fpm should reject debian packages with invalid values for the Version field

[jordansissel]

Found this note in an Influxdb PR: influxdata/influxdb#23475

Unfortunately, fpm is fairly permissive with what version tags it accepts

@bnpfeife, do you recall any specifics in the problem you were working around? I'd like to help ensure fpm only generates correct packages, and knowing more will help make sure any new tests for this issue can cover the problem you were having.

[jordansissel]

I see fpm does validation checks for the Provides field. We could also add validation for the version field. I'm open to automatic corrections like we do for deb package names[1], but I'm not sure this is the right way to solve it.

[1]

fpm/lib/fpm/package/deb.rb

Lines 261 to 289 in db06af3

	# Get the name of this package. See also FPM::Package#name
	#
	# This accessor actually modifies the name if it has some invalid or unwise
	# characters.
	def name
	if @name =~ /[A-Z]/
	logger.warn("Debian tools (dpkg/apt) don't do well with packages " \
	"that use capital letters in the name. In some cases it will " \
	"automatically downcase them, in others it will not. It is confusing." \
	" Best to not use any capital letters at all. I have downcased the " \
	"package name for you just to be safe.",
	:oldname => @name, :fixedname => @name.downcase)
	@name = @name.downcase
	end
	if @name.include?("_")
	logger.info("Debian package names cannot include underscores; " \
	"automatically converting to dashes", :name => @name)
	@name = @name.gsub(/[_]/, "-")
	end
	if @name.include?(" ")
	logger.info("Debian package names cannot include spaces; " \
	"automatically converting to dashes", :name => @name)
	@name = @name.gsub(/[ ]/, "-")
	end
	return @name
	end # def name

[bnpfeife]

Hello! My apologies, I wish I had elaborated more in the commit message. If I recall correctly, fpm was accepting versions prefixed with v (e.g v1.2.3). It would build the packages; however, when I went to install them, the version string prevented the installation from proceeding. I can't remember if this error was with dpkg or yum.

[jordansissel]

No apology needed :)

I ran into this exact issue while writing some fpm examples for packaging up kubectl - https://fpm.readthedocs.io/en/v1.15.0/packages/dir.html -- ended up doing ${version#v*} to have the shell strip the leading 'v' because fpm was producing invalid packages.

I'll close this as a duplicate of #1847. For improvements, I'll see about adding some smarts in fpm that tries to detect this particular case and automatically turn 'vX.Y.Z' to 'X.Y.Z'. For other cases, fpm can still reject with an actionable error message.

[jordansissel]

Closing to track as #1847.