-
-
Notifications
You must be signed in to change notification settings - Fork 243
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NuGet: Remove strict dependencies on OpenSSL and PicoJSON #288
Comments
Maybe it should be a version range https://learn.microsoft.com/en-us/nuget/concepts/dependency-resolution? |
Thanks Prince. I think I need to clarify my post above. |
It's been a fairly long time since I used NuGet in particular, but if I use a dependency manager I kind of expect it to pull in all dependencies of the package I install. It feels like that's its job. The issue here is in my opinion that only one possible package specified. In other systems its possible to specify a list of compatible packages and versions, one of which has to be installed, but I am not sure if NuGet can do this and if, how.
Personally I'd go with the last option, possible with a fourth package that does not depend on any library. Basically
EDIT: Thinking some more about it we kinda have the same issue with json libraries. Currently we depend on picojson, but we support a bunch of others. EDIT2: Seems like its not that simple because nuget doesn't seem to be able to automatically pick the correct package for the current toolchain, so in addition to having a version for every ssl lib, every json library we'd also need a version for every breaking toolchain version. According to MS |
Thanks @Thalhammer Very good reply! I appreciate the concept "Dependency Manager". You are right, when I use NuGet, I should not (and actually I do not) want to choose my favorite sub-dependencies, I just want it to work. As a workaround, I found that I can manually circumvent the dependency to openssl-vc141-static-x86_64.1.1.0 in NuGet using "force uninstall":
So while I do agree with your conclusion,
alternatively we could leave everything as it is, and add documentation how to make it work on platforms other than vc141. Sven |
Hunter requires nothing vcpkg hardcodes picojson but no openssl... Conan lists openssl (but any recipe that's a provider can be overridden) and nuget hardcodes both... So I guess the bigger question is what should we make the default?
Personally I think 2️⃣ is the best, but let me know if you think differently |
Hunter requires what you select. It basically sets up a folder so that @Sven-HP Even though that workaround works for you I don't think we should treat it as the default solution for this issue, because it doesn't really work for CI because the way I understand it you need to do the uninstall step manually every time you set up the project on a new machine. |
I did not see that when I look 👀 I just noticed its in out repo, so we having to add it here which is kinda gross but easier to maintain. That's 2 for option 2️⃣ IT's just nuget and vcpkg that we need to update to match? |
I have tested that. It does work for CI. My workaround only has to be done once, when adding jwt-cpp to the project, and not on every machine. The result is the desired package selection (here: openssl-vc143 instead of openssl-vc141) stored correctly in my project files (*.vcxproj, packages.config), and that gets committed into my project's repo as usual, and works out of the box on other machines. :-) |
Hi,
I am using NuGet to include jwt-cpp into my project. Unfortunately it force-installs Edit:
an outdateda specific old NuGet package of OpenSSL, openssl-vc141-static-x86_64.1.1.0, which does not work under Visual Studio 2022 (vc143).I suggest to remove those dependencies and let the user decide and care about OpenSSL. Edit: I might want to link a vc143 version from NuGet, e.g. "zeroc.openssl.v143", or some other version from some other source.
That strict dependency is a contradiction to the README statement at https://github.com/Thalhammer/jwt-cpp#readme , "In the name of flexibility and extensibility, jwt-cpp supports... [various OpenSSL versions and alternatives like LibreSSL]".
From https://github.com/Thalhammer/jwt-cpp/blob/master/nuget/jwt-cpp.nuspec lines 17-20:
@diogo-strube It seems you are the expert about this :-)
Can you please simply remove those dependencies, or is there something I'm not seeing?
Thank you!
Sven
The text was updated successfully, but these errors were encountered: