Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10375

Latest version ensured for python packages is incorrect



    • Bug
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • None
    • PUP 6.15.0
    • None
    • Night's Watch
    • 3
    • NW - 2020-04-15, NW - 2020-04-29
    • Needs Assessment
    • Bug Fix
    • Ensuring latest package available using pip caused, in certain scenarios, lack of idempotency because puppet was seeing the wrong version as being latest. Comparing and sorting mechanism of versions was improved.
    • Needs Assessment


      In lib/puppet/provider/package/pip.rb pip version checks and python packages sortings/comparisons are prone to be often done incorrectly. One example would be for the 'numpy' package. Below can be seen some of this package's versions being sorted incorrectly:

      Correctly sorted Currently sorted
      1.10.4 1.10.4
      1.11.0b3 1.11.0
      1.11.0rc1 1.11.0b3
      1.11.0rc2 1.11.0rc1
      1.11.0 1.11.0rc2
      1.11.1rc1 1.11.1
      1.11.1 1.11.1rc1
      1.11.2rc1 1.11.2
      1.11.2 1.11.2rc1


      This impacts package installation, using pip, when trying to ensure the latest version for any python package. 


      Proposed solution:

      All pip version checks and python packages comparison/sortings should be done using Puppet::Util::Package::Version::Pip.compare instead of Puppet::Util::Package.versioncmp.

      This solution's implementation impact needs to be addressed as following:

      • in case of invalid/unsupported versions, it shouldn't raise anything which might disrupt the rest of a manifest application/agent run
      • would be a good idea to investigate pip's legacy versions (see pip's source code, check if this is still being used by packages/if such packages still exist and then, based on findings, maybe reconsider supporting them OR find a suitable solution for when puppet will come across one of them)
      • some refactoring needs to be done for partially duplicated code: get all available versions for a package in only one method (at least per pip version particularities) by sorting the list of available versions and use it to find out the latest version and also use it when checking for a version range)






            luchian.nemes Luchian Nemes
            luchian.nemes Luchian Nemes
            0 Vote for this issue
            2 Start watching this issue



              Zendesk Support