Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bug] Packages using version numbers containing uppercase characters can't be published #3566

Closed
asmellby opened this issue Feb 6, 2024 · 2 comments · Fixed by #3567
Closed

[bug] Packages using version numbers containing uppercase characters can't be published #3566

asmellby opened this issue Feb 6, 2024 · 2 comments · Fixed by #3567
Assignees
@memsharded

Comments

@asmellby
Copy link

asmellby commented Feb 6, 2024

Environment details

  • Operating System+version: macOS
  • Compiler+version: N/A
  • Conan version: 2.0.17
  • Python version: 3.12

Steps to reproduce

  1. Create a package using a version number where the prerelease segment makes use of uppercase characters, such as 1.2.3-SNAPSHOT.
  2. Attempt to run conan create for this package.
  3. Observe that the recipe fails to export, due to the error raised at https://github.com/conan-io/conan/blob/07d49a5a0db6821d3664f40b0cc83cfe3812b73e/conans/model/recipe_ref.py#L131.

According to the semver 2.0 standard, uppercase characters should be allowed in the prerelease segment.

Identifiers MUST comprise only ASCII alphanumerics and hyphens [0-9A-Za-z-]

According to Conan documentation, Conan supports version numbers that are a superset of the semver specification: https://docs.conan.io/2.0/tutorial/versioning/version_ranges.html#semantic-versioning

However, the documentation for the version attribute at https://docs.conan.io/2.0/reference/conanfile/attributes.html#version indicates that it has the same restriction as name, and name only supports lowercase.

Is Conan intended to support semver and allow uppercase in prerelease version numbers? If it is, there is a bug in the check for uppercase on the entire package reference instead of just the name field. If it is not, there is a bug in the documentation that suggests that Conan supports semver-style prereleases, and the content at https://docs.conan.io/2.0/tutorial/versioning/version_ranges.html#semantic-versioning should be amended to make this limitation clear.

Logs

> conan create conanfile.py

======== Exporting recipe to the cache ========
ERROR: Conan packages names 'foo/1.2.3-SNAPSHOT' must be all lowercase
@memsharded memsharded self-assigned this Feb 6, 2024
@memsharded
Copy link
Member

Hi @asmellby

Thanks for your feedback.

You are right, in this case, it seems that the docs are missing some clarification and explicitly stating the constraint.
Conan 2.0 moved to limit package identifiers to lower case, mostly to avoid name collisions, typo-squatting, or user-confusion. The problem is making foo/1.2.3 different to Foo/1.2.3, as it brings a lot of problems and risks, and making them the same (case-insensitive) brings both implementation challenges and user confusions.

The same happens for foo/1.2.3-Snapshot or foo/1.2.3-snapshot. Making them different versions is problematic and even a security risk, and making them the same is quite challenging and confusing at the least.

So it is intended that all version letters are only lowercase. I will move this ticket to the docs repo to clarify this constraint. Thanks again for your feedback!

@memsharded memsharded transferred this issue from conan-io/conan Feb 6, 2024
@memsharded memsharded mentioned this issue Feb 6, 2024
Merged
@asmellby
Copy link
Author

asmellby commented Feb 7, 2024

Thanks a lot for the clarification!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@memsharded memsharded

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

clarify version lowercases memsharded/docs
2 participants
@asmellby @memsharded