apko icon indicating copy to clipboard operation
apko copied to clipboard
verified publisher icon chainguard-dev

version sorting is not stable in apko's solver

Open kaniini opened this issue 2 years ago • 3 comments

Consider the following apk repository:

glibc-2.36-r4
glibc-2.37-r1
glibc-2.37-r2
glibc-2.37-r3
glibc-2.37-r6

And the following config:

contents:
  repositories:
    - ...
  packages:
    - glibc

apko will sometimes choose 2.37-r3, sometimes choose 2.37-r6, and sometimes choose 2.36-r4. This seems to be due to version sorting being unstable and affected by randomization of golang maps.

cc @deitch

kaniini avatar Mar 23 '23 19:03 kaniini

Huh. It definitely shouldn't, and it has an explicit sorting algorithm.

Is the config just that one? And the repository https://packages.wolfi.dev/os ?

deitch avatar Mar 23 '23 20:03 deitch

I have been trying to recreate this, without much success. I am running the following:

contents:
  keyring:
    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
  repositories:
    - https://packages.wolfi.dev/os
  packages:
    - glibc

And I consistently get:

Mar 23 22:27:57.839 [INFO] [arch:x86_64] installing glibc (2.37-r3)

How can I reproduce this?

deitch avatar Mar 23 '23 20:03 deitch

Hi there, I'm also seeing this issue with cgr.dev/chainguard/apko image.

mypackage.yaml:

  packages:
      #Version sorting is not stable.  See https://github.com/chainguard-dev/apko/issues/593
    - mypackage>=11.0.20.0.36888759-r0

First run:

mypackage-11.0.20.0.36882958-r0.apk disqualified by "11.0.20.0.36882958-r0" does not satisfy "mypackage>=11.0.20.0.36888759-r0"
mypackage-11.0.20.0.36884011-r0.apk disqualified by "11.0.20.0.36884011-r0" does not satisfy "mypackage>=11.0.20.0.36888759-r0"
mypackage-11.0.20.0.36886314-r0.apk disqualified by "11.0.20.0.36886314-r0" does not satisfy "mypackage>=11.0.20.0.36888759-r0"

Next run:

mypackage-11.0.20.0.36881842-r0.apk disqualified by "11.0.20.0.36881842-r0" does not satisfy "mypackage>=11.0.20.0.36888759-r0"
mypackage-11.0.20.0.36882168-r0.apk disqualified by "11.0.20.0.36882168-r0" does not satisfy "mypackage>=11.0.20.0.36888759-r0"
mypackage-11.0.20.0.36882958-r0.apk disqualified by "11.0.20.0.36882958-r0" does not satisfy "mypackage>=11.0.20.0.36888759-r0"
mypackage-11.0.20.0.36884011-r0.apk disqualified by "11.0.20.0.36884011-r0" does not satisfy "mypackage>=11.0.20.0.36888759-r0"

charlesk40 avatar Mar 08 '24 16:03 charlesk40