search

haskell-infra / hackage-trustees

Issue tracker for Hackage maintainance and trustee operations
https://hackage.haskell.org/packages/trustees/
42 stars 7 forks source link

Missing bounds on wai-middleware-auth #339

Closed andreabedini closed 1 year ago

andreabedini commented 1 year ago

Hello hackage trustees,

The package wai-middleware-auth-0.2.6.0 lacks many vesion bounds but the following two upper bounds are enough for a working build plan.

aeson                < 2
hoauth2              >= 1.11 && < 1.17

Can the trustees add a cabal file revision with these bounds? The listed maintainer says he doesn't maintain the package anymore.

The package doesn't seem to have a x-curation field so it should be ok to do a revision.

Thanks

andreasabel commented 1 year ago

Ok, then I add aeson < 2 and ho-auth2 < 1.17 to all releases of wai-middleware-auth.

andreasabel commented 1 year ago

Done, e.g. https://hackage.haskell.org/package/wai-middleware-auth-0.2.6.0/revisions/.

phadej commented 1 year ago

I'd be very careful making revisions to fpco packages, and do only the necessary (i.e. check twice they are required) to not make (previously) angry people more angry (again).

andreabedini commented 1 year ago

I'd be very careful making revisions to fpco packages, and do only the necessary (i.e. check twice they are required) to not make (previously) angry people more angry (again).

<3 I tried to contact the maintainers and will take responsibility here.

phadej commented 1 year ago

When the issue was opened the matrix looked very depressing:

wai-middleware-auth-0.2.6.0  NO-IP           FAIL   FAIL   FAIL    FAIL   FAIL   NO-IP  NO-IP  NO-IP  NO-IP   NO-IP  NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.2.5.1  NO-IP           FAIL   FAIL   FAIL    FAIL   FAIL   NO-IP  NO-IP  NO-IP  NO-IP   NO-IP  NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.2.5.0  NO-IP           FAIL   FAIL   FAIL    FAIL   FAIL   NO-IP  NO-IP  NO-IP  NO-IP   NO-IP  NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.2.4.1  NO-IP           FAIL   FAIL   FAIL    FAIL   FAIL   NO-IP  NO-IP  NO-IP  NO-IP   NO-IP  NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.2.3.1  NO-IP           FAIL   FAIL   FAIL    FAIL   FAIL   NO-IP  NO-IP  NO-IP  NO-IP   NO-IP  NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.2.3.0  NO-IP           FAIL   FAIL   FAIL    FAIL   FAIL   NO-IP  NO-IP  NO-IP  NO-IP   NO-IP  NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.2.1.0  NO-IP           NO-IP  NO-IP  FAIL    FAIL   FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.2.0.0  NO-IP           NO-IP  NO-IP  FAIL    FAIL   FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.1.2.1  NO-IP           NO-IP  NO-IP  FAIL    FAIL   FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.1.2.0  NO-IP           NO-IP  NO-IP  NO-IP   NO-IP  FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.1.1.2  NO-IP           NO-IP  NO-IP  NO-IP   NO-IP  FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.1.1.1  NO-IP           NO-IP  NO-IP  NO-IP   NO-IP  FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.1.1.0  NO-IP           NO-IP  NO-IP  NO-IP   NO-IP  FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.1.0.0  NO-IP           NO-IP  NO-IP  NO-IP   NO-IP  FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP

right now it's still sad, except for latest versions

                             9.4.0.20220623  9.2.2  9.0.2  8.10.7  8.8.4  8.6.5  8.4.4  8.2.2  8.0.2  7.10.3  7.8.4  7.6.3  7.4.2  7.2.2  7.0.4
wai-middleware-auth-0.2.6.0  NO-IP           NO-IP  OK     OK      OK     OK     NO-IP  NO-IP  NO-IP  NO-IP   NO-IP  NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.2.5.1  NO-IP           NO-IP  OK     OK      OK     OK     NO-IP  NO-IP  NO-IP  NO-IP   NO-IP  NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.2.5.0  NO-IP           NO-IP  FAIL   OK      OK     OK     NO-IP  NO-IP  NO-IP  NO-IP   NO-IP  NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.2.4.1  NO-IP           NO-IP  FAIL   OK      OK     OK     NO-IP  NO-IP  NO-IP  NO-IP   NO-IP  NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.2.3.1  NO-IP           NO-IP  FAIL   FAIL    FAIL   FAIL   NO-IP  NO-IP  NO-IP  NO-IP   NO-IP  NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.2.3.0  NO-IP           NO-IP  FAIL   FAIL    FAIL   FAIL   NO-IP  NO-IP  NO-IP  NO-IP   NO-IP  NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.2.1.0  NO-IP           NO-IP  NO-IP  FAIL    FAIL   FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.2.0.0  NO-IP           NO-IP  NO-IP  FAIL    FAIL   FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.1.2.1  NO-IP           NO-IP  NO-IP  FAIL    FAIL   FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.1.2.0  NO-IP           NO-IP  NO-IP  NO-IP   NO-IP  FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.1.1.2  NO-IP           NO-IP  NO-IP  NO-IP   NO-IP  FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.1.1.1  NO-IP           NO-IP  NO-IP  NO-IP   NO-IP  FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.1.1.0  NO-IP           NO-IP  NO-IP  NO-IP   NO-IP  FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP
wai-middleware-auth-0.1.0.0  NO-IP           NO-IP  NO-IP  NO-IP   NO-IP  FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP

The 0.2.5.0 version fails with cryptic error, my gut feeling is some lower bound is missing, and an old version of dependency is picked (as the newer dependency is not ghc-9.2.2 compatible)

                             9.4.0.20220623  9.2.2  9.0.2  8.10.7  8.8.4  8.6.5  8.4.4  8.2.2  8.0.2  7.10.3  7.8.4  7.6.3  7.4.2  7.2.2  7.0.4
wai-middleware-auth-0.2.5.0  NO-IP           NO-IP  FAIL   OK      OK     OK     NO-IP  NO-IP  NO-IP  NO-IP   NO-IP  NO-IP  NO-IP  NO-IP  NO-IP

Build profile: -w ghc-9.0.2 -O0
In order, the following will be built (use -v for more details):
 - wai-middleware-auth-0.2.5.0 (lib) (first run)
 - wai-middleware-auth-0.2.5.0 (exe:wai-auth) (first run)
Preprocessing library for wai-middleware-auth-0.2.5.0..
Building library for wai-middleware-auth-0.2.5.0..
[ 4 of 14] Compiling Network.Wai.Auth.Config ( src/Network/Wai/Auth/Config.hs, /codetmp/wai/wai-middleware-auth-0.2.5.0/.dist-newstyle-trustee/7478053b63c7749120bdb218b82bd28e5baa489534f8f5f0c33963a252fbcb68c0691edc6325fe9e0cbfef710e6d0f4f3ea3cc9eea97da265794bfe1947cf16a/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.5.0/noopt/build/Network/Wai/Auth/Config.o, /codetmp/wai/wai-middleware-auth-0.2.5.0/.dist-newstyle-trustee/7478053b63c7749120bdb218b82bd28e5baa489534f8f5f0c33963a252fbcb68c0691edc6325fe9e0cbfef710e6d0f4f3ea3cc9eea97da265794bfe1947cf16a/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.5.0/noopt/build/Network/Wai/Auth/Config.dyn_o )

src/Network/Wai/Auth/Config.hs:96:58: error:
    • No instance for (FromJSON FileServer)
        arising from a use of ‘parseJSON’
    • In the second argument of ‘(<$>)’, namely ‘parseJSON fileServer’
      In the expression: ServiceFiles <$> parseJSON fileServer
      In a case alternative:
          (Just fileServer, Nothing) -> ServiceFiles <$> parseJSON fileServer
   |
96 |           (Just fileServer, Nothing) -> ServiceFiles <$> parseJSON fileServer
   |                                                          ^^^^^^^^^^^^^^^^^^^^

src/Network/Wai/Auth/Config.hs:98:30: error:
    • No instance for (FromJSON ReverseProxy)
        arising from a use of ‘parseJSON’
    • In the second argument of ‘(<$>)’, namely
        ‘parseJSON reverseProxy’
      In the expression: ServiceProxy <$> parseJSON reverseProxy
      In a case alternative:
          (Nothing, Just reverseProxy)
            -> ServiceProxy <$> parseJSON reverseProxy
   |
98 |             ServiceProxy <$> parseJSON reverseProxy
   |                              ^^^^^^^^^^^^^^^^^^^^^^
cabal: Failed to build wai-middleware-auth-0.2.5.0 (which is required by
exe:wai-auth from wai-middleware-auth-0.2.5.0).

and 0.1.2.1 with an error suggesting optparse-applicative bounds needs to be put in place:

                             9.4.0.20220623  9.2.2  9.0.2  8.10.7  8.8.4  8.6.5  8.4.4  8.2.2  8.0.2  7.10.3  7.8.4  7.6.3  7.4.2  7.2.2  7.0.4
wai-middleware-auth-0.1.2.1  NO-IP           NO-IP  NO-IP  FAIL    FAIL   FAIL   FAIL   FAIL   FAIL   DEP     DEP    NO-IP  NO-IP  NO-IP  NO-IP

