When a library is either installed from anywhere other than the main package registry, the owner field for the spec is always empty because owner isn't a supported field that is read from either the library.json or a library.properties field. But owner is a supported field for a library dependency in a library.json file. So if a library has detailed dependency list including library owners and a user installs both that library and it's dependencies from any source other than the registry, the dependency finder will re-install all of the dependencies because they are cannot be matched because of the missing owner field.
Detailed Example:
Manually install low-level library
- User installs SensorModbusMaster directly from GitHub using the command
pio pkg install --library https://github.com/EnviroDIY/SensorModbusMaster/
- The SensorModbusMaster library is installed in the lib_deps folder as expected.
- The SensorModbusMaster library.json does not support an owner field; the package manager has no way of knowing the package owner.
Manually install library depending on low-level library
- User installs YosemitechModbus directly from GitHub using the command
pio pkg install --library https://github.com/EnviroDIY/YosemitechModbus
- The YosemitechModbus library is installed in the lib_deps folder as expected.
- The package manager scans the library.json manifest of the YosemitechModbus library and sees the dependency named
SensorModbusMaster with the owner envirodiy.
- The package manager attempts to match the dependency with already installed libraries. It cannot be matched to the already installed SensorModbusMaster because the owner of the installed library is unknown.
- The failing test is in the test_pkg_spec function at line 297
- The package manager installs a second version of the SensorModbusMaster library from the PlatformIO registry.
Result
- The user now has two possibly different versions of the same library installed which is unlikely to be what was desired.
Possible Solutions
- support and read an owner field for the library.json file
- requires modification of the spec and validation of library.json files in addition to the machinery that reads the spec
- requires library authors to add the owner field
- requires validation on submission to the registry that the owner field in the manifest is aligned with the user submitting the library
- remove check for matching owners when checking if a library is already installed.
- only requires removing a few lines of code
- users may end up with mis-matched libraries and other packages that do not work together in cases where the same package has been submitted by multiple owners or forked libraries are used
- Where possible, infer the library owner from the installation location if a library is installed from outside of the registry
- This is probably only possible for istallations from sources like GitHub where the repo owner could be used
- This would only help in cases where the repo owner exactly matches the registry owner.
When a library is either installed from anywhere other than the main package registry, the owner field for the spec is always empty because owner isn't a supported field that is read from either the library.json or a library.properties field. But owner is a supported field for a library dependency in a library.json file. So if a library has detailed dependency list including library owners and a user installs both that library and it's dependencies from any source other than the registry, the dependency finder will re-install all of the dependencies because they are cannot be matched because of the missing owner field.
Detailed Example:
Manually install low-level library
pio pkg install --library https://github.com/EnviroDIY/SensorModbusMaster/Manually install library depending on low-level library
pio pkg install --library https://github.com/EnviroDIY/YosemitechModbusSensorModbusMasterwith the ownerenvirodiy.Result
Possible Solutions