NMU for bzlib to build on newer ghc

[cartazio]

cf https://mail.haskell.org/pipermail/libraries/2020-April/030345.html

cc @hvr @davean @sclv

[phadej]

I think we are in step 3 of https://github.com/haskell-infra/hackage-trustees/blob/master/policy.md#policyprocedure-2

(Trustee) When the issue is opened, a trustee must try to contact the maintainer(s), primarily by e-mail to try and resolve things without needing to force anything. They must record in the ticket when they first tried to contact the maintainer(s). This documents the start of the 2-week deadline. (Many users do not have github notifications set up.)

Carter, could you act as shepherd of this issue (i.e. the trustee above).

[cartazio]

hrm, so I think @hasufell was asking him on IRC (and giving a patch) interactively to duncan on Wednesday, March 25th, 2020 on #GHC , based on my IRC logs, though the email above dates to April 1st.

@ Julian, i can double check my irc logs, but he actually back and forth and ack'd

6:28 PM <dcoutts> :-)
6:28 PM <maerwald> dcoutts: https://gist.github.com/hasufell/a5f1091646d1b891e6d2a73714dbb50e need patch for bzlib
closehasufell — 25 Mar 2020

6:28 PM <maerwald> no issue tracker
6:28 PM <maerwald> my mail went to /dev/null it seems
6:29 PM <dcoutts> looks reasonable

[cartazio]

so contact timer seems to have started march 25th, [edit with the maintainer acking receipt of a patch/fix for supporting newer ghc, but then nothing happening in the past week and a half]

[cartazio]

@dcoutts

[phadej]

Policy clearly states

a trustee must try to contact the maintainer(s), primarily by e-mail

No timer have started yet.

[hasufell]

@phadej 'primarily' doesn't mean 'exclusively'. The maintainer was contacted and responded. Then went awol.

[phadej]

@hasufell, you are not a Trustee. None of trustees (as a trustee) yet have contacted Duncan as far as I know.

The policy is there so we won't cut corners. Opening this issue was step 2. in it.

Really, week here or there doesn't change anything. I'm asking @cartazio to follow the policy and keep the process rolling. Skipping steps is unacceptable.

[hasufell]

@hasufell, you are not a Trustee. None of trustees (as a trustee) yet have contacted Duncan as far as I know.

I'm aware I'm not a trustee. Carter is. And he contacted duncan specifically about this. See the logs:

