Hi all,
in general all top-level CMakeLists.txt, modules and CMake script files should have a cmake_minimum_required statement at the top.
I wonder now if there is a good reason to not apply cmake_minimum_required also to toolchain files, find modules (in config and module mode) and to dependency provider files.
Our find modules do not only contain simple find_program calls and target definitions, but provide high level functions which can be used in project context, like FindDoxygen and doxygen_add_docs.
Also in the toolchain files there is some logic to calculate the correct path to tools and setup compiler flags based on cache variables (which basically provide abstractions for embedded compiler settings not available in plain CMake).
In all those files we use advanced features of the CMake which were subject to policy changes in the past. To make sure that these are working correctly I tend to set cmake_minimum_required everywhere. In addition even simple find_program calls could behave differently depending on policies (CMP0144, CMP109, CMP0134, CMP0074). So it looks like a good idea to establish a certain minimum version / policy.
From an organizational perspective the version requirement is not a problem as we operate in a controlled environment and already require a specific minimum version in all of our projects.
What made me wonder is the fact that in the CMake source repository I couldn’t find a call to cmake_minimum_required in the shipped find modules. Some of the newer find modules have cmake_policy calls.
So it did my own reasearch, see this this repo.
For toolchain files and find_package calls in module and config mode I couldn‘t find any negative impact besides that the variable CMAKE_MINIMUM_REQUIRED_VERSION is overwritten in the project context and does not reflect the actual policy version in place.
Regarding CMAKE_MINIMUM_REQUIRED_VERSION there was already a discussion in another thread which left me with the impression that I should not really bother on the value of this variable.
But for the dependency provider use case the situation is different. When I place a cmake_minimum_required at the top of the file the policy settings „infects“ the project where find_package is called. The issue can be fixed by dropping the cmake_minimum_required call and a using a block(SCOPE_FOR POLICIES) and cmake_policy inside the provider macro, see the annotated source code in the example.
After this research I am now considering to use a cmake_minimum_required in general in all CMake files for the sake of simplicity and a block with cmake_policy for the provider use case.
I did not find any information on this specific topic in the official documentation, in Craig Scott’s (@craig.scott) outstanding book “Professional CMake” there is a hint in the recommendation section of the dependency provider chapter:
Ensure that every file given to CMAKE_PROJECT_TOP_LEVEL_INCLUDES starts with its own cmake_minimum_required call.
In the general use case where one controls the project as well as the dependency provider this should not be a problem. But when the dependency provider file is provided e.g. by some third party package manager the versions could be different.
What are your experiences / recommendations? Is there a technical reason to not put cmake_minimum_required in those files?
Regards
Georg