-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Version number comparisons in Python and GYP files are not safe #29927
Comments
targos
added
python
PRs and issues that require attention from people who are familiar with Python.
gyp
Issues and PRs related to the GYP tool and .gyp build files
labels
Oct 11, 2019
I think we’ll need to move the version checks into configure.py and set variables for use in the GYP files. |
4 tasks
bnoordhuis
added a commit
to bnoordhuis/io.js
that referenced
this issue
Oct 11, 2019
Make `distutils.version.StrictVersion` available as a helper to gyp expressions so they can do proper version checks and update the gyp files accordingly. Caveat emptor: `StrictVersion` does *not* like empty strings so this commit adds truthiness guards. The helper could deal with those but I felt it better to make it explicit. Fixes: nodejs#29927
In Python, the best way is to break each version string into tuple of ints before comparing... >>> import sys
>>> vers = sys.version.split()[0]
>>> vers
'3.6.1'
>>> vers = tuple(int(x) for x in vers.split("."))
>>> vers
(3, 6, 1)
>>> vers > (3, 6, 0)
True
>>> vers < (3, 6, 2)
True |
targos
added a commit
to targos/node
that referenced
this issue
Oct 14, 2019
targos
added a commit
that referenced
this issue
Oct 18, 2019
Fixes: #29927 Refs: #29931 PR-URL: #29965 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: David Carlier <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins
pushed a commit
that referenced
this issue
Oct 23, 2019
Fixes: #29927 Refs: #29931 PR-URL: #29965 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: David Carlier <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins
pushed a commit
that referenced
this issue
Oct 23, 2019
Fixes: #29927 Refs: #29931 PR-URL: #29965 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: David Carlier <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
targos
pushed a commit
that referenced
this issue
Nov 8, 2019
Make `distutils.version.StrictVersion` available as a helper to gyp expressions so they can do proper version checks and update the gyp files accordingly. Caveat emptor: `StrictVersion` does *not* like empty strings so this commit adds truthiness guards. The helper could deal with those but I felt it better to make it explicit. Fixes: #29927 PR-URL: #29931 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
targos
added a commit
that referenced
this issue
Nov 8, 2019
Fixes: #29927 Refs: #29931 PR-URL: #29965 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: David Carlier <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
targos
pushed a commit
that referenced
this issue
Nov 10, 2019
Make `distutils.version.StrictVersion` available as a helper to gyp expressions so they can do proper version checks and update the gyp files accordingly. Caveat emptor: `StrictVersion` does *not* like empty strings so this commit adds truthiness guards. The helper could deal with those but I felt it better to make it explicit. Fixes: #29927 PR-URL: #29931 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
targos
added a commit
that referenced
this issue
Nov 10, 2019
Fixes: #29927 Refs: #29931 PR-URL: #29965 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: David Carlier <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
BaochengSu
pushed a commit
to BaochengSu/node
that referenced
this issue
Oct 20, 2020
Make `distutils.version.StrictVersion` available as a helper to gyp expressions so they can do proper version checks and update the gyp files accordingly. Caveat emptor: `StrictVersion` does *not* like empty strings so this commit adds truthiness guards. The helper could deal with those but I felt it better to make it explicit. Fixes: nodejs#29927 PR-URL: nodejs#29931 Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> (cherry picked from commit 6f81401)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Noted by @richardlau in #29897
Problem
In various places in GYP files and Python scripts, we use string or number comparisons to check if the version of compiling tools satisfies some minimum value. These are not safe and could give wrong results:
"10.1" >= "2.4"
returnsFalse
2.24 > 2.3
returnsFalse
Some examples in our code base
node/configure.py
Lines 1233 to 1237 in 81bc7b3
node/deps/openssl/openssl.gypi
Line 1039 in 81bc7b3
node/deps/openssl/openssl.gyp
Line 24 in 81bc7b3
Solution?
I haven't found a solution yet, because we need something that works in GYP conditions, meaning simple Python expressions that cannot import external libraries (correct me if I'm wrong).
We could use the builtin
from distutils.version import StrictVersion
andStrictVersion("2.24") >= StrictVersion("2.3")
but I don't know if it's possible to makeStrictVersion
available to GYP conditionals./cc @nodejs/gyp @nodejs/python
The text was updated successfully, but these errors were encountered: