Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ringrtc tracks libsignal on git, introduces duplicate dependency #55

Open
rubdos opened this issue Jun 26, 2024 · 8 comments
Open

ringrtc tracks libsignal on git, introduces duplicate dependency #55

rubdos opened this issue Jun 26, 2024 · 8 comments

Comments

@rubdos
Copy link

rubdos commented Jun 26, 2024

ringrtc depends (currently) on:

zkgroup = { git = "https://github.com/signalapp/libsignal", tag = "v0.37.0" }

Signal Android depends (currently) on:

version("libsignal-client", "0.51.1")

On applications that use FFI, this doesn't really matter, because ringrtc and libsignal get pulled in independently. However, Rust applications that pull in ringrtc and libsignal in the same Rust dependency tree yield a conflict on cargo doc:

error: There are multiple `zkgroup` packages in your project, and the specification `zkgroup` is ambiguous.
Please re-run this command with one of the following specifications:
  https://github.com/signalapp/libsignal#[email protected]
  https://github.com/signalapp/libsignal#[email protected]

Keeping the ringrtc git tag version spec in sync with apps is, in my opinion, only a band-aid here. Releasing on crates.io (signalapp/libsignal#490) would probably resolve this correctly, because it allows to track the versions of the actual crates, instead of depending on a git tag. I'll submit a PR for bumping libsignal on this repo now.

I'm not sure whether I should post this issue here or on libsignal itself. It might make more sense over there...

@jrose-signal
Copy link
Contributor

Teeeechnically, since we haven't been bumping the version for the zkgroup crate and changes usually aren't breaking, I would expect you to be able to [patch] around this situation. But it is kind of annoying, yeah, and I haven't actually tried it.

@rubdos
Copy link
Author

rubdos commented Jul 9, 2024

would expect you to be able to [patch] around this situation

I think the [patch] section does not allow disambiguating which zkgroup reference to patch, although in my case "patch-em-all" would be fine. We can currently just use 0.51.1; on the next libsignal-protocol bump I'll test this out.

@rubdos
Copy link
Author

rubdos commented Sep 9, 2024

Another effect:

error: failed to resolve patches for `https://github.com/signalapp/libsignal/`

Caused by:
  patch for `zkgroup` in `https://github.com/signalapp/libsignal/` points to the same source, but patches must point to different sources

There's a trick though:

[patch."https://github.com/signalapp/libsignal/"]
# The source and target refs are the same URL. If we add another / in there,
# cargo sees this as a valid patch.  Very ugly workaround.
# https://github.com/rust-lang/cargo/issues/5478#issuecomment-1055365283
zkgroup = { git = "https://github.com/signalapp//libsignal", tag = "v0.56.1" }

... but that duplicates all transitive dependencies, yielding to other conflicts. Not ideal for now...

@jrose-signal
Copy link
Contributor

jrose-signal commented Sep 12, 2024

Definitely not ideal. As a workaround, though, you could patch your own dependencies the same way, though, correct?

@rubdos
Copy link
Author

rubdos commented Sep 12, 2024

Definitely not ideal. As a workaround, though, you could patch your own dependencies the same way, though, correct?

Yes, correct indeed, that's what I went with for now:

[patch."https://github.com/signalapp/libsignal/"]
# The source and target refs are the same URL. If we add another / in there,
# cargo sees this as a valid patch.  Very ugly workaround.
# https://github.com/rust-lang/cargo/issues/5478#issuecomment-1055365283
zkgroup = { git = "https://github.com/signalapp//libsignal", tag = "v0.56.1" }
libsignal-core = { git = "https://github.com/signalapp//libsignal", tag = "v0.56.1" }
signal-crypto = { git = "https://github.com/signalapp//libsignal", tag = "v0.56.1" }

Copy link

stale bot commented Dec 18, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Dec 18, 2024
@jrose-signal
Copy link
Contributor

Marking this as acknowledged but we haven't yet come up with anything better.

@rubdos
Copy link
Author

rubdos commented Dec 19, 2024

Marking this as acknowledged but we haven't yet come up with anything better.

thank you, much appreciated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

2 participants