Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compatibility with Composer V2 Spec #649

Open
Naugrimm opened this issue May 15, 2023 · 5 comments
Open

Compatibility with Composer V2 Spec #649

Naugrimm opened this issue May 15, 2023 · 5 comments

Comments

@Naugrimm
Copy link
Contributor

Naugrimm commented May 15, 2023
edited

Support for Composer V2 has been incorrectly added.

Repman currently returns:

curl https://token:$ACCESSTOKEN@$HOST/p2/$VENDOR/$PACKAGE.json | jq

{
  "$VENDOR/$PACKAGE": {
    "1.0.0": {...}
  }
}

According to the spec, the package must be wrapped in a packages object. So the expected response would be:

{
  "packages": {
    "$VENDOR/$PACKAGE": {
      "1.0.0": {...}
    }
  }
}
Naugrimm added a commit to Naugrimm/repman that referenced this issue May 15, 2023
@Naugrimm
fix: composer v2 compatibility
cd0bb14 
refs repman-io#649
@Naugrimm Naugrimm mentioned this issue May 15, 2023
Merged
Naugrimm added a commit to Naugrimm/repman that referenced this issue May 16, 2023
@Naugrimm
fix: typo
a947276 
refs repman-io#649
Naugrimm added a commit to Naugrimm/repman that referenced this issue May 16, 2023
@Naugrimm
fix: order of routes, strip ~dev suffix
fc30338 
refs repman-io#649
@giggsey
Copy link
Contributor

giggsey commented May 22, 2023
edited

Does composer display any warnings or other signs that it's not happy with the response? And what impact does it have for clients?

Edit: Just had a quick look at a composer v2 update, and it only required org.repo.example.com/packages.json, because it's providing the entire package list. So it never actually requests the v2 provider URLs.

@xvilo
Copy link
Contributor

xvilo commented May 25, 2023

@giggsey that looks at the user agent, so if you call it in the browser without the proper v2 user agent you will get the v1 response as a backwards compatible measure

@giggsey
Copy link
Contributor

giggsey commented May 25, 2023

@giggsey that looks at the user agent, so if you call it in the browser without the proper v2 user agent you will get the v1 response as a backwards compatible measure

I was using composer v2 (update --dry-run -vvv)

@Naugrimm
Copy link
Contributor Author

@giggsey The composer command line program works flawlessly as it does not request the problematic URLs.

The issue came up, when I tried to set up The Renovate bot on our Gitlab instance. Renovate first loads the /package.json (works) and then two package-specific URLs:

192.0.2.1 - token [26/May/2023:11:13:37 +0200] "GET /packages.json HTTP/1.1" 200 1758428 "-" "RenovateBot/35.102.0 (https://github.com/renovatebot/renovate)"
192.0.2.1 - token [26/May/2023:11:13:43 +0200] "GET /p2/vendor/package.json HTTP/1.1" 200 23823 "-" "RenovateBot/35.102.0 (https://github.com/renovatebot/renovate)"
192.0.2.1 - token [26/May/2023:11:13:43 +0200] "GET /p2/vendor/package~dev.json HTTP/1.1" 200 23823 "-" "RenovateBot/35.102.0 (https://github.com/renovatebot/renovate)"

This issue/the linked PR is for fixing the latter two URLs.

@giggsey
Copy link
Contributor

giggsey commented May 26, 2023

@Naugrimm Thanks. As a separate issue, I think it'll be good to fix the package list from V2 clients, so they can use the package URLs instead.

akondas pushed a commit that referenced this issue May 28, 2023
@Naugrimm
fix: composer v2 compatibility (#650)
95f471d 
* fix: composer v2 compatibility

refs #649

* fix: typo

refs #649

* fix: order of routes, strip ~dev suffix

refs #649
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@giggsey @xvilo @Naugrimm