[devel] [jbj на JBJ.ORG: rpmvercmp is kinda broken, always has been]

Чт Авг 9 20:45:01 MSD 2001

JFYI

----- Forwarded message from Jeff Johnson <jbj на JBJ.ORG> -----

Date: Thu, 9 Aug 2001 11:27:10 -0400
From: Jeff Johnson <jbj на JBJ.ORG>
To: rpm-list на redhat.com
Subject: rpmvercmp is kinda broken, always has been
Mail-Followup-To: rpm-list на redhat.com
X-Mailer: Mutt 0.95.4us
In-Reply-To: <20010809140400.30669.qmail на web10804.mail.yahoo.com>; from Bhagyashree Hirve on Thu, Aug 09, 2001 at 07:04:00AM -0700
Reply-To: rpm-list на redhat.com

On Thu, Aug 09, 2001 at 07:04:00AM -0700, Bhagyashree Hirve wrote:
> hi,
> 
> Ok i got it now. 
> it should be 
> Requires kernel=2.4.3
> instead of 
> Requires kernel = 2.4.3
> space was the problem.
> 

Yes, you aren't the 1st to have this sort of problem with rpm. At the moment
the rules for choosing package names, versions, and releases are far too
relaxed IMHO.  Basically, the rules are

	0) Anything that is not denied is permitted.

	1) rpm uses the set " \t\n," to separate tokens, and '\n' to separate
	lines.

	2) rpm uses '-' as separator in dependencies, so you can't use '-'
	in package versuion and/or release.

This is far too permissive a basis to even attempt to detect common
syntax mistakes during specfile parsing, as, in this case, according
to the rules above, "kernel=2.4.3" is a perfectly acceptable name string.

On that note, let me put out a RFC regarding a closely related problem,
pending changes to rpmvercmp. While there's nothing broken in rpm per se,
I believe it's time to simplify some obscure behavior in rpm. This won't be
in rpm-4.0.3, but I'm going to try to make any changes as soon thereafter
as possible to permit incompatibilities and/or problems to be identified
as soon as possible.

Please append comments, concerns, ideas, etc to bugzilla #50977. I suspect
that the final resolution for rpm is gonna be to use the version comparison
that dpkg uses, as that appears to apply to a larger character domain than
that currently used by rpm, but is otherwise entirely compatible.

73 de Jeff

=============================================================================

I'm gonna have to change rpmvercmp, and probably pretty soon.

Background
----------
rpm package management uses a function called rpmvercmp() for
all version and release comparisons to determine whether package
A is "newer" than package B.

Originally, in rpm-2.5.x, the function was implemented as
segmented string compares. Strings were broken into alpha
and digital segments, alpha segments were compared using strcmp,
digits were converted to int32, and compared as integers.

In ~rpm-3.0, it was notced that the digit string YYYYMMDDhhmmss
overflowed 2^32, so the digit comparison was changed to use
strcmp on padded digit strings, that works for arbitrary length
digit strings.

In bugzilla #21392, it was noticed that mixed-mode (i.e. alpha
with digit strings) was not defined. Basically, there were
a handful of cases where A was "newer" than B, and B was "newer"
than A. No one (except Trond :-) had ever noticed until bugzilla
#21292 was reported. So the return code for mixed mode comparison
was changed.

Then along came LSB, with the goal of unified package management.
As part of the discussion, Jason Gunthorpe pointed out that
rpm has a very limited character set, only isalnum(3) characters
are compared. Surprise, all those '.' charcters are never, ever,
used directly by rpm, are only used to demarcate segment boundaries.

Next came ximian with a patch, more or less correct, but with
the unfortunate side effect that it broke all of Mandrake style
naming. I made up a story (true!) about why I couldn't accept
the patch because it broke Mandrake style naming.

Then along came Cristian with some obscure need to convert versions
to floats in order to speed up Oracle accesses by RHN. He pointed
out that, for rpm purposes,
	1.1 == 1.0000000000000000000000000000000000000000001
Ugh.

Now the problem has been outed yet again in bugzilla #50977, with the
most correct (but still broken IMHO) patch yet.

Goal
====
The criteria for an acceptable rpmvercmp are clear. For package ordering,
rpmvercmp needs the same properties as tsort needs (Knuth v1 p258 if it matters)
	1) Transitivity.
	2) Antisymmetry.
	3) Reflexivity.
For partitioning transactions into subsets (aka equivalence classes, Knuth
v1 p353)
	1) Transitivity.
	2) Symmetry.
	3) Reflexivity.
While the current rpmvercmp (almost) has all those properties, this is
achieved over too narrow a domain (alphas/digits), and with the added
thinko that the '\0' character is (at the moment) treated as an alpha
(read: in mixed mode comparison, an explicit digit string is surprisingly
less than an implictly empty alpha string. Got that? :-)

So, sometime soon, I'm gonna do the following:

1) Explicitly restrict the character set permitted in version and
release. At the moment, only '-' is denied, and that is far too permissive.
I have ~20000 unique version/release strings from RHN that will be used
to establish what is existing practice, and the permitted character set
will be chosen to minimize breakage.

2) The existing upgrade universes (i.e. 5.2 -> 6.2 -> 7.0 -> ...) will be
examined with current/new rpmvercmp looking for breakage. I point out that
this works only for the Red Hat distro universe.

-- 
Jeff Johnson	ARS N3NPQ
jbj на jbj.org	(jbj на redhat.com)
Chapel Hill, NC

_______________________________________________
Rpm-list mailing list
Rpm-list на redhat.com
https://listman.redhat.com/mailman/listinfo/rpm-list

----- End forwarded message -----

Regards,
	Dmitry

+-------------------------------------------------------------------------+
Dmitry V. Levin     mailto://ldv@alt-linux.org
ALT Linux Team      http://www.altlinux.ru/
Fandra Project      http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.
----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя     : =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Тип     : application/pgp-signature
Размер  : 232 байтов
Описание: =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Url     : <http://lists.altlinux.org/pipermail/devel/attachments/20010809/d3335552/attachment-0001.bin>