#834059 dose-builddebcheck: outputs wrong yaml

Package:
dose-builddebcheck
Source:
dose3
Description:
Checks whether build-dependencies can be satisfied
Submitter:
Helmut Grohne
Date:
2024-06-22 15:24:03 UTC
Severity:
important
#834059#5
Date:
2016-08-11 17:15:13 UTC
From:
To:
When checking whether the source package "0xffff" is bd-satisfiable,
dose-builddebcheck says "package: 0xffff". Contemporary yaml readers
(such as pyyaml) read that as 65535. The correct way would have been
"package: '0xffff'". Essential quoting is missing.

Helmut

#834059#10
Date:
2016-08-13 09:18:14 UTC
From:
To:
Also version "0.6e-7" is occasionally turned into "6.0e-08" and version
"1.7" is occasionally turned into "1.70" after passing it through
dose-builddebcheck and reading it back via pyyaml.

Helmut

#834059#15
Date:
2016-08-26 11:56:31 UTC
From:
To:
Hi,

I just stumbled over this problem myself.

The same applies to the field "output-version". The value of this is currently
'1.2' but when reading this as a yaml document it becomes the floating point
number 1.2. The value should be quoted such that it remains a string.

Thanks!

cheers, josch

#834059#22
Date:
2016-09-06 19:55:08 UTC
From:
To:
Hello,

I just found an old email by Andreas Beckmann (who is using dose
to find test candidates for piuparts) who came across this problem already
in 2014. He just told be that he had solved the problem for piuparts
by using the BaseLoader. Indeed, the Pyyaml documentation [1] says:

  BaseLoader(stream) does not resolve or support any tags and construct
  only basic Python objects: lists, dictionaries and Unicode strings.

and there is also a CBaseLoader(stream) when using the C bindings. This does
seem to solve the pronlem, doesn't it ?

#834059#27
Date:
2016-09-07 03:37:41 UTC
From:
To:
Hi,

Quoting Ralf Treinen (2016-09-06 21:55:08)

that there is a workaround for consumers using Python does not mean that dose3
is doing the right thing. It is still violating the yaml spec by printing a
value that is supposed to be a string in a format that the yaml spec defines to
be interpreted differently [1].

Also, not everybody is using Python:

    $ echo 'v: 1.2' | ruby -ryaml -e "puts YAML::load(STDIN.read)['v'].class"
    Float
    $ echo 'v: 0xffff' | ruby -ryaml -e "puts YAML::load(STDIN.read)['v']"
    65535

Thanks!

cheers, josch

[1] http://yaml.org/spec/1.2/spec.html#id2805071

#834059#32
Date:
2024-06-22 15:13:45 UTC
From:
To:
Reported upstream at https://gitlab.com/irill/dose3/-/issues/18 :)