Version number comparisons in Python and GYP files are not safe #29927
Comments
targos
added
python
|
I think we’ll need to move the version checks into configure.py and set variables for use in the GYP files. |
4 tasks
bnoordhuis
added a commit
to bnoordhuis/io.js
that referenced
this issue
Oct 11, 2019
Make `distutils.version.StrictVersion` available as a helper to gyp expressions so they can do proper version checks and update the gyp files accordingly. Caveat emptor: `StrictVersion` does *not* like empty strings so this commit adds truthiness guards. The helper could deal with those but I felt it better to make it explicit. Fixes: nodejs#29927
|
In Python, the best way is to break each version string into tuple of ints before comparing... >>> import sys
>>> vers = sys.version.split()[0]
>>> vers
'3.6.1'
>>> vers = tuple(int(x) for x in vers.split("."))
>>> vers
(3, 6, 1)
>>> vers > (3, 6, 0)
True
>>> vers < (3, 6, 2)
True |
targos
added a commit
to targos/node
that referenced
this issue
Oct 14, 2019
targos
pushed a commit
that referenced
this issue
Nov 8, 2019
Make `distutils.version.StrictVersion` available as a helper to gyp expressions so they can do proper version checks and update the gyp files accordingly. Caveat emptor: `StrictVersion` does *not* like empty strings so this commit adds truthiness guards. The helper could deal with those but I felt it better to make it explicit. Fixes: #29927 PR-URL: #29931 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
targos
pushed a commit
that referenced
this issue
Nov 10, 2019
Make `distutils.version.StrictVersion` available as a helper to gyp expressions so they can do proper version checks and update the gyp files accordingly. Caveat emptor: `StrictVersion` does *not* like empty strings so this commit adds truthiness guards. The helper could deal with those but I felt it better to make it explicit. Fixes: #29927 PR-URL: #29931 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
BaochengSu
pushed a commit
to BaochengSu/node
that referenced
this issue
Oct 20, 2020
Make `distutils.version.StrictVersion` available as a helper to gyp expressions so they can do proper version checks and update the gyp files accordingly. Caveat emptor: `StrictVersion` does *not* like empty strings so this commit adds truthiness guards. The helper could deal with those but I felt it better to make it explicit. Fixes: nodejs#29927 PR-URL: nodejs#29931 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> (cherry picked from commit 6f81401)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Noted by @richardlau in #29897
Problem
In various places in GYP files and Python scripts, we use string or number comparisons to check if the version of compiling tools satisfies some minimum value. These are not safe and could give wrong results:
"10.1" >= "2.4"returnsFalse2.24 > 2.3returnsFalseSome examples in our code base
node/configure.py
Lines 1233 to 1237 in 81bc7b3
node/deps/openssl/openssl.gypi
Line 1039 in 81bc7b3
node/deps/openssl/openssl.gyp
Line 24 in 81bc7b3
Solution?
I haven't found a solution yet, because we need something that works in GYP conditions, meaning simple Python expressions that cannot import external libraries (correct me if I'm wrong).
We could use the builtin
from distutils.version import StrictVersionandStrictVersion("2.24") >= StrictVersion("2.3")but I don't know if it's possible to makeStrictVersionavailable to GYP conditionals./cc @nodejs/gyp @nodejs/python
The text was updated successfully, but these errors were encountered: