Skip to content

Commit

Permalink
Reject invalid Debian version values.
Browse files Browse the repository at this point in the history
A hopefully-actionable error message is provided when an invalid version
is given when making a Debian package.

To aid readability, rewrote the relationship pattern as a multiline regex. Added separate pattern for version field.

Test coverage added for jordansissel#1969's "v" prefix removal.

For jordansissel#1847
  • Loading branch information
jordansissel committed Dec 4, 2022
1 parent c9a5cb4 commit f898ef8
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 4 deletions.
22 changes: 18 additions & 4 deletions lib/fpm/package/deb.rb
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,15 @@ class FPM::Package::Deb < FPM::Package
# epoch - This is a single (generally small) unsigned integer
# upstream_version - must contain only alphanumerics 6 and the characters . + - ~
# debian_revision - only alphanumerics and the characters + . ~
RELATIONSHIP_FIELD_PATTERN = /^(?<name>[A-z0-9][A-z0-9_.-]+)(?: *\((?<relation>[<>=]+) *(?<version>(?:[0-9]+:)?[0-9A-Za-z+~.-]+(?:-[0-9A-Za-z+~.]+)?)\))?$/
VERSION_FIELD_PATTERN = /
(?:(?:[0-9]+):)? # The epoch, an unsigned int
(?:[A-Za-z0-9+~.-]+) # upstream version, probably should not contain dashes?
(?:-[A-Za-z0-9+~.]+)? # debian_revision
/x # Version field pattern
RELATIONSHIP_FIELD_PATTERN = /^
(?<name>[A-z0-9][A-z0-9_.-]+)
(?:\s*\((?<relation>[<>=]+)\s(?<version>#{VERSION_FIELD_PATTERN})\))?
$/x # Relationship field pattern

option "--ignore-iteration-in-dependencies", :flag,
"For '=' (equal) dependencies, allow iterations on the specified " \
Expand Down Expand Up @@ -293,9 +301,15 @@ def prefix
end # def prefix

def version
if @version.kind_of?(String) and @version.start_with?("v")
logger.warn("Drop leading v from package version '#{@version}'")
@version = @version.gsub(/^v/, "")
if @version.kind_of?(String)
if @version.start_with?("v") && @version.gsub(/^v/, "") =~ /^#{VERSION_FIELD_PATTERN}$/
logger.warn("Debian 'Version' field needs to start with a digit. I was provided '#{@version}' which seems like it just has a 'v' prefix to an otherwise-valid Debian version, I'll remove the 'v' for you.")
@version = @version.gsub(/^v/, "")
end

if @version !~ /^#{VERSION_FIELD_PATTERN}$/
raise FPM::InvalidPackageConfiguration, "The version looks invalid for Debian packages. Debian version field must contain only alphanumerics and . (period), + (plus), - (hyphen) or ~ (tilde). I have '#{@version}' which which isn't valid."
end
end

return @version
Expand Down
6 changes: 6 additions & 0 deletions spec/fpm/package/deb_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,12 @@
end
end

context "when validating the version field" do
pending "it should reject invalid versions"
pending "it should convert v-prefixed-but-otherwise-valid versions"
pending "it should accept valid versions"
end

describe "#output" do
let(:original) { FPM::Package::Deb.new }
let(:input) { FPM::Package::Deb.new }
Expand Down

0 comments on commit f898ef8

Please sign in to comment.