Skip to content

Commit

Permalink
fix: always install highest version (#35)
Browse files Browse the repository at this point in the history
  • Loading branch information
@thesayyn
thesayyn authored Apr 18, 2024
1 parent 789bf1d commit 5fe5500
Show file tree
Hide file tree
Showing 8 changed files with 86 additions and 9 deletions.
11 changes: 11 additions & 0 deletions WORKSPACE.bazel
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,14 @@ deb_index(
load("@bullseye//:packages.bzl", "bullseye_packages")

bullseye_packages()

# bazel run @apt_security//:lock
deb_index(
name = "apt_security",
# lock = "//examples/apt_security:security.lock.json",
manifest = "//examples/apt_security:security.yaml",
)

load("@apt_security//:packages.bzl", "apt_security_packages")

apt_security_packages()
25 changes: 17 additions & 8 deletions apt/private/package_resolution.bzl
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
"package resolution"

load(":version.bzl", "version")
load(":version.bzl", version_lib = "version")

def _parse_dep(raw):
raw = raw.strip() # remove leading & trailing whitespace
Expand Down Expand Up @@ -49,28 +49,37 @@ def _parse_depends(depends_raw):

def _version_relop(va, vb, op):
if op == "<<":
return version.lt(va, vb)
return version_lib.lt(va, vb)
elif op == ">>":
return version.gt(va, vb)
return version_lib.gt(va, vb)
elif op == "<=":
return version.lte(va, vb)
return version_lib.lte(va, vb)
elif op == ">=":
return version.gte(va, vb)
return version_lib.gte(va, vb)
elif op == "=":
return version.eq(va, vb)
return version_lib.eq(va, vb)
fail("unknown op %s" % op)

def _resolve_package(state, name, version, arch):
# Get available versions of the package
versions = state.index.package_versions(name = name, arch = arch)

# Order packages by highest to lowest
versions = version_lib.sort(versions, reverse = True)
package = None
if version:
for av in versions:
if _version_relop(av, version[1], version[0]):
package = state.index.package(name = name, version = av, arch = arch)

# Since versions are ordered by hight to low, the first satisfied version will be
# the highest version and rules_distroless ignores Priority field so it's safe.
# TODO: rethink this `break` with https://github.com/GoogleContainerTools/rules_distroless/issues/34
break
elif len(versions) > 0:
# TODO: what do we do when there is no version constraint?
package = state.index.package(name = name, version = versions[0], arch = arch)
# First element in the versions list is the latest version.
version = versions[0]
package = state.index.package(name = name, version = version, arch = arch)
return package

def _resolve_all(state, name, version, arch, in_lock, include_transitive):
Expand Down
1 change: 1 addition & 0 deletions apt/private/resolve.bzl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,7 @@ filegroup(
name = "lockfile",
srcs = ["lock.json"],
tags = ["manual"],
visibility = ["//visibility:public"]
)
sh_binary(
name = "lock",
Expand Down
14 changes: 14 additions & 0 deletions apt/private/version.bzl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,11 +131,25 @@ def _compare_version(va, vb):
# compare debian revision
return _version_cmp_part(vap[2] or "0", vbp[2] or "0")

def _sort(versions, reverse = False):
vr = versions
for i in range(len(vr)):
for j in range(i + 1, len(vr)):
# if vr[i] is greater than vr[i+1] then swap their indices.
if _compare_version(vr[i], vr[j]) == 1:
vri = vr[i]
vr[i] = vr[j]
vr[j] = vri
if reverse:
vr = reversed(vr)
return vr

version = struct(
parse = _parse_version,
gt = lambda va, vb: _compare_version(va, vb) == 1,
gte = lambda va, vb: _compare_version(va, vb) >= 0,
lt = lambda va, vb: _compare_version(va, vb) == -1,
lte = lambda va, vb: _compare_version(va, vb) <= 0,
eq = lambda va, vb: _compare_version(va, vb) == 0,
sort = lambda versions, reverse = False: _sort(versions, reverse = reverse),
)
4 changes: 3 additions & 1 deletion apt/tests/BUILD.bazel
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
load(":package_resolution_test.bzl", "version_depends_test")
load(":version_test.bzl", "version_compare_test", "version_parse_test")
load(":version_test.bzl", "version_compare_test", "version_parse_test", "version_sort_test")

version_compare_test(name = "version_compare_test")

version_parse_test(name = "version_parse_test")

version_depends_test(name = "version_depends")

version_sort_test(name = "version_sort_test")
8 changes: 8 additions & 0 deletions apt/tests/version_test.bzl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,3 +53,11 @@ def _version_compare_test(ctx):
return unittest.end(env)

version_compare_test = unittest.make(_version_compare_test)

def _version_sort_test(ctx):
env = unittest.begin(ctx)
asserts.equals(env, version.sort(["1.5~rc2", "1.0.4-2", "1.5~rc1"]), ["1.0.4-2", "1.5~rc1", "1.5~rc2"])
asserts.equals(env, version.sort(["1.0a7-2", "1.0final-5sarge1", "1.0final-5"], reverse = True), ["1.0final-5sarge1", "1.0final-5", "1.0a7-2"])
return unittest.end(env)

version_sort_test = unittest.make(_version_sort_test)
17 changes: 17 additions & 0 deletions examples/apt_security/BUILD.bazel
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
load("@aspect_bazel_lib//lib:jq.bzl", "jq")
load("@aspect_bazel_lib//lib:testing.bzl", "assert_contains")

jq(
name = "pick_libuuid_version",
srcs = [
"@apt_security_resolution//:lockfile",
],
args = ["-rj"],
filter = '.packages | map(select(.name == "libuuid1")) | .[0].version',
)

assert_contains(
name = "test_libuuid_version",
actual = ":pick_libuuid_version",
expected = "2.38.1-5+deb12u1",
)
15 changes: 15 additions & 0 deletions examples/apt_security/security.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
version: 1

sources:
- channel: bookworm main
url: https://snapshot-cloudflare.debian.org/archive/debian/20240401T030239Z
- channel: bookworm-updates main
url: https://snapshot-cloudflare.debian.org/archive/debian/20240401T030239Z
- channel: bookworm-security main
url: https://snapshot-cloudflare.debian.org/archive/debian-security/20240401T030239Z

archs:
- amd64

packages:
- libuuid1

0 comments on commit 5fe5500

Please sign in to comment.