Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

version constraint differences between | and || #11086

Closed
staabm opened this issue Sep 27, 2022 · 4 comments
Closed

version constraint differences between | and || #11086

staabm opened this issue Sep 27, 2022 · 4 comments
Labels
Milestone

Comments

@staabm
Copy link
Contributor

staabm commented Sep 27, 2022

(unrelated context) we are in the process of normalizing our composer.json files using composer-normalize.

normalizing leads to a change within a version contraint.

composer.json before normalizing

{
    "require" : {
        "php": "^7.0 || ^8.0",
        "complex/rocket" : "dev-CLX6_2020R02_LTS|dev-CLX6_2020R03|dev-CLX6_2021R01|dev-CLX6_2021R01|dev-CLX6_2021R02|dev-CLX6_2022R01|dev-master as dev-CLX6_2022R02"
    },
    "config": {
        "allow-plugins": {
            "complex/library-installer-plugin": true,
            "bamarni/composer-bin-plugin": true
        }
    }
}

after normalizing (it just changed | to || and added spaces):

{
    "require" : {
        "php": "^7.0 || ^8.0",
        "complex/rocket": "dev-CLX6_2020R02_LTS || dev-CLX6_2020R03 || dev-CLX6_2021R01 || dev-CLX6_2021R01 || dev-CLX6_2021R02 || dev-CLX6_2022R01 || dev-master as dev-CLX6_2022R02"
    },
    "config": {
        "allow-plugins": {
            "complex/library-installer-plugin": true,
            "bamarni/composer-bin-plugin": true
        }
    }
}

running composer config scripts.post-install-cmd --unset with the before-composer.json works without problems.
running the same command with the after-composer.json leads to an error:

$ composer config scripts.post-install-cmd --unset

In RootPackageLoader.php line 204:

  Invalid alias definition in "complex/rocket": "dev-CLX6_2020R02_LTS || dev-CLX6_2020R03 || dev-CLX6_2021R01 || dev-CLX6_2021R01 || dev-CLX6_2021R02 || dev-CLX6_2022R01 || dev-master as dev-CLX6_2022R02". Aliases should be in the form "exact-version as other-exact-version".


config [-g|--global] [-e|--editor] [-a|--auth] [--unset] [-l|--list] [-f|--file FILE] [--absolute] [-j|--json] [-m|--merge] [--append] [--source] [--] [<setting-key> [<setting-value>...]]

I am wondering whether there is a bug in the normalizing or the composer validation process


When I run this command:

