Details
-
Bug
-
Status: Resolved
-
Normal
-
Resolution: Fixed
-
None
-
None
-
Night's Watch
-
3
-
NW - 2020-04-15, NW - 2020-04-29
-
Needs Assessment
-
Bug Fix
-
Ensuring latest package available using pip caused, in certain scenarios, lack of idempotency because puppet was seeing the wrong version as being latest. Comparing and sorting mechanism of versions was improved.
-
Needs Assessment
Description
In lib/puppet/provider/package/pip.rb pip version checks and python packages sortings/comparisons are prone to be often done incorrectly. One example would be for the 'numpy' package. Below can be seen some of this package's versions being sorted incorrectly:
| Correctly sorted | Currently sorted |
|---|---|
| 1.10.4 | 1.10.4 |
| 1.11.0b3 | 1.11.0 |
| 1.11.0rc1 | 1.11.0b3 |
| 1.11.0rc2 | 1.11.0rc1 |
| 1.11.0 | 1.11.0rc2 |
| 1.11.1rc1 | 1.11.1 |
| 1.11.1 | 1.11.1rc1 |
| 1.11.2rc1 | 1.11.2 |
| 1.11.2 | 1.11.2rc1 |
This impacts package installation, using pip, when trying to ensure the latest version for any python package.
Proposed solution:
All pip version checks and python packages comparison/sortings should be done using Puppet::Util::Package::Version::Pip.compare instead of Puppet::Util::Package.versioncmp.
This solution's implementation impact needs to be addressed as following:
- in case of invalid/unsupported versions, it shouldn't raise anything which might disrupt the rest of a manifest application/agent run
- would be a good idea to investigate pip's legacy versions (see pip's source code, check if this is still being used by packages/if such packages still exist and then, based on findings, maybe reconsider supporting them OR find a suitable solution for when puppet will come across one of them)
- some refactoring needs to be done for partially duplicated code: get all available versions for a package in only one method (at least per pip version particularities) by sorting the list of available versions and use it to find out the latest version and also use it when checking for a version range)