Ambiguity of version number requirements

[un-def]

According to the documentation,

OPM requires all package version numbers to only consist of digits, dots, alphabetic letters, and underscores.

That is the hyphen is not allowed. However, the only place where the hyphen is not actually allowed is the version field of the dist.ini file. More specifically,

• (1) opm build, version from dist.ini — ERROR, the hyphen is not allowed:

  $ opm build
  ...
  ERROR: dist.ini: bad version number: 1-0
  

  opm/bin/opm

  Line 324 in 315e56b

  if ($version !~ /\d/ || $version =~ /[^.\w]/) {

  /[^.\w]/ → . A-Z a-z 0-9 _

• (2) opm build, version from the main module — OK, any char is allowed (!):

  $ opm build
  ...
  extracted verson number 1-0!=!@~ from main_module file lib/main.lua.
  opm-test-package-1-0!=!@~/
  opm-test-package-1-0!=!@~/dist.ini
  opm-test-package-1-0!=!@~/README.md
  opm-test-package-1-0!=!@~/lib/
  opm-test-package-1-0!=!@~/lib/main.lua
  

  $ ls -1dp opm-test-package*
  'opm-test-package-1-0!=!@~'/
  'opm-test-package-1-0!=!@~.tar.gz'
  

  opm/bin/opm

  Lines 452 to 454 in 315e56b

  	if (/\b(?:_?VERSION|version)\s*=\s*(\S+)/) {
  	(my $ver = $1) =~ s/[;,'"{}()<>]|\[=*\[|\]=*\]|\s+$//g;
  	if ($ver =~ /\d/) {

  Any char is accepted (some chars are swallowed, e.g., ;,'"), as long as there is at least one digit.

• (3) opm build, requires from dist.ini; opm get, version from PACKAGE arg; opm get, requires from dist.ini; opm remove, version from PACKAGE arg — OK (all use parse_deps()):

  $ opm install example/somepackage=2-0
  ...
  * Fetching example/somepackage = 2-0
  

  $ opm remove example/somepackage=2-0
  ...
  ignoring version constraint = 2-0 ...
  

  opm/bin/opm

  Line 770 in 315e56b

  if ($ver !~ /\d/ || $ver =~ /[^-.\w]/) {

  /[^-.\w]/ → - . A-Z a-z 0-9 _

• (4) opm upload (uses do_build internally) — OK, any char is allowed (!), but ultimately rejected by the server:

  $ opm --cwd --verbose upload
  ...
  extracted verson number 1-0!=!@~ from main_module file lib/main.lua.
  opm-test-package-1-0!=!@~/
  opm-test-package-1-0!=!@~/dist.ini
  opm-test-package-1-0!=!@~/README.md
  opm-test-package-1-0!=!@~/lib/
  opm-test-package-1-0!=!@~/lib/main.lua
  *   Trying 18.138.237.72:443...
  * Connected to opm.openresty.org (18.138.237.72) port 443 (#0)
  ...
  ERROR: bad uploaded file name.
  * Connection #0 to host opm.openresty.org left intact

(2) and (4) is almost certainly a bug, there should be a stricter regex.

(1) matches the documentation.

(3) in addition, allows the hyphen.

Which is correct? On one hand, (1) is documented, on the other hand, in my opinion, (3) is better in regard to compatibility. For example, luarocks uses the hyphen to separate a version of a package and a version of a rockspec: 1.2.7-2. If the hyphen is allowed, one can use exactly the same version when publishing a package on opm as on luarocks.

[un-def]

Oh, I see a problem with hyphens:

$ ls *.tar.gz
opm-test-package-1-0.tar.gz

$ opm --cwd --verbose upload
...
> x-file: opm-test-package-1-0.tar.gz
> x-file-checksum: e81b4c655ae46d720461ea4c4e37de4a
...

opm/web/lua/opmserver.lua

Lines 164 to 165 in 315e56b

	local m, err = re_match(fname, [[^ ([-\w]+) - ([.\w]+) \.tar\.gz $]],
	"xjo", nil, match_table)

opm/web/lua/opmserver.lua

Lines 174 to 175 in 315e56b

	local pkg_name = m[1]
	local pkg_version = m[2]

$ resty -e 'local res = {}; ngx.re.match("opm-test-package-1-0.tar.gz", [[^ ([-\w]+) - ([.\w]+) \.tar\.gz $]], "xjo", nil, res); ngx.say("name = ", res[1], "\nversion = ", res[2])'
name = opm-test-package-1
version = 0

It is not possible to unambiguously separate a name and a version when a name ends with digits:

name: project-2, version: 7-3.0 → project-2-7-3.0 — is it (project 2-7-3.0 or project-2 7-3.0 or project-2-7 3.0?).

Therefore, the hyphen should not be allowed in the version, at least with the current tarball filename scheme. That means that (2), (3), and (4) do not conform the naming convention.