[22:20:08] <carter> maerwald: nooo. Look at Haskell libraries mailing list for the email ;)
[22:21:59] <maerwald> gnah, can't you just forward it? :P
[22:22:05] <maerwald> MTA carter
[22:23:07] <maerwald> Remember my bandwidth is limited, can't be downoading hundreds of unread mails now :P
[22:24:30] <maerwald> Also, why is he hiding
[22:24:54] <carter> maerwald:  :p
[22:25:04] <carter> thats from 5 - 8 years ago
[22:26:04] <maerwald> when ppl were still using darcs with cabal sandboxes, yay
[22:26:10] <carter> maerwald:
[22:26:10] <carter> On Wed, Mar 18, 2020 at 7:42 PM Duncan Coutts <duncan at dcoutts.me.uk> wrote:
[22:26:24] <carter> maerwald:  you have haskell libraries sub?
[22:26:31] <maerwald> I think so
[22:26:32] <carter> so you can send to that
[22:26:41] <carter> or just cc me and a few other people whatever
[22:27:03] <dcoutts> oh my 2FA -> 1FA hackery :-)
[22:27:16] <dcoutts> 1FA > 2FA
[22:27:23] <carter> dcoutts:  anything is still better
[22:27:26] <carter> than nothing
[22:27:33] <carter> maerwald:  he's here
[22:27:48] <carter> dcoutts:  just enable it today please instead of showing off shell scripting hacks
[22:28:24] <dcoutts> :-)
[22:28:27] <maerwald> dcoutts: https://gist.github.com/hasufell/a5f1091646d1b891e6d2a73714dbb50e need patch for bzlib
[22:28:30] <maerwald> no issue tracker
[22:28:46] <maerwald> my mail went to /dev/null it seems
[22:29:01] <dcoutts> looks reasonable
[22:30:09] <carter> dcoutts:  i hope you can be a better rolle model for ROLE acls :P
[22:30:14] <carter> thn you are
[22:30:16] <carter> by tonight please
[22:30:24] <carter> mr crypto currency cto :p
[22:30:36] <carter> https://github.com/orgs/haskell/people?query=two-factor%3Adisabled
[22:30:54] <carter> i've emailed everyone singe person who's not got 2fa enabled
[22:31:18] <dcoutts> I see I'm in good company
[22:31:44] <carter> dcoutts:  yes, people who've not been active in half a decade :
[22:31:45] <carter> :P
[22:31:54] <dcoutts> presumably they'll not be able to push or merge one you enable it
[22:31:57] <carter> so get yo shit together and be a better role model pease :)
[22:32:06] <carter> with most of those folks they've not been activ ein years
[22:32:24] <carter> with the other ones, its them being obnoxious :P
[22:32:46] <dcoutts> they're just being role models of grumpy old men
[22:32:48] <carter> so please enable 2fa
[22:32:52] <carter> no, i'm grumpier
[22:33:18] <dcoutts> :-)
[22:33:38] <carter> it was really hard to figure out some peoples emails!
[22:33:47] <dcoutts> just do it and don't worry about it, they'll get the message when they next try to use it
[22:33:47] <carter> i had to pm kazu on twitter to get him to notice :)
[22:33:51] <carter> yes
[22:33:59] <carter> but i wanna make sure i good faith literally told everyone
[22:34:06] <carter> since we dont have formal processes
[22:34:18] <carter> peope i know are active i'm just politely heckling
[22:34:18] <maerwald> dcoutts: oh, the patch also needs to actually bump the upper bound and do a version bump
[22:34:29] <dcoutts> maerwald: ack
[22:35:41] <carter> you're not wrong, but good faith "i did reach out and tried to help"
[22:35:42] <carter> :)
[22:36:36] <maerwald> dcoutts: https://gist.github.com/hasufell/a5f1091646d1b891e6d2a73714dbb50e
[22:36:40] <maerwald> can you make a release?
[22:38:09] <carter> please actually flip the switch on your stuff dcoutts , for some packages you're the only current maintainer
[22:38:15] <carter> plz
[22:40:38] <carter> we've spent more time emailing abou this than it takes to sestup

[phadej]

@hasufell thanks for posting that. When that discussion happened? These have to be recorded explicitly, we must stay transparent.

Given the week since that have past, it moves us to step 4. Can @cartazio send an email to Duncan (and cc trustees) that

4. (Trustee) After a week if there's still no contact with any of the maintainers then a trustee should again email the maintainers to inform them of the plan to do a NMU, what, why and when. The when is at earliest in a week. The trustee must record in the ticket when again tried to contact the maintainer(s). This documents the start of the 1-week deadline.

---

About the patch itself:

   return = returnZ
+#if MIN_VERSION_base(4,13,0)
+instance MonadFail Stream where
+#endif
   fail   = (finalise >>) . failZ

is wrong. I expect to see something like: https://github.com/hackage-trustees/malcolm-wallace-universe/blob/13b09c82dfc0098be3157bbbba346602e7ef5089/polyparse-1.12/src/Text/ParserCombinators/Poly/Text.hs#L49-L54

If we remove fail definition from Monad, then the code will be broken for users with older GHCs. That is not good.

[hasufell]

When that discussion happened?