Build profile: -w ghc-8.10.7 -O0
In order, the following will be built (use -v for more details):
 - wai-middleware-auth-0.1.2.1 (exe:wai-auth) (first run)
Preprocessing executable 'wai-auth' for wai-middleware-auth-0.1.2.1..
Building executable 'wai-auth' for wai-middleware-auth-0.1.2.1..
[1 of 1] Compiling Main             ( app/Main.hs, /codetmp/wai/wai-middleware-auth-0.1.2.1/.dist-newstyle-trustee/32720cb68a6306c096620f52f6723e6097f1b661be5c039109e74133bb1dfa7072e85ea4de7f19ab0b2aa6b7054f1583ef47bcc4a6357c5b3b148d9f243f6727/build/x86_64-linux/ghc-8.10.7/wai-middleware-auth-0.1.2.1/x/wai-auth/noopt/build/wai-auth/wai-auth-tmp/Main.o, /codetmp/wai/wai-middleware-auth-0.1.2.1/.dist-newstyle-trustee/32720cb68a6306c096620f52f6723e6097f1b661be5c039109e74133bb1dfa7072e85ea4de7f19ab0b2aa6b7054f1583ef47bcc4a6357c5b3b148d9f243f6727/build/x86_64-linux/ghc-8.10.7/wai-middleware-auth-0.1.2.1/x/wai-auth/noopt/build/wai-auth/wai-auth-tmp/Main.dyn_o )

app/Main.hs:31:6: error:
    • Couldn't match expected type ‘ParseError’
                  with actual type ‘Maybe String -> ParseError’
    • Probable cause: ‘ShowHelpText’ is applied to too few arguments

TL;DR I'd just made a revision for the latest version... and checked its lower bounds, which is sad story as well. My test takes a bit too long to run, but some examples:

% cabal build -w ghc-8.6.5 --constraint=aeson==1.3.0.0 -j1
Build profile: -w ghc-8.6.5 -O1
In order, the following will be built (use -v for more details):
 - hsc2hs-0.68.8 (exe:hsc2hs) (requires build)
 - jose-0.8.4 (lib) (requires build)
...

Configuring library for jose-0.8.4..
Preprocessing library for jose-0.8.4..
Building library for jose-0.8.4..
[ 1 of 18] Compiling Crypto.JOSE.AESKW ( src/Crypto/JOSE/AESKW.hs, dist/build/Crypto/JOSE/AESKW.o )
[ 2 of 18] Compiling Crypto.JOSE.Error ( src/Crypto/JOSE/Error.hs, dist/build/Crypto/JOSE/Error.o )
[ 3 of 18] Compiling Crypto.JOSE.Compact ( src/Crypto/JOSE/Compact.hs, dist/build/Crypto/JOSE/Compact.o )
[ 4 of 18] Compiling Crypto.JOSE.TH   ( src/Crypto/JOSE/TH.hs, dist/build/Crypto/JOSE/TH.o )
[ 5 of 18] Compiling Crypto.JOSE.JWA.JWS ( src/Crypto/JOSE/JWA/JWS.hs, dist/build/Crypto/JOSE/JWA/JWS.o )
[ 6 of 18] Compiling Crypto.JOSE.JWA.JWE.Alg ( src/Crypto/JOSE/JWA/JWE/Alg.hs, dist/build/Crypto/JOSE/JWA/JWE/Alg.o )
[ 7 of 18] Compiling Crypto.JOSE.Types.Internal ( src/Crypto/JOSE/Types/Internal.hs, dist/build/Crypto/JOSE/Types/Internal.o )

src/Crypto/JOSE/Types/Internal.hs:39:1: warning: [-Wunused-imports]
    The import of ‘Data.Monoid’ is redundant
      except perhaps to import instances from ‘Data.Monoid’
    To import instances alone, use: import Data.Monoid()
   |
39 | import Data.Monoid ((<>))
   | ^^^^^^^^^^^^^^^^^^^^^^^^^
[ 8 of 18] Compiling Crypto.JOSE.Types.Orphans ( src/Crypto/JOSE/Types/Orphans.hs, dist/build/Crypto/JOSE/Types/Orphans.o )
[ 9 of 18] Compiling Crypto.JOSE.Types ( src/Crypto/JOSE/Types.hs, dist/build/Crypto/JOSE/Types.o )

src/Crypto/JOSE/Types.hs:93:11: error:
    • Variable not in scope: arbitrarySizedNatural :: Gen Integer
    • Perhaps you meant ‘arbitrarySizedIntegral’ (imported from Test.QuickCheck)
   |
93 |   size <- arbitrarySizedNatural  -- number of octets
   |           ^^^^^^^^^^^^^^^^^^^^^
cabal: Failed to build jose-0.8.4 (which is required by exe:wai-auth from
wai-middleware-auth-0.2.6.0).

jose is missing lower bounds on QuickCheck (which somehow is exploited by requiring old enough aeson)

or

% cabal build -w ghc-9.0.2 --constraint=http-client==0.5.9 -j1 
Resolving dependencies...
Build profile: -w ghc-9.0.2 -O1
In order, the following will be built (use -v for more details):
 - wai-middleware-auth-0.2.6.0 (lib) (configuration changed)
 - wai-middleware-auth-0.2.6.0 (exe:wai-auth) (first run)
Configuring library for wai-middleware-auth-0.2.6.0..
Preprocessing library for wai-middleware-auth-0.2.6.0..
Building library for wai-middleware-auth-0.2.6.0..
[ 2 of 14] Compiling Network.Wai.Auth.ClientSession ( src/Network/Wai/Auth/ClientSession.hs, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Network/Wai/Auth/ClientSession.o, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Network/Wai/Auth/ClientSession.dyn_o ) [Web.ClientSession changed]
[ 3 of 14] Compiling Network.Wai.Auth.Tools ( src/Network/Wai/Auth/Tools.hs, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Network/Wai/Auth/Tools.o, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Network/Wai/Auth/Tools.dyn_o ) [Web.ClientSession changed]
[ 4 of 14] Compiling Network.Wai.Auth.Config ( src/Network/Wai/Auth/Config.hs, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Network/Wai/Auth/Config.o, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Network/Wai/Auth/Config.dyn_o ) [Web.ClientSession changed]
[ 5 of 14] Compiling Network.Wai.Middleware.Auth.Provider ( src/Network/Wai/Middleware/Auth/Provider.hs, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Network/Wai/Middleware/Auth/Provider.o, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Network/Wai/Middleware/Auth/Provider.dyn_o ) [Network.Wai.Auth.Tools changed]
[ 6 of 14] Compiling Network.Wai.Auth.Internal ( src/Network/Wai/Auth/Internal.hs, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Network/Wai/Auth/Internal.o, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Network/Wai/Auth/Internal.dyn_o )
[ 7 of 14] Compiling Paths_wai_middleware_auth ( /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/autogen/Paths_wai_middleware_auth.hs, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Paths_wai_middleware_auth.o, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Paths_wai_middleware_auth.dyn_o )
[ 8 of 14] Compiling Network.Wai.Middleware.Auth ( src/Network/Wai/Middleware/Auth.hs, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Network/Wai/Middleware/Auth.o, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Network/Wai/Middleware/Auth.dyn_o )
[ 9 of 14] Compiling Network.Wai.Middleware.Auth.OAuth2 ( src/Network/Wai/Middleware/Auth/OAuth2.hs, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Network/Wai/Middleware/Auth/OAuth2.o, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Network/Wai/Middleware/Auth/OAuth2.dyn_o )
[10 of 14] Compiling Network.Wai.Middleware.Auth.OIDC ( src/Network/Wai/Middleware/Auth/OIDC.hs, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Network/Wai/Middleware/Auth/OIDC.o, /codetmp/wai/wai-middleware-auth-0.2.6.0/dist-newstyle/build/x86_64-linux/ghc-9.0.2/wai-middleware-auth-0.2.6.0/build/Network/Wai/Middleware/Auth/OIDC.dyn_o )

src/Network/Wai/Middleware/Auth/OIDC.hs:46:56: error:
    Module ‘Network.HTTP.Simple’ does not export ‘parseRequestThrow’
   |
46 |                                                        parseRequestThrow)
   |                                                        ^^^^^^^^^^^^^^^^^
cabal: Failed to build wai-middleware-auth-0.2.6.0 (which is required by
exe:wai-auth from wai-middleware-auth-0.2.6.0).

These packages without any bounds depending on other packages without bounds is just a misery to deal with. I'd try to avoid using them with cabal-install, they cause gray hair. (Or use constraints in cabal.project, as figuring out correct bounds for transitive closure will take days if not weeks, and adding just few bounds is a band aid - but by x-curation proposal it's now Hackage Trustees job to make revisions in the future too - i.e. curate those).

andreabedini commented 1 year ago

@phadej it's a depressing situation indeed. For context, the origin of my interested was because a colleague wrote https://github.com/tweag/servant-oauth2 and published it to hackage https://hackage.haskell.org/package/servant-oauth2 (his first upload). But we quickly realised there are little chances of making it work for a variety of reasons (missing bounds on dependencies, forks, etc). Thank you for having a look, it's been appreciated.