-
-
Notifications
You must be signed in to change notification settings - Fork 179
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please audit for removed deprecations #2626
Comments
@craigberry Great question. Here's a list of functions deprecated in eXist 4.x that were removed in #2603 for the forthcoming release of eXist 5 (of course, the list may change before the release). @adamretter Please correct/amend if I've missed anything - see also some inline questions.
(On the topic of the xmldb module's functions related to users, accounts, and permissions removed here, it's worth reviewing the entire security manager ( The following modules were removed:
The PR also removed the WAR build facility. |
@joewiz thank you for this splendid summary ! |
Thanks, @joewiz for the very helpful documentation of what's being removed. I have used this list to throw together a quick and dirty Perl script that runs a shell command that scans .xql files in the current directory tree and reports what to do with removed functions only. I didn't attempt to do anything with the module removals as it might be harder, for example to parse "ftp" and make sure it wasn't just some legitimate string. The script doesn't find all that much in a fresh git checkout of the develop branch:
After restoring a backup of my working database and running again, I see that the following modules all use many of the functions that have now been removed from 5.x tei-pm-1.1.2 So it looks like some common modules will need quite a bit of work to get up to snuff for 5.x, and a corollary is that I have no near-term prospects of testing my app with 5.x. |
@craigberry Neat. Two ideas to make your audit more realistic:
Would you consider making this change and reporting if you find more? Thanks. |
@craigberry if you would like to scan for the deprecated modules I suggest scanning for the qualified namespace which needs to appear in the module import statement. E.g |
@joewiz good points both. I will add your number 1. For number 2, that means removing the Thanks for the suggestion, @duncdrum. I will put that on my to-do list but if someone beats me to making a list of affected namespaces I won't object. |
|
Thanks @duncdrum, I will add checks for those namespaces to my script soonish. For now I have a new version attached here that will find Here's what I get in a fresh pull of the develop branch. If anyone sees additional false positives (or knows of false negatives) please comment:
|
@craigberry Thanks! The good news is that all of the cases of Did you say that you also observed cases of this in "tei-simple, tei-publisher-lib, and the shared extension"? In other news, I've updated the list above to include a note from @adamretter that |
I think the only way to winnow out the false positives on Yes, tei-simple, tei-publisher-lib, and shared-resources all use some of the removed functions, usually |
Attempt the third. This one uses pure Perl so does not depend on having a shell or egrep and might even work on Windows. It works pretty hard to skip function names followed by quantifiers or data types that would be declarations rather than function calls. It also includes searching for deprecated modules and suggests alternatives where available. It takes a single optional argument, which is the top-level directory of the tree you want scanned, or defaults to the current working directory. Here's what it shows in the current develop branch after running ./build.sh. As you can see, eXide, packageservice, and dashboard all have some work to do:
|
Additional security functions changes, as asked about by Joe:
|
@craigberry thanks for the Perl script. It was very useful to fix |
You're welcome, @wolfgangmm -- glad it helped. I see you've also been busy with tei-publisher-lib. I'm attaching a slightly revised version that updates the recommended replacements based on recent posts by @adamretter and @joewiz. What it finds won't be any different from the last version, but I think there are now no gaps in the recommended replacements. |
I corrected two entries in the list above:
|
@wolfgangmm I would argue that |
There was a silly bug in my script that caused it to report only the first instance of each deprecated function; it was finding them all, but only reporting the first. If you ran it again after fixing something, you might very well find additional instances. Now fixed in the attached version. Here's the score with the current develop branch after running build.sh:
|
Can someone please explain the situation with
But apparently that's backwards based on what @wolfgangmm recently fixed in eXide to make it work again with the devel-4.x.x branch. So if I finally have this straight it appears |
@craigberry indeed |
Should we reverse this change? Or is there some compelling reason for the redesign? |
Previously you could not copy a collection or resource to a new named collection or resource which was a major short-coming of eXist-db. We are allowed to make breaking changes in major releases so I think this should be okay for 5.0 ;-) |
But adding the new capability does not require immediate removal of the old capability, does it? The very meaning of deprecate is to warn against. If there is no period during which people are warned against using the old API, then it is not a deprecation at all but just a breaking change, which seems capricious and user-hostile to me. It's bad enough that deprecations don't provide any real warnings, such as messages in the log that a function or namespace is being deprecated, and the only way to know something will break in the future is to read the docs. If the maintainers of all the core extensions that ship with eXist only found out about the removals when those removals broke the code they maintain and rendered one or both of the develop and develop-4.x.x branches completely non-functional for most of the last few weeks, how is the average user in the field supposed to plan for the next upgrade? |
I am leaning towards agreeing with adam on this one. There is a reason to introduce this change with @craigberry given users time to test and adopt is the reason why we are doing this whole release candidate dance. I'd also suggest to take a look at the |
