Launchpad itself

Should reject uploads with equivalent versions

Bug #654878 reported by William Grant on 2010-10-04

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Triaged	Low	Unassigned

Bug Description

Some dpkg versions are equal, despite being different strings. In particular, an absent numeric part at the end of a version is counted as 0, so 1.0~foo and 1.0~foo0 are equal. Launchpad will currently accept both, and then be non-deterministic and confusing when dominating. We should probably reject the second upload.

Tags:

Revision history for this message

Julian Edwards (julian-edwards) wrote on 2010-10-05:

#1

Hmm, we use apt_pkg to do this comparison. Is the bug there or are you looking at something else?

Julian Edwards (julian-edwards) on 2010-10-05

Changed in soyuz:
status:	New → Incomplete

Revision history for this message

William Grant (wgrant) wrote on 2010-10-05:

#2

apt_pkg is correct, and we use it reasonably correctly. Except for this bit here:

    def _checkVersion(self, proposed_version, archive_version, filename):
        """Check if the proposed version is higher than the one in archive."""
        if apt_pkg.VersionCompare(proposed_version, archive_version) < 0:
            self.reject("%s: Version older than that in the archive. %s <= %s"
                        % (filename, proposed_version, archive_version))

If the versions are equal, it will return 0 and the check will pass. An upload with the same version string will be rejected in the file conflict check, but an upload with an equal (but not byte-identical) version string will be let through.

Revision history for this message

Julian Edwards (julian-edwards) wrote on 2010-10-05:

#3

Yay :(

Changed in soyuz:
status:	Incomplete → Triaged
importance:	Undecided → Medium
tags:	added: soyuz-upload
tags:	added: trivial
tags:	added: boobytrap

Revision history for this message

Robert Collins (lifeless) wrote on 2010-10-05: Re: [Bug 654878] Re: Should reject uploads with equivalent versions

#4

So, <= 0 ?

Revision history for this message

William Grant (wgrant) wrote on 2010-10-05:

#5

Yes. Except that we probably want to do something similar for copies, which currently have no version ratcheting at all.

Revision history for this message

Jelmer Vernooij (jelmer) wrote on 2010-12-23:

#6

Should this sort of check really be on NascentUpload? It seems like Archive would be more appropriate. Or perhaps some new base class that's shared between NascentUpload, the package copier and (eventually) gina?

Revision history for this message

William Grant (wgrant) wrote on 2010-12-23:

#7

Right, I argued a while ago that most of NascentUpload and CopyChecker should be merged. But that will never happen now.

Revision history for this message

Julian Edwards (julian-edwards) wrote on 2010-12-24:

#8

Never say never.

Curtis Hovey (sinzui) on 2011-09-27

Changed in launchpad:
importance:	Medium → Low

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.