Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

regex for pip explicit version ( ensure => '1.0a1' ) broken #310

Closed
whyteks opened this issue May 22, 2016 · 4 comments
Closed

regex for pip explicit version ( ensure => '1.0a1' ) broken #310

whyteks opened this issue May 22, 2016 · 4 comments

Comments

@whyteks
Copy link

whyteks commented May 22, 2016
edited
Loading

While attempting to add pip package gsm0338 with version 1.0a1, I noted puppet actually trying and failing to UNinstall this package.

The regular expression here:
https://github.com/stankevich/puppet-python/blob/master/manifests/pip.pp#L150
will not catch a version like 1.0a1, or 0.31.1-1 and will attempt to uninstall the existing version, although this fails.

I note the Version formats comment here:
https://github.com/stankevich/puppet-python/blob/master/manifests/pip.pp#L213
However, that domain appears to be down, or infected with adware.
Seaching for guidelines, I found this page:
http://the-hitchhikers-guide-to-packaging.readthedocs.io/en/latest/specification.html
which would appear to suggest that examples such as 1.3a2.dev12 are acceptable

I would submit a patch, but I feel the lack of a patch is probably not the issue. Anyway, It's a simple regex mod, best left up to the developer who chose the current regex.

Question: Is there some political issue that requires packages to use only digits in the version scheme?
On my system, a quick check of pip freeze shows a not insignificant number of packages with version names that would not install with this puppet module.
@traylenator
Copy link
Contributor

Also impacting us with https://pypi.python.org/pypi/rucio/1.6.0.post2

@reguero
Copy link

reguero commented Jun 22, 2016
edited
Loading

For your info, I found the regular expression used by pip itself for the operator (==, <=, etc) with the the version of the package requested in line 2293 of /usr/lib/python2.6/site-packages/pip/vendor/pkg_resources/init.py
It is as follows
VERSION = re.compile(r"\s(<=?|>=?|===?|!=|~=)\s_((\w|[-.*_!+])+)").match
You can see that it does accept letters in the version string.

@JamieCressey
Copy link

JamieCressey commented Jun 27, 2016
edited
Loading

+1

I'm not sure why we try and validate a version number at this stage. Puppet shouldn't be the enforcer of versioning styles.

@martinjungblut
Copy link

+1

I'm being affected by this issue as well. In my opinion, if you provide a version string yourself, and there's no match for that particular version in PyPI, it's your problem. I don't feel like this module should try to enforce a versioning scheme, I feel it should do what I mean, which is try to grab the version I told it to.

@mdean mdean mentioned this issue Jul 20, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@traylenator @stankevich @whyteks @reguero @martinjungblut @JamieCressey