[Bug 26893] New: New version of JSON::Validator (D11) break our REST API routes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Bug ID: 26893 Summary: New version of JSON::Validator (D11) break our REST API routes Change sponsored?: --- Product: Koha Version: unspecified Hardware: All OS: All Status: NEW Severity: blocker Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: koha-bugs@lists.koha-community.org Reporter: jonathan.druart@bugs.koha-community.org QA Contact: testopia@bugs.koha-community.org Error while loading /etc/koha/sites/kohadev/plack.psgi: Can't load application from file "/kohadevbox/koha/api/v1/app.pl": Can't use string ("paths.json") as a HASH ref while "strict refs" in use at /usr/share/perl5/JSON/Validator/OpenAPI/Mojolicious.pm line 333. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin.renvoize@ptfs-europe | |.com, | |nick@bywatersolutions.com, | |tomascohen@gmail.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #1 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- The tests were passing on Oct 22th (run 115) but fail since Oct 26th (run 123) https://jenkins.koha-community.org/job/Koha_Master_D11/ -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Julian Maurice <julian.maurice@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |julian.maurice@biblibre.com --- Comment #2 from Julian Maurice <julian.maurice@biblibre.com> --- Confirmed. The problem exists for all versions of JSON::Validator from 4.06 to 4.10 -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #3 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 113254 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=113254&action=edit Bug 26893: Limit JSON::Validator versions -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #4 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- We need to varify whether the package build process takes notice of the cpanfile min, max and excludes versions.. I can't remember if we got that far, though I do know mason was working on it. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mtj@kohaaloha.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #5 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Longer term it would be nice to get the latest Mojolicious::Plugin::OpenAPI building on D11.. but at the moment that seems to fail. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #6 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Looks like we cannot force the version: % apt install libjson-validator-perl=3.25+dfsg-1+koha3 Error while loading /etc/koha/sites/kohadev/plack.psgi: Can't load application from file "/kohadevbox/koha/api/v1/app.pl": Can't locate JSON/Validator/Util.pm in @INC (you may need to install the JSON::Validator::Util module) (@INC contains: /kohadevbox/koha /kohadevbox/koha/installer /kohadevbox/koha/lib/installer /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.30.3 /usr/local/share/perl/5.30.3 /usr/lib/x86_64-linux-gnu/perl5/5.30 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.30 /usr/share/perl/5.30 /usr/local/lib/site_perl /var/lib/koha/kohadev/plugins) at /usr/local/share/perl/5.30.3/JSON/Validator/OpenAPI/Mojolicious.pm line 5. Of course new versions of Mojolicious need the new JSON::Validator -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #7 from Mason James <mtj@kohaaloha.com> --- i think the errors that we are encountering is probably caused by J::V 4.00 depreciating some functions and methods https://metacpan.org/changes/distribution/JSON-Validator 4.00 2020-06-08T10:41:55+0900 - JSON::Validator::schema() now holds a JSON::Validator::Schema object instead of Mojo::JSON::Pointer - Add schema classes for Draft4, Draft6 and Draft7 - Add "duration" and "uuid" formats #210 - Fix coercing boolean "false" #215 - Fix not matching "null" should also be a "type" error #217 - Deprecated JSON::Validator::joi() - Deprecated JSON::Validator::singleton() - Deprecated JSON::Validator::validate_json() - Deprecated JSON::Validator::version() - Removed JSON::Validator::generate_definitions_path() - Removed support for JSON::Validator::bundle({ref_key => ...}) i think the best solution would be to attempt to rewrite the JV code in koha to not use the depreciated JV functions and methods we will eventually have to correct this problem, so lets do it now rather than later? -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #8 from David Cook <dcook@prosentient.com.au> --- (In reply to Mason James from comment #7)
i think the best solution would be to attempt to rewrite the JV code in koha to not use the depreciated JV functions and methods
we will eventually have to correct this problem, so lets do it now rather than later?
Sounds reasonable if it's possible to do it -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #9 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- In my understanding we aren't using any of those methods directly with Koha... it's rather than many of those methods are used in Mojolicious::Plugin::OpenAPI which we're using. Said plugin has been updated to reflect the changes in JSON::Validator but it also requires a new Mojolicious than we're currently supporting I think.. Hense, I don't think it's just a case of updating Koha code, but rather tracking down the versions we wish to support and pinning ourselves to them properly again. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #10 from David Cook <dcook@prosentient.com.au> --- (In reply to Martin Renvoize from comment #9)
In my understanding we aren't using any of those methods directly with Koha... it's rather than many of those methods are used in Mojolicious::Plugin::OpenAPI which we're using. Said plugin has been updated to reflect the changes in JSON::Validator but it also requires a new Mojolicious than we're currently supporting I think..
