Using External Dependencies with Conan @ Bay Area C++ User Group Meetup

September 27, 2022

< 1 min read

Abstract: In the 2022 C++ survey results an overwhelming majority ~80% said managing libraries was painful, nearly 50% called it a major pain. Given this is not even a conversation in another ecosystem, it’s time we solve it once and for all.

This talk will give an introduction to Conan and focus on the latest features you can use today to overcome any challenges. You’ll learn how to work on a CMake project, use different generators, and take advantage of multi-config presets. The goal is you give you a clear picture of how Conan fits into your existing workflow.

  • What is Conan? Why do you need it? Alternatives?
  • Searching, Download, install or build from source any open-source project with Conan.
  • Settings, Profiles and Preset
  • Adding Dependencies, Testing Requirements
  • Teasing Conan 2.0 new model
  • Publishing your own projects to ConanCenter!

Few slides, lots of demos, lots of things covered – you will leave the talk able to leverage other projects much more quickly than you could do before.


Christopher McArthur

Christopher McArthur, Conan Developer Advocate @ JFrog

Chris has been giving back to the open source community with exploit database containers, C++/ CMake build system maintenance, and other OSS projects for nearly ten years. He began his career as a C++ developer and has since then added other languages including Golang and Typescript to his skill set. Prior to joining the Conan team at JFrog, Chris previously worked in the video broadcast and mobile advertising industries on a variety of projects. His diverse experiences include Blockchain, low-level hardware networking, distributed systems security, and cloud-native DevOps. As a developer advocate for JFrog, Chris deals with Conan, Chris shares his deep to the knowledge of DevOps and Package Management to the C++ Community globally.

Video Transcript

Okay hey guys i’m Max and welcome to CPP Bay area ah oh raise your hand again if you previously said that this is your first time here alright cool.
Alright well the recording is all right so that’s good um So if you guys want to tweet about this or take pictures or anything like that you can tweet them to at CPP Bay area on Twitter.
we’ll we’ll use those for stuff, and this is going to go for about another hour and a half we’re going to end at 830.
And let’s see um.
So, in the last month we’ve had a couple of CPP related events, actually, I think, Richard you had something about CPP events.
i’ve heard that from multiple people actually.
there’s also the LV m meetup earlier this week so that’s another cool thing you guys should check that out on meetup COM as well, and then also coming up this month and next month, we have some more CPP related events such as CPP con.
Alright, so how many of you have not heard of CP con all right great marketing all right, everybody knows about TV be gone alright so.
It will be in aurora which is right outside of Denver in second week of September so it’s coming right up and.
How many of you when when Richard was talking about people was North was saying, you should go there.
Well it’s too late, but she’s still got a CV calm and you should you should absolutely go to see me because you should talk to your boss about sending you the cpb gone.
And I always get this people say oh i’m pretty sure my boss wants send me it’s like Well, no, if you don’t ask.
The thing is, you ask this year and it says no she says no, then you ask again next year, you know eventually they’re going to say yes, you really, really want to go I guarantee you, you talk to how many of you’ve been to a CP, because how many of you here into CV recon.
Did it change your career.
I don’t mean lot but I mean did it change your career it it changed the WHO, you know and what you know about CPP c++ it does that that makes a difference.
You will meet very interesting people who are doing interesting stuff so you really, really want to go so check it out it’s the CPP Kon org and there’s still rooms available and so absolutely you want to go yeah.
Because of that Richard and I are going to be here next month, but Max will be.
There we might actually push this event one week so that so that we could be back, but.
We right now, this is still scheduled for the second week of September 14 that’s the plan currently if we change it, we will definitely let you.
All right, thank you so let’s see if anyone’s up here, looking at me.
now having to keep on checking my notes, you know not articulating well and you think you could do this better well, then please, we are looking for more volunteers to do this kind of stuff.
Or if you, you know, want to talk about something we are, we are definitely looking for speakers and I think even next month know there may be some opportunity for that so.
