281079 – www/lua-resty-session: version 4.X is incompatible with security/lua-resty-openidc

Bug 281079 - www/lua-resty-session: version 4.X is incompatible with security/lua-resty-openidc

Summary: www/lua-resty-session: version 4.X is incompatible with security/lua-resty-op...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Alexander Leidinger

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-08-26 13:42 UTC by baptiste
Modified:	2024-09-18 16:04 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description baptiste 2024-08-26 13:42:03 UTC

Hey,
As of today, lua-resty-openidc is not compatible with lua-resty-session 4.x.

It's an upstream problem, a version 3.x is pinned in the lua-resty-session dependencies: https://github.com/zmartzone/lua-resty-openidc/blob/9f3a4fcade930f6f38ee0cb43cabf50cebffbcc9/lua-resty-openidc-1.7.6-3.rockspec#L27

There is apparently currently no clear plan on when/if lua-resty-openidc will be updated to include changes for lua-resty-session 4.X, see discussions on https://github.com/zmartzone/lua-resty-openidc/issues/480

I had to takeover the management of a legacy application protected by nginx + lua + lua-resty-openidc and lua-resty-session, that was created when those packages weren't yet in the port tree.
I've been able to update to the ports for all packages, but my only way to get this working was by building a package of lua-resty-session 3.X.

Would it be possible to downgrade the version of lua-resty-session to 3.x, or, more likely, to add flavors like lua-resty-session@3 and lua-resty-session@4 and having then lua-resty-openidc depend on lua-resty-session@3 ?

Thanks!

Best
Baptiste

Comment 1 Alexander Leidinger freebsd_committer

2024-08-26 14:20:26 UTC

Feel free to take over maintainership of my lua ports ports if you want to. I was playing around with them and in the end arrived on using oauth2-proxy instead. I did not want to abandon them, but if you are actively using them you would be better suited to handle them than I am.

Comment 2 baptiste 2024-08-29 07:37:42 UTC

OK, I see.
We currently have a few parts dependent on some of those packages yes, but it's not really active development.
I can take over the ones we rely on, if you don't want to keep maintaining them. That said I'm also sometimes a bit too optimistic with my available times and not always hyper reactive....

Comment 3 baptiste 2024-08-30 20:44:29 UTC

I've send some patches that should address this dependency issue:
- New port www/lua-resty-session3: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281142
- Make security/lua-resty-openidc depend on www/lua-resty-session3: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281143

Thanks!

Comment 4 commit-hook freebsd_committer

2024-09-18 16:03:47 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=11c3e44bb1726a898e991f8b023fa1298d2ddbd1

commit 11c3e44bb1726a898e991f8b023fa1298d2ddbd1
Author:     Alexander Leidinger <netchild@FreeBSD.org>
AuthorDate: 2024-09-18 16:00:01 +0000
Commit:     Alexander Leidinger <netchild@FreeBSD.org>
CommitDate: 2024-09-18 16:02:46 +0000

    security/lua-resty-openidc: switch to lua-resty-session3

    There is apparently currently no clear plan on when/if lua-resty-openidc
    will be updated to include changes for lua-resty-session 4.X, see
    discussions on
        https://github.com/zmartzone/lua-resty-openidc/issues/480

    Additionally:
     - give up maintainership

    PR:             281143, 281142, 281079

 security/lua-resty-openidc/Makefile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)