$ composer config scripts.post-install-cmd --unset -vvv
Running 2.4.2 (2022-09-14 16:11:15) with PHP 8.0.15 on Windows NT / 10.0
Reading ./composer.json (C:\dvl\Workspace\php-mobisapi\composer.json)
Loading config file C:/Users/mstaab/AppData/Roaming/Composer/config.json
Loading config file C:/Users/mstaab/AppData/Roaming/Composer/auth.json
Loading config file ./composer.json (C:\dvl\Workspace\php-mobisapi\composer.json)
Loading config file C:\dvl\Workspace\php-mobisapi/auth.json
Reading C:\dvl\Workspace\php-mobisapi/auth.json (C:\dvl\Workspace\php-mobisapi\auth.json)
Checked CA file /etc/pki/tls/certs/ca-bundle.crt does not exist or it is not a file.
Checked directory /etc/pki/tls/certs/ca-bundle.crt does not exist or it is not a directory.
Checked CA file /etc/ssl/certs/ca-certificates.crt does not exist or it is not a file.
Checked directory /etc/ssl/certs/ca-certificates.crt does not exist or it is not a directory.
Checked CA file /etc/ssl/ca-bundle.pem does not exist or it is not a file.
Checked directory /etc/ssl/ca-bundle.pem does not exist or it is not a directory.
Checked CA file /usr/local/share/certs/ca-root-nss.crt does not exist or it is not a file.
Checked directory /usr/local/share/certs/ca-root-nss.crt does not exist or it is not a directory.
Checked CA file /usr/ssl/certs/ca-bundle.crt does not exist or it is not a file.
Checked directory /usr/ssl/certs/ca-bundle.crt does not exist or it is not a directory.
Checked CA file /opt/local/share/curl/curl-ca-bundle.crt does not exist or it is not a file.
Checked directory /opt/local/share/curl/curl-ca-bundle.crt does not exist or it is not a directory.
Checked CA file /usr/local/share/curl/curl-ca-bundle.crt does not exist or it is not a file.
Checked directory /usr/local/share/curl/curl-ca-bundle.crt does not exist or it is not a directory.
Checked CA file /usr/share/ssl/certs/ca-bundle.crt does not exist or it is not a file.
Checked directory /usr/share/ssl/certs/ca-bundle.crt does not exist or it is not a directory.
Checked CA file /etc/ssl/cert.pem does not exist or it is not a file.
Checked directory /etc/ssl/cert.pem does not exist or it is not a directory.
Checked CA file /usr/local/etc/ssl/cert.pem does not exist or it is not a file.
Checked directory /usr/local/etc/ssl/cert.pem does not exist or it is not a directory.
Checked CA file /usr/local/etc/openssl/cert.pem does not exist or it is not a file.
Checked directory /usr/local/etc/openssl/cert.pem does not exist or it is not a directory.
Checked CA file /usr/local/etc/openssl@1.1/cert.pem does not exist or it is not a file.
Checked directory /usr/local/etc/openssl@1.1/cert.pem does not exist or it is not a directory.
Checked CA file /etc/pki/tls/certs does not exist or it is not a file.
Checked directory /etc/pki/tls/certs does not exist or it is not a directory.
Checked CA file /etc/ssl/certs does not exist or it is not a file.
Checked directory /etc/ssl/certs does not exist or it is not a directory.
Checked CA file /etc/ssl does not exist or it is not a file.
Checked directory /etc/ssl does not exist or it is not a directory.
Checked CA file /usr/local/share/certs does not exist or it is not a file.
Checked directory /usr/local/share/certs does not exist or it is not a directory.
Checked CA file /usr/ssl/certs does not exist or it is not a file.
Checked directory /usr/ssl/certs does not exist or it is not a directory.
Checked CA file /opt/local/share/curl does not exist or it is not a file.
Checked directory /opt/local/share/curl does not exist or it is not a directory.
Checked CA file /usr/local/share/curl does not exist or it is not a file.
Checked directory /usr/local/share/curl does not exist or it is not a directory.
Checked CA file /usr/share/ssl/certs does not exist or it is not a file.
Checked directory /usr/share/ssl/certs does not exist or it is not a directory.
Checked CA file /etc/ssl does not exist or it is not a file.
Checked directory /etc/ssl does not exist or it is not a directory.
Checked CA file /usr/local/etc/ssl does not exist or it is not a file.
Checked directory /usr/local/etc/ssl does not exist or it is not a directory.
Checked CA file /usr/local/etc/openssl does not exist or it is not a file.
Checked directory /usr/local/etc/openssl does not exist or it is not a directory.
Checked CA file /usr/local/etc/openssl@1.1 does not exist or it is not a file.
Checked directory /usr/local/etc/openssl@1.1 does not exist or it is not a directory.
Checked CA file C:\Users\mstaab\AppData\Local\Temp\ope3594.tmp: valid
Executing command (C:\dvl\Workspace\php-mobisapi): git branch -a --no-color --no-abbrev -v
Reading ./composer.json (C:\dvl\Workspace\php-mobisapi\composer.json)
Loading config file C:/Users/mstaab/AppData/Roaming/Composer/config.json
Loading config file C:/Users/mstaab/AppData/Roaming/Composer/auth.json
Loading config file ./composer.json (C:\dvl\Workspace\php-mobisapi\composer.json)
Loading config file C:\dvl\Workspace\php-mobisapi/auth.json
Reading C:\dvl\Workspace\php-mobisapi/auth.json (C:\dvl\Workspace\php-mobisapi\auth.json)
Executing command (C:\dvl\Workspace\php-mobisapi): git branch -a --no-color --no-abbrev -v

In RootPackageLoader.php line 204:

  [UnexpectedValueException]
  Invalid alias definition in "complex/rocket": "dev-CLX6_2020R02_LTS || dev-CLX6_2020R03 || dev-CLX6_2021R01 || dev-CLX6_2021R01 || dev-CLX6_2021R02 || dev-CLX6_2022R01 || dev-master as dev-CLX6_2022R02". Aliases should be in the form "exact-version as other-exact-version".