Hense, I don't think it's just a case of updating Koha code, but rather tracking down the versions we wish to support and pinning ourselves to them properly again.
I had a feeling that might be the case. Alternatively, could we pin JSON::Validator to an older version? I suppose every approach has its trade offs... -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #11 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to David Cook from comment #10)
Alternatively, could we pin JSON::Validator to an older version?
See comment 6, that does not work. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #12 from David Cook <dcook@prosentient.com.au> --- (In reply to Jonathan Druart from comment #11)
(In reply to David Cook from comment #10)
Alternatively, could we pin JSON::Validator to an older version?
See comment 6, that does not work.
After doing a bit of digging, comment 6 appears to likely be mistaken. I'll include my detailed comments below. (In reply to Jonathan Druart from comment #6)
Looks like we cannot force the version:
% apt install libjson-validator-perl=3.25+dfsg-1+koha3
Error while loading /etc/koha/sites/kohadev/plack.psgi: Can't load application from file "/kohadevbox/koha/api/v1/app.pl": Can't locate JSON/Validator/Util.pm in @INC (you may need to install the JSON::Validator::Util module) (@INC contains: /kohadevbox/koha /kohadevbox/koha/installer /kohadevbox/koha/lib/installer /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.30.3 /usr/local/share/perl/5.30.3 /usr/lib/x86_64-linux-gnu/perl5/5.30 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.30 /usr/share/perl/5.30 /usr/local/lib/site_perl /var/lib/koha/kohadev/plugins) at /usr/local/share/perl/5.30.3/JSON/Validator/OpenAPI/Mojolicious.pm line 5.
According to https://metacpan.org/release/JHTHORSEN/JSON-Validator-3.25, JSON::Validator::Util should have been installed. I've downloaded the package from http://debian.koha-community.org/koha-staging/pool/main/libj/libjson-validat.... Using 7-zip, I've opened the files and I see that Validator.pm is *not* actually version 3.25 but *is* actually version 3.14. JSON::Validator::Util is not included until JSON::Validator version 3.20 it seems. I'm looking at "apt-cache show libmojolicious-plugin-openapi-perl" on debian:bullseye, and it indicates this dependency: libjson-validator-perl (>= 3.15). So it's not surprising that libjson-validator-perl=3.25+dfsg-1+koha3 didn't work since it's actually been mis-packaged it seems. I think that if we re-package libjson-validator-perl to actually be 3.15+ then it'll probably work. In your example, it's interesting that JSON::Validator::OpenAPI::Mojolicious is at /usr/local/share/perl/5.30.3/JSON/Validator/OpenAPI/Mojolicious.pm instead of /usr/share/perl5/JSON/Validator/OpenAPI/Mojolicious.pm. Did you install it using CPAN instead of DEB package? -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |mtj@kohaaloha.com |ity.org | Status|NEW |ASSIGNED Keywords| |rel_20_11_target --- Comment #13 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Good catch David! So, on a fresh D11: % cpanm https://cpan.metacpan.org/authors/id/J/JH/JHTHORSEN/JSON-Validator-3.25.tar.... And that's it, it works! -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #14 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to David Cook from comment #12)
In your example, it's interesting that JSON::Validator::OpenAPI::Mojolicious is at /usr/local/share/perl/5.30.3/JSON/Validator/OpenAPI/Mojolicious.pm instead of /usr/share/perl5/JSON/Validator/OpenAPI/Mojolicious.pm. Did you install it using CPAN instead of DEB package?
Yes, I was certainly trying something and installed it from CPAN. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #15 from Mason James <mtj@kohaaloha.com> --- i've built a new J::V v3.25 package and added it to the 'bullseye' component. which has fixed the deb11 builds the package is named 'libjson-validator-perl-4.10+really3.25-koha1', following the naming syntax suggested in section 5.6.12.1 below... https://www.debian.org/doc/debian-policy/ch-controlfields.html installing koha on deb11 now currently requires 'bullseye' to be included in the apt repo definition, example below... $ echo 'deb http://debian.koha-community.org/koha stable main bullseye' | sudo tee /etc/apt/sources.list.d/koha.list -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #16 from Mason James <mtj@kohaaloha.com> --- (In reply to David Cook from comment #10)
(In reply to Martin Renvoize from comment #9)
In my understanding we aren't using any of those methods directly with Koha... it's rather than many of those methods are used in Mojolicious::Plugin::OpenAPI which we're using. Said plugin has been updated to reflect the changes in JSON::Validator but it also requires a new Mojolicious than we're currently supporting I think..
Hense, I don't think it's just a case of updating Koha code, but rather tracking down the versions we wish to support and pinning ourselves to them properly again.
I had a feeling that might be the case.
Alternatively, could we pin JSON::Validator to an older version?
i asked for 'pinning' advice in the debian #packaging irc channel it's impossible to pin an older package without instructing users to manually add an entry to their /etc/apt/preferences.d dir we could automate that task within koha-common, or another helper package - but that is probably considered inappropriate behaviour for a package (for security reasons) the workaround for pinning, is to name the package using the +really convention described here -> https://www.debian.org/doc/debian-policy/ch-controlfields.html -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #17 from David Cook <dcook@prosentient.com.au> --- (In reply to Mason James from comment #16)
i asked for 'pinning' advice in the debian #packaging irc channel
it's impossible to pin an older package without instructing users to manually add an entry to their /etc/apt/preferences.d dir
Ahh right. In hindsight, I have always manually added entries for pinning. Silly me.
we could automate that task within koha-common, or another helper package - but that is probably considered inappropriate behaviour for a package (for security reasons)
the workaround for pinning, is to name the package using the +really convention described here -> https://www.debian.org/doc/debian-policy/ch-controlfields.html
Interesting! I'd never heard of +really, although that still sounds like a bit of a different scenario. I think that there is a 3rd option. With HTTP::OAI, we use the older version in Koha's Apt repo and don't use the Debian version which is too new. "libhttp-oai-perl (>= 3.2) | libhttp-oai-3.27-perl, libhttp-oai-perl (<< 4.0) | libhttp-oai-3.27-perl" http://debian.koha-community.org/koha/pool/main/libh/ https://packages.debian.org/bullseye/libhttp-oai-perl That seems like the same thing that we'd want to do here. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|New version of |New version of |JSON::Validator (D11) break |JSON::Validator (D11) |our REST API routes |breaks our REST API routes -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #18 from Mason James <mtj@kohaaloha.com> ---
I think that there is a 3rd option. With HTTP::OAI, we use the older version in Koha's Apt repo and don't use the Debian version which is too new.
"libhttp-oai-perl (>= 3.2) | libhttp-oai-3.27-perl, libhttp-oai-perl (<< 4.0) | libhttp-oai-3.27-perl"
http://debian.koha-community.org/koha/pool/main/libh/ https://packages.debian.org/bullseye/libhttp-oai-perl
That seems like the same thing that we'd want to do here.
i think the 3rd option won't work here, as bulleyes' libmojolicious-plugin-openapi-perl (3.40-1) depends on libjson-validator-perl (>= 4.05) the libhttp-oai-3.27-perl package works because only the koha pkgs depend on it -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #19 from Mason James <mtj@kohaaloha.com> --- (In reply to Mason James from comment #18)
I think that there is a 3rd option. With HTTP::OAI, we use the older version in Koha's Apt repo and don't use the Debian version which is too new.
"libhttp-oai-perl (>= 3.2) | libhttp-oai-3.27-perl, libhttp-oai-perl (<< 4.0) | libhttp-oai-3.27-perl"
http://debian.koha-community.org/koha/pool/main/libh/ https://packages.debian.org/bullseye/libhttp-oai-perl
That seems like the same thing that we'd want to do here.
