ocaml-tls icon indicating copy to clipboard operation
ocaml-tls copied to clipboard
verified publisher icon mirleft

Installing tls-async also installs lwt

Open mbacarella opened this issue 3 years ago • 1 comments

tls.opam lists lwt as a dependency.

Would a PR that separates it out the lwt stuff into a separate package like tls-lwt be acceptable? Just like the way tls-async is separated out? Right now if you have an all-async project and you try to use tls-async from it, it pulls in lwt.

Nothing wrong with lwt, they install side-by-side just fine, it just makes extra compute work.

mbacarella avatar Aug 04 '22 22:08 mbacarella

sure, maybe take a look at https://github.com/mirage/mirage-crypto/issues/158 -- my main concern is the reverse dependencies that need to be updated (previously tls.lwt, then tls-lwt), in addition to opam solver pressure (more packages, more work for the solver). can you describe in more detail how much "extra compute work" is done, and create a new universe where lwt is not in the dependency cone, and evaluate again, so we can have some numbers how much (time, CPU cycles, CO2 emission) it'd safe?

I linked to mirage/mirage-crypto above, that needs to split the lwt parts away as well.

hannesm avatar Aug 05 '22 08:08 hannesm

I volunteer to fix the reverse dependencies.

I guess my feeling is that in an ideal world your project doesn't have to pull in dependencies it doesn't need. So, an all-async project that doesn't need lwt shouldn't end up with lwt. Same for an all-lwt project.

I can appreciate it's more work for the opam solver to have more packages, but that seems like a problem that needs to be solved efficiently eventually. We expect OCaml to have millions of packages one day, right? :)

mbacarella avatar Feb 01 '23 18:02 mbacarella

Thanks for pushing on this issue. I started in https://github.com/mirage/mirage-crypto/pull/168 (thanks to @bikallem report https://github.com/mirage/mirage-crypto/issues/158) to disentangle the dependency cones. Once mirage-crypto is settled (merged and released), I'm happy to propose a PR for tls.

I volunteer to fix the reverse dependencies.

At release time, I'll definitively cc you to have a look on opam-repo-ci which packages need to be constrained and updated. Thanks a lot for your offer.

hannesm avatar Feb 04 '23 15:02 hannesm

So, the state is currently:

  • there's a mirage-crypto 0.11 release https://github.com/ocaml/opam-repository/pull/23237 (pending merge of related PRs that fix upper bounds) which splits mirage-crypto-rng-lwt into a separate package
  • there's https://github.com/mirleft/ocaml-x509/pull/162 (for test only)
  • we have https://github.com/mirleft/ocaml-tls/pull/468
  • also https://github.com/mirage/ocaml-dns/pull/331
  • and https://github.com/mirage/awa-ssh/pull/49

When the dust settles (mirage-crypto 0.11 being merged), I'll continue pushing above releases forward.... since opam repository is not moving very fast, it may take some days until we're settled and you'll enjoy your lwt-free all-async app. of course any upfront testing and triaging helps to find issues early :)

hannesm avatar Feb 05 '23 21:02 hannesm

Alrighty, nice. Thank you.

Once #468 is merged and tls-lwt is inevitably a separate opam package, I will go through the duniverse and look for reverse dependencies that say tls.lwt and submit PRs to get them on tls-lwt (and constrain them to the proper tls-lwt version in their .opam).

mbacarella avatar Feb 05 '23 21:02 mbacarella

fixed by #468

hannesm avatar Feb 14 '23 14:02 hannesm