Open michaelpj opened 5 years ago
Recently been hit by this again. It seems that it also breaks with:
..
, even when they are not broken and point inside the repository.Thanks @michaelpj.
You might've already seen this related thread that explores a similar problem.
Having glanced through that discussion it sounds like we're deliberately leaning toward keeping such exceptions because it's easier to ensure deterministic package hashes that work reliably across platforms, but I've added the "discuss" label to this issue nonetheless - maybe there's some happy middle ground to be found.
I hadn't seen that thread.
Firstly: I've now observed this in cases with symlinks that aren't broken, too. I think that really should work. Here's some logs:
Unsupported tarball from https://github.com/input-output-hk/plutus/archive/dbc2646112a87c710a8dd6f80b63458ca37a06c4.tar.gz: Symbolic link dest not found from plutus-dbc2646112a87c710a8dd6f80b63458ca37a06c4/plutus-book/src/Game/Guess.lhs to ../../doc/game/guess.adoc, looking for plutus-dbc2646112a87c710a8dd6f80b63458ca37a06c4/plutus-book/src/../doc/game/guess.adoc.
It looks like only one layer of ..
is being normalized away. I can open a separate issue for this, perhaps?
Secondly, I can see the reasons for doing what you're doing with broken symlinks, but it has some costs. Packages with broken symlinks will:
source-repository-package
.stack
.This means we're set up for repeated issues where things work everywhere else... and then suddenly don't in stack. And this will only be noticed by downstream users of a package, even if the package author uses stack they won't notice!
I made https://github.com/commercialhaskell/stack/issues/5004 for the relative symlink case which I think is just a bug. This one can continue to be about broken symlinks, which I think is a more ambiguous case (although I still think it should work).
Well-spotted and thanks again for your reports @michaelpj.
I'm going to CC @qrilka @snoyberg and @dbaynard since I believe they're all much better informed on this subject than I am and probably in a better position to help.
I'm not particularly inclined to make any changes based on what I'm seeing in this issue. The initial claim:
Now, this is not a good idea, but it's still a valid Git repository and it used to work just fine. So I think this is a bug.
Sure, lots of things are valid Git repository or tarballs. There are many such cases we don't support. Simple example: every build tool requires a .cabal
file. The standard for "correctly defined Haskell package" is significantly higher than "Git will allow you to create it."
Well, it's not just that it's a valid Git repository. You can also upload it to Hackage just fine or use it with source-repository-package
. For most other tools broken symlinks that aren't used in the build are just irrelevant. So I think it's fair to say that Stack's criterion of "correctly defined Haskell package" is here is different to everybody else's.
I don't think this is a huge deal (whereas I do care about https://github.com/commercialhaskell/stack/issues/5004), but I do think this is going to bite people. And there's no downstream workaround short of forking the upstream repository.
I've used the export-ignore workaround in the .gitattributes
file, but it's a bit of a pain.
It does seem problematic that stack will build the git repository unless it is included as a dependency.
On a more practical note, this issue is now with commercialhaskell/pantry
, isn't it?
Could the symbolic link path checking be redundant, here? (That said, resolving non-tarball paths from tarballs seems like a recipe for a later breakage, with potential security implications, too).
Do you have any idea, where can be a problem with this symbolic link? https://github.com/sclorg/s2i-perl-container/blob/master/5.26/test/sample-test-app.json
General summary/comments (optional)
We have https://github.com/shmish111/servant-purescript as a git dependency. New versions of Stack fail with a tarball error.
It seems there have been some issues in this vein already, e.g. https://github.com/commercialhaskell/stack/issues/4580.
Steps to reproduce
Add
to your
stack.yaml
andstack build
.Expected
It works.
Actual
Inspecting the final error reveals a weirdness - that repository has a checked-in symlink to an absolute path on some person's computer!
Now, this is not a good idea, but it's still a valid Git repository and it used to work just fine. So I think this is a bug.
Stack version
2.1.1.1 x86_64 hpack-0.31.2
Method of installation
Nix.