I have for some time been the maintainer of the Perl distribution: Crypt::OpenSSL::X509. The implementation is a wrapper on the OpenSSL C libraries, relying on XS.
I took over the maintenance from Dan Sully, because we where using the distribution at work and it need some maitaining. O am not a C-programmer, XS wizard or compiler expert - anyway I thought I could learn something from taking on the maintainer role.
Over time I have made releases, when there was something obvious or somebody sent PRs to the repository.
Way too seldom, I would check the CPAN testers reports to see how things were going, but a few weeks ago I was bored and I did.
The current release at the time was 1.903 and the test results were not look too impressive.
So I checked some of them out and set out to address some of the issues I observed. The first one was a broken build on OpenBSD and FreeBSD.
As I mentioned:
I am not a compiler expert - check me out
error: nonnull parameter 'pv' will evaluate to 'true' on first encounter [-Werror,-Wpointer-bool-conversion]
if (pv && len > 1) {
Examples:
I read up on the issue and it seemed Perl 5.20 had an issue with this so I wanted to re-categorize it to a warning from an error for Perl versions below 5.20.0
Believe me, this required a lot of googling, reading and I did a lot of installation and testing with different Perl versions (luckily the issue was easily reproduced).
When I understood the issue, I was able to find a good article on StackOverflow, with what I thought would be a remedy.
Implemented and shipped release 1.904.
Boom, bam, bop Bada-bop-boom, pow!
That did not work out particularly well - I actually made the situation worse and completely broke the build for Linux.
Apparently GCC and LLVM are very different and I had introduced the use of an option, which is LLVM specific and is not understood by GCC.
More googling and reading and I found some good resources on the two compilers:
- "Diagnostic flags in Clang" from Clang 13 documentation
- "3.8 Options to Request or Suppress Warnings" for GCC
- "3.1 Option Summary" for GCC
I got everything restructurized and got release 1.905 shipped and this time it looked much better...
There are more compiler issues I want to address, but I will most certainly be more careful in the future, just fooling around with the code surrounding your main product can be just as destructive and hence stressful and time consuming.
We are now back on track and I have since shipped releases 1.9.6 and 1.9.7 and things are back to slowly improving.
I tend to do micro releases and I am seriously considering extending my toolbox locally with a Linux machine, so I get more perspective on things with a better feedback loop while developing.
Improving continuous integration for this project is also being worked on. The matrix approach of operating systems, tools/compilers and in this case Perl interpreter versions make a lot of sense and brings a lot of value and it would probably have caught the issue I introduced earlier.
It is does however require a lot of work to establish and maintain, but I think it is worth the effort. We do learn a lot from our mistakes, but we also need successes to keep motivation up.
Top comments (5)
Read up on how to do trial releases. That way you can get the benefits of cpantesters without breaking people who rely on it for production code.
Hi Mark, I got the same advice on Twitter. So I will repeat my response here:
I was well aware of the possibilities, but failed anyway.
Thanks for responding though
Great post !
Thank you
Hello there jonasbn!
Are there any plans to implement certificate generation in addition to the existing parsing methods?