Specifying minimal Erlang version in mix.exs

marcandre · May 21, 2021, 11:33pm

Is it still not possible to specify Erlang compatibility in mix.exs?

Erlang/OTP is a dependency of Elixir, so it is an indirect dependency of any mix projects, but it may be a direct dependency too. mix.exs should be able to convey that and mix should be able to resolve dependencies handling this too.

As a practical example, :crypto.hmac/3 no longer exists in OTP 24, one must use :crypto.mac/4 which is OTP 22+

If a package maintainer wants to use :crypto.mac/4, the only easy choice is to require the shiny new Elixir 1.12, because Elixir 1.11 is compatible with OTP 21

Ideally one could say: compatible with Elixir >= 1.7 but OTP >= 22.

eksperimental · May 22, 2021, 3:43am

Interesting request. Totally doable.

It will not compile if it does not meet the :otp dependency requirement.

$ mix
** (Mix) You're trying to run :otp_dependency on Erlang/OTP 24.0.0 but it has declared in its mix.exs file it supports only Erlang/OTP ~> 24.1

josevalim · May 22, 2021, 7:47am

Correct, it is still not supported because we want to avoid adding multiple dimensions for system dependencies. So in this sense it would be preferable to either supporting v1.7 and all OTP versions by checking which crypto function is available (that’s what we did in plug_crypto) or bumping to v1.12.

However, if occurrences like this keep happening, then we should probably be more pragmatic and allow the OTP dependency.

hauleth · May 22, 2021, 8:36am

You can always have runtime/compile time check that will pick the best available option.

dimitarvp · May 22, 2021, 9:02am

Smells like a compat library that I wanted to write for at least a year.

marcandre · May 22, 2021, 2:16pm

Thanks for the link to this workaround. I’d say that if we get to a failed compilation, we still lost though.

The goal is that mix deps.get resolves to the correct version of package, not that it resolves to the wrong version, that compilation fails, and that the user must figure out why, then figure out manually what version is actually compatible, hardcode the version requirement and then reinstall.

marcandre · May 22, 2021, 2:20pm

Thanks for the response, although I do not see how erlang is in a different dimension, from the point of view of a package manifest.

I will check what was done for plug_crypto

eksperimental · May 22, 2021, 2:41pm

My solution does not deal with package dependencies. It only checks --as the title of your post says-- that the installed OTP version meets the requirements, in the exact same way it checks for the Elixir version required.
If your requirement is Elixir v1.12, but you are running Elixir v1.11, the compilation will fail, and I wouldn’t see it as a loss, it is a gain because your app is not designed to run under a lower version of Elixir.

How would you propose your solution to work? To have conditional dependencies based on the available OTP version?

derek-zhou · May 22, 2021, 2:43pm

I guess you can make a dummy erlang package with rebar.config that have:

{minimum_otp_vsn, "22"}.

then add this package as one mix dependency?

marcandre · May 22, 2021, 3:38pm

My solution is that hex packages could declare which OTP version they are compatible with and that mix deps.get takes that into account to figure out which versions to get.

If package Example has version 1.0 compatible with Elixir >= 1.4 but uses :crypto.hmac/3, they could make incompatible changes to the code to use the new :crypto.mac/4 and release 1.0.2 compatible with Elixir >= 1.7 and OTP >= 22. mix deps.get can use that information to retrieve the correct package depending on the version of Elixir and OTP that is in use, and insure that there is no incompatiblity / compilation error.

The only other acceptable alternative in my book requires more work on the part of the maintainer to release a package that maintains compatibility with all versions of OTP.

I lack the experience to know how much of a burden that is, but that solution has the advantage of expressing the situation as it actually is, as well as giving more options to maintainers to minimize their burden. Not allowing that is fighting reality.

(edited to remove a step that didn’t add anything)

marcandre · May 22, 2021, 3:39pm

Interesting. If that works, then even more reason to support explicitly what can already be supported implicitly.

josevalim · May 22, 2021, 6:22pm

It doesn’t work on dependency resolution. It just emits a warning (or raise) if you don’t have a matching version. If this behaviour is enough for you, then you can check for the OTP release in your mix.exs.

jozuas · December 5, 2023, 12:45pm

I wanted to add another example of this happening from today:

I have Elixir 1.15.7 with Erlang 25.3.2.7, I added oidcc 3.1.0 to mix.exs and found out in runtime that oidcc only supports OTP26 and beyond by running into :base64.encode/2 is undefined or private.

maennchen · December 5, 2023, 1:05pm

I believe having a standardized field & warning for the required OTP version in the mix project/0 would be beneficial.

It at least communicates the problem to the user and there is also a standardized place to manually look for the versions a library supports.

Also checking the requirement in the hex resolution would be awesome, but I don’t believe that this must be implemented for the rest to be useful.

(Happy to provide an Elixir PR for that )

wojtekmach · December 5, 2023, 1:36pm

There is a couple of problems:

We have System.otp_release() # => "26" but not System.otp_version() #=> "26.1.2" and the reason is the latter is not exposed by OTP. There are hacks to get this version out, you can see what mix hex.info does for example, but the first step would be to have OTP expose this.
Adding :minimum_otp_release/:otp_version to mix.exs that works like :elixir, i.e. does not participate in resolution, should be fairly straightforward. Adding it in a way that participates in resolution is a rather big undertaking.

mix.exs is executable so something everyone can do today is:

if System.otp_release < "26" do
  IO.puts "this package requires OTP 26. Install foo v0.2.0 that works with prior OTP versions"
  raise "incorrect OTP"
end

defmodule Foo.MixProject do

and the benefit is the error message can be as succinct or as verbose as you want it to be. In that sense it’s better than when provided by the build tool because you have full control what extra information to include.

maennchen · December 5, 2023, 3:04pm

While this feels hacky, this is the officially proposed way to read the version:
https://www.erlang.org/doc/system_principles/versions#retrieving-current-otp-version

Rebar3 also does it this way and this therefore seems to be the accepted way to do so:

github.com

erlang/rebar3/blob/7a27a26c11470617898b9a3c80451d1cea1c4361/apps/rebar/src/rebar_utils.erl#L415


      
              if A == KB -> {Secondary, A, B};
                 A  < KB -> {Secondary, A, B};
                 A  > KB -> {Priority, B, A}
              end.
          
          %% Implements wc -l functionality used to determine patchcount from git output
          line_count(PatchLines) ->
              Tokenized = rebar_string:lexemes(PatchLines, "\n"),
              {ok, length(Tokenized)}.
          
          check_min_otp_version(undefined) ->
              check_min_otp_version(undefined, undefined);
          check_min_otp_version(MinOtpVersion) ->
              check_min_otp_version(MinOtpVersion, undefined).
          
          check_min_otp_version(undefined, _App) ->
              ok;
          check_min_otp_version(MinOtpVersion, App) ->
              %% Fully-qualify with ?MODULE so the function can be meck'd in rebar_utils_SUITE
              OtpRelease = ?MODULE:otp_release(),
              ParsedMin = version_tuple(MinOtpVersion),

This should allow us to create System.otp_version/0 if we desire to have that function.

I’m aware that this is possible, but this seems like a hack to me. If everybody does it like this, there’s no standardized approach which means that we won’t be able to handle those errors in a uniform way. (e.g. Editor Language Servers, statistical analysis of libraries & their requirements on Hex etc.)

Implementing only the first part (without resolution) seems to be an easy implementation and I think it would be beneficial. Exposing System.otp_version/0 would also be great since that is something I had to work around before.