curl v7.81.0

[regro-cf-autotick-bot]

It is very likely that the current package version for this feedstock is out of date.

Checklist before merging this PR:

• [ ] Dependencies have been updated if changed: see upstream
• [ ] Tests have passed
• [ ] Updated license if changed and license_file is packaged

Information about this PR:

1. Feel free to push to the bot's branch to update this PR if needed.
2. The bot will almost always only open one PR per version.
3. The bot will stop issuing PRs if more than 3 version bump PRs generated by the bot are open. If you don't want to package a particular version please close the PR.
4. If you want these PRs to be merged automatically, make an issue with code>@conda-forge-admin,</codeplease add bot automerge in the title and merge the resulting PR. This command will add our bot automerge feature to your feedstock.
5. If this PR was opened in error or needs to be updated please add the bot-rerun label to this PR. The bot will close this PR and schedule another one. If you do not have permissions to add this label, you can use the phrase code>@<space/conda-forge-admin, please rerun bot in a PR comment to have the conda-forge-admin add it for you.

Pending Dependency Version Updates

Here is a list of all the pending dependency version updates for this repo. Please double check all dependencies before merging.

Name	Upstream Version	Current Version
curl	7.81.0

Dependency Analysis

Please note that this analysis is highly experimental. The aim here is to make maintenance easier by inspecting the package's dependencies. Importantly this analysis does not support optional dependencies, please double check those before making changes. If you do not want hinting of this kind ever please add bot: inspection: false to your conda-forge.yml. If you encounter issues with this feature please ping the bot team conda-forge/bot.

Analysis of the source code shows no discrepancy between the library's imports and the package's stated requirements in the meta.yaml.

_{This PR was created by the regro-cf-autotick-bot. The regro-cf-autotick-bot is a service to automatically track the dependency graph, migrate packages, and propose package version updates for conda-forge. Feel free to drop us a line if there are any issues! This PR was generated by https://github.com/regro/autotick-bot/actions/runs/1657730139, please use this URL for debugging.}

[conda-forge-linter]

Hi! This is the friendly automated conda-forge-linting service.

I just wanted to let you know that I linted all conda-recipes in your PR (recipe) and found it was in an excellent condition.

[jaimergp]

Apparently this is causing segfaults in Julia:

• https://github.com/conda-forge/julia-feedstock/issues/169#issuecomment-1007411498
• https://github.com/conda-forge/julia-feedstock/pull/159#issuecomment-1007375466

@mkitti @conda-forge/core

[jaimergp]

Release notes / changes

[mkitti]

I am confirming that libcurl 7.81 segfaults locally and that downgrading to 7.80 resolves the issue.

  added / updated specs:
    - libcurl=7.80.0

The following packages will be DOWNGRADED:

  curl                                    7.81.0-h494985f_0 --> 7.80.0-h494985f_1
  libcurl                                 7.81.0-h494985f_0 --> 7.80.0-h494985f_1

[beckermr]

Shall we mark 7.81 as broken or do we need to exclude it for julia only?

[mkitti]

I'm trying to figure out how to answer that. The command line curl works. julia -e 'download("https://curl.se")' does not.

[ngam]

oh my daaaaze.

@mkitti let's put upper pins on everything from now on. This is unsustainable.

[ngam]

Shall we mark 7.81 as broken or do we need to exclude it for julia only?

I'd guess julia only @beckermr. Already updated the patch here: https://github.com/conda-forge/conda-forge-repodata-patches-feedstock/pull/208

[ngam]

@beckermr: https://github.com/JuliaLang/julia/issues/43682

[ngam]

This points to a julia specific issue with the newest curl and not just in conda forge.

[ngam]

@beckermr @ocefpaf could you explain to me how the global pin on curl works?

And should we refine it a little further?

[beckermr]

cc @conda-forge/core

[ngam]

Basically, see this: https://github.com/conda-forge/conda-forge-repodata-patches-feedstock/pull/208

The pin on curl goes like 7.80 to 8 --- does that make sense? Would it go 7.70 to 8 previously?

[ngam]

This seems counterintuitive to me

[beckermr]

Basically, libcurl has ABI promises over a range of versions. This means for that range of versions, we can build new versions and just swap them in at run time. You can see this here: https://abi-laboratory.pro/index.php?view=timeline&l=curl

We use a run export to fix the range of versions: https://github.com/conda-forge/curl-feedstock/blob/master/recipe/meta.yaml#L47

We use the global pinnings to set which version we build against.

[mkitti]

Basically, libcurl has ABI promises over a range of versions. This means for that range of versions, we can build new versions and just swap them in at run time. You can see this here: https://abi-laboratory.pro/index.php?view=timeline&l=curl

abi-laboratory.pro seems out of date. Does anyone know why?

[ngam]

I understand the general premise, @beckermr, but I don't understand why it follows this formula:

pin_on_curl = >=current_curl_version,<next_major_version

so for example:

>=7.78.0,<8.0a0 >=7.79.0,<8.0a0 >=7.79.1,<8.0a0 >=7.80.0,<8.0a0

and now:

>=7.81.0,<8.0a0

And in all of these case, the global "pin" on curl is... 7: https://github.com/conda-forge/julia-feedstock/blob/e07c7bd7670cf2f31a6d9990412e5693168d48fc/.ci_support/linux_64_.yaml#L13-L14 with a maximum of x: https://github.com/conda-forge/julia-feedstock/blob/e07c7bd7670cf2f31a6d9990412e5693168d48fc/.ci_support/linux_64_.yaml#L42-L43

[ngam]

@mkitti the solution for us in julia is to impose a MAXIMUM pin on all CURRENT versions of dependencies.

[beckermr]

This line: https://github.com/conda-forge/curl-feedstock/blob/e1cd3e6dcc0ef2bcfe34d40f9674c1dfaebcbf15/recipe/meta.yaml#L47 sets the max pin to 'x' (default in the pin_subpackage if nothing is listed). What that means is that conda build inserts a run constraint that looks like the version built with up to 8. So as we bump the curl version, the lower bound increases but the max bound is 8.

The global pin sets the version installed at build time. In this case, the solver is maximizing the version but it has to match 7.*.

[ngam]

What that means is that conda build inserts a run constraint that looks like the version built with up to 8.

ahhh! So this sets both a minimum (current version) and a maximum. Okay, weird. Do we want this in general? I mean, it seems it is working overall, but not for crazy, out-of-control julia...

[beckermr]

in general yeah this is what we want

[mkitti]

By the way, I just did a local build of Julia master versus libcurl 7.81.0, and it works. It is possible there is already a fix upstream or the way curl is configured makes a difference: https://github.com/JuliaLang/julia/blob/master/deps/curl.mk

Recent fork of Julia master

   _       _ _(_)_     |  Documentation: https://docs.julialang.org
  (_)     | (_) (_)    |
   _ _   _| |_  __ _   |  Type "?" for help, "]?" for Pkg help.
  | | | | | | |/ _` |  |
  | | |_| | | | (_| |  |  Version 1.8.0-DEV.1186 (2022-01-06)
 _/ |\__'_|_|_|\__'_|  |  mkitti/mbedtls/eab59f100e* (fork: 4 commits, 11 days)
|__/                   |

julia> using LibCURL

julia> unsafe_string(LibCURL.curl_version())
"libcurl/7.81.0 mbedTLS/2.27.0 zlib/1.2.11 libssh2/1.9.0_DEV nghttp2/1.41.0"

julia> download("https://curl.se")
"/tmp/jl_ZTLamw"

julia> versioninfo()
Julia Version 1.8.0-DEV.1186
Commit eab59f100e* (2022-01-06 07:14 UTC)
DEBUG build
Platform Info:
  OS: Linux (x86_64-linux-gnu)
...

Conda-forge:

curl                      7.81.0               h494985f_0    conda-forge
julia                     1.7.1                h989b2f6_2    conda-forge
libcurl                   7.81.0               h494985f_0    conda-forge

               _
   _       _ _(_)_     |  Documentation: https://docs.julialang.org
  (_)     | (_) (_)    |
   _ _   _| |_  __ _   |  Type "?" for help, "]?" for Pkg help.
  | | | | | | |/ _` |  |
  | | |_| | | | (_| |  |  Version 1.7.1 (2021-12-22)
 _/ |\__'_|_|_|\__'_|  |  https://github.com/conda-forge/julia-feedstock
|__/                   |

julia> using LibCurl
ERROR: ArgumentError: Package LibCurl not found in current path:
- Run `import Pkg; Pkg.add("LibCurl")` to install the LibCurl package.

Stacktrace:
 [1] require(into::Module, mod::Symbol)
   @ Base ./loading.jl:967

julia> using LibCURL

julia> unsafe_string(LibCURL.curl_version())
"libcurl/7.81.0 OpenSSL/3.0.0 zlib/1.2.11 libssh2/1.10.0 nghttp2/1.43.0"

julia> download("https://curl.se")

signal (11): Segmentation fault
in expression starting at REPL[4]:1
Curl_connect at /home/mkitti/anaconda3/envs/julia171_20220107/bin/../lib/julia/libcurl.so (unknown line)
multi_runsingle at /home/mkitti/anaconda3/envs/julia171_20220107/bin/../lib/julia/libcurl.so (unknown line)
multi_socket at /home/mkitti/anaconda3/envs/julia171_20220107/bin/../lib/julia/libcurl.so (unknown line)
curl_multi_socket_action at /home/mkitti/anaconda3/envs/julia171_20220107/bin/../lib/julia/libcurl.so (unknown line)
curl_multi_socket_action at /home/conda/feedstock_root/build_artifacts/julia_1641439672340/work/usr/share/julia/stdlib/v1.7/LibCURL/src/lC_curl_h.jl:230 [inlined]
curl_multi_socket_action at /home/conda/feedstock_root/build_artifacts/julia_1641439672340/work/usr/share/julia/stdlib/v1.7/Downloads/src/Curl/utils.jl:91 [inlined]
macro expansion at /home/conda/feedstock_root/build_artifacts/julia_1641439672340/work/usr/share/julia/stdlib/v1.7/Downloads/src/Curl/utils.jl:35 [inlined]
...

[ngam]

julia> versioninfo() Julia Version 1.8.0-DEV.1186 Commit eab59f100e* (2022-01-06 07:14 UTC) DEBUG build

why does it show 1.8.0 and 1.7.1... 😕

OOps never mind.

[ngam]

in general yeah this is what we want

Okay, but I am still confused/bewildered. You're saying in general we want to force all builds to basically one single version? When it now says >=7.81.0,<8.0a0, it really just means ==7.81.0. Am I missing something here?

[ngam]

the way curl is configured makes a difference

Yes, and that's my confusion above. I am still quite confused about these pins.

[mkitti]

In principle, everyone would obey and practice semantic versioning. Curl actually does a pretty decent job at this overall, so this is a surprising that a minor version bump has created breakage. It is likely a bug rather than being intentional.

https://semver.org/

In practice, there seem to be different concepts about versioning.

In this specific case, I have yet to isolate the issue. I suppose the next thing to try is Julia master with the specific curl binary produced here. Perhaps it is actually a dependency of curl such as OpenSSL that is causing this issue.

[dopplershift]

Okay, but I am still confused/bewildered. You're saying in general we want to force all builds to basically one single version? When it now says >=7.81.0,<8.0a0, it really just means ==7.81.0. Am I missing something here?

No, we want to force all builds onto the same compatible version. For some libraries, this is an exact version. For cURL, it means 7.x, starting with what it builds with, and anything newer--up to and not including the next incompatible version.

[ngam]

No, we want to force all builds onto the same compatible version. For some libraries, this is an exact version. For cURL, it means 7.x, starting with what it builds with, and anything newer--up to and not including the next incompatible version.

Thanks @dopplershift. I think I understand this correctly now. I mean, it seems it works fine except in this rare instance, so I take I was the confused one here 😆