i think the 3rd option won't work here, as bulleyes' libmojolicious-plugin-openapi-perl (3.40-1) depends on libjson-validator-perl (>= 4.05)
the libhttp-oai-3.27-perl package works because only the koha pkgs depend on it
hmm, think about this a bit more... this could work if we built a similarly named pkg for libmojolicious-plugin-openapi-perl too this solution might also fix some other issues around support for these 'problematic' packages and older debian versions -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #20 from David Cook <dcook@prosentient.com.au> --- (In reply to Mason James from comment #18)
i think the 3rd option won't work here, as bulleyes' libmojolicious-plugin-openapi-perl (3.40-1) depends on libjson-validator-perl (>= 4.05)
the libhttp-oai-3.27-perl package works because only the koha pkgs depend on it
That's interesting... because on November 15th I installed libmojolicious-plugin-openapi-perl on debian:bullseye in Docker and it had this dependency: libjson-validator-perl (>= 3.15). Yet https://packages.debian.org/bullseye/libmojolicious-plugin-openapi-perl clearly says "dep: libjson-validator-perl (>= 4.05)" That's weird. I must have had an older version of libmojolicious-plugin-openapi-perl installed somehow... I suppose the solution is to require older versions of both libmojolicious-plugin-openapi-perl and libjson-validator-perl in that case. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #21 from David Cook <dcook@prosentient.com.au> --- (In reply to David Cook from comment #20)
That's interesting... because on November 15th I installed libmojolicious-plugin-openapi-perl on debian:bullseye in Docker and it had this dependency: libjson-validator-perl (>= 3.15).
Yet https://packages.debian.org/bullseye/libmojolicious-plugin-openapi-perl clearly says "dep: libjson-validator-perl (>= 4.05)"
That's weird. I must have had an older version of libmojolicious-plugin-openapi-perl installed somehow...
I suppose the solution is to require older versions of both libmojolicious-plugin-openapi-perl and libjson-validator-perl in that case.
Ahhhh... it's called "unstable" for a reason. https://metadata.ftp-master.debian.org/changelogs//main/libm/libmojolicious-... On January 29 2020 they list libmojolicious-plugin-openapi-perl (2.21-1). On November 15 2020 they list libmojolicious-plugin-openapi-perl (3.40-1). Talk about crazy timing! They uploaded a new package the same day that I was trying out libjson-validator-perl. The change probably happened within hours/days of me checking... In any case, I'd say yeah let's require a 2.x libmojolicious-plugin-openapi-perl and a 3.x libjson-validator-perl. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Emmi Takkinen <emmi.takkinen@outlook.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |emmi.takkinen@outlook.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Ere Maijala <ere.maijala@helsinki.fi> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ere.maijala@helsinki.fi -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|blocker |major --- Comment #22 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Lowering severity as it's no longer blocker. What's next here? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #23 from David Cook <dcook@prosentient.com.au> --- (In reply to Jonathan Druart from comment #22)
Lowering severity as it's no longer blocker.
What's next here?
Good question. It's been a while since I looked at this. I think we just need to update debian/control to agree with the cpanfile here. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|major |blocker --- Comment #24 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- This problem is back! REST API is broken under D11 root@kohadevbox:~$ apt show libmojolicious-plugin-openapi-perl Package: libmojolicious-plugin-openapi-perl Version: 3.40-1 Priority: optional Section: perl Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Installed-Size: 195 kB Depends: perl:any, libdata-validate-domain-perl, libdata-validate-ip-perl, libjson-validator-perl (>= 4.05), libmojolicious-perl (>= 8.00), libtext-markdown-perl (>= 1.000031) Homepage: https://metacpan.org/release/Mojolicious-Plugin-OpenAPI Download-Size: 73.8 kB APT-Manual-Installed: no APT-Sources: http://httpredir.debian.org/debian bullseye/main amd64 Packages Description: OpenAPI/Swagger plugin for Mojolicious N: There is 1 additional record. Please use the '-a' switch to see it root@kohadevbox:~$ apt show libjson-validator-perl Package: libjson-validator-perl Version: 4.12+dfsg-1 Priority: optional Section: perl Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Installed-Size: 234 kB Depends: perl:any, libmojolicious-perl (>= 7.28), libyaml-pp-perl, openapi-specification Recommends: libcpanel-json-xs-perl (>= 3.0200), libdata-validate-domain-perl, libdata-validate-ip-perl, libnet-idn-encode-perl, libscalar-list-utils-perl, libsereal-encoder-perl (>= 4.00) Breaks: sreview-web (<< 0.6.1-2) Replaces: sreview-web (<< 0.6.1-2) Homepage: https://metacpan.org/release/JSON-Validator Tag: devel::lang:perl, devel::library, implemented-in::perl Download-Size: 80.8 kB APT-Manual-Installed: no APT-Sources: http://httpredir.debian.org/debian bullseye/main amd64 Packages Description: module to validate data against a JSON schema N: There are 2 additional records. Please use the '-a' switch to see them. root@kohadevbox:~$ apt-cache policy libmojolicious-plugin-openapi-perl libmojolicious-plugin-openapi-perl: Installed: 3.40-1 Candidate: 3.40-1 Version table: *** 3.40-1 500 500 http://httpredir.debian.org/debian bullseye/main amd64 Packages 100 /var/lib/dpkg/status 2.16-1+koha1 500 500 http://debian.koha-community.org/koha-staging dev/main amd64 Packages root@kohadevbox:~$ apt-cache policy libjson-validator-perl libjson-validator-perl: Installed: 4.12+dfsg-1 Candidate: 4.12+dfsg-1 Version table: *** 4.12+dfsg-1 500 500 http://httpredir.debian.org/debian bullseye/main amd64 Packages 100 /var/lib/dpkg/status 4.10+really3.25-koha1 500 500 http://debian.koha-community.org/koha-staging dev/bullseye amd64 Packages 3.25+dfsg-1+koha3 500 500 http://debian.koha-community.org/koha-staging dev/main amd64 Packages -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #25 from David Cook <dcook@prosentient.com.au> --- (In reply to Jonathan Druart from comment #24)
This problem is back!
REST API is broken under D11
If possible, let's require older versions of both libmojolicious-plugin-openapi-perl and libjson-validator-perl. I suppose it'll depend on what version of Mojolicious is in Bullseye, although I feel like Mojolicious tends to be backwards compatible, so you should be able to use older plugins on newer frameworks... but I'm not looking at this today. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=19735 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=17092 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #26 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Mojolicious uses pretty standard semantic versioning.. jump a major and you can't really expect things to work. The latest combination of dependencies I found to work with current Koha is: Mojolicous 8.73 JSON::Validator 4.05 Mojolicious::Plugin::OpenAPI 3.39 If we wanted to jump beyond that we'll need to change the Koha codebase to accommodate the changes in the libraries. What's easier, backporting new libraries to older Debian (and updating our codebase for the newer libraries) or downgrading/pinning older libraries on newer Debian? Or, dare I say it.. shipping a local clone of the Mojo stack inside Koha. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #27 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- The short term solution is to package a 4.99+really3.25-koha -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #28 from David Cook <dcook@prosentient.com.au> --- (In reply to Jonathan Druart from comment #27)
The short term solution is to package a 4.99+really3.25-koha
Why? We should be able to provide the right dependency in the Koha apt repo and specify the right dependency in the control file. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #29 from David Cook <dcook@prosentient.com.au> --- (In reply to Martin Renvoize from comment #26)
What's easier, backporting new libraries to older Debian (and updating our codebase for the newer libraries) or downgrading/pinning older libraries on newer Debian?
I would think probably the latter.
Or, dare I say it.. shipping a local clone of the Mojo stack inside Koha.
I'm not opposed to this. I've started using Carton on other projects, and it's nice having all my Perl dependencies stored in the "local" directory, and then just pointing to that in PERL5LIB. That said, without using the cpanfile.snapshot via Carton, this could get very unmanageable and create many headaches. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #30 from Mason James <mtj@kohaaloha.com> --- (In reply to Jonathan Druart from comment #27)
The short term solution is to package a 4.99+really3.25-koha
hi Jonathan, this is done $ cat /etc/apt/sources.list.d/koha.list deb http://debian.koha-community.org/koha-staging dev main bullseye $ apt-cache policy libjson-validator-perl libjson-validator-perl: Installed: 4.99+really3.25-koha1 Candidate: 4.99+really3.25-koha1 Version table: *** 4.99+really3.25-koha1 500 500 http://debian.koha-community.org/koha-staging dev/bullseye amd64 Packages 100 /var/lib/dpkg/status 4.13+dfsg-1 500 500 http://apt.kohaaloha.com:3142/ftp.nz.debian.org/debian testing/main amd64 Packages 3.25+dfsg-1+koha3 500 500 http://debian.koha-community.org/koha-staging dev/main amd64 Packages -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #31 from Mason James <mtj@kohaaloha.com> --- (In reply to David Cook from comment #28)
(In reply to Jonathan Druart from comment #27)
The short term solution is to package a 4.99+really3.25-koha
Why?
We should be able to provide the right dependency in the Koha apt repo and specify the right dependency in the control file.
no, it's impossible for us to do this because the version we want (3.25) is *lower* than the version available (4.13) in the debian.net/bullseye repo see... https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893#c16 ps: i would love to be proven incorrect on this info -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #32 from Tomás Cohen Arazi <tomascohen@gmail.com> --- (In reply to Martin Renvoize from comment #26)
Mojolicious uses pretty standard semantic versioning.. jump a major and you can't really expect things to work.
The latest combination of dependencies I found to work with current Koha is:
Mojolicous 8.73 JSON::Validator 4.05 Mojolicious::Plugin::OpenAPI 3.39
If we wanted to jump beyond that we'll need to change the Koha codebase to accommodate the changes in the libraries.
What's easier, backporting new libraries to older Debian (and updating our codebase for the newer libraries) or downgrading/pinning older libraries on newer Debian?
Or, dare I say it.. shipping a local clone of the Mojo stack inside Koha.
We should do that. And jump to current versions of the OpenAPI plugin and Mojolicious 8.x. if not possible to package them, of course. I think there was a Perl version issue with stretch? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #33 from David Cook <dcook@prosentient.com.au> --- (In reply to Mason James from comment #31)
no, it's impossible for us to do this because the version we want (3.25) is *lower* than the version available (4.13) in the debian.net/bullseye repo
see... https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893#c16
ps: i would love to be proven incorrect on this info
Except that we already do it with libhttp-oai-perl. At https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893#c18 you mention the issue becomes libmojolicious-plugin-openapi-perl has dependency issues, but then we can just control that one too and provide our own package, which makes sense since we're already mucking with Mojolicious versions. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #34 from David Cook <dcook@prosentient.com.au> --- (In reply to Tomás Cohen Arazi from comment #32)
(In reply to Martin Renvoize from comment #26)
Or, dare I say it.. shipping a local clone of the Mojo stack inside Koha.
We should do that. And jump to current versions of the OpenAPI plugin and Mojolicious 8.x. if not possible to package them, of course. I think there was a Perl version issue with stretch?
I don't know about stretch, but yeah I suppose the downside of picking and choosing some libraries to be via DEB packages and some to be embedded is that our support for multiple different OSes could be problematic (based on Mojo dependencie). -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|blocker |normal --- Comment #35 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Lowering severity again. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Bohdan <b.pastern4k@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |b.pastern4k@gmail.com --- Comment #36 from Bohdan <b.pastern4k@gmail.com> --- Hello. I've installed Koha 20.11.04 on latest Debian 10 and the API is broken. I cannot get the list of available branches as it uses API. Got the following in api error logs: [ERROR] Warning: Could not load REST API spec bundle: Can't use string ("parameters.json") as a HASH ref while "strict refs" in use at /usr/share/perl5/JSON/Validator/OpenAPI/Mojolicious.pm line 272. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #37 from Mason James <mtj@kohaaloha.com> --- (In reply to Bohdan from comment #36)
Hello. I've installed Koha 20.11.04 on latest Debian 10 and the API is broken. I cannot get the list of available branches as it uses API.
Got the following in api error logs: [ERROR] Warning: Could not load REST API spec bundle: Can't use string ("parameters.json") as a HASH ref while "strict refs" in use at /usr/share/perl5/JSON/Validator/OpenAPI/Mojolicious.pm line 272.
hi Bohdan, are you using 64-bit debian? it is recommended -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #38 from Bohdan <b.pastern4k@gmail.com> --- (In reply to Mason James from comment #37)
(In reply to Bohdan from comment #36)
Hello. I've installed Koha 20.11.04 on latest Debian 10 and the API is broken. I cannot get the list of available branches as it uses API.
Got the following in api error logs: [ERROR] Warning: Could not load REST API spec bundle: Can't use string ("parameters.json") as a HASH ref while "strict refs" in use at /usr/share/perl5/JSON/Validator/OpenAPI/Mojolicious.pm line 272.
hi Bohdan, are you using 64-bit debian? it is recommended
Of course, it is x64. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #39 from David Cook <dcook@prosentient.com.au> --- (In reply to Martin Renvoize from comment #26)
Mojolicious uses pretty standard semantic versioning.. jump a major and you can't really expect things to work.
The latest combination of dependencies I found to work with current Koha is:
Mojolicous 8.73 JSON::Validator 4.05 Mojolicious::Plugin::OpenAPI 3.39
If we wanted to jump beyond that we'll need to change the Koha codebase to accommodate the changes in the libraries.