If there’s anything you want to talk about it’s certainly better than talking about nothing, which is what will happen if no one volunteers to talk about something so there’s that um let’s see so does anyone out in here have any announcements is anyone here hiring you are hiring hey.
Thank you let’s see what else we got oh so then after that Oh yes, something as well.
user avatar
Unknown Speaker
user avatar
US – Frog Field
Where do you work and how do they reach out to you.
He said to reach out to you, but you know.
Alright cool uh so yeah so we’re going to be going for about another hour and 20 minutes, and after that we’re going to be heading out to dinner, if you want to join us at fibber mcgee’s, which is in sunnyvale.
You can Google it if you want the record on Murphy street.
And thank you to J frog yet again for hosting us that is very gracious especially aria.
Okay, so so welcome everybody.
I haven’t Stephen chin VP of developer relations at J frog So if you have any compliments about the food or the venue or any of that stuff please tell Ari.
Who helps organize and liaison if you have any complaints come to me, you can you can complain to me about stuff and.
Part of Part of the reason why we care a lot about the cnc plus community and CPP con and all the great stuff here is because.
We have a lot of investments in the sea community from the J frog standpoint conan is an open source.
package manager, which I think will hear a little bit about tonight, which it’s even though it’s a J frog project we run entirely as an open source.
Separate effort so it’s it’s separate from our product teams it’s run by Diego who’s awesome and we we keep it pure in the sense that it doesn’t have any influence from our product side.
So hopefully all, if you like, conan you’ll be interested in some of our devops solutions which integrate with it.
But we we just do that for supporting the cnc plus plus community and making it a great ecosystem so thanks a lot for coming out tonight now, I have a quick question for the audience before I turn over the MIC so Has anybody not well who signed up for the ECHO raise your hand.
Okay, so quite a lot of folks raise their hands, if you didn’t sign up for the ECHO, such as some folks in this row pass this around, and you can still scan.
Until 745 I believe is one will do the R is going to do the drawing and then we’ll decide who gets the ECHO, even if you don’t want the ECHO, maybe a loved one friends co workers, etc, will will appreciate it so thanks Max or you could just pawn it, you know it’s yours.
um let’s see well, the last thing I was supposed to say say introduce the speaker and conan, but I think Steve did a better job of that, then I will, I think i’m going to turn it over now to Chris.
Hello Hello.
I apologize if I stutter at the beginning i’m incredibly sensitive to audio like and because they play it through zoom it’s very difficult for me so bear with me, for the first five minutes, I promise we’ll get through this.
By share my screen.
So today i’m going to talk to you about conan and there is a very particular reason why I get to talk about conan.
So up four or five years ago, I was working as a c++ developer of a hardware company, and we need to use something called pls of security, who callie everybody hates lucky where don’t they.
And no one wants to write open ssl from scratch So what did we do we said oh we’ll use a package man that sounds like a fantastic idea doesn’t it.
And so we actually picked vc package and after about three days a business leaders came down and said Oh, by the way you have all these extra business legal requirements, you need to meet for our customers.
And then we switched to conan and that’s how I got to go down this road, so I actually was a very large member of the cloning Community before I even started working for J frog.
If you go on my github profile you’ll actually see years and years of contributions to conan and i’ve only recently started working here about nine months ago, so just to give you a little bit of background.
I do a ton of open source work as well, and one of the questions that I get a ton is how do I add this project my projects.
And I get a beautiful comments with code snippets about see make that I probably was written before I was born, we all know how great see make to us.
You know when they do find package open ssl target link libraries liberal, I saw and they have like different dependencies and targets um so what I want to do with you guys here today is to wake up from the nightmare of using external libraries with conan.
What I like to do for all my presentation is I like to pick a different Open Source library and this one is going to be drago it’s a header compiled library, that is a non blocking networking it’s actually really popular on github.
And they have some beautiful installation instructions, you know you can.
specify your bill types, you can install on windows look to actually support conan I didn’t even notice that they also support vc package.
And these instructions are hideous but it works apparently there’s a lot more instructions and then there’s some more instructions and oh look another package manager.
Who wants to try to build this themselves.
yeah oh one hand wow we got a brave soul back there guys.
But this is probably not what you want to do right and like, if you look at this list of dependencies you got tried for i’ve never heard of that one Jason CPP live you you ID I recognize that one that’s pretty pretty standard and most the astros.
And when you try to do some of these you know, like this is the build instructions, if you want to build this for your own system, and then you try to look at Jason CPP these guys have how many like they got like bazell see make whoo marathons.
Where would you even start you know that’s that’s the first reaction, I had when I looked at this.
And then, lastly, got open ssl which has a ton of different instructions were on the different platforms and it’s on the different variations and I see a bunch of smiling nodding faces at me because we’ve all been there.
So, today I want to try to make your life, a little bit easier.
And most of you are smiling and nodding, because this is a problem, like 80% of us have according to this year CPP like survey.
I don’t need to convince anybody of this problem we’re all living breathing it Dreading it every day if you didn’t sleep last night, probably this rights yeah.
So how do we address this.
package managers yeah I know you’re gonna hate me for saying it but they actually do a really good job so they’re worth looking into.
Why package founders, what do they provide a they’re quick and easy access to a pool of quality Open Source i’m an amazing developer, probably the best c++ developer in this room, according to nobody about myself because that’s the temperature there’s a plaque at my last job.
crediting me for the great deletion of 2017 you know that’s a title, you really want to leave a company with.
So you use package matters because you don’t want to worry about your dependency graph you don’t want to know how many other projects are underneath what you’re trying to use.
And you want it to integrate right you want to be able to use whatever technologies are you using and just get the dependencies you want.
And you want to have awareness of platform compatibility I didn’t show you a drago but they’re only supporting c++ 14.
Open ssl has a different department, depending on the version of boost you pick depending on which one they support which I didn’t even look into you’re going to get different compatibility in different support.
And there’s just a nightmare complexity right, so the reason you use a package managers, because it does this, for you and there’s a ton of options.
system does drills Apps we all love Apps on ubuntu you got brew for your MAC users there’s a number one combo which is cross platform works on everything.
And you can even install a web browser with them, which makes me super convenient just take advantage of it.
You can always build from source there’s some really good pack there’s a really good package manager, in the space.
hunter vc package see makes patch content, which was presented to us just a few months ago and there’s other ones like V2, which is a boost build system, you might not have heard of but they actually have a mechanism for downloading dependencies which I thought was cool.
But those all work from source and pretty painful to wait for boost to compile I actually tried doing it on my laptop without it plugged in, and I wonder why it died while I went to get a coffee, you know no surprises right, but sadly I made that mistake.
So binary management, the only one on this list is conan and that’s the one i’m going to talk to you about today.
My big takeaway for this presentation you don’t have to use conan you can use whichever one you like just pick one and don’t open an issue on my github repository complaining that you don’t know how to copy header files.
Though I will do my best to gracefully answer you I promised us.
conan is the c++ package better that’s how we like to sell it it’s supports all Python what forms it’s written in Python i’m cluster for you.
It supports a ton of different belief systems i’m going to focus on see make because that’s my bread and butter, but if you’re into bazell their support for that if you’re an auto tools GM new tool chain type of guy their support for that.
marathons I saw in the new 151 release that came out a few weeks ago, their support for you guys too so pretty much whatever you want there’s a build cool integration for you.
And what conan provides is absolute visibility, on your dependency graph.
And there’s some huge improvements in conan 2.0 so what I will be focusing on is conan 151 which was released a few weeks ago.
But conan two is just around the corner of general availability is going to be coming out in the next few months and the betas are already out so you’ll notice the bottom of my slides there will be some teasers.
Know unless some conan to version of the commands and the I encourage you to go home and try them.
You can create a reuse binary so kona knows how c++ is in those settings it knows environment variables in those all those nasty things we like to sneak into our binaries and it can track them for you, you can create profiles different configurations, and it makes it really easy.
Decentralized you can host your own packages your own recipes you’re not tied to the one central conan Center index, you can have your own.
server and you can host your own packages if they’re smaller scale they’re not made for distribution across public or if you don’t want to support all the workflows that one Center does, and it makes it really easy.
