Hi Martín,

Sorry for the late reply.  I have somehow missed your email until now.

On Tue, Jun 14, 2016 at 6:48 AM, Martín Ferrari <tin...@tincho.org> wrote:
> Anthony, I see you uploaded a new package for x-net, but you forgot to
> push the changes to git.

Thank you for the heads up!  I was really absentminded,
Sorry for causing you troubles and delays, and thank you for your patience.

I have finally pushed the changes, but rewrote git history by moving
"Add me as uploader" commit (so I don't have to re-sign the tags, etc.)
(Bad Anthony, bad boy!)  So please note that when you fetch from the repo.

> Also, I see from the changelog in the archive that you've done some
> changes to it to solve a circular dependency. Could you explain what
> this entails? I am worried this might break other things.

>   * Avoid circular dependency with golang-golang-x-crypto-dev
>     by exporting DH_GOLANG_EXCLUDES := golang.org/x/net/http2/h2i
>     and removing golang-golang-x-crypto-dev from Build-Depends and Depends.
>     (Latest version of golang-golang-x-crypto-dev depends on
>     golang-golang-x-net-dev due to the use of golang.org/x/net/context in
>     golang.org/x/crypto/acme/internal/acme.)

My change is in commit 5f37654, as shown by cgit in the following URL:


The circular dependency is relatively new: golang.org/x/crypto has
added support for Automated Certificate Management Environment (ACME)
used by Let's Encrypt, and ACME imports golang.org/x/net/context.

Meanwhile, golang.org/x/net becomes dependent on golang.org/x/crypto
because of golang.org/x/net/http2/h2i/h2i.go, which is an "Interactive
HTTP2 console" that uses "golang.org/x/crypto/ssh/terminal".

Since we do not yet build this /usr/bin/h2i binary, I thought we could
conveniently ignore it for the time being and break the circular
dependency.  The use of

    DH_GOLANG_EXCLUDES := golang.org/x/net/http2/h2i

prevents h2i from being built or tested, but does not prevent
installation, so
/usr/share/gocode/src/golang.org/x/net/http2/h2i/h2i.go is still

So, I am pretty confident that it doesn't break anything because we
had not provided /usr/bin/h2i in the past anyway.
That said, if we wanted to provide /usr/bin/h2i in the future, I am
not sure what the best option is.
(h2i seems kind of a nifty tool, I guess, but thankfully by no means essential.)

> Have you talked to upstream about it?

No, I haven't, but it seems others have, including our own
Michael Hudson-Doyle (thank you!), at
titled "circular dependency in golang.org/x/net and golang.org/x/crypto repos".

Upstream isn't too interested about avoiding circular dependency, so
hopefully Michael will come up with a better solution!  :-)



Pkg-go-maintainers mailing list

Reply via email to