Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the lower bound on base? #303

Closed
philderbeast opened this issue Dec 26, 2023 · 11 comments · Fixed by #306
Closed

Bump the lower bound on base? #303

philderbeast opened this issue Dec 26, 2023 · 11 comments · Fixed by #306
Milestone

Comments

@philderbeast
Copy link
Contributor

Could we bump the lower bound on base?

-- We support ghc 7.4 (bundled with Cabal 1.14) and up
build-depends: base >= 4.8 && < 4.20,

tested-with:
GHC == 9.8.1
GHC == 9.6.3
GHC == 9.4.8
GHC == 9.2.8
GHC == 9.0.2
GHC == 8.10.7
GHC == 8.8.4
GHC == 8.6.5
GHC == 8.4.4
GHC == 8.2.2
GHC == 8.0.2
GHC == 7.10.3

I came here to see if I could do something about the noisy -Wstar-is-type warnings from hackage-security when compiling cabal but saw that I couldn't do that without CPP conditionals given that -Wstar-is-type was introduced in ghc-8.6 and we have a lower bound on base of 4.8 that is ghc-7.10.1.

@philderbeast
Copy link
Contributor Author

There's a fair bit of CPP in this project already.

$ grep -rw --include=\*.hs . -e '#if'
./example-client/src/Prelude.hs:#if !MIN_VERSION_base(4,8,0)
./example-client/src/Prelude.hs:#if MIN_VERSION_base(4,8,0)
./example-client/src/Prelude.hs:#if MIN_VERSION_base(4,6,0)
./hackage-repo-tool/src/Hackage/Security/RepoTool/Util/IO.hs:#if MIN_VERSION_directory(1,2,0)
./hackage-repo-tool/src/Hackage/Security/RepoTool/Util/IO.hs:#if MIN_VERSION_directory(1,2,0)
./hackage-repo-tool/src/Hackage/Security/RepoTool/Util/IO.hs:#if MIN_VERSION_base(4,8,0)
./hackage-repo-tool/src/Prelude.hs:#if !MIN_VERSION_base(4,8,0)
./hackage-repo-tool/src/Prelude.hs:#if MIN_VERSION_base(4,8,0)
./hackage-repo-tool/src/Prelude.hs:#if MIN_VERSION_base(4,6,0)
./hackage-repo-tool/src/Main.hs:#if !MIN_VERSION_base(4,8,0)
./hackage-security-http-client/src/Hackage/Security/Client/Repository/HttpLib/HttpClient.hs:#if MIN_VERSION_http_client(0,5,0)
./hackage-security/src/MyPrelude.hs:#if !MIN_VERSION_base(4,8,0)
./hackage-security/src/MyPrelude.hs:#if MIN_VERSION_base(4,8,0)
./hackage-security/src/MyPrelude.hs:#if MIN_VERSION_base(4,6,0)
./hackage-security/src/Text/JSON/Canonical.hs:#if !(MIN_VERSION_base(4,7,0))
./hackage-security/src/Text/JSON/Canonical.hs:#if MIN_VERSION_base(4,7,0)
./hackage-security/src/Text/JSON/Canonical.hs:#if MIN_VERSION_base(4,7,0)
./hackage-security/src/Hackage/Security/Key.hs:#if !MIN_VERSION_base(4,7,0)
./hackage-security/src/Hackage/Security/Key.hs:#if MIN_VERSION_ed25519(0,0,4)
./hackage-security/src/Hackage/Security/Key.hs:#if MIN_VERSION_ed25519(0,0,4)
./hackage-security/src/Hackage/Security/Key.hs:#if !MIN_VERSION_base(4,7,0)
./hackage-security/src/Hackage/Security/Trusted.hs:#if __GLASGOW_HASKELL__ >= 710
./hackage-security/src/Hackage/Security/Trusted/TCB.hs:#if __GLASGOW_HASKELL__ >= 710
./hackage-security/src/Hackage/Security/Trusted/TCB.hs:#if __GLASGOW_HASKELL__ >= 710
./hackage-security/src/Hackage/Security/Trusted/TCB.hs:#if MIN_VERSION_base(4,8,0)
./hackage-security/src/Hackage/Security/Client.hs:#if __GLASGOW_HASKELL__ >= 710
./hackage-security/src/Hackage/Security/Client.hs:#if __GLASGOW_HASKELL__ < 800
./hackage-security/src/Hackage/Security/Client.hs:#if __GLASGOW_HASKELL__ < 800
./hackage-security/src/Hackage/Security/Client.hs:#if MIN_VERSION_base(4,8,0)
./hackage-security/src/Hackage/Security/TUF/Patterns.hs:#if __GLASGOW_HASKELL__ >= 800
./hackage-security/src/Hackage/Security/TUF/Patterns.hs:#if __GLASGOW_HASKELL__ >= 800
./hackage-security/src/Hackage/Security/JSON.hs:#if MIN_VERSION_base(4,8,0)
./hackage-security/src/Hackage/Security/Client/Repository/Remote.hs:#if MIN_VERSION_base(4,8,0)
./hackage-security/src/Hackage/Security/Client/Repository.hs:#if MIN_VERSION_base(4,8,0)
./hackage-security/src/Hackage/Security/Util/IO.hs:#if MIN_VERSION_base(4,11,0)
./hackage-security/src/Hackage/Security/Util/IO.hs:#if MIN_VERSION_base(4,11,0)
./hackage-security/src/Hackage/Security/Util/Path.hs:#if MIN_VERSION_directory(1,2,0)
./hackage-security/src/Hackage/Security/Util/Path.hs:#if MIN_VERSION_directory(1,2,2)
./hackage-security/src/Hackage/Security/Util/Path.hs:#if MIN_VERSION_directory(1,2,0)
./hackage-security/src/Hackage/Security/Util/Checked.hs:#if __GLASGOW_HASKELL__ >= 800
./hackage-security/src/Hackage/Security/Util/Checked.hs:#if __GLASGOW_HASKELL__ >= 708
./hackage-security/src/Hackage/Security/Util/Checked.hs:#if __GLASGOW_HASKELL__ >= 708
./hackage-security/src/Hackage/Security/Util/Checked.hs:#if __GLASGOW_HASKELL__ >= 708
./hackage-security/src/Hackage/Security/Util/Checked.hs:#if MIN_VERSION_base(4, 7, 0)
./hackage-security/src/Hackage/Security/Util/Checked.hs:#if __GLASGOW_HASKELL__ >= 708
./hackage-security/src/Hackage/Security/Util/Some.hs:#if !MIN_VERSION_base(4,7,0)
./hackage-security/src/Hackage/Security/Util/Some.hs:#if MIN_VERSION_base(4,7,0)
./hackage-security/src/Hackage/Security/Util/Some.hs:#if MIN_VERSION_base(4,7,0)
./hackage-security/src/Hackage/Security/Util/JSON.hs:#if __GLASGOW_HASKELL__ < 710
./hackage-security/src/Hackage/Security/Util/JSON.hs:#if !MIN_VERSION_time(1,5,0)
./hackage-security/src/Hackage/Security/Util/JSON.hs:#if __GLASGOW_HASKELL__ >= 710
./hackage-security/src/Hackage/Security/Util/JSON.hs:#if __GLASGOW_HASKELL__ >= 710
./hackage-security/src/Hackage/Security/Util/JSON.hs:#if !MIN_VERSION_time(1,5,0)
./hackage-security/tests/TestSuite.hs:#if MIN_VERSION_Cabal(2,0,0)
./hackage-security/tests/TestSuite.hs:#if !MIN_VERSION_Cabal(2,0,0)
./hackage-security/tests/TestSuite/JSON.hs:#if MIN_VERSION_aeson(2,0,0)
./hackage-security/tests/TestSuite/JSON.hs:#if MIN_VERSION_aeson(2,0,0)
./hackage-root-tool/Main.hs:#if !MIN_VERSION_base(4,8,0)
./hackage-security-HTTP/src/Hackage/Security/Client/Repository/HttpLib/HTTP.hs:#if MIN_VERSION_base(4,8,0)

@Mikolaj
Copy link
Member

Mikolaj commented Dec 27, 2023

Yes, I think it's a good idea to get base bounds to match Cabal-the-library's, given that cabal's bounds are already quite generous and anything that uses hackage-security most probably uses Cabal as well. I hope GHC versions in CI already do match (if not, we can narrow them further, I think).

@andreasabel
Copy link
Member

After enforcing GHC >= 8 in

there is much less #if.

I routinely drop GHC 7 now in all my projects, that's a no-brainer.
Dropping GHC < 8.6 requires probably a bit more care, as it is not dead-clear that the Haskell community is abandoning these GHCs already.
I seem like pantry, one of our users, still builds with GHC 8.2 (base-4.10).

@andreasabel
Copy link
Member

I seem like pantry, one of our users, still builds with GHC 8.2 (base-4.10).

Actually, only on paper. In fact, it has no build plans for GHC < 8.8:

The only other user is Cabal, so going to GHC 8.6 seems fine here after all.

@Mikolaj
Copy link
Member

Mikolaj commented Jan 9, 2024

The oldest GHC that cabal CI builds cabal with is 8.4 from what I see.

@philderbeast
Copy link
Contributor Author

@Mikolaj for testing this against cabal, would you expect that I'd take cabal/.github/workflows/validate.yml, and manually run the steps locally?

To pick up my changes to hackage-security for the version bump for this test, I plan to add a source-repository-package but wouldn't commit this.

@Mikolaj
Copy link
Member

Mikolaj commented Jan 20, 2024

@philderbeast: I'd imagine just building all and the running the cabal-testsuite (with the newly built binary in --with-cabal!) should be plenty, as described here: https://github.com/haskell/cabal/blob/master/cabal-testsuite/README.md. Or, to test some more, you may want to run the validate.sh script.

An alternative is to open a throw-away PR in cabal repo (then close it and keep it as documentation) and tweak it so that CI does what you want. And here's yet another tool that may be helpful: haskell/cabal#9561

@Mikolaj
Copy link
Member

Mikolaj commented Jan 20, 2024

BTW, would you also recommend a revision of the bound on Hackage? Or just wait for a new release (@andreasabel can predict better than myself on what timescale the new release is likely to emerge).

Mikolaj added a commit that referenced this issue Mar 18, 2024
Fixes #303. I bumped base to `>=4.11`, matched `ghc-8.4.4` included
packages' lower bounds, and fixed warnings including `cabal check`
warnings except for the example.
@andreasabel
Copy link
Member

If I am not mistaken, master is releasable, so we can ship hackage-security/v0.6.2.5 at any time.

@Mikolaj
Copy link
Member

Mikolaj commented Mar 19, 2024

Yes, please do, that will make @ffaf1's life easier.

@andreasabel
Copy link
Member

Ok! I'll open a PR for the release.

@andreasabel andreasabel added this to the 0.6.2.5 milestone Mar 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants