search

chainguard-dev / apko

Build OCI images from APK packages directly without Dockerfile
https://apko.dev
Apache License 2.0
1.16k stars 115 forks source link

version sorting is not stable in apko's solver #593

Open kaniini opened 1 year ago

kaniini commented 1 year ago

Consider the following apk repository:

glibc-2.36-r4
glibc-2.37-r1
glibc-2.37-r2
glibc-2.37-r3
glibc-2.37-r6

And the following config:

contents:
  repositories:
    - ...
  packages:
    - glibc

apko will sometimes choose 2.37-r3, sometimes choose 2.37-r6, and sometimes choose 2.36-r4. This seems to be due to version sorting being unstable and affected by randomization of golang maps.

cc @deitch

deitch commented 1 year ago

Huh. It definitely shouldn't, and it has an explicit sorting algorithm.

Is the config just that one? And the repository https://packages.wolfi.dev/os ?

deitch commented 1 year ago

I have been trying to recreate this, without much success. I am running the following:

contents:
  keyring:
    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
  repositories:
    - https://packages.wolfi.dev/os
  packages:
    - glibc

And I consistently get:

Mar 23 22:27:57.839 [INFO] [arch:x86_64] installing glibc (2.37-r3)

How can I reproduce this?

charlesk40 commented 6 months ago

Hi there, I'm also seeing this issue with cgr.dev/chainguard/apko image.

mypackage.yaml:

  packages:
      #Version sorting is not stable.  See https://github.com/chainguard-dev/apko/issues/593
    - mypackage>=11.0.20.0.36888759-r0

First run:

mypackage-11.0.20.0.36882958-r0.apk disqualified by "11.0.20.0.36882958-r0" does not satisfy "mypackage>=11.0.20.0.36888759-r0"
mypackage-11.0.20.0.36884011-r0.apk disqualified by "11.0.20.0.36884011-r0" does not satisfy "mypackage>=11.0.20.0.36888759-r0"
mypackage-11.0.20.0.36886314-r0.apk disqualified by "11.0.20.0.36886314-r0" does not satisfy "mypackage>=11.0.20.0.36888759-r0"

Next run:

mypackage-11.0.20.0.36881842-r0.apk disqualified by "11.0.20.0.36881842-r0" does not satisfy "mypackage>=11.0.20.0.36888759-r0"
mypackage-11.0.20.0.36882168-r0.apk disqualified by "11.0.20.0.36882168-r0" does not satisfy "mypackage>=11.0.20.0.36888759-r0"
mypackage-11.0.20.0.36882958-r0.apk disqualified by "11.0.20.0.36882958-r0" does not satisfy "mypackage>=11.0.20.0.36888759-r0"
mypackage-11.0.20.0.36884011-r0.apk disqualified by "11.0.20.0.36884011-r0" does not satisfy "mypackage>=11.0.20.0.36888759-r0"