chainguard-dev
Some valid apk versions are not parsible with apk.ParseVersion
These package versions that are currently in chainguard APK repos do not parse with apk.ParseVersion.
py3-azure-mgmt-batchai/7.0.0_b1-r0
opa-envoy/1.1.0-r1-r0
py3-azure-mgmt-iotcentral/10.0.0_b2-r0
py3-azure-mgmt-policyinsights/1.1.0_b4-r0
py3-azure-mgmt-sql/4.0.0_b14-r0
py3-azure-mgmt-sqlvirtualmachine/1.0.0_b6-r0
opa-fips-envoy/1.1.0-r1-r0
OK, so actually there is only 1 valid version (per apk here)
$ apk --version
apk-tools 2.14.10, compiled for x86_64.
$ cat ff.txt
py3-azure-mgmt-batchai/7.0.0_b1-r0
opa-envoy/1.1.0-r1-r0
py3-azure-mgmt-iotcentral/10.0.0_b2-r0
py3-azure-mgmt-policyinsights/1.1.0_b4-r0
py3-azure-mgmt-sql/4.0.0_b14-r0
py3-azure-mgmt-sqlvirtualmachine/1.0.0_b6-r0
opa-fips-envoy/1.1.0-r1-r0
$ while read line; do v=${line#*/}; echo "$line: " $(apk version --check "$v" && echo good || echo bad); done
< ff.txt
py3-azure-mgmt-batchai/7.0.0_b1-r0: 7.0.0_b1-r0 bad
opa-envoy/1.1.0-r1-r0: good
py3-azure-mgmt-iotcentral/10.0.0_b2-r0: 10.0.0_b2-r0 bad
py3-azure-mgmt-policyinsights/1.1.0_b4-r0: 1.1.0_b4-r0 bad
py3-azure-mgmt-sql/4.0.0_b14-r0: 4.0.0_b14-r0 bad
py3-azure-mgmt-sqlvirtualmachine/1.0.0_b6-r0: 1.0.0_b6-r0 bad
opa-fips-envoy/1.1.0-r1-r0: good
So this is really 2 things.
- we should not let things into the archive with invalid versions
- we need to fix apk.ParseVersion for 1.1.0-r1-r0.
I believe for 1.1.0-r1-r0 the versionRegex can be adjusted
like = ((-r[0-9]+)+)?$, or
Alternatively, the logic for handling the postsuffix can be modified
or for allowing multiple -r as
var revisionNumbers []int
We store the revision numbers in a revisionNumbers slice and use the last one (which seems like the intended behavior).
https://github.com/chainguard-dev/melange/pull/2042 also landed related to this issue.