@craigberry Maybe of interest for you, there is an option in |
@craigberry I am not intentionally trying to be hostile to users. My experience with eXist-db over the last 14 years, is that users will continue to use deprecated functions even when they know they are deprecated. When they are eventually removed, then some of them complain! This tidy-up has happened, to try and give the developers a leaner code-base with less legacy to maintain. Hopefully this means we can move faster in future. This benefits both developers and users... So it's a trade-off ;-) |
I am not against deprecation and removal, especially when there is a clear case that it improves code quality, maintainability, standards compliance, or security. I am against removal without a deprecation cycle unless there is some really urgent reason to do so, such as a security hole. I have yet to hear what the urgency is for I am also against pushing removals before ensuring that everything that ships with eXist has been upgraded to the replacements. All the integration testing in the world does nothing but provide a false sense of security if you don't test what you ship. Running Apologies for the back seat driving. I've been involved with Perl core development for close to 20 years and I'm well aware of the difficulties of managing deprecations and testing dependencies. But we do test what we ship -- there are 155 extensions that ship with Perl and their test suites get run with every run of the core test suite. Nothing gets pushed that introduces new test failures in any of them. |
Just in case anybody else is wondering |
That looks very promising, but if I'm understanding it right, a committer would have to run it locally before pushing to know whether a change to the core broke any of the core extensions. Is that something that committers always do? I assume that travis will test against whatever has already been committed to the core, rather than against what has yet to be committed to the core. In which case at best it can identify damage already done rather than preventing it from happening in the first place. |
@craigberry I realise that the process might not be immediately obvious to folks, so let me lay it out. I m pretty optimistic that i speak for all core contributors that we are happy to hear suggestions for how to improve our set-up and do things differently, especially if these suggestions are grounded in experience with other open-source projects.
If a PR here, looks like it might impact the default apps, reviewers will run our integration tests when submitting their review, other PRs require performance test above all (these can take quite some time to run, so reviews take time as well). We are in the process of automating these as well, and looking for contributors who would like to work on that. In any case an automated run of the integration test suite against Committers are of course free and encouraged to run our integration tests, when working on code that might affect the default apps. But in a conscious decision to try to set as low a bar for contributions as possible, this is what we came up with. Practically speaking the 24h limit works well enough, there are many contributions that might struggle with setting up the integration tests, and whose valuable contributions will never effect Dashboard n co. In the end, |
@craigberry If you still feel it is important, I am willing to reinstate |
@adamretter I don't have any personal stake in |
This arose from the discussion at eXist-db/exist#2626 .
Apologies for the multiple script versions, but I have another one. @joewiz noticed a false negative recently in the dashboard as discussed here. In trying to avoid instances of the word "map" that are not functions, I had ended up skipping function calls without any arguments. Oops. I think I've fixed it, and have released a new version that looks like it does the right thing with the penultimate versions of eXist 4.x.x, eXide, and dashboard (current versions have had removals replaced or, in the case of eXide, handled with a multi-version dance). Given the number of versions of the script (though I hope that's winding down), I've decided to put the latest copy of it under this new thing they've got now called version control. If you find problems, please report an issue, send me a PR, or, better yet, e-mail me a patch. |
@craigberry Thank you! I just used your revised script from https://github.com/craigberry/audit_exist_5x_removals to audit tei-simple-pm, and it didn't miss a single function in my testing of the resulting app. I submitted a PR and will publish a hotfix when it's merged: wolfgangmm/tei-simple-pm#29. (Also, somehow I only just registered your point above that I had reversed the direction of the arrow noting the |
@craigberry I've published tei-simple-pm v1.1.3 to https://github.com/wolfgangmm/tei-simple-pm/releases and http://demo.exist-db.org/exist/apps/public-repo/packages/tei-pm.html?eXist-db-min-version=2.3.0. Also, everyone, please see the latest version of Craig's https://github.com/craigberry/audit_exist_5x_removals, which now searches for instances of the All of the apps included in stock distributions of eXist 5.x have now been audited:
|
A lot of deprecated functions have recently been removed in the development branch. Sounds reasonable, except core eXist or extensions that ship with it are still using a number of the functions that core eXist just removed. For example, the dashboard was broken:
eXist-db/dashboard#83
I noticed map:new is gone, which breaks tei-simple, tei-publisher-lib, and the shared extension. I could find these pretty easily by doing this from the top level of the build directory:
but I can't think of a way to get a list of all the removed functions without reading through thousands of lines of commit diffs and trying to identify the XQuery names and namespaces from the removed Java code. Is there a handy list of all the removed functions?
The text was updated successfully, but these errors were encountered: