Add http & https asset sources (clean commit history)
#17889
Conversation
|
Just a quick note, ring is now unmaintained for the foreseeable future. |
|
Adding MPL as an allowed license seems like it would have complications for distributing game binaries, no? That said, I'm not clear what new dependency here actually requires it. Both ureq and webpki-roots support MIT and Apache 2.0 from looking at their repos. |
ring is maintained again, now by the rustls team |
|
blocked on finding where the MPL license comes from and removing it |
|
waiting on a new release of webpki-root with this commit: rustls/webpki-roots@90c48f3#diff-8aec0a2c31031e00524df726f854726660ec8289dcddfa70005000fc21b00511 |
|
As of right now, ring is not actually included in this PR, it was replaced by aws-lc-rs. Now that ring has removed the OpenSSL parts of the license, I think we can remove aws-lc-rs, remove OpenSSL from deny.toml and use the ureq's default ring dependency again. This would be especially nice because aws-lc-rs requires installing CMake on Windows. |
|
Okeydokey back to |
|
I poked the rustls discord and they pushed a new webpki-roots release! Just have to wait for ureq to update too now. Although the rustls discord also suggested that we make use of rustls-platform-verifier rather than webpki-roots. rustls-platform-verifier uses the OS's certificates which is the default behaviour of most applications since it won't be on the onus of bevy and bevy games to keep certificates regularly up to date. See here. ureq uses webpki-roots as the default to reduce the default number of dependencies but I feel like that might be the wrong default for a bevy application. With that said, maybe we just worry about that in a follow up PR, this one has already been through quite the cycle of development :) |
|
I'm fine to call this unblocked once Very eager to get this into the engine to help unblock the usage of better assets in our examples (in addition to the direct value to users). |
There was a problem hiding this comment.
I just realized this PR is no longer blocked - I was wrong about needing to wait on a ureq release since patch dependencies can be upgraded automatically.
Approved from me other than .gitignore change and adding CDLA-Permissive-2.0 to allowed licenses in deny.toml. I guess a maintainer will have to give their ok to the license in final review.
|
@rlidwka has raised some very good review points but personally I feel this PR is in a good enough state to merge and then we can start making incremental follow ups - feel free to disagree with me if you think there is anything worth blocking |
Co-authored-by: François Mockers <francois.mockers@vleue.com>
|
I agree, more iteration is requried but this pr is already substantial. How about we create a follow-up issue for discussion on whats needed to complete |
|
I've spoken with @cart about this, and we'd like to move forward with this as a solution for example assets (in addition to thinking it's broadly useful). We just need a second approval now to get this merged. |
Objective
This is a duplicate of #16366 because I made a mess of the commit history. See that pr for more context and discussion.
bevy_web_asset, allowing assets loaded viahttp#16307http&httpsasset sources #16366Solution
http&httpsasset sourcesCDLA-Permissive-2.0indeny.tomlTesting
cargo run --example http_source --features="http_source"Showcase
Bevy now supports assets loaded via url!
Add the
http_sourcefeature to load assets served over the web, with support for both native and wasm targets. On native targets thehttp_source_cachefeature will use a basic caching mechanism to avoid repeated network requests.Further Work
fetch, in the future we'll have many reasons to be making requests.