
While you're at it, I'd move these development dependencies to the Gemfile: https://github.com/cryptosphere/rbnacl/blob/master/rbnacl.gemspec#L25 gem used to install them with the It's better to have all the dev deps in the Gemfile for managability and clarity. And you're less likely to screw up a |
|
OK, I deleted all of the Gemfile related commits and now this branch should only contain my single commit that is the subject of the pull request. I think I would just remove guard-rspec from the Gemfile (along with the https://github.com/cryptosphere/rbnacl/blob/master/Gemfile#L7 @e2, I am curious, did you bump the min version of |
|
@grempe - long, long, long story short ... the Ruby community is broken and I tried to fix it. It was the result of weighing the tradeoffs. In terms of SemVer it's correct. It doesn't affect users, only Travis builds. In terms of devops, it's not an error, it's a provisioning failure (which is a good thing!). Overall, people should upgrade to Ruby 2.2 - regardless whether listen "demands" that version or not. It doesn't make sense to upgrade Listen (minor bump) and not upgrade Ruby (minor bump). There's no reason why Ruby shouldn't be treated like a gem. It's a long, long, long discussion and there isn't anything wrong other than people's weird reluctance to upgrade to Ruby 2.2. If OS's have outdated Rubies, that's a different problem. There's also a ton of cult/dogma around why what I did is "breakage" - few people actually put their thinking hats on. Even in terms of SemVer what I did is correct. Again, the Ruby community is broken. Users affected: 0. Devops freaking out that their Travis builds broke on Ruby 1.9.3 - just a few. People mindlessly upgrading everything except Ruby: 100%. Gem owners mindlessly removing Listen or locking to People freaking out: 100%. Summary: it's an enormous subject and ultimately, there isn't a single thing wrong with what I did. (No compelling/practical example proving me otherwise). |
|
@grempe - I'd do this instead:
group :test do
gem "rake"
gem "rspec"
gem "coveralls", require: false
gem "rbnacl-libsodium", ENV["LIBSODIUM_VERSION"]
end
And I think that's it. |
|
A few hints:
As for the Listen, the "true story" is that only Ruby 2.2.2 was tested on Travis on Listen 3.x. The ruby requirement in the gemspec was So today, I created this gem to solve this: https://github.com/e2/ruby_dep Basically, it sets the required ruby constraint based on what's being tested by Travis. So if a gem is supposed to work on Ruby 2.3, 2.2, 2.1, 2.0 - then all those versions should be tested on Travis. The problem with Listen is: it's integration test heavy, tests are brittle (depend on Travis load sometimes), they have lots of sleeps (timing issues), and the build matrix was just too huge for the PRs ahead. I didn't predict that The biggest misunderstanding is: that since Listen 3.x worked on 1.9.3 before ... that I "broke" something. Actually, 1.9.3 was unsupported, even if it "happened to work". And bumping a major version in Listen wouldn't make sense, because there was absolutely no change in the API. There's a slight practical difference in SemVer for interpreted code vs compiled code. Anyway, end of rant. The subject is enormously complex and goes way deeper than "OMG! Build doesn't work! Must be a SemVer violation!". |
|
I think the fix looks like this:
group :development, :test do
+ gem "rake"
end(I will commit this tonight) @e2 the solutions to these problems can really be rather simple and don't need to involve accusations of the Ruby community being broken or all the gem boilerplate being wrong. You may disagree about the specifics but those are really just matters of opinion. While this project doesn't have a code of conduct yet, I really don't appreciate comments like "the Ruby community is broken and I tried to fix it" on PRs. Let's keep it technical please. |
You need to add |
E.g. the "simple" solution here to "the problem I caused" is either:
And many people are unwilling to even entertain the idea of any of those two solutions. So simple solutions become complex when people overreact to the symptoms and make "assumptions" without digging in deeper. And this is what happened in this case. (I don't mean this PR here - just in response to the change in Listen).
It's not an accusation. I didn't mean that in derogatory terms. Maybe I'm just exhausted with the subject already and I'm less careful with humor. If the discussions aren't technical and start off as accusatory (as was due to my commit) - that to me is a "broken community" that "needs patching". It's meant as humor. And as a way to redirect discussion to actual technical things instead of despairing that "something broken". I do wish people responded to the "breakage" with purely technical questions before jumping to conclusions. So I appreciate you bringing that back down to earth. I'm assuming I'm not needed here anymore. Mention me if I am. Or open an issue in Listen otherwise. |
|
Just based on the current build failures: I'd suggest using |
|
In before_install:
- gem install bundler --pre
- gem update bundler(May fix a RVM/Travis issue with JRuby as well - about Bundler missing). |
|
By "missing Bundler issue" I mean exactly this here: https://travis-ci.org/cryptosphere/rbnacl/jobs/125958825 (jruby-head) |
|
Rebased. All green. 💯 |
| # | ||
| # @return [String] The signature key bytes. Left half is 32-byte | ||
| # curve25519 private scalar, right half is 32-byte group element | ||
| def keypair |
There was a problem hiding this comment.
Also maybe put this right after to_bytes in the file...
… as #keypair_bytes
|
Updated PR branch to rename method to #keypair_bytes and moved its location in the file. |
|
Looks good, thanks! |
|
Thanks for pulling this in. 👍 |
As per our Twitter DM discussion today. Let me know if you want me to modify anything. Thanks.