Update lua-resty-jwt for OpenSSL 1.1 #165
Conversation
|
I highly recommend to merge this, because the current dependency setup breaks new and updated installations of OpenResty with lua-resty-openidc |
|
/agree with @ChristianCiach but I get that y'all want to take your time on reviewing everything I've done. Maybe the fact that my module now being in the root manifest for LuaRocks will help assuage your worries? 😜 As seen: http://luarocks.org/modules/cdbattags/lua-resty-jwt Update: "All checks have passed" per https://travis-ci.org/zmartzone/lua-resty-openidc/builds/388932092?utm_source=github_status&utm_medium=notification Please cut a new version for OPM and LuaRocks? |
|
This is offtopic, but a good moment to ask about your opinion: I know that OpenResty itself strongly discourages the use of LuaRocks in favor of OPM. What do you think about that? I have the feeling that LuaRocks is a lot more mature than OPM. And in this specific case, using LuaRocks would have fixed this issue a lot faster, because it would have pulled your fork of lua-resty-jwt. |
|
OPM is extremely early on to be quite honest. The fact that I couldn't even delete from the registry is crazy to me. Only problem with this though is that So if we can get https://github.com/jkeys089/lua-resty-hmac on LuaRocks then we'd be set. Because in the current state on LuaRocks I still don't think this is fully OpenSSL 1.1 ready without the changes @jkeys089 has in his package. Edit: |
dist.ini
Outdated
| @@ -4,4 +4,4 @@ author = Hans Zandbelt (@zandbelt) | |||
| is_original = yes | |||
| license = apache2 | |||
| repo_link = https://github.com/zmartzone/lua-resty-openidc | |||
| requires = openresty, pintsized/lua-resty-http >= 0.08, bungle/lua-resty-session >= 2.8, SkyLothar/lua-resty-jwt >= 0.1.5, jkeys089/lua-resty-hmac | |||
| requires = openresty, pintsized/lua-resty-http >= 0.08, bungle/lua-resty-session >= 2.8, cdbattags/lua-resty-jwt >= 0.2.0, jkeys089/lua-resty-hmac >= 0.2 | |||
There was a problem hiding this comment.
so jkeys089/lua-resty-hmac >= 0.2 now but I only see 0.0.2 in the OPM repo
There was a problem hiding this comment.
You are correct, whoops. Updating now.
lua-resty-openidc-1.5.4-1.rockspec
Outdated
| @@ -25,7 +25,7 @@ dependencies = { | |||
| "lua >= 5.1", | |||
| "lua-resty-http >= 0.08", | |||
| "lua-resty-session >= 2.8", | |||
| "lua-resty-jwt >= 0.1.5", | |||
| "lua-resty-jwt >= 0.2.0", | |||
| "lua-resty-hmac" | |||
There was a problem hiding this comment.
I guess because lua-resty-jwt comes with its own (/vendor) version of lua-resty-hmac, this dependency can be removed (Travis CI would verify this)
There was a problem hiding this comment.
My thoughts exactly.
dist.ini
Outdated
| @@ -4,4 +4,4 @@ author = Hans Zandbelt (@zandbelt) | |||
| is_original = yes | |||
| license = apache2 | |||
| repo_link = https://github.com/zmartzone/lua-resty-openidc | |||
| requires = openresty, pintsized/lua-resty-http >= 0.08, bungle/lua-resty-session >= 2.8, cdbattags/lua-resty-jwt >= 0.2.0, jkeys089/lua-resty-hmac >= 0.2 | |||
| requires = openresty, pintsized/lua-resty-http >= 0.08, bungle/lua-resty-session >= 2.8, cdbattags/lua-resty-jwt >= 0.2.0 | |||
There was a problem hiding this comment.
ok, I did not mean to remove it from the OPM dist.ini: AFAIK that format doesn't have the option to explicitly include dependencies
cdbattags
force-pushed
the
update-lua-resty-jwt
branch
from
e38b560 to
f06ca70
Compare
|
Sorry, this double package manager stuff is quite confusing... =P Assuming this passes all tests we should be good to go! |
|
Ok, I'm confused too :-) But: that brings us back to this question #165 (comment) since it really is |
|
So I guess let us worry about the dep then? Since you never explicitly call it anywhere in yours that makes the most sense, no? This way OPM will be the most reasonable way to use this package but we will support on LuaRocks through the vendor directory until we get @jkeys089 to publish under some different name. |
|
sounds good |
|
Ok, updating this one last time then without dist.ini dep and we wait for Travis and then go for it. |
cdbattags
force-pushed
the
update-lua-resty-jwt
branch
from
f06ca70 to
3d3b39e
Compare
|
Ok, should be good to go! Can we get this merged and fresh uploads to OPM and LuaRocks? |
This should add support for OpenSSL 1.1 with the new fork of https://github.com/SkyLothar/lua-resty-jwt at https://github.com/cdbattags/lua-resty-jwt!
Still very confused that you're using two different versions of
lua-resty-hmacwith OPM version and LuaRocks...