Support of Chocolatey in packages has flaws

[tdesveaux]

Description

We attempted using our GItea instance as a mirror of community.chocolatey.org and encountered an issue when using the command choco info git.

Our instance host both git and GitVersion packages. Running choco info git returns information for the GitVersion package.

This is due to a shortcut in the implementation of the $filter argument.

Running with verbose choco info --verbose --ignore-http-cache git, we can see choco request information with a HTTP query https://{host}/api/packages/{org}/nuget/Packages()?$filter=(tolower(Id) eq 'git') and IsLatestVersion&semVerLevel=2.0.0

filter is used with toLower(Id) eq for match, while the implementation of Gitea assume it will always run with substringof (as can be seen in tests).

Using curl to send the same request, I can see Gitea returns multiple entries, where the GitVersion one is the first. I assume then choco only use the first entry from the response.

I think this should be pretty easily to reproduce as a case in the test linked before. If needed, .nupkg can be downloaded directly from the packages page on community.chocolatey.org linked above.

Gitea Version

1.21

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Gitea build ourselves from a fork with negligible changes (none that can concern the packages feature). Hosted on a Debian, run from systemd.

Database

PostgreSQL