What's easier, backporting new libraries to older Debian (and updating our codebase for the newer libraries) or downgrading/pinning older libraries on newer Debian?
Or, dare I say it.. shipping a local clone of the Mojo stack inside Koha.
I'm still investigating, but I'd be interested in getting at least JSON::Validator 4.10. At a glance, it looks like it will work with Mojolicious 7.28. Wow... Mojolicious::Plugin::OpenAPI and JSON::Validator have very different ideas about Mojolicious dependencies. JSON::Validator 4.x is OK with Mojolicious 7, but Mojolicious::Plugin::OpenAPI 2.x+ wants Mojolicious 8 and lower JSON::Validator versions... -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #40 from David Cook <dcook@prosentient.com.au> --- Only realising now that Mojolicious::Plugin::OpenAPI is only in Bullseye: https://packages.debian.org/bullseye/libmojolicious-plugin-openapi-perl It's version 3.41 and requires JSON::Validator 4.11+ and Mojolicious 8.67+. Ubuntu 18.04 Bionic - Mojolicious 7.59 - Mojolicious::Plugin::OpenAPI N/A Ubuntu 20.04 Focal - Mojolicious 8.33 - Mojolicious::Plugin::OpenAPI 2.21 - JSON::Validator 3.15+ - Mojolicious 8+ I don't know that Mojolicious::Plugin::OpenAPI 2.x can work with JSON::Validator 4.x... I see that with Koha on Ubuntu 20.04 we're using a JSON::Validator marked as 3.25+dfsg-1+koha3 Overall, I like Mojolicious, but I do not like this dependency hell. -- It looks like Mojolicious::Plugin::OpenAPI 3.41 is compatible with either Mojolicious 8.0 or Mojolicious 8.67. Depends on if you trust the META.json/cpanfile or the Changes file more. It claims to work with JSON::Validator 4.11... -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #41 from Mason James <mtj@kohaaloha.com> --- (In reply to Mason James from comment #37)
(In reply to Bohdan from comment #36)
Hello. I've installed Koha 20.11.04 on latest Debian 10 and the API is broken. I cannot get the list of available branches as it uses API.
Got the following in api error logs: [ERROR] Warning: Could not load REST API spec bundle: Can't use string ("parameters.json") as a HASH ref while "strict refs" in use at /usr/share/perl5/JSON/Validator/OpenAPI/Mojolicious.pm line 272.
hi Bohdan, can you give more details? 1/ what is the url that causes the error? 2/ do you have any extra cpan modules installed? 3/ what version of the libjson-validator-perl package is installed? the t/db_dependent/api/v1/libraries.t tests are passing for deb10/20.11.04, so it might be a problem specific to your system https://jenkins.koha-community.org/view/20.11/job/Koha_20.11_D10/87 https://jenkins.koha-community.org/view/20.11/job/Koha_20.11_D10/87/consoleT... -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 --- Comment #42 from Bohdan <b.pastern4k@gmail.com> --- (In reply to Mason James from comment #41)
(In reply to Mason James from comment #37)
(In reply to Bohdan from comment #36)
Hello. I've installed Koha 20.11.04 on latest Debian 10 and the API is broken. I cannot get the list of available branches as it uses API.
Got the following in api error logs: [ERROR] Warning: Could not load REST API spec bundle: Can't use string ("parameters.json") as a HASH ref while "strict refs" in use at /usr/share/perl5/JSON/Validator/OpenAPI/Mojolicious.pm line 272.
hi Bohdan, can you give more details?
1/ what is the url that causes the error? 2/ do you have any extra cpan modules installed? 3/ what version of the libjson-validator-perl package is installed?
the t/db_dependent/api/v1/libraries.t tests are passing for deb10/20.11.04, so it might be a problem specific to your system
https://jenkins.koha-community.org/view/20.11/job/Koha_20.11_D10/87 https://jenkins.koha-community.org/view/20.11/job/Koha_20.11_D10/87/ consoleText
It seems I had Mojolicious installed via cpanm and apt. That caused the problem. Thanks for the help. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=28800 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=29964 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=30193 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26893 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution|--- |DUPLICATE --- Comment #43 from Tomás Cohen Arazi <tomascohen@gmail.com> --- After a day testing things, I'd say this is a duplicate for bug 30194. Please reopen if you don't agree. *** This bug has been marked as a duplicate of bug 30194 *** -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org