opm
opm copied to clipboard
openresty
Ambiguity of version number requirements
According to the documentation,
OPM requires all package version numbers to only consist of digits, dots, alphabetic letters, and underscores.
That is the hyphen is not allowed. However, the only place where the hyphen is not actually allowed is the version field of the dist.ini file. More specifically,
-
(1)
opm build,versionfromdist.ini— ERROR, the hyphen is not allowed:$ opm build ... ERROR: dist.ini: bad version number: 1-0https://github.com/openresty/opm/blob/315e56b907eb5edefa704df0b0fe286998e0317e/bin/opm#L324
/[^.\w]/→. A-Z a-z 0-9 _ -
(2)
opm build, version from the main module — OK, any char is allowed (!):$ opm build ... extracted verson number 1-0!=!@~ from main_module file lib/main.lua. opm-test-package-1-0!=!@~/ opm-test-package-1-0!=!@~/dist.ini opm-test-package-1-0!=!@~/README.md opm-test-package-1-0!=!@~/lib/ opm-test-package-1-0!=!@~/lib/main.lua$ ls -1dp opm-test-package* 'opm-test-package-1-0!=!@~'/ 'opm-test-package-1-0!=!@~.tar.gz'https://github.com/openresty/opm/blob/315e56b907eb5edefa704df0b0fe286998e0317e/bin/opm#L452-L454
Any char is accepted (some chars are swallowed, e.g.,
;,'"), as long as there is at least one digit. -
(3)
opm build,requiresfromdist.ini;opm get, version fromPACKAGEarg;opm get,requiresfromdist.ini;opm remove, version fromPACKAGEarg — OK (all useparse_deps()):$ opm install example/somepackage=2-0 ... * Fetching example/somepackage = 2-0$ opm remove example/somepackage=2-0 ... ignoring version constraint = 2-0 ...https://github.com/openresty/opm/blob/315e56b907eb5edefa704df0b0fe286998e0317e/bin/opm#L770
/[^-.\w]/→- . A-Z a-z 0-9 _ -
(4)
opm upload(usesdo_buildinternally) — OK, any char is allowed (!), but ultimately rejected by the server:
$ opm --cwd --verbose upload
...
extracted verson number 1-0!=!@~ from main_module file lib/main.lua.
opm-test-package-1-0!=!@~/
opm-test-package-1-0!=!@~/dist.ini
opm-test-package-1-0!=!@~/README.md
opm-test-package-1-0!=!@~/lib/
opm-test-package-1-0!=!@~/lib/main.lua
* Trying 18.138.237.72:443...
* Connected to opm.openresty.org (18.138.237.72) port 443 (#0)
...
ERROR: bad uploaded file name.
* Connection #0 to host opm.openresty.org left intact
(2) and (4) is almost certainly a bug, there should be a stricter regex.
(1) matches the documentation.
(3) in addition, allows the hyphen.
Which is correct? On one hand, (1) is documented, on the other hand, in my opinion, (3) is better in regard to compatibility. For example, luarocks uses the hyphen to separate a version of a package and a version of a rockspec: 1.2.7-2. If the hyphen is allowed, one can use exactly the same version when publishing a package on opm as on luarocks.
Oh, I see a problem with hyphens:
$ ls *.tar.gz
opm-test-package-1-0.tar.gz
$ opm --cwd --verbose upload
...
> x-file: opm-test-package-1-0.tar.gz
> x-file-checksum: e81b4c655ae46d720461ea4c4e37de4a
...
https://github.com/openresty/opm/blob/315e56b907eb5edefa704df0b0fe286998e0317e/web/lua/opmserver.lua#L164-L165
https://github.com/openresty/opm/blob/315e56b907eb5edefa704df0b0fe286998e0317e/web/lua/opmserver.lua#L174-L175
$ resty -e 'local res = {}; ngx.re.match("opm-test-package-1-0.tar.gz", [[^ ([-\w]+) - ([.\w]+) \.tar\.gz $]], "xjo", nil, res); ngx.say("name = ", res[1], "\nversion = ", res[2])'
name = opm-test-package-1
version = 0
It is not possible to unambiguously separate a name and a version when a name ends with digits:
name: project-2, version: 7-3.0 → project-2-7-3.0 — is it (project 2-7-3.0 or project-2 7-3.0 or project-2-7 3.0?).
Therefore, the hyphen should not be allowed in the version, at least with the current tarball filename scheme. That means that (2), (3), and (4) do not conform the naming convention.