2020-03-25

About the patch itself:

Updated at the gist: https://gist.github.com/hasufell/a5f1091646d1b891e6d2a73714dbb50e

Tested with 8.0.2, 8.2.2, 8.4.4, 8.6.5, 8.8.3 and 8.10.1

[cartazio]

for redundancy i added an explicit ask email for NMU auth / if hes got a timeline to do anything himself / future maintainership on the libraries thread, so backup timer started April 7th :)

[hasufell]

https://mail.haskell.org/pipermail/libraries/2020-April/030349.html

[phadej]

Hey Duncan: can you do a bug fix release for this in the next few days to suport newer ghc or explicitly authorize an nmu (non maintainer update?)

Doesn't contain when

email the maintainers to inform them of the plan to do a NMU, what, why and when. The when is at earliest in a week.

I ask you to be precise.

[cartazio]

Ok: done! Or did I overlook anything ?

On Tue, Apr 7, 2020 at 3:38 PM Oleg Grenrus notifications@github.com wrote:

Hey Duncan: can you do a bug fix release for this in the next few days to suport newer ghc or explicitly authorize an nmu (non maintainer update?)

Doesn't contain when

email the maintainers to inform them of the plan to do a NMU, what, why and when. The when is at earliest in a week.

I ask you to be precise.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/haskell-infra/hackage-trustees/issues/262#issuecomment-610581200, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAABBQREWNFPP4TA43LZ6A3RLN6K7ANCNFSM4MCNUACQ .

[hasufell]

I lost track about the exact deadline, but I think it's over?

[cartazio]

yes

On Thu, Apr 16, 2020 at 2:07 PM Julian Ospald notifications@github.com wrote:

I lost track about the exact deadline, but I think it's over?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/haskell-infra/hackage-trustees/issues/262#issuecomment-614810251, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAABBQW4IBOBFL4JQKFUNY3RM5CM3ANCNFSM4MCNUACQ .

[hasufell]

Who is going to apply this?

[vaibhavsagar]

A copy of bzlib with your patch applied is here. If everything looks good I can move this repo under the hackage-trustees organisation and make a new release.

[phadej]

Warning: bzlib.cabal:33:32: version operators used. To use version operators
the package needs to specify at least 'cabal-version: >= 1.8'.
Warning: bzlib.cabal:34:42: version operators used. To use version operators
the package needs to specify at least 'cabal-version: >= 1.8'.

and with GHC-7.* (you need to add a conditional dependency on fail):

Codec/Compression/BZip/Stream.hsc:78:18:
    Could not find module ‘Control.Monad.Fail’
    It is a member of the hidden package ‘fail-4.9.0.0@9VfzPgZmVnyGDICixWHnyA’.
    Perhaps you need to add ‘fail’ to the build-depends in your .cabal file.
    Use -v to see a list of the files searched for.

diff --git a/bzlib.cabal b/bzlib.cabal
index 5f0297d..9cd43ad 100644
--- a/bzlib.cabal
+++ b/bzlib.cabal
@@ -32,6 +32,8 @@ library
   extensions:      CPP, ForeignFunctionInterface
   build-depends:   base >= 3 && < 4.15,
                    bytestring == 0.9.* || == 0.10.*
+  if !impl(ghc >=8.0)
+    build-depends: fail ==4.9.*
   includes:        bzlib.h
   ghc-options:     -Wall
   if !os(windows)

Also the new version have to be 0.5.1.0 (i.e. minor bump) as there are added new functionality, namely MonadFail instance.

And then we need a changelog, even bzlib doesn't had it yet.

I would also set the lower bound to base >=4.3. I checked that with the small patch above bzlib compiles with GHC-7.0.4 (which uses base-4.3), and I doubt anyone would try with anything older.

[vaibhavsagar]

I've updated bzlib.cabal and added a changelog.

[phadej]

@vaibhavsagar try to upload a candidate, I think that hackage in fact requires cabal-version: 1.10 as bare minimum now. Sorry I forgot to mention that.

