Open jonjohnsonjr opened 2 months ago
IMHO the version for pc that we put in APK metadata should be the package metadata, not contents of pc Version.
Whilst it feels like the soname, it really isn't.
Yeah I agree, it was a mistake to do this in abuild, too. I think we should push to just change it to $pkgver everywhere.
We ran into this with bash-dev which has:
Which makes
apk add
fail (but for some reason only with a local.apk
???) which means we can't bump bash in wolfi.We kind of try to do this with https://github.com/chainguard-dev/melange/blob/0a50317b8fe3d7fd4c3cd6cdcb658752a6f992d5/pkg/sca/sca.go#L387 but that only works for suffixes that also happen to be valid apk suffixes.
I'm not sure how we want to handle this, maybe we just ignore versions that aren't valid? Do we try to trim suffixes until it's a valid version? Who knows.