choco icon indicating copy to clipboard operation
choco copied to clipboard
verified publisher icon chocolatey

(#3461,#3487) Prevent dependency resolution from downgrading packages

Open corbob opened this issue 1 year ago • 4 comments

Description Of Changes

  • Prevent dependency resolution from downgrading packages when --allow-downgrade is not specified.
  • Prevent packages from installing if a dependent package fails installation.

Motivation and Context

  • Chocolatey 2.3.0 incorrectly allows a package to be downgraded to resolve a dependency when it has not been specified to allow downgrades.
  • Chocolatey 2.3.0 installs a package even if one or more of the packages it depends on fails to install resulting in a broken state.

Testing

  1. Run tests through TeamCity/Test Kitchen
  2. Run all integration tests with ./build.bat --testExecutionType=all --shouldRunOpenCover=false
  3. Run a spattering of manual tests.

Operating Systems Testing

  • Windows Server 2019/2016
  • Windows 10

Change Types Made

  • [x] Bug fix (non-breaking change).
  • [ ] Feature / Enhancement (non-breaking change).
  • [ ] Breaking change (fix or feature that could cause existing functionality to change).
  • [ ] Documentation changes.
  • [ ] PowerShell code changes.

Change Checklist

  • [ ] Requires a change to the documentation.
  • [ ] Documentation has been updated.
  • [x] Tests to cover my changes, have been added.
  • [x] All new and existing tests passed?
  • [ ] PowerShell code changes: PowerShell v3 compatibility checked?

Related Issue

  • Fixes #3461
  • Fixes #3487
  • ENGTASKS-3814

corbob avatar Jul 16 '24 00:07 corbob

This PR is in draft as I still need to run more tests as well as add more tests. And apparently bring the branch in line with the develop branch.

corbob avatar Jul 16 '24 00:07 corbob

This PR is currently based upon #3500, while this will make a review of it prior to #3500 being merged a little awkward, the fix from #3500 is required for some of the pester tests to complete successfully.

corbob avatar Aug 15 '24 18:08 corbob

@corbob I am going to rebase this PR onto the head of develop, since my PR has now been merged, which will make reviewing this PR easier.

gep13 avatar Aug 22 '24 14:08 gep13

@gep13 I'll add it here instead of in the conversations... The var x and var nullResult I think were taken from my re-use of this code that is currently line 1187 in the PR:

    var nullResult = packageResultsToReturn.GetOrAdd(packageName, new PackageResult(installedPackage.PackageMetadata, pathResolver.GetInstallPath(installedPackage.PackageMetadata.Id)));
    nullResult.Messages.Add(new ResultMessage(ResultType.Error, logMessage));

I think, I did the var x as while debugging I wanted to investiage the object to see if there was anything I could do with it in lieu of what I was.

The var nullResult was a direct copy of the existing code, but as discussed earlier today, it is better to be clear about what the object is for, so I'll either come up with a better name, add a comment, or perhaps not even use a variable...

corbob avatar Aug 26 '24 16:08 corbob