Then you'll need something like:

diff --git a/bzlib.cabal b/bzlib.cabal
index a6a5462..816d03e 100644
--- a/bzlib.cabal
+++ b/bzlib.cabal
@@ -16,7 +16,7 @@ description:     This package provides a pure interface for compressing and
                  tasks and for the few cases where more control is needed it
                  provides access to the full bzip2 feature set.
 build-type:      Simple
-cabal-version:   >= 1.8
+cabal-version:   >= 1.10
 extra-source-files: cbits/bzlib_private.h cbits/LICENSE
                     -- demo programs:
                     examples/bzip2.hs examples/bunzip2.hs
@@ -28,10 +28,11 @@ source-repository head
   location: http://code.haskell.org/bzlib/

 library
+  default-language: Haskell2010
   exposed-modules: Codec.Compression.BZip,
                    Codec.Compression.BZip.Internal
   other-modules:   Codec.Compression.BZip.Stream
-  extensions:      CPP, ForeignFunctionInterface
+  default-extensions: CPP, ForeignFunctionInterface
   build-depends:   base >= 4.3 && < 4.15,
                    bytestring == 0.9.* || == 0.10.*
   if !impl(ghc >=8.0)

if then Hackage is happy, then you can count this as a sign-off by another trustee.

[vaibhavsagar]

I've sent an email requesting temporary uploading privileges.

[vaibhavsagar]

Uploaded at http://hackage.haskell.org/package/bzlib-0.5.1.0/candidate, no warnings from Hackage.

[phadej]

It looks great.

If you don't mind, we might want to add to cabal file, so people will find it (e.g. Duncan).

source-repository this
    type:       git
    location:   https://github.com/hackage-trustees/bzlib.git
    tag:        v0.5.1.0

Then feel free to move to hackage-trustees org, publish and remember to create a tag (and push it).

---

We should write down individual additions which we did but weren't listed in the policy document. I think we should amend

prepare the patches (perhaps by pulling in changes from somewhere else), including a tag.

To explicitly mention a changelog and source-repository this pointing to a hackage-trustees repository (where source-repository head is probabably maintainers' own if exists). Do I forget already something?

[vaibhavsagar]

I chose to tag it 0.5.1.0 for consistency with previous tags, updated the cabal file accordingly, and uploaded a new candidate. I don't yet seem to have permission to create a new repository under the hackage-trustees organisation and I'd be happy to move the repository there as soon as I can.

[phadej]

@vaibhavsagar you should be able now.

[vaibhavsagar]

Thank you, published and moved the repository.

[hasufell]

Seems resolved, thanks guys. What's the procedure for future patches?

[phadej]

There are cases where maintainers are unavailable indefinitely or for long periods. This is not usually an urgent problem, but sometimes when a package has lots of others that depend on it, those other packages can be blocked from working with newer dependencies. For example a package that is not updated for a long period may block all packages that depend on it from working with a newer compiler or base library release.

For other cases consider taking over the package.

The policy for this is already established, but the trustees can help facilitate it, e.g. by acting as a point of contact for the procedure.

This is detailed on the haskell wiki.

[phadej]

Ok. https://hackage.haskell.org/package/bzlib-0.5.1.0 is on Hackage.

@vaibhavsagar would you notify maintainers that upload and done, and where to find the code (i.e. last step). Or do you want me to do it?

@gbaz doc builder doesn't seem have libbz2-dev installed.

cabal: Missing dependency on a foreign library:
* Missing (or bad) header file: bzlib.h
* Missing (or bad) C library: bz2

so we don't have haddocks.

Otherwise there's nothing to see here anymore. Closing.

[vaibhavsagar]

I've sent an email to Duncan informing him of the new release, CCed to Hackage trustees.

[vaibhavsagar]

I attempted to send an email to duncan@community.haskell.org but that address does not seem to be receiving new mail.

[phadej]

@vaibhavsagar Google says https://www.well-typed.com/who_we_are/