[question] How to configure a project with sdl?

[IgberZBN]

What is your question?

I'm new to conan. I'm trying to configure a project with SDL and SDL Image. I put it correctly like this in the packages. Conan SDL Conan SDL_Image

[requires]
sdl/2.30.1
sdl_image/2.6.3
[generators]
CMakeDeps
CMakeToolchain
[layout]
cmake_layout

But when I try to run Conan install, generates this error: ERROR: Version conflict: Conflict between sdl/2.28.3 and sdl/2.30.1 in the graph. Conflict originates from sdl_image/2.6.3

After that I tried to change the sdl dependency version. sdl/2.30.1 -> sdl/2.28.3

But then it generates another error: ERROR: Version conflict: Conflict between xz_utils/5.4.5 and xz_utils/5.6.1 in the graph. Conflict originates from libtiff/4.6.0

I would like to know how I can fix this or use the latest version of sdl_image, as the latest version is already 2.8.2 SDL_Image

Have you read the CONTRIBUTING guide?

• [X] I've read the CONTRIBUTING guide

[IgberZBN]

My setup: OS: Linux Distro: Arch Kernel: Linux 6.6.23-1-lts Conan version 2.1.0 cmake version 3.29.0 sdl2 version 2.30.1

[memsharded]

Hi @IgberZBN

Thanks for reporting. I am checking this, but at the moment I am getting:

ERROR: Package 'xz_utils/5.6.1' not resolved: Unable to find 'xz_utils/5.6.1' in remotes.

This is because the impact of the xz backdoor, I don't know if you have heard from it, but it has been big. We had to remove those xz_utils versions from ConanCenter, so until dependants on them are backported to previous versions of xz_utils that were not compromised, this might be broken.

I'll try to keep you posted in this thread when this is solved, thanks again for reporting!

[franramirez688]

Hi @IgberZBN

As I commented here, you should no longer get any xz_utils conflicts.

Another different thing is your first try: ERROR: Version conflict: Conflict between sdl/2.28.3 and sdl/2.30.1 in the graph. Conflict originates from sdl_image/2.6.3. If you want, we could transfer this issue to conan-center-index as this problem is related to that recipe itself and not with the Conan client.

[memsharded]

Thanks @franramirez688 for the feedback.

It seems that xz_utils issue is fixed now, it remains the conflict:

conan install --requires="sdl/[*]" --requires="sdl_image/[*]"
...
    sdl/2.30.1#de96d50011a78d08542366888b086a2e - Downloaded (conancenter)
    sdl_image/2.6.3#c8e61ff7f4695e3b5d5030fc1f22a17d - Downloaded (conancenter)
...
ERROR: Version conflict: Conflict between sdl/2.28.3 and sdl/2.30.1 in the graph.

[memsharded]

@IgberZBN I'd suggest to use sdl/2.28.3 until sdl_image is updated.

If you really need the latest sdl dependency, you can also force it with:

• Use a conanfile.py instead (https://docs.conan.io/2/tutorial/consuming_packages/the_flexibility_of_conanfile_py.html)
• Define self.requires("sdl/2.30.1", force=True) in the requirements() method
• You might need to use --build=missing to build from source if some binary is missing

[IgberZBN]

conan_test ➤ cat conanfile.txt
───────┬────────────────────────────────────────────────────────────────────────────────
       │ File: conanfile.txt
───────┼────────────────────────────────────────────────────────────────────────────────
   1   │ [requires]
   2   │ sdl/2.28.3
   3   │ sdl_image/2.6.3
   4   │ [generators]
   5   │ CMakeDeps
   6   │ CMakeToolchain
   7   │ [layout]
   8   │ cmake_layout
───────┴────────────────────────────────────────────────────────────────────────────────

Okay, I tried running it with the --update flag conan install . --output-folder=build --build=missing --update

But I get this error:

xz_utils/5.4.5: WARN: Trying to remove corrupted source folder
xz_utils/5.4.5: WARN: This can take a while for big packages
xz_utils/5.4.5: Calling source() in /home/igber/.conan2/p/xz_ute033bfcacc0c2/s/src
ERROR: xz_utils/5.4.5: Error in source() method, line 77
        get(self, **self.conan_data["sources"][self.version], strip_root=True)
        ConanException: sha256 signature failed for 'xz-5.4.5.tar.xz' file.
 Provided signature: da9dec6c12cf2ecf269c31ab65b5de18e8e52b96f35d5bcd08c12b43e6878803
 Computed signature: fb239eb60aa877fbb9ca3b2a2d230749250a0ff293cfa9e4a1681e462da03551

[memsharded]

You are right.

It is possible that with the xz malware, the tarballs in Github have been regenerated or something like that, and the checksums have changed.

Update: github is not related to this, the URLs are from https://tukaani.org/xz/xz-5.4.5.tar.xz, the Github repo has been disabled because of the attack: https://github.com/tukaani-project/xz

Then... https://tukaani.org/xz/xz-5.4.5.tar.xz seems nothing but a redirect to https://github.com/tukaani-project/xz/releases/download/v5.4.5/xz-5.4.5.tar.xz, which is also disabled...

I am not sure why Conan is still downloading something then the checksum fails.

[memsharded]

Oh, well, the download is downloading the Github html web page announcing the blocking of xz_utils.

It seems that building xz_utils from source might not be possible at this moment, as they have been removed from Github.

This is one of the issues to recommend for production systems to do a backup of the sources, as documented in https://docs.conan.io/2/devops/backup_sources/sources_backup.html.

We need to monitor this and check when Github activates the repo again or some new official and secure xz_utils sources become available.

[memsharded]

It seems with:

[requires]
sdl_image/2.6.3
sdl/[*]

[generators]
CMakeDeps
CMakeToolchain
[layout]
cmake_layout

and conan install . --build=missing it works in my Linux (the version range [*] allows to accomodate for the transitive dependency from sdl_image, now it will resolve to sdl/2.28.3.

The sources for xz_utils have also been recovered thanks to our internal mirrors of the soruces.

I am moving this to conan-center-index to track the conflict between sdl_image and sdl.