Exception trace:
  at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Package/Loader/RootPackageLoader.php:204
 Composer\Package\Loader\RootPackageLoader->extractAliases() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Package/Loader/RootPackageLoader.php:145
 Composer\Package\Loader\RootPackageLoader->load() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Factory.php:385
 Composer\Factory->createComposer() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Factory.php:625
 Composer\Factory::create() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Console/Application.php:498
 Composer\Console\Application->getComposer() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Command/BaseCommand.php:127
 Composer\Command\BaseCommand->tryComposer() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Command/BaseCommand.php:231
 Composer\Command\BaseCommand->initialize() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Command/ConfigCommand.php:155
 Composer\Command\ConfigCommand->initialize() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/vendor/symfony/console/Command/Command.php:264
 Symfony\Component\Console\Command\Command->run() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/vendor/symfony/console/Application.php:1028
 Symfony\Component\Console\Application->doRunCommand() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/vendor/symfony/console/Application.php:299
 Symfony\Component\Console\Application->doRun() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Console/Application.php:370
 Composer\Console\Application->doRun() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/vendor/symfony/console/Application.php:171
 Symfony\Component\Console\Application->run() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/src/Composer/Console/Application.php:138
 Composer\Console\Application->run() at phar://C:/ProgramData/ComposerSetup/bin/composer.phar/bin/composer:88
 require() at C:\ProgramData\ComposerSetup\bin\composer.phar:29

config [-g|--global] [-e|--editor] [-a|--auth] [--unset] [-l|--list] [-f|--file FILE] [--absolute] [-j|--json] [-m|--merge] [--append] [--source] [--] [<setting-key> [<setting-value>...]]

Output of composer diagnose:

$ composer diagnose
Checking composer.json: WARNING
No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
Checking platform settings: OK
Checking git settings: OK git version 2.37.3
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com oauth access: OK
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: OK
Composer version: 2.4.2
PHP version: 7.2.33 - Package overridden via config.platform, actual: 8.0.15
PHP binary path: C:\tools\php80\php.exe
OpenSSL version: OpenSSL 1.1.1m  14 Dec 2021
cURL version: 7.76.1 libz 1.2.11 ssl OpenSSL/1.1.1m
zip: extension present, unzip present, 7-Zip present (7z)
@localheinz
Copy link
Contributor

@staabm

Perhaps that is something I should handle in ergebnis/composer-normalize? I am unsure about it, though, because I have never used a version constraint referencing multiple branches.

@staabm
Copy link
Contributor Author

staabm commented Sep 27, 2022

I am not sure either as I had the impression | should be a equivalent of || and therefore either both cases should error or non of them IMO.

lets see what the composer guys think about it :-)

@Seldaek
Copy link
Member

Seldaek commented Oct 12, 2022

The reason was that foo|bar as x was parsed as foo|bar aliased to x, which really did nothing at all. Then foo || bar as x properly triggered a parse error as it was not supported. I fixed the parsing so that it now handles both cases equally, and actually sees them as the bar aliased to x it should be.

@Seldaek Seldaek added the Bug label Oct 12, 2022
@Seldaek Seldaek added this to the 2.4 milestone Oct 12, 2022
@staabm
Copy link
Contributor Author

staabm commented Oct 12, 2022

just tested the fixed version using a snapshot build and it works now. thank you.

jeffwidman added a commit to dependabot/dependabot-core that referenced this issue Jan 29, 2023
The previous string `"^3.0|4.1.x-dev as 3.0.0"` isn't actually an invalid version... because `4.1.x-dev` can technically be an exact version number.

However, this passed unit tests just fine due to an upstream bug in `composer` which was fixed in composer/composer#11086 / composer/composer@8618f00. So when we upgrade to a newer version of `composer` that includes this fix, the test will start failing.

