aura misses some package updates

fosskers / aura

A multilingual package manager for Arch Linux and the AUR.

https://fosskers.github.io/aura/

GNU General Public License v3.0

1.76k stars 114 forks source link

aura misses some package updates #586

Closed mkoloberdin closed 4 years ago

mkoloberdin commented 4 years ago

yaourt -Sua offers to upgrade the following packages among others:

==> Software upgrade (new version) :
aur/coin                  4.0.0a+11927+me74da184f75b-1 -> 4.0.0-1
aur/coin-docs             4.0.0a+11927+me74da184f75b-1 -> 4.0.0-1
aur/soqt                  1.6.0a+2014+m872b87e73dfb-1  -> 1.6.0-1

...while aura -Akxua misses these upgrades.

fosskers commented 4 years ago

It likely due to the version numbers. 4.0.0-1 is likely being considered "less than" 4.0.0xyz123.

fosskers commented 4 years ago

Those packages don't really conform to any versioning scheme, so it's hard to tell which of the two versions should be considered newer. Do you have thoughts on that? I wrote a library a few years ago (which Aura uses) that tackles this problem in general.

mkoloberdin commented 4 years ago

I've looked into how yaourt compares version numbers. Turns out it just uses an external utility that comes with pacman called vercmp:

$ vercmp
vercmp (pacman) v5.2.1

Compare package version numbers using pacman's version comparison logic.

Usage: vercmp <ver1> <ver2>

Output values:
  < 0 : if ver1 < ver2
    0 : if ver1 == ver2
  > 0 : if ver1 > ver2

$ vercmp 4.0.0-1 4.0.0a+11927+me74da184f75b-1
1

mkoloberdin commented 4 years ago

According to the comments in pacman source the comparison logic has been copied from rpm. So it's not even unique to Arch.

fosskers commented 4 years ago

I've managed to extend versions to account for this particular case, where a complex version value is close enough to SemVer to allow for more meaningful comparisons. The change will be reflected in Aura in the upcoming release.

mkoloberdin commented 4 years ago

Here is one more package/version update aura misses:

(part of yaourt's output):

aur/megatools                    1.11.0.git.20200404-1 -> 1.11.0+20200830-1

$ vercmp 1.11.0+20200830-1 1.11.0.git.20200404-1
1

fosskers commented 4 years ago

Hm, that should have been detected, since we expect the first to parse as a Version and the second to parse as a SemVer. Comparison between those two is generally well-defined. I'll add a test case to the versions library.

fosskers commented 4 years ago

Yup, versions thinks the "git" variant is earlier.

fosskers commented 4 years ago

My Rust port of the same library gives a bit more information:

Attempted: 1.11.0.git.20200404-1 < 1.11.0+20200830-1
Lesser: General(Version { epoch: None, chunks: Chunks([Chunk([Digits(1)]), Chunk([Digits(11)]), Chunk([Digits(0)]), Chunk([Letters("git")]), Chunk([Digits(20200404)])]), release: Some(Chunks([Chunk([Digits(1)])])) })
Greater: Complex(Mess { chunk: ["1", "11", "0"], next: Some((Plus, Mess { chunk: ["20200830"], next: Some((Hyphen, Mess { chunk: ["1"], next: None })) })) })

So it's likely that the 20200830 was thrown up against git (as a string, by the looks of it) and the letters took precedence. Quick tests show that "git" is considered greater, at least when comparing raw strings.

fosskers commented 4 years ago

The solution:

1.11.0+20200830-1 now actually parses as a Version, not a Mess.
If "lettered" sections are encountered, they are considered "beta" or "prerelease". So here, 1.11.0 is considered greater than 1.11.0.git.whatever.

mkoloberdin commented 2 years ago

Now aura acts as if this package upgrade does not exist (yay output): aur/megatools 1.11.0+20210505-1 -> 1.11.0+20211030-1