[erlang-questions] relx extended deps
Loïc Hoguin
essen@REDACTED
Tue Jan 27 18:31:10 CET 2015
On 01/27/2015 04:53 PM, Anthony Ramine wrote:
> Le 27 janv. 2015 à 16:49, e@REDACTED a écrit :
>
>> On 01/27/2015 04:47 PM, Anthony Ramine wrote:
>>> Le 27 janv. 2015 à 16:44, e@REDACTED a écrit :
>>>
>>>> how am i running ranch without ssl now?
>>>
>>> By complaining to Ranch's author that he should either remove the code depending on ssl and put it in another separate project, or properly make his project depend on ssl and thus just not let you use ranch without ssl.
>>
>> hold on, i am not into political question, i want to keep it technical.
>> i am running ranch without ssl.
>> doesn't it contradict the statement of dependency?
>
> And anyone actually using ranch with ssl now needs an additional non-standard 'sequence' key in their app file. See the problem? The proper solution is to remove ranch_ssl from ranch and let you use that slimmed down version of it, not to accommodate one developer's laziness in a general purpose release tool.
Slow down on the attacks there.
The issue stems initially from a misunderstanding of the applications
key in the .app file, which unlike what I believed until fairly
recently, is not an ordered list of applications, but an unordered one.
Despite this it worked without any issue until Erlang 17.3. I am
guessing something changed in 17.3 that made it break, but it's fair
game because it was properly documented as unordered.
Years ago I pseudo-validated that this method was OK because another
application in OTP was doing it: observer. Observer only lists kernel
and stdlib as dependencies; on the other hand the newly added key
runtime_dependencies lists wx, runtime_tools, inets and et. These are
optionally required if you want to run the GUI (at least wx is).
SSL is not listed in Ranch because some users do not use it and do not
want 3 extra applications they do not use in their release. A number of
solutions have been investigated to keep this feature for all current users.
One of the more interesting solutions that was discarded was to make
ranch_ssl its own application. But this only fixes Ranch and moves the
problem one level up to Cowboy, which requires SSL for SPDY and soon for
HTTP/2. These are the future protocols of the Web and Cowboy is aiming
to support them at an equal level to HTTP/1.1 and Websocket, so it makes
little sense to split HTTP/2 out.
The solution retained is to fix the .app file, and document a way to
remove SSL if you don't want it. For some people it will involve editing
the .app file directly (possibly as part of the build process); for
others it will involve telling reltool to exclude certain applications
they don't need. Relx has currently no equivalent but it looks like it
will be quickly addressed (thanks!).
Now the only thing I have to figure out is if this warrants a Ranch 2.0
release or not. It's not obvious it needs one, since release tools will
fetch SSL automatically just fine. Perhaps you can help answering that one?
--
Loïc Hoguin
http://ninenines.eu
More information about the erlang-questions
mailing list