On composer `2.4.1`, the version string `"^3.0|4.1.x-dev as 3.0.0"` throws:
```
{"error":"Invalid version string \"^3.0|4.1.x-dev\" in \"^3.0|4.1.x-dev as 3.0.0\", the alias source must be an exact version, if it is a branch name you should prefix it with dev-"}
```
Compare with `2.5.1`, where it parses that as a valid version string, and then fails because we're currently running `php` `7.4`:
```
{"error":"Your requirements could not be resolved to an installable set of packages.\n  Problem 1\n    - monolog\/monolog dev-main requires php >=8.1 -> your php version (7.4.33) does not satisfy that requirement.\n    - monolog\/monolog 3.x-dev is an alias of monolog\/monolog dev-main and thus requires it to be installed too.\n    - Root composer.json requires monolog\/monolog ^3.0|4.1.x-dev as 3.0.0 -> satisfiable by monolog\/monolog[3.0.0-RC1, ..., 3.x-dev (alias of dev-main)].\n"}
```

I double-checked with the upstream `composer` team in composer/composer#11282 and they [confirmed this behavior](composer/composer#11282 (comment)).
jeffwidman added a commit to dependabot/dependabot-core that referenced this issue Jan 29, 2023
The previous string `"^3.0|4.1.x-dev as 3.0.0"` isn't actually an invalid version... because `4.1.x-dev` can technically be an exact version number.

However, this passed unit tests just fine due to an upstream bug in `composer` which was fixed in composer/composer#11086 / composer/composer@8618f00. So when we upgrade to a newer version of `composer` that includes this fix, the test will start failing.

On composer `2.4.1`, the version string `"^3.0|4.1.x-dev as 3.0.0"` throws:
```
{"error":"Invalid version string \"^3.0|4.1.x-dev\" in \"^3.0|4.1.x-dev as 3.0.0\", the alias source must be an exact version, if it is a branch name you should prefix it with dev-"}
```
Compare with `2.5.1`, where it parses that as a valid version string, and then fails because we're currently running `php` `7.4`:
```
{"error":"Your requirements could not be resolved to an installable set of packages.\n  Problem 1\n    - monolog\/monolog dev-main requires php >=8.1 -> your php version (7.4.33) does not satisfy that requirement.\n    - monolog\/monolog 3.x-dev is an alias of monolog\/monolog dev-main and thus requires it to be installed too.\n    - Root composer.json requires monolog\/monolog ^3.0|4.1.x-dev as 3.0.0 -> satisfiable by monolog\/monolog[3.0.0-RC1, ..., 3.x-dev (alias of dev-main)].\n"}
```

I double-checked with the upstream `composer` team in composer/composer#11282 and they [confirmed this behavior](composer/composer#11282 (comment)).
alcere pushed a commit to dependabot/dependabot-core that referenced this issue Feb 20, 2023
The previous string `"^3.0|4.1.x-dev as 3.0.0"` isn't actually an invalid version... because `4.1.x-dev` can technically be an exact version number.

However, this passed unit tests just fine due to an upstream bug in `composer` which was fixed in composer/composer#11086 / composer/composer@8618f00. So when we upgrade to a newer version of `composer` that includes this fix, the test will start failing.

On composer `2.4.1`, the version string `"^3.0|4.1.x-dev as 3.0.0"` throws:
```
{"error":"Invalid version string \"^3.0|4.1.x-dev\" in \"^3.0|4.1.x-dev as 3.0.0\", the alias source must be an exact version, if it is a branch name you should prefix it with dev-"}
```
Compare with `2.5.1`, where it parses that as a valid version string, and then fails because we're currently running `php` `7.4`:
```
{"error":"Your requirements could not be resolved to an installable set of packages.\n  Problem 1\n    - monolog\/monolog dev-main requires php >=8.1 -> your php version (7.4.33) does not satisfy that requirement.\n    - monolog\/monolog 3.x-dev is an alias of monolog\/monolog dev-main and thus requires it to be installed too.\n    - Root composer.json requires monolog\/monolog ^3.0|4.1.x-dev as 3.0.0 -> satisfiable by monolog\/monolog[3.0.0-RC1, ..., 3.x-dev (alias of dev-main)].\n"}
```

I double-checked with the upstream `composer` team in composer/composer#11282 and they [confirmed this behavior](composer/composer#11282 (comment)).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants