diff options
author | Bryan C. Mills <bcmills@google.com> | 2019-07-02 17:03:27 -0400 |
---|---|---|
committer | Bryan C. Mills <bcmills@google.com> | 2019-07-16 15:37:25 +0000 |
commit | 6bf2767cc87f9f6a1b85cdc18c656fade735f27f (patch) | |
tree | e4f055ece2f30ebeecf29d83d300236b90a44b20 /src/cmd/go/internal/modfetch/coderepo.go | |
parent | 0da58d076a98a0fa027ea547b2a1c35147fd6e6e (diff) | |
download | go-6bf2767cc87f9f6a1b85cdc18c656fade735f27f.tar.gz go-6bf2767cc87f9f6a1b85cdc18c656fade735f27f.zip |
cmd/go: tighten the check for pseudo-version base tags
Do not allow a pseudo-version derived from a canonical tag to refer to
the same revision as the tag itself. It's unnecessary (because
canonical tags already have a total ordering) and confusing (the
pseudo-version appears to come after the tag, but actually refers to
the exact same revision).
Updates #32879
Updates #27173
Change-Id: I02befedbe89c8819bdd93e470783ce63fc813193
Reviewed-on: https://go-review.googlesource.com/c/go/+/184720
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Jay Conrod <jayconrod@google.com>
Diffstat (limited to 'src/cmd/go/internal/modfetch/coderepo.go')
-rw-r--r-- | src/cmd/go/internal/modfetch/coderepo.go | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/src/cmd/go/internal/modfetch/coderepo.go b/src/cmd/go/internal/modfetch/coderepo.go index 491fe11f50..548c6846d2 100644 --- a/src/cmd/go/internal/modfetch/coderepo.go +++ b/src/cmd/go/internal/modfetch/coderepo.go @@ -479,6 +479,11 @@ func (r *codeRepo) validatePseudoVersion(info *codehost.RevInfo, version string) return fmt.Errorf("does not match version-control timestamp (%s)", info.Time.UTC().Format(time.RFC3339)) } + tagPrefix := "" + if r.codeDir != "" { + tagPrefix = r.codeDir + "/" + } + // A pseudo-version should have a precedence just above its parent revisions, // and no higher. Otherwise, it would be possible for library authors to "pin" // dependency versions (and bypass the usual minimum version selection) by @@ -504,11 +509,26 @@ func (r *codeRepo) validatePseudoVersion(info *codehost.RevInfo, version string) return fmt.Errorf("major version without preceding tag must be v0, not v1") } return nil - } - - tagPrefix := "" - if r.codeDir != "" { - tagPrefix = r.codeDir + "/" + } else { + for _, tag := range info.Tags { + versionOnly := strings.TrimPrefix(tag, tagPrefix) + if versionOnly == base { + // The base version is canonical, so if the version from the tag is + // literally equal (not just equivalent), then the tag is canonical too. + // + // We allow pseudo-versions to be derived from non-canonical tags on the + // same commit, so that tags like "v1.1.0+some-metadata" resolve as + // close as possible to the canonical version ("v1.1.0") while still + // enforcing a total ordering ("v1.1.1-0.[…]" with a unique suffix). + // + // However, canonical tags already have a total ordering, so there is no + // reason not to use the canonical tag directly, and we know that the + // canonical tag must already exist because the pseudo-version is + // derived from it. In that case, referring to the revision by a + // pseudo-version derived from its own canonical tag is just confusing. + return fmt.Errorf("tag (%s) found on revision %s is already canonical, so should not be replaced with a pseudo-version derived from that tag", tag, rev) + } + } } tags, err := r.code.Tags(tagPrefix + base) |