The best part about conan for me is it’s eXtensible and customizable.
I come from a devops background I had to deploy on Alpine I had to deal with different see runtime implementations I had to cross compile the code for.
g Lib C and as well as muscle see and being able to track that in conan and have pre compiled binaries for both of those see RON times, so I can deploy an alpine on the cloud and let my developers work on ubuntu godsend of saving time.
So if you want to find a package you have one in mind that you’re already using is 80% of you probably have this problem there’s two options for you, you can go online conan’s dot io slash Center and you can also search for the command line, which is quite convenient so.
We go to court and Center.
Like our nice drug on.
Well, I didn’t even spell it correctly and look at that it actually works for you.
You can see the latest version is one dot seven dot five that’s been made available.
The downloads are zero.
bane of my existence as the conan developer advocate I know how important is for everybody to see the download counter on your projects and the fact that this one’s broken drives me nuts.
And if we go here there’s tons of different things we can look at.
don’t do live demos.
that’s not the one I was looking for I apologize, this is why you do screenshots.
And we’ll give you a nice breakdown of all the different tools and integrations there’s a fancy little use it tab shows you how to work for see make all your different projects i’m going to take you through it here today.
So if you want us to install this on the system, a conan Center is the default remotes we call them in conan land and it’ll automatically be configured when you install conan So if you type conan install dragone one dot 75 act a little fancy way of saying it’s a reference.
You can change your settings so.
And you can specify your generator so the new way of working and conan some of you might be familiar with older integrations if you’re familiar with conan.
But the new ones are see make ups and see make tool chain so see make steps over here is going to generate the fine package modules that see make already uses as support for ages it’s very easy.
Now, sometimes you want to compile for a different file that’s not supported my MAC is running the latest xcode tool chain with apple client 13 which is not available yet so in my second snippet you can see, I specified these extra build missing and that’s a really convenient way.
So, if we take a look at these and break these down right, so you can do conan install the package name, you can also specify a path for installing from your local environment.
We can change your settings at the command line which is super convenient so compiler version equals 12.0.
that’s the version of X clan I wanted to develop mode and I specified the generator for see make cups.
Of build missing conan is very smart, it will be able to know what a header only dependency is and it knows that it doesn’t need to re compile anything for your local system.
So when you do build missing it’ll only re compile the dependencies that are not binary compatible, for your system.
So you can get as complicated as you want in conan 2.0 they’re going to be offering a compatibility.pi script where you can actually write your own compatibility for binary, which is a huge huge advantage.
conan two point O snippet you drop the APP sign terrible syntax and you just say reference, what is it remember.
When you run this command you’ll see all the different.
dependencies that are added there for you.
And you can notice there’s the drug on targets release thought see me that’s the one in generated, for us, specifically.
So what i’d like to do with you guys here today is i’d like to make a Hello world program because i’m a creative c++ developer and that’s what i’m getting.
So if you wanted to create a new content project really easy just conan new hello, and our template is going to be a see make executable.
You can see here, we got a few different files, we got to see make lists a conant file dot pie gives us an include dot H Hello source CPP and the main.
And this layout is very particular it actually is the default specified layouts for cma that conan provides you and with that information it’s.
Without information it’s able to do a really great things of putting you in edit mode and you can work on your packages locally, if you downloaded them off the conan Center or offer remote server.
So, if we take a look at some of these basic attributes that have a name version pretty easy a license goals are always important.
author, this is mostly written in the mindset for code and Center where you’re going to be publishing it public, so perhaps your licenses MIT or Apache.
URL description topics, this is actually how you can search on conan Center index So if you put really good tags and someone pipes http server encoding Center it’ll actually come up, which is really nice for promoting your project.
Not last one binary compatibility.
settings you got your operating system compiler build type and your architecture.
I saw just the other day, there was a pull request for the android SDK support.
So if you were to cross compile from Linux to your android you can actually specify which operating system which compiler to use specify your environment variables pointing the right compiler and conan will capture all that and keep that in its package ID so you.
gotta leave these microphones so you can actually keep track of which packages you’re looking for in which settings you need.
In the new.
You can absolutely do that it’ll understand the different settings you can upload the binaries for both, and you can download them on the actual Target system you’re trying to run on.
i’m not going to talk about the dual profile build method, but that is exactly what you would look for if you want to search on your own afterwards.
The key heart of our code default by is going to be these four functions layout generate build and package.
layout is how your source files organized so typically i’ll have to include directory source directory of probably a build folder where you going to put your all the extra files that you’re going to put in your get ignore.
generate is probably the magic that’s going to be happening here and i’m going to go quite a bit into that afterwards, for you guys.
But build most of us are probably familiar with the see make built command that’s exactly what’s going to happen over here and see make install for package so assuming you set up your targets correctly to be installed, this should be pretty painless experience.
So if we wanted to build and run our template our Hello world example.
You would do conan install build default conan file so that little snippet here.
Is that is the.
workaround for 1.0 compatibility towards 2.0 so you can ignore that for now it’s going to go away, very soon and the shorthand is just your minus P, I put it over here when I ran the command for you.
And this will install all of our dependencies it’ll generate a conan tool chain see make file.
So I run on an all.
it’s not legible hopefully.
So if I run new conan install on my own file.
wow live demos.
whoo success teamwork pair programming i’m so happy.
that’s why take some jobs.
That would have generated a slew of files for us inside of our default see make layout where you would actually have access to inspect them look at this.
So when we configure see make locally or going to use see makes presets now who here is familiar with see make presets and is used them.
oh six hands.
So these came out in see make 1418 ish so quite a recent feature and steam a timeline and this allows your tool chains your build systems, your package managers to tell see make where all your files are what configurations, you want to run.
So conan integrates like this with see make it completely transparent so if you write good see make you can use conan or not use conan and it gives your consumers of your project, the flexibility as well.
So when you use and load the preset it’s going to automatically detect the see make tool chain file and it’s going to use the conan tool
And this is going to have all of your install prefixes module prefixes.
If your packages have custom build module scripts that they provided installation those will be packaged as well and loaded in for you and you’ll have access to everything is, if you called you did the see make install yourself and you called find package.
To build just see make build and build release that’s The sub folder from the conan layout and there is a Hello world executable default that it generates and it just Hello world release evening we’re so successful in life.
So if we want to add or dependencies have very, very easy if we just add three lines for the requirements we’re going to say drug on 175.
we’re going to say at our see make depths generator and inside of simic we call find package we set the compiler standard c++ 14 and we do target link libraries.
And in our main we just add and register the default APP handler that drug on provides.
that’s it you’re done.
You didn’t have to worry about booths you didn’t have to worry about open ssl or Z Lib and.
I don’t even know what others were on the list because I didn’t remember it because it was too long and that’s it you’re done so.
Congratulations, you just added a huge dependency that was sequel supposed supporting that had 18 different bajillion dependencies and you got it to compile right away.
So if we did conan install again after making those changes, we would see all those new see make that’s files and I believe I had a screenshot.
right here, so all of these are the see make fine modules that it’s actually looking for, and you can see them here on the screenshot on the right hand side.
and your workflow is the same right seem a preset released we’re going to reconfigure so you make build and then, if you run it you’ll have your drug on server up and running with all your dependencies directly linked into your executable super convenient was that easy, could you remember.
15 lines of if.
I convinced you all I sold it to you, I see those smiles.
So it’s great that you have your dependencies but that’s probably not the end of your job, you also have to put this in some ci CD system and there’s going to be some unit tests and whatnot running.
Or perhaps allison shoot.
So that’s an excellent question, so the way conan works is it has a local cache so by default in your conan user home directory is where that information will be saved.
And inside there you’ll see the reference literally of the name, the full name that conan will unravel for you, so in this case, it would be dragone slash one dot 75.
underscore underscore and then some more random shazia you’re not gonna understand.
And all the packages are gonna get the same treatment and all the files are going to be there and in the sea make files that generates.
When it does the Ad library important it’ll actually pass the files to your code in cash, so all the files that it will download unpack The pre compiled binaries it’ll save all of those in your cache and reference those at build time when you run your comment.
Yes, magic So the question was if you have.
Two projects with the same dependencies it will only download it once and cash it once.
which makes it really easy when you’re working with something like fmt and you know one projects it’s still seven and the other ones up they get it to eight, you can have both of those versions as well, so it makes it very easy and flexible and it saves you a ton of time.
So when I like to work locally, I always like Oh, we have another question shoot.
If you make any changes, you have to get this.
Like if you were to edit your local cache files.
yeah so i’m conan tracks.
packages recipes at one level and binaries that another, and you can do some really fun fancy things, there is a setting called revisions enabled which is my favorite setting up all time.
And what it’ll actually do is track any changes, you make to the source code of the project, as well as the recipe.
So if you change anything, and you build it and you upload a new version of even if you didn’t change the semantic version and you didn’t bump the version, like you, a good developer should.
You can actually track those changes.
You know you’re gonna pull out the good stuff.
This is me this is my github I have a sample project called user management, then my showcase project helped me get my first job, my second job, my third job, and you can notice my last commit if you can read that as upgrade to conan one dot 58 days ago.
This is a restful web API and I have a cute little back end that’s written in c++ and I use something called a lock file, this is a really fun convenient way of really pinning down and locking your dependencies.
And you can notice here there’s this extra hash at the end.
And that is the recipe revision and with that, even if somebody in the public makes a change in the poor across gets approved according Center and there’s a new change published I won’t automatically download it.
And it actually saves me a lot of places, because some of the changes could be breaking so when they add new features, if I haven’t upgraded my Cone and clients and my belief system.
it’s this revisions feature that I rely on my favorite tidbit is it’s going to be default in 2.0 so you don’t have to worry about it in the near future.
So as a developer I almost never work and release and I always work from the bug and I never use make I always use ninja because i’m lazy and if I actually to wait for make to finish i’d probably go get a coffee and.
i’d probably go to the cafeteria too much to have snacks, as you probably discovered.
So what I like to do is I like to actually have configuration files and settings that are specified to my personal taste.
And you can see in this example i’m compiling with the bill type the bug so we have s build type the bug and we have this beautiful long line of tools, he makes he makes will change generator ninja.
And this will.
change our presets that conan generates for cma right so see make has this way of tools being able to integrate it and conan transparently goes through these process.
So you can change your runtime generator to ninja and you can use in called ninja you can see my little screenshot over here, I had kept my release.
And it has made there’s a nice little Hello executable, but I also have my debug folder with my build dot ninja script and that’s most of the time where i’m working where i’m testing i’m using it.
settings those are the general attributes of for all of the platform for your binary compatibility that you’re working with configurations are the properties, for your build systems that you’re working with So if you had a specific see make setting up in my case, the generator.
that’s where those will go.
And remembering these and specifying a command line is an absolute hell so i’m going to teach you making profiles, because I don’t want you to memorize the command line.
profiles, or something that you can specify and you can very easily write.
These two examples are for the ninja and above So you can see, I have include default by default conan will detect your environment and generate a profile.
And you saw that earlier with the sea make profile build the fault that i’m probably getting the command line wrong for so don’t quote me.
And I add my configuration and I have my same thing as the command line right see make tools change generator ninja.
And when I pass code install I just do PR ninja.
We can easily like that, and I could have made these just one profile, so I could have put my settings.
In one file and just asked PR my PR and it would work.
So if you want to publish a package, this is probably the number one reason why you’re going in the first place it’s because you want to be able to share your binaries.
The command to generate a package is conan create just conan file and it will read all the attributes all your settings and run with it and it’s the same syntax is installed, so you can specify profiles settings configurations, etc.
And you can do conan upload below 0.1 That was the projects that I was working on to make this presentation and that was my drove on Hello world.
And it’s that easy so somebody else can go to their system they can type conan install Hello 0.1 and they get the binary assuming I actually uploaded the right settings and the reason is, what are the odds somebody has the same compiler version is me.
If you’re an open source author and I strongly encourage everybody if you are is you can submit a pull request to con Center.
So get hub conan Center index, and we have some gorgeous box up folder and, if you want to learn how to add a package or something that’s how you would go about doing it.
Thank you.
Is there any other questions.
by default.
What we do in the conan community.
where’s a good place to find this.
Is there is a shared option, so if I go find a good recipe.
We like seven zip everybody likes to work with compressed files 12 months it’ll still be there.
While do I pick a bad example the first one.
So you’ll notice, here we have something called options so most packages have different settings you can flick on and off that actually impacts is the binary that generates.
You can see share here and conan automatically supports this one, so if you put shared true you can even use a wild card if i’m not mistaken, so you can do conan install minus oh.
And you put wild card colon shared equals true and all your dependence will stallman share and it’ll pass the correct settings the build share.
See make file if you’re using that one, for instance, so if you do build from source that knows how to manage it, the other one that’s managed for you and almost all the recipes is a epic I don’t know what that does, but I know it’s important, so there as well, for y’all.
For this one, you can see fmt has aliases and less API so depending which options you pick it will actually generate a different binary with different symbols that are installed, so you can track these different things with.
Of the binaries.
We are looking at conan Center index, this is where the conan Community hosts all of their recipes and.
The way that we’ve taken to guarantee the security is that every change has to go through the Community and be reviewed by the Community currently the rules are.
There needs to be at least two approvals on every pull request, so if you try to make a change you try to add something different to the recipe that would compromise it’s the reviewers and the Community have attempts to catch it if you are an author and you write bad code guilty.
And you upload the dependency yourself we won’t review your code for you, so if you introduce security vulnerabilities in the code that won’t get caught.
But in terms of the pipeline that the project got published to the Community, we do our best to make sure that there’s no.
unintended side effects there’s nobody trying to put malicious code into these packages i’m sure we’re all familiar with incidents like solar winds are some of the famous node js mpm install attacks, those are definitely not something you’re going to find in conan.
1300 and 53 the last time I checked so github is actually very nice if you click on recipes it’ll actually tell you there’s too many and it’s still 1300 and 53.
or costs, so you can notice here on github there’s 166 pull requests if we check this out you’ll notice that there’s different activities so.
We have string view lights, I absolutely love this guy his work for his non STD packages are brilliant and he’s adding version one dot 702 is recipe.
So my involvement in this Community has been going on for quite a while, and one of the things i’m going to take the chance to promote is we have Community resources.
And you’ll notice here there’s quite a few different bots.
We have updatable recipes So if you write a recipe and you’re published on github there’s a Bot that knows how to read releases on github and automatically alert us to new updates, so you don’t have to go chasing down it’ll actually create i’ll take a show you here.
So you can see there’s different projects that all have different things we sort on pull requests.
You can see a lot of these already have pull request open, you can always click the open one button on the far right it’s a little hard to see I apologize, but you can click on it and open a pull request for your project and.
The one that i’ve personally worked on is called pending review, and this is a list of all the podcasts that are open, that are waiting for reviews and there’s currently 34 of them and there’s a quite a long list.
And you can see there’s a few ready to merge with some mornings so something’s not right, so the bots not merging it and.
All of these are different ones so for the instance of a new project we have this one here, which is a.
By lyrics it’s a an one C compiler, and this is a new recipe these adding I should know this better because apparently I clicked the proof on it.
And in this pull request he’s adding version 0.29.
You can see in the different the top right it’s all new files or deletion so it’s a completely new recipe that he’s adding.
So if you’re an author of a library and you contribute to a library and you want your libraries available as conan there’s a very easy way to get it in.
I promised earlier, I wouldn’t do any sales pitch So if you want to host your own server that easiest way is going to be using J frogs are to factory.
I just pull mine up for you.
And I can sign in I can manage all my own.
it’s it’s definitely companies it’s definitely nice to be at a scale where you need to manage and track miners it’s usually not an individual.
I use it in my own personal projects because I have large dependency trees and I get a and this platform is free, so you can sign up for a free J frog platform, and you can use it so it’s kind of convenient but it’s mostly predominantly businesses that you said.
Yes, most often.
it’s not logical if I do.
Remote list.
And you can see, I have the conan, which is the default Community one, and I also have user management which points to my super frogs instance of artifacts that I have with all my own.
So my personal projects as I alluded to, is built for Alpine and deployed on the cloud, so I have a different settings model than the default one.
So, in order to host my own binaries with the knowledge of G lipsey I actually have to pull them through my own artifact, for instance, to get my binary.
Because obviously conan Center doesn’t track the binary compatibility for you, I wish it did.
So I have my own instance that does a binary for myself.
For the most part, yes I I follow a lot on slack and write it and I think, almost all of the Open Source developers just use straight what content or gives us and.
The way the infrastructure behind it is done is that.
Most of the Nicky picky binary compatibility are old enough that you probably won’t notice So even if you’re running ubuntu 16.4 and you download the latest binary they’ll still work.
Even if it’s for a newer GCC that ubuntu 16.4 didn’t ship with so for the most part, Open Source developers don’t really need to worry they don’t need an artifact, for instance spark different partners.
I will detect that you have the project on github so you’ll have to open up the very first floor requests to say hey I want this it’s a text the updates.
No that’d be cool gabi github is mess.
nope so name spaces are definitely a little bit of a.
personal preference, especially when it comes to c++ developers some projects do and we typically encourage people who are hosting their own community wants to do this, so I didn’t show you any examples, but the full syntax for a package name can actually have a username and channel.
So you can do a drug on slash one dot 75 X prints dash Chris MC me.
slash stable and you can install and download and reference that full user channel as well the default user and channel for content or indexes obviously none, which is why you haven’t seen any in this instance because i’m just using the Community recipes.
shoot Richard.
they’re kept separately, so you can actually see the entire graph.
There is conan.
i’m not the guy who memorized the command line.
or we’ll get there we’ll get there, we got we got a few more minutes before they kicked me out.
I want to login.
All right, I wish I could show it to you.
But no, it doesn’t so you can actually use this command conan infographic.
And it’ll give you a nice beautiful table and it’ll show you all your dependencies and your dependency will be separate to all the other, so you can actually see your whole graph of what it looks like and how it works.
conan support something called version ranges personally I despise them and they almost never work because c++ developers are terrible shame on all of you shame.
But most projects don’t actually use something like semantic burgeoning so it’s really hard to write version ranges that are consistent reliable, but there is support for that so.
If your business always works in semantic visioning and you can trust that one dot 751 dot seven dot five is less than and binary compatible one dot 75 dot six grandsons with drago would have been.
Then you could specify that in your version range and you could download a different version, and it would update and compute a different package ID for you, depending on the semantic range.
So, yes.
Yes, you understand the concept that’s exactly it i’m going to pick on boost for not using semantic version.
there’s no API guarantee between the two right, so you would you would fall in the trap right away of like if you picked a boost version that was one minor higher it wouldn’t be compatible.
But yes, you could do that and conan does support that so the default tools dot version that’s supported in the conan file it actually understands these things and.
I don’t have an example for you, but if you inspected the inner workings of some of the output files, you would actually see for drago it would call it a instead of the one dot 75 because internally it’s thinking it’s magic burgeoning because that’s the default behavior.
Any final questions.
I will hand it back over to Max so we can do the wrap up, thank you very much, everybody.
yeah so grab yourself a magazine i’m all let’s thank our speaker again.
and the last thing I have on here is to invite you all to come get dinner with us at a Ruby GIs which is on Murphy avenue down the street from here in sunnyvale.
Oh yeah the discord you can find that on the meetup page.
Alright, so we’re now closing bids for the for the ECHO and i’m gonna tally and see who who paid me off the highest to win.
So so apparently pranay sorana.
Or, nay, give them a big round of applause.
Okay, so you you win the ECHO show, I have some paperwork, you need to sign, but thank you very much.
And thanks everybody for coming to the meetup tonight at J frog for our great hosts and for excellent presenter so.
yeah frogs as well take frogs take magazines.
and come to CP